phpBB

Code Changes

File: posting.php

  Unmodified   Added   Modified   Removed
Line 29Line 29


// Grab only parameters needed here



// Grab only parameters needed here

$post_id	= $request->variable('p', 0);
$topic_id = $request->variable('t', 0);
$forum_id = $request->variable('f', 0);

 
$draft_id	= $request->variable('d', 0);

$preview = (isset($_POST['preview'])) ? true : false;

$draft_id	= $request->variable('d', 0);

$preview = (isset($_POST['preview'])) ? true : false;

Line 43Line 40
$refresh	= (isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load || $preview);
$submit = $request->is_set_post('post') && !$refresh && !$preview;
$mode = $request->variable('mode', '');

$refresh	= (isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load || $preview);
$submit = $request->is_set_post('post') && !$refresh && !$preview;
$mode = $request->variable('mode', '');

 

// Only assign required URL parameters
$forum_id = 0;
$topic_id = 0;
$post_id = 0;

switch ($mode)
{
case 'popup':
case 'smilies':
$forum_id = $request->variable('f', 0);
break;

case 'post':
$forum_id = $request->variable('f', 0);
if (!$forum_id)
{
trigger_error('NO_FORUM');
}
break;

case 'bump':
case 'reply':
$topic_id = $request->variable('t', 0);
if ($topic_id)
{
$sql = 'SELECT forum_id
FROM ' . TOPICS_TABLE . "
WHERE topic_id = $topic_id";
$result = $db->sql_query($sql);
$forum_id = (int) $db->sql_fetchfield('forum_id');
$db->sql_freeresult($result);
}

if (!$topic_id || !$forum_id)
{
trigger_error('NO_TOPIC');
}
break;

case 'edit':
case 'delete':
case 'quote':
case 'soft_delete':
$post_id = $request->variable('p', 0);
if ($post_id)
{
$topic_forum = [];

$sql = 'SELECT t.topic_id, t.forum_id
FROM ' . TOPICS_TABLE . ' t, ' . POSTS_TABLE . ' p
WHERE p.post_id = ' . $post_id . '
AND t.topic_id = p.topic_id';
$result = $db->sql_query($sql);
$topic_forum = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}

if (!$post_id || !$topic_forum)
{
$user->setup('posting');
trigger_error('NO_POST');
}

// Need to update session forum_id to valid value for proper viewonline information
if (!$forum_id)
{
$user->page['forum'] = (int) $topic_forum['forum_id'];
$user->update_session_page = true;
$user->update_session_infos();
}

$topic_id = (int) $topic_forum['topic_id'];
$forum_id = (int) $topic_forum['forum_id'];

break;
}


// If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here.
if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_gets('f_delete', 'm_delete', $forum_id)))


// If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here.
if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_gets('f_delete', 'm_delete', $forum_id)))

Line 104Line 178
// Was cancel pressed? If so then redirect to the appropriate page
if ($cancel)
{

// Was cancel pressed? If so then redirect to the appropriate page
if ($cancel)
{

	$f = ($forum_id) ? 'f=' . $forum_id . '&' : '';
$redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx")));

	$redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx")));


	redirect($redirect);

	redirect($redirect);

}

if (in_array($mode, array('post', 'reply', 'quote', 'edit', 'delete')) && !$forum_id)
{
trigger_error('NO_FORUM');

 
}

/* @var $phpbb_content_visibility \phpbb\content_visibility */

}

/* @var $phpbb_content_visibility \phpbb\content_visibility */

Line 128Line 196

case 'bump':
case 'reply':


case 'bump':
case 'reply':

		if (!$topic_id)
{
trigger_error('NO_TOPIC');
}

// Force forum id
$sql = 'SELECT forum_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id = ' . $topic_id;
$result = $db->sql_query($sql);
$f_id = (int) $db->sql_fetchfield('forum_id');
$db->sql_freeresult($result);

$forum_id = (!$f_id) ? $forum_id : $f_id;


 
		$sql = 'SELECT f.*, t.*
FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
WHERE t.topic_id = $topic_id

		$sql = 'SELECT f.*, t.*
FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
WHERE t.topic_id = $topic_id

Line 154Line 207
	case 'edit':
case 'delete':
case 'soft_delete':

	case 'edit':
case 'delete':
case 'soft_delete':

		if (!$post_id)
{
$user->setup('posting');
trigger_error('NO_POST');
}

// Force forum id
$sql = 'SELECT forum_id
FROM ' . POSTS_TABLE . '
WHERE post_id = ' . $post_id;
$result = $db->sql_query($sql);
$f_id = (int) $db->sql_fetchfield('forum_id');
$db->sql_freeresult($result);

$forum_id = (!$f_id) ? $forum_id : $f_id;


 
		$sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
WHERE p.post_id = $post_id

		$sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
WHERE p.post_id = $post_id

Line 255Line 292
}

$user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);

}

$user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);


// Use post_row values in favor of submitted ones...
$forum_id = (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
$topic_id = (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
$post_id = (!empty($post_data['post_id'])) ? (int) $post_data['post_id'] : (int) $post_id;

 

// Need to login to passworded forum first?
if ($post_data['forum_password'])


// Need to login to passworded forum first?
if ($post_data['forum_password'])

Line 434Line 466
}

// Forum/Topic locked?

}

// Forum/Topic locked?

if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get('m_edit', $forum_id))

if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get($mode == 'reply' ? 'm_lock' : 'm_edit', $forum_id))

{
trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
}

{
trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
}

Line 728Line 760
$url_status		= ($config['allow_post_links']) ? true : false;
$flash_status = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false;
$quote_status = true;

$url_status		= ($config['allow_post_links']) ? true : false;
$flash_status = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false;
$quote_status = true;

 

/**
* Event to override message BBCode status indications
*
* @event core.posting_modify_bbcode_status
*
* @var bool bbcode_status BBCode status
* @var bool smilies_status Smilies status
* @var bool img_status Image BBCode status
* @var bool url_status URL BBCode status
* @var bool flash_status Flash BBCode status
* @var bool quote_status Quote BBCode status
* @since 3.3.3-RC1
*/
$vars = [
'bbcode_status',
'smilies_status',
'img_status',
'url_status',
'flash_status',
'quote_status',
];
extract($phpbb_dispatcher->trigger_event('core.posting_modify_bbcode_status', compact($vars)));


// Save Draft
if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))


// Save Draft
if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))

Line 735Line 790
	$subject = $request->variable('subject', '', true);
$subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
$message = $request->variable('message', '', true);

	$subject = $request->variable('subject', '', true);
$subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
$message = $request->variable('message', '', true);

 

/**
* Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
* Using their Numeric Character Reference's Hexadecimal notation.
*/
$subject = utf8_encode_ucr($subject);


if ($subject && $message)
{


if ($subject && $message)
{

Line 753Line 814
			);
$db->sql_query($sql);


			);
$db->sql_query($sql);


			$meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id");





			/** @var \phpbb\attachment\manager $attachment_manager */
$attachment_manager = $phpbb_container->get('attachment.manager');
$attachment_manager->delete('attach', array_column($message_parser->attachment_data, 'attach_id'));

$meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id");


meta_refresh(3, $meta_info);



meta_refresh(3, $meta_info);


Line 1162Line 1227
		$error[] = $user->lang['FORM_INVALID'];
}


		$error[] = $user->lang['FORM_INVALID'];
}


	if ($submit && $mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED && !isset($_POST['soft_delete']) && $auth->acl_get('m_approve', $forum_id))

	if ($submit && $mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED && !$request->is_set_post('delete') && $auth->acl_get('m_approve', $forum_id))

	{

	{

		$is_first_post = ($post_id == $post_data['topic_first_post_id'] || !$post_data['topic_posts_approved']);
$is_last_post = ($post_id == $post_data['topic_last_post_id'] || !$post_data['topic_posts_approved']);

		$is_first_post = ($post_id <= $post_data['topic_first_post_id'] || !$post_data['topic_posts_approved']);
$is_last_post = ($post_id >= $post_data['topic_last_post_id'] || !$post_data['topic_posts_approved']);

		$updated_post_data = $phpbb_content_visibility->set_post_visibility(ITEM_APPROVED, $post_id, $post_data['topic_id'], $post_data['forum_id'], $user->data['user_id'], time(), '', $is_first_post, $is_last_post);

if (!empty($updated_post_data))

		$updated_post_data = $phpbb_content_visibility->set_post_visibility(ITEM_APPROVED, $post_id, $post_data['topic_id'], $post_data['forum_id'], $user->data['user_id'], time(), '', $is_first_post, $is_last_post);

if (!empty($updated_post_data))

Line 1184Line 1249
	/**
* Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
* Using their Numeric Character Reference's Hexadecimal notation.

	/**
* Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
* Using their Numeric Character Reference's Hexadecimal notation.

 
	 * Check the permissions for posting Emojis first.

	 */

	 */

 
	if ($auth->acl_get('u_emoji'))
{

	$post_data['post_subject'] = utf8_encode_ucr($post_data['post_subject']);

	$post_data['post_subject'] = utf8_encode_ucr($post_data['post_subject']);





	}
else
{

	/**

	/**

	 * This should never happen again.
* Leaving the fallback here just in case there will be the need of it.
*

 
	 * Check for out-of-bounds characters that are currently
* not supported by utf8_bin in MySQL
*/

	 * Check for out-of-bounds characters that are currently
* not supported by utf8_bin in MySQL
*/

Line 1199Line 1266
		$character_list = implode('<br>', $matches[0]);

$error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);

		$character_list = implode('<br>', $matches[0]);

$error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);

 
		}

	}

$post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;

	}

$post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;

Line 1361Line 1429
	// Store message, sync counters
if (!count($error) && $submit)
{

	// Store message, sync counters
if (!count($error) && $submit)
{

		if ($submit)








		/** @var \phpbb\lock\posting $posting_lock */
$posting_lock = $phpbb_container->get('posting.lock');

// Get creation time and form token, must be already checked at this point
$creation_time = abs($request->variable('creation_time', 0));
$form_token = $request->variable('form_token', '');

if ($posting_lock->acquire($creation_time, $form_token))

		{
// Lock/Unlock Topic
$change_topic_status = $post_data['topic_status'];

		{
// Lock/Unlock Topic
$change_topic_status = $post_data['topic_status'];

Line 1532Line 1607
			}

// Handle delete mode...

			}

// Handle delete mode...

			if ($request->is_set_post('delete') || $request->is_set_post('delete_permanent'))

			if ($request->is_set_post('delete_permanent') || ($request->is_set_post('delete') && $post_data['post_visibility'] != ITEM_DELETED))

			{
$delete_reason = $request->variable('delete_reason', '', true);
phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $delete_reason);

			{
$delete_reason = $request->variable('delete_reason', '', true);
phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $delete_reason);

Line 1551Line 1626
			}

redirect($redirect_url);

			}

redirect($redirect_url);

 
		}
else
{
// Posting was already locked before, hence form submission was already attempted once and is now invalid
$error[] = $language->lang('FORM_INVALID');

		}
}
}

		}
}
}

Line 1779Line 1859
$notify_checked		= (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);

// Page title & action URL

$notify_checked		= (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);

// Page title & action URL

$s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode&amp;f=$forum_id");
$s_action .= ($topic_id) ? "&amp;t=$topic_id" : '';
$s_action .= ($post_id) ? "&amp;p=$post_id" : '';

$s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode");




switch ($mode)
{
case 'post':


switch ($mode)
{
case 'post':

 
		$s_action .= $forum_id ? "&amp;f=$forum_id" : '';

		$page_title = $user->lang['POST_TOPIC'];
break;


		$page_title = $user->lang['POST_TOPIC'];
break;


	case 'quote':

 
	case 'reply':

	case 'reply':

 
		$s_action .= $topic_id ? "&amp;t=$topic_id" : '';
$page_title = $user->lang['POST_REPLY'];
break;

case 'quote':
$s_action .= $post_id ? "&amp;p=$post_id" : '';

		$page_title = $user->lang['POST_REPLY'];
break;

case 'delete':
case 'edit':

		$page_title = $user->lang['POST_REPLY'];
break;

case 'delete':
case 'edit':

 
		$s_action .= $post_id ? "&amp;p=$post_id" : '';

		$page_title = $user->lang['EDIT_POST'];
break;
}

		$page_title = $user->lang['EDIT_POST'];
break;
}

Line 1866Line 1951
	'EDIT_REASON'			=> $request->variable('edit_reason', '', true),
'SHOW_PANEL' => $request->variable('show_panel', ''),
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"),

	'EDIT_REASON'			=> $request->variable('edit_reason', '', true),
'SHOW_PANEL' => $request->variable('show_panel', ''),
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"),

	'U_VIEW_TOPIC'			=> ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id") : '',

	'U_VIEW_TOPIC'			=> ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id") : '',

	'U_PROGRESS_BAR'		=> append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup"),
'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup")),


	'U_PROGRESS_BAR'		=> append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup"),
'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup")),


Line 1890Line 1975
	'S_LOCK_POST_ALLOWED'		=> ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? ' checked="checked"' : '',
'S_SOFTDELETE_CHECKED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? ' checked="checked"' : '',

	'S_LOCK_POST_ALLOWED'		=> ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? ' checked="checked"' : '',
'S_SOFTDELETE_CHECKED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? ' checked="checked"' : '',

	'S_SOFTDELETE_ALLOWED'		=> ($mode == 'edit' && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $lock_post_checked)) ? true : false,

	'S_SOFTDELETE_ALLOWED'		=> ($mode == 'edit' && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $lock_post_checked) && $post_id == $post_data['topic_last_post_id'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])) ? true : false,

	'S_RESTORE_ALLOWED'			=> $auth->acl_get('m_approve', $forum_id),
'S_IS_DELETED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? true : false,
'S_LINKS_ALLOWED' => $url_status,

	'S_RESTORE_ALLOWED'			=> $auth->acl_get('m_approve', $forum_id),
'S_IS_DELETED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? true : false,
'S_LINKS_ALLOWED' => $url_status,

Line 2015Line 2100
}

// Attachment entry

}

// Attachment entry

posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);

posting_gen_attachment_entry($attachment_data, $filename_data, $allowed, $forum_id);


// Output page ...
page_header($page_title);


// Output page ...
page_header($page_title);