Line 41 | Line 41 |
---|
if ($delete && count($delete_ids)) { // Validate $delete_ids...
|
if ($delete && count($delete_ids)) { // Validate $delete_ids...
|
$sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
| $sql = 'SELECT a.attach_id, a.in_message, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status, pt.folder_id
|
FROM ' . ATTACHMENTS_TABLE . ' a LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
| FROM ' . ATTACHMENTS_TABLE . ' a LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
|
Line 49 | Line 49 |
---|
ON (t.topic_id = p.topic_id AND a.in_message = 0) LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
|
ON (t.topic_id = p.topic_id AND a.in_message = 0) LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
|
| LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1) LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)
|
WHERE a.poster_id = ' . $user->data['user_id'] . ' AND a.is_orphan = 0 AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
| WHERE a.poster_id = ' . $user->data['user_id'] . ' AND a.is_orphan = 0 AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
|
Line 57 | Line 61 |
---|
$delete_ids = array(); while ($row = $db->sql_fetchrow($result)) {
|
$delete_ids = array(); while ($row = $db->sql_fetchrow($result)) {
|
if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
| if (!$this->can_delete_file($row))
|
{ continue; }
| { continue; }
|
Line 135 | Line 139 |
---|
$pagination = $phpbb_container->get('pagination'); $start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
|
$pagination = $phpbb_container->get('pagination'); $start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
|
$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
| $sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, pr.message_time as message_time, pt.folder_id, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status
|
FROM ' . ATTACHMENTS_TABLE . ' a LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0) LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0) LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
|
FROM ' . ATTACHMENTS_TABLE . ' a LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0) LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0) LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
|
| LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)
|
WHERE a.poster_id = ' . $user->data['user_id'] . " AND a.is_orphan = 0 ORDER BY $order_by";
| WHERE a.poster_id = ' . $user->data['user_id'] . " AND a.is_orphan = 0 ORDER BY $order_by";
|
Line 159 | Line 164 |
---|
} else {
|
} else {
|
$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}";
| $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}";
|
}
$template->assign_block_vars('attachrow', array(
| }
$template->assign_block_vars('attachrow', array(
|
Line 177 | Line 182 |
---|
'TOPIC_ID' => $row['topic_id'],
'S_IN_MESSAGE' => $row['in_message'],
|
'TOPIC_ID' => $row['topic_id'],
'S_IN_MESSAGE' => $row['in_message'],
|
'S_LOCKED' => !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),
| 'S_LOCKED' => !$this->can_delete_file($row),
|
'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic)
| 'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic)
|
Line 194 | Line 199 |
---|
$template->assign_vars(array( 'TOTAL_ATTACHMENTS' => $num_attachments,
|
$template->assign_vars(array( 'TOTAL_ATTACHMENTS' => $num_attachments,
|
'NUM_ATTACHMENTS' => $user->lang('NUM_ATTACHMENTS', $num_attachments),
| 'NUM_ATTACHMENTS' => $user->lang('NUM_ATTACHMENTS', (int) $num_attachments),
|
'L_TITLE' => $user->lang['UCP_ATTACHMENTS'],
| 'L_TITLE' => $user->lang['UCP_ATTACHMENTS'],
|
Line 215 | Line 220 |
---|
$this->tpl_name = 'ucp_attachments'; $this->page_title = 'UCP_ATTACHMENTS';
|
$this->tpl_name = 'ucp_attachments'; $this->page_title = 'UCP_ATTACHMENTS';
|
| }
/** * Check if the user can delete the file * * @param array $row * * @return bool True if user can delete the file, false if not */ private function can_delete_file(array $row): bool { global $auth, $config;
if ($row['in_message']) { return ($row['message_time'] > (time() - ($config['pm_edit_time'] * 60)) || !$config['pm_edit_time']) && $row['folder_id'] == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit'); } else { $can_edit_time = !$config['edit_time'] || $row['post_time'] > (time() - ($config['edit_time'] * 60)); $can_delete_time = !$config['delete_time'] || $row['post_time'] > (time() - ($config['delete_time'] * 60)); $item_locked = !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']);
return !$item_locked && $can_edit_time && $can_delete_time; }
|
} }
| } }
|