\', \'$1\') . \'[/html]\'', $parts[$i]); } $form_message = implode('', $parts); } $form_message = preg_replace('~
~i', "\n", $form_message); // Remove any nested quotes, if necessary. if (!empty($modSettings['removeNestedQuotes'])) $form_message = preg_replace(array('~\n?\[quote.*?\].+?\[/quote\]\n?~is', '~^\n~', '~\[/quote\]~'), '', $form_message); // Add a quote string on the front and end. $form_message = '[quote author=' . $mname . ' link=topic=' . $topic . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $mdate . ']' . "\n" . rtrim($form_message) . "\n" . '[/quote]'; } // Posting a reply without a quote? elseif (!empty($topic) && empty($_REQUEST['quote'])) { // Get the first message's subject. $form_subject = $first_subject; // Add 'Re: ' to the front of the subject. if (trim($context['response_prefix']) != '' && $form_subject != '' && $smcFunc['strpos']($form_subject, trim($context['response_prefix'])) !== 0) $form_subject = $context['response_prefix'] . $form_subject; // Censor the subject. censorText($form_subject); $form_message = ''; } else { $form_subject = isset($_GET['subject']) ? $_GET['subject'] : ''; $form_message = ''; } } $context['can_post_attachment'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && (allowedTo('post_attachment') || ($modSettings['postmod_active'] && allowedTo('post_unapproved_attachments'))); if ($context['can_post_attachment']) { // If there are attachments, calculate the total size and how many. $context['attachments']['total_size'] = 0; $context['attachments']['quantity'] = 0; if (!empty($context['current_attachments'])) if (!empty($modSettings['currentAttachmentUploadDir'])) { if (!is_array($modSettings['attachmentUploadDir'])) $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']); // Just use the current path for temp files. $current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']]; } else $current_attach_dir = $modSettings['attachmentUploadDir']; // If this isn't a new post, check the current attachments. if (isset($_REQUEST['msg'])) { $context['attachments']['quantity'] = count($context['current_attachments']); foreach ($context['current_attachments'] as $attachment) $context['attachments']['total_size'] += $attachment['size']; } // A bit of house keeping first. if (!empty($_SESSION['temp_attachments']) && count($_SESSION['temp_attachments']) == 1) unset($_SESSION['temp_attachments']); if (!empty($_SESSION['temp_attachments'])) { // Is this a request to delete them? if (isset($_GET['delete_temp'])) { foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) if (file_exists($attachment['tmp_name'])) unlink($attachment['tmp_name']); } $post_errors[] = 'temp_attachments_gone'; $_SESSION['temp_attachments'] = array(); } // Hmm, coming in fresh and there are files in session. elseif ($context['current_action'] != 'post2' || !empty($_POST['from_qr'])) { // Let's be nice and see if they belong here first. if ((empty($_REQUEST['msg']) && empty($_SESSION['temp_attachments']['post']['msg']) && $_SESSION['temp_attachments']['post']['board'] == $board) || (!empty($_REQUEST['msg']) && $_SESSION['temp_attachments']['post']['msg'] == $_REQUEST['msg'])) { // See if any files still exist before showing the warning message and the files attached. foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (strpos($attachID, 'post_tmp_' . $user_info['id']) === false) continue; if (file_exists($attachment['tmp_name'])) { $post_errors[] = 'temp_attachments_new'; $context['files_in_session_warning'] = $txt['attached_files_in_session']; unset($_SESSION['temp_attachments']['post']['files']); break; } } } else { // Since, they don't belong here. Let's inform the user that they exist.. if (!empty($topic)) $delete_link = '' . $txt['here'] . ''; else $delete_link = '' . $txt['here'] . ''; // Compile a list of the files to show the user. $file_list = array(); foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) $file_list[] = $attachment['name']; $_SESSION['temp_attachments']['post']['files'] = $file_list; $file_list = ''; if (!empty($_SESSION['temp_attachments']['post']['msg'])) { // We have a message id, so we can link back to the old topic they were trying to edit.. $goback_link = '' . $txt['here'] . ''; $post_errors[] = array('temp_attachments_found', array($delete_link, $goback_link, $file_list)); $context['ignore_temp_attachments'] = true; } else { $post_errors[] = array('temp_attachments_lost', array($delete_link, $file_list)); $context['ignore_temp_attachments'] = true; } } } if (!empty($context['we_are_history'])) $post_errors[] = $context['we_are_history']; foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (isset($context['ignore_temp_attachments']) || isset($_SESSION['temp_attachments']['post']['files'])) break; if ($attachID != 'initial_error' && strpos($attachID, 'post_tmp_' . $user_info['id']) === false) continue; if ($attachID == 'initial_error') { $txt['error_attach_initial_error'] = $txt['attach_no_upload'] . '
' . (is_array($attachment) ? vsprintf($txt[$attachment[0]], $attachment[1]) : $txt[$attachment]) . '
';
$post_errors[] = 'attach_initial_error';
unset($_SESSION['temp_attachments']);
break;
}
// Show any errors which might of occured.
if (!empty($attachment['errors']))
{
$txt['error_attach_errrors'] = empty($txt['error_attach_errrors']) ? '' : ''; $txt['error_attach_errrors'] .= vsprintf($txt['attach_warning'], $attachment['name']) . '
';
foreach ($attachment['errors'] as $error)
$txt['error_attach_errrors'] .= (is_array($error) ? vsprintf($txt[$error[0]], $error[1]) : $txt[$error]) . '
'; $txt['error_attach_errrors'] .= '
';
$post_errors[] = 'attach_errrors';
// Take out the trash.
unset($_SESSION['temp_attachments'][$attachID]);
if (file_exists($attachment['tmp_name']))
unlink($attachment['tmp_name']);
continue;
}
// More house keeping.
if (!file_exists($attachment['tmp_name']))
{
unset($_SESSION['temp_attachments'][$attachID]);
continue;
}
$context['attachments']['quantity']++;
$context['attachments']['total_size'] += $attachment['size'];
if (!isset($context['files_in_session_warning']))
$context['files_in_session_warning'] = $txt['attached_files_in_session'];
$context['current_attachments'][] = array(
'name' => '' . htmlspecialchars($attachment['name']) . '',
'size' => $attachment['size'],
'id' => $attachID,
'unchecked' => false,
'approved' => 1,
);
}
}
}
// Do we need to show the visual verification image?
$context['require_verification'] = !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || ($user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1));
if ($context['require_verification'])
{
require_once($sourcedir . '/Subs-Editor.php');
$verificationOptions = array(
'id' => 'post',
);
$context['require_verification'] = create_control_verification($verificationOptions);
$context['visual_verification_id'] = $verificationOptions['id'];
}
// If they came from quick reply, and have to enter verification details, give them some notice.
if (!empty($_REQUEST['from_qr']) && !empty($context['require_verification']))
$post_errors[] = 'need_qr_verification';
/*
* There are two error types: serious and miinor. Serious errors
* actually tell the user that a real error has occurred, while minor
* errors are like warnings that let them know that something with
* their post isn't right.
*/
$minor_errors = array('not_approved', 'new_replies', 'old_topic', 'need_qr_verification', 'no_subject');
call_integration_hook('integrate_post_errors', array($post_errors, $minor_errors));
// Any errors occurred?
if (!empty($post_errors))
{
loadLanguage('Errors');
$context['error_type'] = 'minor';
foreach ($post_errors as $post_error)
if (is_array($post_error))
{
$post_error_id = $post_error[0];
$context['post_error'][$post_error_id] = vsprintf($txt['error_' . $post_error_id], $post_error[1]);
// If it's not a minor error flag it as such.
if (!in_array($post_error_id, $minor_errors))
$context['error_type'] = 'serious';
}
else
{
$context['post_error'][$post_error] = $txt['error_' . $post_error];
// If it's not a minor error flag it as such.
if (!in_array($post_error, $minor_errors))
$context['error_type'] = 'serious';
}
}
// What are you doing? Posting a poll, modifying, previewing, new post, or reply...
if (isset($_REQUEST['poll']))
$context['page_title'] = $txt['new_poll'];
elseif ($context['make_event'])
$context['page_title'] = $context['event']['id'] == -1 ? $txt['calendar_post_event'] : $txt['calendar_edit'];
elseif (isset($_REQUEST['msg']))
$context['page_title'] = $txt['modify_msg'];
elseif (isset($_REQUEST['subject'], $context['preview_subject']))
$context['page_title'] = $txt['preview'] . ' - ' . strip_tags($context['preview_subject']);
elseif (empty($topic))
$context['page_title'] = $txt['start_new_topic'];
else
$context['page_title'] = $txt['post_reply'];
// Build the link tree.
if (empty($topic))
$context['linktree'][] = array(
'name' => '' . $txt['start_new_topic'] . ''
);
else
$context['linktree'][] = array(
'url' => $scripturl . '?topic=' . $topic . '.' . $_REQUEST['start'],
'name' => $form_subject,
'extra_before' => '' . $context['page_title'] . ' ( ',
'extra_after' => ' )'
);
// Give wireless a linktree url to the post screen, so that they can switch to full version.
if (WIRELESS)
$context['linktree'][count($context['linktree']) - 1]['url'] = $scripturl . '?action=post;' . (!empty($topic) ? 'topic=' . $topic : 'board=' . $board) . '.' . $_REQUEST['start'] . (isset($_REQUEST['msg']) ? ';msg=' . (int) $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] : '');
$context['subject'] = addcslashes($form_subject, '"');
$context['message'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message);
// Needed for the editor and message icons.
require_once($sourcedir . '/Subs-Editor.php');
// Now create the editor.
$editorOptions = array(
'id' => 'message',
'value' => $context['message'],
'labels' => array(
'post_button' => $context['submit_label'],
),
// add height and width for the editor
'height' => '275px',
'width' => '100%',
// We do XML preview here.
'preview_type' => 2,
);
create_control_richedit($editorOptions);
// Store the ID.
$context['post_box_name'] = $editorOptions['id'];
$context['attached'] = '';
$context['make_poll'] = isset($_REQUEST['poll']);
// Message icons - customized icons are off?
$context['icons'] = getMessageIcons($board);
if (!empty($context['icons']))
$context['icons'][count($context['icons']) - 1]['is_last'] = true;
// Are we starting a poll? if set the poll icon as selected if its available
if (isset($_REQUEST['poll']))
{
foreach ($context['icons'] as $icons)
{
if (isset($icons['value']) && $icons['value'] == 'poll')
{
// if found we are done
$context['icon'] = 'poll';
break;
}
}
}
$context['icon_url'] = '';
for ($i = 0, $n = count($context['icons']); $i < $n; $i++)
{
$context['icons'][$i]['selected'] = $context['icon'] == $context['icons'][$i]['value'];
if ($context['icons'][$i]['selected'])
$context['icon_url'] = $context['icons'][$i]['url'];
}
if (empty($context['icon_url']))
{
$context['icon_url'] = $settings[file_exists($settings['theme_dir'] . '/images/post/' . $context['icon'] . '.png') ? 'images_url' : 'default_images_url'] . '/post/' . $context['icon'] . '.png';
array_unshift($context['icons'], array(
'value' => $context['icon'],
'name' => $txt['current_icon'],
'url' => $context['icon_url'],
'is_last' => empty($context['icons']),
'selected' => true,
));
}
if (!empty($topic) && !empty($modSettings['topicSummaryPosts']))
getTopic();
// If the user can post attachments prepare the warning labels.
if ($context['can_post_attachment'])
{
// If they've unchecked an attachment, they may still want to attach that many more files, but don't allow more than num_allowed_attachments.
$context['num_allowed_attachments'] = empty($modSettings['attachmentNumPerPostLimit']) ? 50 : min($modSettings['attachmentNumPerPostLimit'] - count($context['current_attachments']), $modSettings['attachmentNumPerPostLimit']);
$context['can_post_attachment_unapproved'] = allowedTo('post_attachment');
$context['attachment_restrictions'] = array();
$context['allowed_extensions'] = strtr(strtolower($modSettings['attachmentExtensions']), array(',' => ', '));
$attachmentRestrictionTypes = array('attachmentNumPerPostLimit', 'attachmentPostLimit', 'attachmentSizeLimit');
foreach ($attachmentRestrictionTypes as $type)
if (!empty($modSettings[$type]))
{
$context['attachment_restrictions'][] = sprintf($txt['attach_restrict_' . $type], comma_format($modSettings[$type], 0));
// Show some numbers. If they exist.
if ($type == 'attachmentNumPerPostLimit' && $context['attachments']['quantity'] > 0)
$context['attachment_restrictions'][] = sprintf($txt['attach_remaining'], $modSettings['attachmentNumPerPostLimit'] - $context['attachments']['quantity']);
elseif ($type == 'attachmentPostLimit' && $context['attachments']['total_size'] > 0)
$context['attachment_restrictions'][] = sprintf($txt['attach_available'], comma_format(round(max($modSettings['attachmentPostLimit'] - ($context['attachments']['total_size'] / 1028), 0)), 0));
}
}
$context['back_to_topic'] = isset($_REQUEST['goback']) || (isset($_REQUEST['msg']) && !isset($_REQUEST['subject']));
$context['show_additional_options'] = !empty($_POST['additional_options']) || isset($_SESSION['temp_attachments']['post']) || isset($_GET['additionalOptions']);
$context['is_new_topic'] = empty($topic);
$context['is_new_post'] = !isset($_REQUEST['msg']);
$context['is_first_post'] = $context['is_new_topic'] || (isset($_REQUEST['msg']) && $_REQUEST['msg'] == $id_first_msg);
// WYSIWYG only works if BBC is enabled
$modSettings['disable_wysiwyg'] = !empty($modSettings['disable_wysiwyg']) || empty($modSettings['enableBBC']);
// Register this form in the session variables.
checkSubmitOnce('register');
// Finally, load the template.
if (WIRELESS && WIRELESS_PROTOCOL != 'wap')
$context['sub_template'] = WIRELESS_PROTOCOL . '_post';
elseif (!isset($_REQUEST['xml']))
loadTemplate('Post');
}
/**
* actually posts or saves the message composed with Post().
* requires various permissions depending on the action.
* handles attachment, post, and calendar saving.
* sends off notifications, and allows for announcements and moderation.
* accessed from ?action=post2.
*/
function Post2()
{
global $board, $topic, $txt, $modSettings, $sourcedir, $context;
global $user_info, $board_info, $options, $smcFunc;
// Sneaking off, are we?
if (empty($_POST) && empty($topic))
{
if (empty($_SERVER['CONTENT_LENGTH']))
redirectexit('action=post;board=' . $board . '.0');
else
fatal_lang_error('post_upload_error', false);
}
elseif (empty($_POST) && !empty($topic))
redirectexit('action=post;topic=' . $topic . '.0');
// No need!
$context['robot_no_index'] = true;
// Any files to include for post?
if (!empty($modSettings['integrate_post_include']))
{
$post_includes = explode(',', $modSettings['integrate_post_include']);
foreach ($post_includes as $include)
{
$include = strtr(trim($include), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir, '$themedir' => $settings['theme_dir']));
if (file_exists($include))
require_once($include);
}
}
// Previewing? Go back to start.
if (isset($_REQUEST['preview']))
return Post();
// Previewing? Go back to start.
if (isset($_REQUEST['preview']))
return Post();
// Prevent double submission of this form.
checkSubmitOnce('check');
// No errors as yet.
$post_errors = array();
// If the session has timed out, let the user re-submit their form.
if (checkSession('post', '', false) != '')
$post_errors[] = 'session_timeout';
// Wrong verification code?
if (!$user_info['is_admin'] && !$user_info['is_mod'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || ($user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1)))
{
require_once($sourcedir . '/Subs-Editor.php');
$verificationOptions = array(
'id' => 'post',
);
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification']))
$post_errors = array_merge($post_errors, $context['require_verification']);
}
require_once($sourcedir . '/Subs-Post.php');
loadLanguage('Post');
// First check to see if they are trying to delete any current attachments.
if (isset($_POST['attach_del']))
{
$keep_temp = array();
$keep_ids = array();
foreach ($_POST['attach_del'] as $dummy)
if (strpos($dummy, 'post_tmp_' . $user_info['id']) !== false)
$keep_temp[] = $dummy;
else
$keep_ids[] = (int) $dummy;
if (isset($_SESSION['temp_attachments']))
foreach($_SESSION['temp_attachments'] as $attachID => $attachment)
{
if ((isset($_SESSION['temp_attachments']['post']['files'], $attachment['name']) && in_array($attachment['name'], $_SESSION['temp_attachments']['post']['files'])) || in_array($attachID, $keep_temp) || strpos($attachID, 'post_tmp_' . $user_info['id']) === false)
continue;
unset($_SESSION['temp_attachments'][$attachID]);
unlink($attachment['tmp_name']);
}
if (!empty($_REQUEST['msg']))
{
require_once($sourcedir . '/ManageAttachments.php');
$attachmentQuery = array(
'attachment_type' => 0,
'id_msg' => (int) $_REQUEST['msg'],
'not_id_attach' => $keep_ids,
);
removeAttachments($attachmentQuery);
}
}
// Then try to upload any attachments.
$context['can_post_attachment'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && (allowedTo('post_attachment') || ($modSettings['postmod_active'] && allowedTo('post_unapproved_attachments')));
if ($context['can_post_attachment'] && !empty($_FILES['attachment']) && empty($_POST['from_qr']))
{
// Make sure we're uploading to the right place.
if (!empty($modSettings['currentAttachmentUploadDir']))
{
if (!is_array($modSettings['attachmentUploadDir']))
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
// The current directory, of course!
$context['attach_dir'] = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
}
else
$context['attach_dir'] = $modSettings['attachmentUploadDir'];
// Is the attachments folder actualy there?
if (!is_dir($context['attach_dir']))
{
$initial_error = 'attach_folder_warning';
log_error(sprintf($txt['attach_folder_admin_warning'], $context['attach_dir']), 'critical');
}
// Check that the attachments folder is writable. No sense in proceeding if it isn't.
if (empty($initial_error) && !is_writable($context['attach_dir']))
{
// But, let's try to make it writable first.
chmod($context['attach_dir'], 0755);
if (!is_writable($context['attach_dir']))
{
chmod($context['attach_dir'], 0775);
if (!is_writable($context['attach_dir']))
{
chmod($context['attach_dir'], 0777);
if (!is_writable($context['attach_dir']))
$initial_error = 'attachments_no_write';
}
}
}
if (!isset($initial_error) && !isset($context['attachments']))
{
// If this isn't a new post, check the current attachments.
if (isset($_REQUEST['msg']))
{
$request = $smcFunc['db_query']('', '
SELECT COUNT(*), SUM(size)
FROM {db_prefix}attachments
WHERE id_msg = {int:id_msg}
AND attachment_type = {int:attachment_type}',
array(
'id_msg' => (int) $_REQUEST['msg'],
'attachment_type' => 0,
)
);
list ($context['attachments']['quantity'], $context['attachments']['total_size']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
}
else
$context['attachments'] = array(
'quantity' => 0,
'total_size' => 0,
);
}
// Hmm. There are still files in session.
$ignore_temp = false;
if (!empty($_SESSION['temp_attachments']['post']['files']) && count($_SESSION['temp_attachments']) > 1)
{
// Let's try to keep them. But...
$ignore_temp = true;
// If new files are being added. We can't ignore those
foreach ($_FILES['attachment']['tmp_name'] as $dummy)
if (!empty($dummy))
{
$ignore_temp = false;
break;
}
// Need to make space for the new files. So, bye bye.
if (!$ignore_temp)
{
foreach ($_SESSION['temp_attachments'] as $attachID => $attachment)
if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false)
unlink($attachment['tmp_name']);
$context['we_are_history'] = 'temp_attachments_flushed';
$_SESSION['temp_attachments'] = array();
}
}
if (!isset($_FILES['attachment']['name']))
$_FILES['attachment']['tmp_name'] = array();
if (!isset($_SESSION['temp_attachments']))
$_SESSION['temp_attachments'] = array();
// Remember where we are at. If it's anywhere at all.
if (!$ignore_temp)
$_SESSION['temp_attachments']['post'] = array(
'msg' => !empty($_REQUEST['msg']) ? $_REQUEST['msg'] : 0,
'last_msg' => !empty($_REQUEST['last_msg']) ? $_REQUEST['last_msg'] : 0,
'topic' => !empty($topic) ? $topic : 0,
'board' => !empty($board) ? $board : 0,
);
// If we have an itital error, lets just display it.
if (!empty($initial_error))
{
$_SESSION['temp_attachments']['initial_error'] = $initial_error;
// And delete the files 'cos they ain't going nowhere.
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
if (file_exists($_FILES['attachment']['tmp_name'][$n]))
unlink($_FILES['attachment']['tmp_name'][$n]);
$_FILES['attachment']['tmp_name'] = array();
}
// Loop through $_FILES['attachment'] array and move each file to the current attachments folder.
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
{
if ($_FILES['attachment']['name'][$n] == '')
continue;
// First, let's first check for PHP upload errors.
$errors = array();
if (!empty($_FILES['attachment']['error'][$n]))
{
if ($_FILES['attachment']['error'][$n] == 2)
$errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit']));
elseif ($_FILES['attachment']['error'][$n] == 6)
log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical');
else
log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]);
if (empty($errors))
$errors[] = 'attach_php_error';
}
// Try to move and rename the file before doing any more checks on it.
$attachID = 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand());
$destName = $context['attach_dir'] . '/' . $attachID;
if (empty($errors))
{
$_SESSION['temp_attachments'][$attachID] = array(
'name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])),
'tmp_name' => $destName,
'size' => $_FILES['attachment']['size'][$n],
'type' => $_FILES['attachment']['type'][$n],
'errors' => array(),
);
// Move the file to the attachments folder with a temp name for now.
if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName))
@chmod($destName, 0644);
else
{
$_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout';
if (file_exists($_FILES['attachment']['tmp_name'][$n]))
unlink($_FILES['attachment']['tmp_name'][$n]);
}
}
else
{
$_SESSION['temp_attachments'][$attachID] = array(
'name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])),
'tmp_name' => $destName,
'errors' => $errors,
);
if (file_exists($_FILES['attachment']['tmp_name'][$n]))
unlink($_FILES['attachment']['tmp_name'][$n]);
}
// If there's no errors to this pont. We still do need to apply some addtional checks before we are finished.
if (empty($_SESSION['temp_attachments'][$attachID]['errors']))
attachmentChecks($attachID);
}
}
// Mod authors, finally a hook to hang an alternate attachment upload system upon
// Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand())
// Populate $_SESSION['temp_attachments'][$attachID] with the following:
// name => The file name
// tmp_name => Path to the temp file ($context['attach_dir'] . '/' . $attachID).
// size => File size (required).
// type => MIME type (optional if not available on upload).
// errors => An array of errors (use the index of the $txt variable for that error).
// Template changes can be done using "integrate_upload_template".
call_integration_hook('integrate_attachment_upload');
// If this isn't a new topic load the topic info that we need.
if (!empty($topic))
{
$request = $smcFunc['db_query']('', '
SELECT locked, is_sticky, id_poll, approved, id_first_msg, id_last_msg, id_member_started, id_board
FROM {db_prefix}topics
WHERE id_topic = {int:current_topic}
LIMIT 1',
array(
'current_topic' => $topic,
)
);
$topic_info = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Though the topic should be there, it might have vanished.
if (!is_array($topic_info))
fatal_lang_error('topic_doesnt_exist');
// Did this topic suddenly move? Just checking...
if ($topic_info['id_board'] != $board)
fatal_lang_error('not_a_topic');
}
// Replying to a topic?
if (!empty($topic) && !isset($_REQUEST['msg']))
{
// Don't allow a post if it's locked.
if ($topic_info['locked'] != 0 && !allowedTo('moderate_board'))
fatal_lang_error('topic_locked', false);
// Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P.
if (isset($_REQUEST['poll']) && $topic_info['id_poll'] > 0)
unset($_REQUEST['poll']);
// Do the permissions and approval stuff...
$becomesApproved = true;
if ($topic_info['id_member_started'] != $user_info['id'])
{
if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any'))
$becomesApproved = false;
else
isAllowedTo('post_reply_any');
}
elseif (!allowedTo('post_reply_any'))
{
if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own'))
$becomesApproved = false;
else
isAllowedTo('post_reply_own');
}
if (isset($_POST['lock']))
{
// Nothing is changed to the lock.
if ((empty($topic_info['locked']) && empty($_POST['lock'])) || (!empty($_POST['lock']) && !empty($topic_info['locked'])))
unset($_POST['lock']);
// You're have no permission to lock this topic.
elseif (!allowedTo(array('lock_any', 'lock_own')) || (!allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']))
unset($_POST['lock']);
// You are allowed to (un)lock your own topic only.
elseif (!allowedTo('lock_any'))
{
// You cannot override a moderator lock.
if ($topic_info['locked'] == 1)
unset($_POST['lock']);
else
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
// Hail mighty moderator, (un)lock this topic immediately.
else
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
// So you wanna (un)sticky this...let's see.
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $topic_info['is_sticky'] || !allowedTo('make_sticky')))
unset($_POST['sticky']);
// If the number of replies has changed, if the setting is enabled, go back to Post() - which handles the error.
if (empty($options['no_new_reply_warning']) && isset($_POST['last_msg']) && $topic_info['id_last_msg'] > $_POST['last_msg'])
{
$_REQUEST['preview'] = true;
return Post();
}
$posterIsGuest = $user_info['is_guest'];
}
// Posting a new topic.
elseif (empty($topic))
{
// Now don't be silly, new topics will get their own id_msg soon enough.
unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']);
// Do like, the permissions, for safety and stuff...
$becomesApproved = true;
if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics'))
$becomesApproved = false;
else
isAllowedTo('post_new');
if (isset($_POST['lock']))
{
// New topics are by default not locked.
if (empty($_POST['lock']))
unset($_POST['lock']);
// Besides, you need permission.
elseif (!allowedTo(array('lock_any', 'lock_own')))
unset($_POST['lock']);
// A moderator-lock (1) can override a user-lock (2).
else
$_POST['lock'] = allowedTo('lock_any') ? 1 : 2;
}
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky')))
unset($_POST['sticky']);
$posterIsGuest = $user_info['is_guest'];
}
// Modifying an existing message?
elseif (isset($_REQUEST['msg']) && !empty($topic))
{
$_REQUEST['msg'] = (int) $_REQUEST['msg'];
$request = $smcFunc['db_query']('', '
SELECT id_member, poster_name, poster_email, poster_time, approved
FROM {db_prefix}messages
WHERE id_msg = {int:id_msg}
LIMIT 1',
array(
'id_msg' => $_REQUEST['msg'],
)
);
if ($smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('cant_find_messages', false);
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
if (!empty($topic_info['locked']) && !allowedTo('moderate_board'))
fatal_lang_error('topic_locked', false);
if (isset($_POST['lock']))
{
// Nothing changes to the lock status.
if ((empty($_POST['lock']) && empty($topic_info['locked'])) || (!empty($_POST['lock']) && !empty($topic_info['locked'])))
unset($_POST['lock']);
// You're simply not allowed to (un)lock this.
elseif (!allowedTo(array('lock_any', 'lock_own')) || (!allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']))
unset($_POST['lock']);
// You're only allowed to lock your own topics.
elseif (!allowedTo('lock_any'))
{
// You're not allowed to break a moderator's lock.
if ($topic_info['locked'] == 1)
unset($_POST['lock']);
// Lock it with a soft lock or unlock it.
else
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
// You must be the moderator.
else
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
// Change the sticky status of this topic?
if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $topic_info['is_sticky']))
unset($_POST['sticky']);
if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any'))
{
if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time())
fatal_lang_error('modify_post_time_passed', false);
elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_own'))
isAllowedTo('modify_replies');
else
isAllowedTo('modify_own');
}
elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_any'))
{
isAllowedTo('modify_replies');
// If you're modifying a reply, I say it better be logged...
$moderationAction = true;
}
else
{
isAllowedTo('modify_any');
// Log it, assuming you're not modifying your own post.
if ($row['id_member'] != $user_info['id'])
$moderationAction = true;
}
$posterIsGuest = empty($row['id_member']);
// Can they approve it?
$can_approve = allowedTo('approve_posts');
$becomesApproved = $modSettings['postmod_active'] ? ($can_approve && !$row['approved'] ? (!empty($_REQUEST['approve']) ? 1 : 0) : $row['approved']) : 1;
$approve_has_changed = $row['approved'] != $becomesApproved;
if (!allowedTo('moderate_forum') || !$posterIsGuest)
{
$_POST['guestname'] = $row['poster_name'];
$_POST['email'] = $row['poster_email'];
}
}
// Incase we want to override
if (allowedTo('approve_posts'))
{
$becomesApproved = !isset($_REQUEST['approve']) || !empty($_REQUEST['approve']) ? 1 : 0;
$approve_has_changed = isset($row['approved']) ? $row['approved'] != $becomesApproved : false;
}
// If the poster is a guest evaluate the legality of name and email.
if ($posterIsGuest)
{
$_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']);
$_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
if ($_POST['guestname'] == '' || $_POST['guestname'] == '_')
$post_errors[] = 'no_name';
if ($smcFunc['strlen']($_POST['guestname']) > 25)
$post_errors[] = 'long_name';
if (empty($modSettings['guest_post_no_email']))
{
// Only check if they changed it!
if (!isset($row) || $row['poster_email'] != $_POST['email'])
{
if (!allowedTo('moderate_forum') && (!isset($_POST['email']) || $_POST['email'] == ''))
$post_errors[] = 'no_email';
if (!allowedTo('moderate_forum') && preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['email']) == 0)
$post_errors[] = 'bad_email';
}
// Now make sure this email address is not banned from posting.
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
}
// In case they are making multiple posts this visit, help them along by storing their name.
if (empty($post_errors))
{
$_SESSION['guest_name'] = $_POST['guestname'];
$_SESSION['guest_email'] = $_POST['email'];
}
}
// Check the subject and message.
if (!isset($_POST['subject']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) === '')
$post_errors[] = 'no_subject';
if (!isset($_POST['message']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['message']), ENT_QUOTES) === '')
$post_errors[] = 'no_message';
elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_POST['message']) > $modSettings['max_messageLength'])
$post_errors[] = array('long_message', array($modSettings['max_messageLength']));
else
{
// Prepare the message a bit for some additional testing.
$_POST['message'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES);
// Preparse code. (Zef)
if ($user_info['is_guest'])
$user_info['name'] = $_POST['guestname'];
preparsecode($_POST['message']);
// Let's see if there's still some content left without the tags.
if ($smcFunc['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), ''; $txt['error_attach_errrors'] .= '
- ';
$context['error_message'] .= implode("\n", $attach_errors);
$context['error_message'] .= '
' => "\n", '' => "\n", '' => "\n", '[' => '[', ']' => ']'))))); // We need this in order to be able send emails. require_once($sourcedir . '/Subs-Post.php'); // Select the email addresses for this batch. $request = $smcFunc['db_query']('', ' SELECT mem.id_member, mem.email_address, mem.lngfile FROM {db_prefix}members AS mem WHERE mem.id_member != {int:current_member}' . (!empty($modSettings['allow_disableAnnounce']) ? ' AND mem.notify_announcements = {int:notify_announcements}' : '') . ' AND mem.is_activated = {int:is_activated} AND (mem.id_group IN ({array_int:group_list}) OR mem.id_post_group IN ({array_int:group_list}) OR FIND_IN_SET({raw:additional_group_list}, mem.additional_groups) != 0) AND mem.id_member > {int:start} ORDER BY mem.id_member LIMIT ' . $chunkSize, array( 'current_member' => $user_info['id'], 'group_list' => $_POST['who'], 'notify_announcements' => 1, 'is_activated' => 1, 'start' => $context['start'], 'additional_group_list' => implode(', mem.additional_groups) != 0 OR FIND_IN_SET(', $_POST['who']), ) ); // All members have received a mail. Go to the next screen. if ($smcFunc['db_num_rows']($request) == 0) { if (!empty($_REQUEST['move']) && allowedTo('move_any')) redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback')); elseif (!empty($_REQUEST['goback'])) redirectexit('topic=' . $topic . '.new;boardseen#new', isBrowser('ie')); else redirectexit('board=' . $board . '.0'); } $announcements = array(); // Loop through all members that'll receive an announcement in this batch. while ($row = $smcFunc['db_fetch_assoc']($request)) { $cur_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']; // If the language wasn't defined yet, load it and compose a notification message. if (!isset($announcements[$cur_language])) { $replacements = array( 'TOPICSUBJECT' => $context['topic_subject'], 'MESSAGE' => $message, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.0', ); $emaildata = loadEmailTemplate('new_announcement', $replacements, $cur_language); $announcements[$cur_language] = array( 'subject' => $emaildata['subject'], 'body' => $emaildata['body'], 'recipients' => array(), ); } $announcements[$cur_language]['recipients'][$row['id_member']] = $row['email_address']; $context['start'] = $row['id_member']; } $smcFunc['db_free_result']($request); // For each language send a different mail - low priority... foreach ($announcements as $lang => $mail) sendmail($mail['recipients'], $mail['subject'], $mail['body'], null, null, false, 5); $context['percentage_done'] = round(100 * $context['start'] / $modSettings['latestMember'], 1); $context['move'] = empty($_REQUEST['move']) ? 0 : 1; $context['go_back'] = empty($_REQUEST['goback']) ? 0 : 1; $context['membergroups'] = implode(',', $_POST['who']); $context['sub_template'] = 'announcement_send'; // Go back to the correct language for the user ;). if (!empty($modSettings['userLanguage'])) loadLanguage('Post'); } /** * notifies members who have requested notification for new topics * * posted on a board of said posts. * receives data on the topics to send out notifications to by the passed in array. * only sends notifications to those who can *currently* see the topic (it doesn't matter if they could when they requested notification.) * loads the Post language file multiple times for each language if the userLanguage setting is set. * @param array &$topicData */ function notifyMembersBoard(&$topicData) { global $txt, $scripturl, $language, $user_info; global $modSettings, $sourcedir, $board, $smcFunc, $context; require_once($sourcedir . '/Subs-Post.php'); // Do we have one or lots of topics? if (isset($topicData['body'])) $topicData = array($topicData); // Find out what boards we have... and clear out any rubbish! $boards = array(); foreach ($topicData as $key => $topic) { if (!empty($topic['board'])) $boards[$topic['board']][] = $key; else { unset($topic[$key]); continue; } // Censor the subject and body... censorText($topicData[$key]['subject']); censorText($topicData[$key]['body']); $topicData[$key]['subject'] = un_htmlspecialchars($topicData[$key]['subject']); $topicData[$key]['body'] = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc($topicData[$key]['body'], false), array('
' => "\n", '' => "\n", '' => "\n", '[' => '[', ']' => ']'))))); } // Just the board numbers. $board_index = array_unique(array_keys($boards)); if (empty($board_index)) return; // Yea, we need to add this to the digest queue. $digest_insert = array(); foreach ($topicData as $id => $data) $digest_insert[] = array($data['topic'], $data['msg'], 'topic', $user_info['id']); $smcFunc['db_insert']('', '{db_prefix}log_digest', array( 'id_topic' => 'int', 'id_msg' => 'int', 'note_type' => 'string', 'exclude' => 'int', ), $digest_insert, array() ); // Find the members with notification on for these boards. $members = $smcFunc['db_query']('', ' SELECT mem.id_member, mem.email_address, mem.notify_regularity, mem.notify_send_body, mem.lngfile, ln.sent, ln.id_board, mem.id_group, mem.additional_groups, b.member_groups, mem.id_post_group FROM {db_prefix}log_notify AS ln INNER JOIN {db_prefix}boards AS b ON (b.id_board = ln.id_board) INNER JOIN {db_prefix}members AS mem ON (mem.id_member = ln.id_member) WHERE ln.id_board IN ({array_int:board_list}) AND mem.id_member != {int:current_member} AND mem.is_activated = {int:is_activated} AND mem.notify_types != {int:notify_types} AND mem.notify_regularity < {int:notify_regularity} ORDER BY mem.lngfile', array( 'current_member' => $user_info['id'], 'board_list' => $board_index, 'is_activated' => 1, 'notify_types' => 4, 'notify_regularity' => 2, ) ); while ($rowmember = $smcFunc['db_fetch_assoc']($members)) { if ($rowmember['id_group'] != 1) { $allowed = explode(',', $rowmember['member_groups']); $rowmember['additional_groups'] = explode(',', $rowmember['additional_groups']); $rowmember['additional_groups'][] = $rowmember['id_group']; $rowmember['additional_groups'][] = $rowmember['id_post_group']; if (count(array_intersect($allowed, $rowmember['additional_groups'])) == 0) continue; } $langloaded = loadLanguage('index', empty($rowmember['lngfile']) || empty($modSettings['userLanguage']) ? $language : $rowmember['lngfile'], false); // Now loop through all the notifications to send for this board. if (empty($boards[$rowmember['id_board']])) continue; $sentOnceAlready = 0; foreach ($boards[$rowmember['id_board']] as $key) { // Don't notify the guy who started the topic! // @todo In this case actually send them a "it's approved hooray" email :P if ($topicData[$key]['poster'] == $rowmember['id_member']) continue; // Setup the string for adding the body to the message, if a user wants it. $send_body = empty($modSettings['disallow_sendBody']) && !empty($rowmember['notify_send_body']); $replacements = array( 'TOPICSUBJECT' => $topicData[$key]['subject'], 'TOPICLINK' => $scripturl . '?topic=' . $topicData[$key]['topic'] . '.new#new', 'MESSAGE' => $topicData[$key]['body'], 'UNSUBSCRIBELINK' => $scripturl . '?action=notifyboard;board=' . $topicData[$key]['board'] . '.0', ); if (!$send_body) unset($replacements['MESSAGE']); // Figure out which email to send off $emailtype = ''; // Send only if once is off or it's on and it hasn't been sent. if (!empty($rowmember['notify_regularity']) && !$sentOnceAlready && empty($rowmember['sent'])) $emailtype = 'notify_boards_once'; elseif (empty($rowmember['notify_regularity'])) $emailtype = 'notify_boards'; if (!empty($emailtype)) { $emailtype .= $send_body ? '_body' : ''; $emaildata = loadEmailTemplate($emailtype, $replacements, $langloaded); sendmail($rowmember['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 3); } $sentOnceAlready = 1; } } $smcFunc['db_free_result']($members); loadLanguage('index', $user_info['language']); // Sent! $smcFunc['db_query']('', ' UPDATE {db_prefix}log_notify SET sent = {int:is_sent} WHERE id_board IN ({array_int:board_list}) AND id_member != {int:current_member}', array( 'current_member' => $user_info['id'], 'board_list' => $board_index, 'is_sent' => 1, ) ); } /** * Get the topic for display purposes. * gets a summary of the most recent posts in a topic. * depends on the topicSummaryPosts setting. * if you are editing a post, only shows posts previous to that post. */ function getTopic() { global $topic, $modSettings, $context, $smcFunc, $counter, $options; if (isset($_REQUEST['xml'])) $limit = ' LIMIT ' . (empty($context['new_replies']) ? '0' : $context['new_replies']); else $limit = empty($modSettings['topicSummaryPosts']) ? '' : ' LIMIT ' . (int) $modSettings['topicSummaryPosts']; // If you're modifying, get only those posts before the current one. (otherwise get all.) $request = $smcFunc['db_query']('', ' SELECT IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body, m.smileys_enabled, m.id_msg, m.id_member FROM {db_prefix}messages AS m LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member) WHERE m.id_topic = {int:current_topic}' . (isset($_REQUEST['msg']) ? ' AND m.id_msg < {int:id_msg}' : '') .(!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : ' AND m.approved = {int:approved}') . ' ORDER BY m.id_msg DESC' . $limit, array( 'current_topic' => $topic, 'id_msg' => isset($_REQUEST['msg']) ? (int) $_REQUEST['msg'] : 0, 'approved' => 1, ) ); $context['previous_posts'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Censor, BBC, ... censorText($row['body']); $row['body'] = parse_bbc($row['body'], $row['smileys_enabled'], $row['id_msg']); // ...and store. $context['previous_posts'][] = array( 'counter' => $counter++, 'alternate' => $counter % 2, 'poster' => $row['poster_name'], 'message' => $row['body'], 'time' => timeformat($row['poster_time']), 'timestamp' => forum_time(true, $row['poster_time']), 'id' => $row['id_msg'], 'is_new' => !empty($context['new_replies']), 'is_ignored' => !empty($modSettings['enable_buddylist']) && !empty($options['posts_apply_ignore_list']) && in_array($row['id_member'], $context['user']['ignoreusers']), ); if (!empty($context['new_replies'])) $context['new_replies']--; } $smcFunc['db_free_result']($request); } /** * loads a post an inserts it into the current editing text box. * uses the Post language file. * uses special (sadly browser dependent) javascript to parse entities for internationalization reasons. * accessed with ?action=quotefast. */ function QuoteFast() { global $modSettings, $user_info, $txt, $settings, $context; global $sourcedir, $smcFunc; loadLanguage('Post'); if (!isset($_REQUEST['xml'])) loadTemplate('Post'); include_once($sourcedir . '/Subs-Post.php'); $moderate_boards = boardsAllowedTo('moderate_board'); // Where we going if we need to? $context['post_box_name'] = isset($_GET['pb']) ? $_GET['pb'] : ''; $request = $smcFunc['db_query']('', ' SELECT IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body, m.id_topic, m.subject, m.id_board, m.id_member, m.approved FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic) INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board}) LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member) WHERE m.id_msg = {int:id_msg}' . (isset($_REQUEST['modify']) || (!empty($moderate_boards) && $moderate_boards[0] == 0) ? '' : ' AND (t.locked = {int:not_locked}' . (empty($moderate_boards) ? '' : ' OR b.id_board IN ({array_int:moderation_board_list})') . ')') . ' LIMIT 1', array( 'current_member' => $user_info['id'], 'moderation_board_list' => $moderate_boards, 'id_msg' => (int) $_REQUEST['quote'], 'not_locked' => 0, ) ); $context['close_window'] = $smcFunc['db_num_rows']($request) == 0; $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $context['sub_template'] = 'quotefast'; if (!empty($row)) $can_view_post = $row['approved'] || ($row['id_member'] != 0 && $row['id_member'] == $user_info['id']) || allowedTo('approve_posts', $row['id_board']); if (!empty($can_view_post)) { // Remove special formatting we don't want anymore. $row['body'] = un_preparsecode($row['body']); // Censor the message! censorText($row['body']); $row['body'] = preg_replace('~
~i', "\n", $row['body']); // Want to modify a single message by double clicking it? if (isset($_REQUEST['modify'])) { censorText($row['subject']); $context['sub_template'] = 'modifyfast'; $context['message'] = array( 'id' => $_REQUEST['quote'], 'body' => $row['body'], 'subject' => addcslashes($row['subject'], '"'), ); return; } // Remove any nested quotes. if (!empty($modSettings['removeNestedQuotes'])) $row['body'] = preg_replace(array('~\n?\[quote.*?\].+?\[/quote\]\n?~is', '~^\n~', '~\[/quote\]~'), '', $row['body']); $lb = "\n"; // Add a quote string on the front and end. $context['quote']['xml'] = '[quote author=' . $row['poster_name'] . ' link=topic=' . $row['id_topic'] . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $row['poster_time'] . ']' . $lb . $row['body'] . $lb . '[/quote]'; $context['quote']['text'] = strtr(un_htmlspecialchars($context['quote']['xml']), array('\'' => '\\\'', '\\' => '\\\\', "\n" => '\\n', '' => '')); $context['quote']['xml'] = strtr($context['quote']['xml'], array(' ' => ' ', '<' => '<', '>' => '>')); $context['quote']['mozilla'] = strtr($smcFunc['htmlspecialchars']($context['quote']['text']), array('"' => '"')); } //@todo Needs a nicer interface. // In case our message has been removed in the meantime. elseif (isset($_REQUEST['modify'])) { $context['sub_template'] = 'modifyfast'; $context['message'] = array( 'id' => 0, 'body' => '', 'subject' => '', ); } else $context['quote'] = array( 'xml' => '', 'mozilla' => '', 'text' => '', ); } function JavaScriptModify() { global $sourcedir, $modSettings, $board, $topic, $txt; global $user_info, $context, $smcFunc, $language; // We have to have a topic! if (empty($topic)) obExit(false); checkSession('get'); require_once($sourcedir . '/Subs-Post.php'); // Assume the first message if no message ID was given. $request = $smcFunc['db_query']('', ' SELECT t.locked, t.num_replies, t.id_member_started, t.id_first_msg, m.id_msg, m.id_member, m.poster_time, m.subject, m.smileys_enabled, m.body, m.icon, m.modified_time, m.modified_name, m.approved FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic}) WHERE m.id_msg = {raw:id_msg} AND m.id_topic = {int:current_topic}' . (allowedTo('modify_any') || allowedTo('approve_posts') ? '' : (!$modSettings['postmod_active'] ? ' AND (m.id_member != {int:guest_id} AND m.id_member = {int:current_member})' : ' AND (m.approved = {int:is_approved} OR (m.id_member != {int:guest_id} AND m.id_member = {int:current_member}))')), array( 'current_member' => $user_info['id'], 'current_topic' => $topic, 'id_msg' => empty($_REQUEST['msg']) ? 't.id_first_msg' : (int) $_REQUEST['msg'], 'is_approved' => 1, 'guest_id' => 0, ) ); if ($smcFunc['db_num_rows']($request) == 0) fatal_lang_error('no_board', false); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Change either body or subject requires permissions to modify messages. if (isset($_POST['message']) || isset($_POST['subject']) || isset($_REQUEST['icon'])) { if (!empty($row['locked'])) isAllowedTo('moderate_board'); if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) { if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) fatal_lang_error('modify_post_time_passed', false); elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) isAllowedTo('modify_replies'); else isAllowedTo('modify_own'); } // Otherwise, they're locked out; someone who can modify the replies is needed. elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) isAllowedTo('modify_replies'); else isAllowedTo('modify_any'); // Only log this action if it wasn't your message. $moderationAction = $row['id_member'] != $user_info['id']; } $post_errors = array(); if (isset($_POST['subject']) && $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) !== '') { $_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')); // Maximum number of characters. if ($smcFunc['strlen']($_POST['subject']) > 100) $_POST['subject'] = $smcFunc['substr']($_POST['subject'], 0, 100); } elseif (isset($_POST['subject'])) { $post_errors[] = 'no_subject'; unset($_POST['subject']); } if (isset($_POST['message'])) { if ($smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['message'])) === '') { $post_errors[] = 'no_message'; unset($_POST['message']); } elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_POST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; unset($_POST['message']); } else { $_POST['message'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES); preparsecode($_POST['message']); if ($smcFunc['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '