-
Notifications
You must be signed in to change notification settings - Fork 0
/
edit.php
168 lines (130 loc) · 6.14 KB
/
edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<?php
/**
* Copyright (C) 2013-2014 ModernBB Group
* Based on code by FluxBB copyright (C) 2008-2012 FluxBB
* Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
* Licensed under GPLv3 (http://modernbb.be/license.php)
*/
define('FORUM_ROOT', dirname(__FILE__).'/');
require FORUM_ROOT.'include/common.php';
if ($luna_user['g_read_board'] == '0')
message($lang['No view'], false, '403 Forbidden');
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
if ($id < 1)
message($lang['Bad request'], false, '404 Not Found');
// Fetch some info about the post, the topic and the forum
$result = $db->query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.id AS tid, t.subject, t.posted, t.first_post_id, t.sticky, t.closed, p.poster, p.poster_id, p.message, p.hide_smilies FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$luna_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang['Bad request'], false, '404 Not Found');
$cur_post = $db->fetch_assoc($result);
// Sort out who the moderators are and if we are currently a moderator (or an admin)
$mods_array = ($cur_post['moderators'] != '') ? unserialize($cur_post['moderators']) : array();
$is_admmod = ($luna_user['g_id'] == FORUM_ADMIN || ($luna_user['g_moderator'] == '1' && array_key_exists($luna_user['username'], $mods_array))) ? true : false;
$can_edit_subject = $id == $cur_post['first_post_id'];
if ($luna_config['o_censoring'] == '1')
{
$cur_post['subject'] = censor_words($cur_post['subject']);
$cur_post['message'] = censor_words($cur_post['message']);
}
// Do we have permission to edit this post?
if (($luna_user['g_edit_posts'] == '0' ||
$cur_post['poster_id'] != $luna_user['id'] ||
$cur_post['closed'] == '1') &&
!$is_admmod)
message($lang['No permission'], false, '403 Forbidden');
if ($is_admmod && $luna_user['g_id'] != FORUM_ADMIN && in_array($cur_post['poster_id'], get_admin_ids()))
message($lang['No permission'], false, '403 Forbidden');
// Start with a clean slate
$errors = array();
if (isset($_POST['form_sent']))
{
// Make sure they got here from the site
confirm_referrer('edit.php');
// If it's a topic it must contain a subject
if ($can_edit_subject)
{
$subject = luna_trim($_POST['req_subject']);
if ($luna_config['o_censoring'] == '1')
$censored_subject = luna_trim(censor_words($subject));
if ($subject == '')
$errors[] = $lang['No subject'];
else if ($luna_config['o_censoring'] == '1' && $censored_subject == '')
$errors[] = $lang['No subject after censoring'];
else if (luna_strlen($subject) > 70)
$errors[] = $lang['Too long subject'];
else if ($luna_config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$luna_user['is_admmod'])
$errors[] = $lang['All caps subject'];
}
// Clean up message from POST
$message = luna_linebreaks(luna_trim($_POST['req_message']));
// Here we use strlen() not luna_strlen() as we want to limit the post to FORUM_MAX_POSTSIZE bytes, not characters
if (strlen($message) > FORUM_MAX_POSTSIZE)
$errors[] = sprintf($lang['Too long message'], forum_number_format(FORUM_MAX_POSTSIZE));
else if ($luna_config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$luna_user['is_admmod'])
$errors[] = $lang['All caps message'];
// Validate BBCode syntax
if ($luna_config['p_message_bbcode'] == '1')
{
require FORUM_ROOT.'include/parser.php';
$message = preparse_bbcode($message, $errors);
}
if (empty($errors))
{
if ($message == '')
$errors[] = $lang['No message'];
else if ($luna_config['o_censoring'] == '1')
{
// Censor message to see if that causes problems
$censored_message = luna_trim(censor_words($message));
if ($censored_message == '')
$errors[] = $lang['No message after censoring'];
}
}
$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
$stick_topic = isset($_POST['stick_topic']) ? '1' : '0';
if (!$is_admmod)
$stick_topic = $cur_post['sticky'];
// Replace four-byte characters (MySQL cannot handle them)
$message = strip_bad_multibyte_chars($message);
// Did everything go according to plan?
if (empty($errors) && !isset($_POST['preview']))
{
$edited_sql = (!isset($_POST['silent']) || !$is_admmod) ? ', edited='.time().', edited_by=\''.$db->escape($luna_user['username']).'\'' : '';
require FORUM_ROOT.'include/search_idx.php';
if ($can_edit_subject)
{
// Update the topic and any redirect topics
$db->query('UPDATE '.$db->prefix.'topics SET subject=\''.$db->escape($subject).'\', sticky='.$stick_topic.' WHERE id='.$cur_post['tid'].' OR moved_to='.$cur_post['tid']) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
// We changed the subject, so we need to take that into account when we update the search words
update_search_index('edit', $id, $message, $subject);
}
else
update_search_index('edit', $id, $message);
// Update the post
$db->query('UPDATE '.$db->prefix.'posts SET message=\''.$db->escape($message).'\', hide_smilies='.$hide_smilies.$edited_sql.' WHERE id='.$id) or error('Unable to update post', __FILE__, __LINE__, $db->error());
// Update the last topic in index
if ($subject != '')
{
$fid = get_forum_id($id);
set_forum_topic($fid, $subject);
}
redirect('viewtopic.php?pid='.$id.'#p'.$id);
}
}
$page_title = array(luna_htmlspecialchars($luna_config['o_board_title']), $lang['Edit post']);
$required_fields = array('req_subject' => $lang['Subject'], 'req_message' => $lang['Message']);
$focus_element = array('edit', 'req_message');
define('FORUM_ACTIVE_PAGE', 'index');
require FORUM_ROOT.'header.php';
$cur_index = 1;
require get_view_path('edit-breadcrumbs.tpl.php');
// If there are errors, we display them
if (!empty($errors))
{
require get_view_path('edit-errors.tpl.php');
}
else if (isset($_POST['preview']))
{
require get_view_path('edit-preview.tpl.php');
}
require get_view_path('edit-form.tpl.php');