[ Index ]

PHP Cross Reference of phpBB-3.1.10-deutsch

title

Body

[close]

/ -> posting.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  define('IN_PHPBB', true);
  18  $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
  19  $phpEx = substr(strrchr(__FILE__, '.'), 1);
  20  include($phpbb_root_path . 'common.' . $phpEx);
  21  include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
  22  include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
  23  include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
  24  
  25  
  26  // Start session management
  27  $user->session_begin();
  28  $auth->acl($user->data);
  29  
  30  
  31  // Grab only parameters needed here
  32  $post_id    = request_var('p', 0);
  33  $topic_id    = request_var('t', 0);
  34  $forum_id    = request_var('f', 0);
  35  $draft_id    = request_var('d', 0);
  36  $lastclick    = request_var('lastclick', 0);
  37  
  38  $preview    = (isset($_POST['preview'])) ? true : false;
  39  $save        = (isset($_POST['save'])) ? true : false;
  40  $load        = (isset($_POST['load'])) ? true : false;
  41  $confirm    = $request->is_set_post('confirm');
  42  $cancel        = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
  43  
  44  $refresh    = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load || $preview);
  45  $submit = $request->is_set_post('post') && !$refresh && !$preview;
  46  $mode        = request_var('mode', '');
  47  
  48  // If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here.
  49  if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_gets('f_delete', 'm_delete', $forum_id)))
  50  {
  51      $mode = 'soft_delete';
  52  }
  53  
  54  $error = $post_data = array();
  55  $current_time = time();
  56  
  57  /**
  58  * This event allows you to alter the above parameters, such as submit and mode
  59  *
  60  * Note: $refresh must be true to retain previously submitted form data.
  61  *
  62  * Note: The template class will not work properly until $user->setup() is
  63  * called, and it has not been called yet. Extensions requiring template
  64  * assignments should use an event that comes later in this file.
  65  *
  66  * @event core.modify_posting_parameters
  67  * @var    int        post_id        ID of the post
  68  * @var    int        topic_id    ID of the topic
  69  * @var    int        forum_id    ID of the forum
  70  * @var    int        draft_id    ID of the draft
  71  * @var    int        lastclick    Timestamp of when the form was last loaded
  72  * @var    bool    submit        Whether or not the form has been submitted
  73  * @var    bool    preview        Whether or not the post is being previewed
  74  * @var    bool    save        Whether or not a draft is being saved
  75  * @var    bool    load        Whether or not a draft is being loaded
  76  * @var    bool    cancel        Whether or not to cancel the form (returns to
  77  *                            viewtopic or viewforum depending on if the user
  78  *                            is posting a new topic or editing a post)
  79  * @var    bool    refresh        Whether or not to retain previously submitted data
  80  * @var    string    mode        What action to take if the form has been submitted
  81  *                            post|reply|quote|edit|delete|bump|smilies|popup
  82  * @var    array    error        Any error strings; a non-empty array aborts
  83  *                            form submission.
  84  *                            NOTE: Should be actual language strings, NOT
  85  *                            language keys.
  86  * @since 3.1.0-a1
  87  * @change 3.1.2-RC1            Removed 'delete' var as it does not exist
  88  */
  89  $vars = array(
  90      'post_id',
  91      'topic_id',
  92      'forum_id',
  93      'draft_id',
  94      'lastclick',
  95      'submit',
  96      'preview',
  97      'save',
  98      'load',
  99      'cancel',
 100      'refresh',
 101      'mode',
 102      'error',
 103  );
 104  extract($phpbb_dispatcher->trigger_event('core.modify_posting_parameters', compact($vars)));
 105  
 106  // Was cancel pressed? If so then redirect to the appropriate page
 107  if ($cancel || ($current_time - $lastclick < 2 && $submit))
 108  {
 109      $f = ($forum_id) ? 'f=' . $forum_id . '&amp;' : '';
 110      $redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx")));
 111      redirect($redirect);
 112  }
 113  
 114  if (in_array($mode, array('post', 'reply', 'quote', 'edit', 'delete')) && !$forum_id)
 115  {
 116      trigger_error('NO_FORUM');
 117  }
 118  
 119  $phpbb_content_visibility = $phpbb_container->get('content.visibility');
 120  
 121  // We need to know some basic information in all cases before we do anything.
 122  switch ($mode)
 123  {
 124      case 'post':
 125          $sql = 'SELECT *
 126              FROM ' . FORUMS_TABLE . "
 127              WHERE forum_id = $forum_id";
 128      break;
 129  
 130      case 'bump':
 131      case 'reply':
 132          if (!$topic_id)
 133          {
 134              trigger_error('NO_TOPIC');
 135          }
 136  
 137          // Force forum id
 138          $sql = 'SELECT forum_id
 139              FROM ' . TOPICS_TABLE . '
 140              WHERE topic_id = ' . $topic_id;
 141          $result = $db->sql_query($sql);
 142          $f_id = (int) $db->sql_fetchfield('forum_id');
 143          $db->sql_freeresult($result);
 144  
 145          $forum_id = (!$f_id) ? $forum_id : $f_id;
 146  
 147          $sql = 'SELECT f.*, t.*
 148              FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
 149              WHERE t.topic_id = $topic_id
 150                  AND f.forum_id = t.forum_id
 151                  AND " . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id, 't.');
 152      break;
 153  
 154      case 'quote':
 155      case 'edit':
 156      case 'delete':
 157      case 'soft_delete':
 158          if (!$post_id)
 159          {
 160              $user->setup('posting');
 161              trigger_error('NO_POST');
 162          }
 163  
 164          // Force forum id
 165          $sql = 'SELECT forum_id
 166              FROM ' . POSTS_TABLE . '
 167              WHERE post_id = ' . $post_id;
 168          $result = $db->sql_query($sql);
 169          $f_id = (int) $db->sql_fetchfield('forum_id');
 170          $db->sql_freeresult($result);
 171  
 172          $forum_id = (!$f_id) ? $forum_id : $f_id;
 173  
 174          $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
 175              FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
 176              WHERE p.post_id = $post_id
 177                  AND t.topic_id = p.topic_id
 178                  AND u.user_id = p.poster_id
 179                  AND f.forum_id = t.forum_id
 180                  AND " . $phpbb_content_visibility->get_visibility_sql('post', $forum_id, 'p.');
 181      break;
 182  
 183      case 'smilies':
 184          $sql = '';
 185          generate_smilies('window', $forum_id);
 186      break;
 187  
 188      case 'popup':
 189          if ($forum_id)
 190          {
 191              $sql = 'SELECT forum_style
 192                  FROM ' . FORUMS_TABLE . '
 193                  WHERE forum_id = ' . $forum_id;
 194          }
 195          else
 196          {
 197              phpbb_upload_popup();
 198              return;
 199          }
 200      break;
 201  
 202      default:
 203          $sql = '';
 204      break;
 205  }
 206  
 207  if (!$sql)
 208  {
 209      $user->setup('posting');
 210      trigger_error('NO_POST_MODE');
 211  }
 212  
 213  $result = $db->sql_query($sql);
 214  $post_data = $db->sql_fetchrow($result);
 215  $db->sql_freeresult($result);
 216  
 217  if (!$post_data)
 218  {
 219      if (!($mode == 'post' || $mode == 'bump' || $mode == 'reply'))
 220      {
 221          $user->setup('posting');
 222      }
 223      trigger_error(($mode == 'post' || $mode == 'bump' || $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST');
 224  }
 225  
 226  // Not able to reply to unapproved posts/topics
 227  // TODO: add more descriptive language key
 228  if ($auth->acl_get('m_approve', $forum_id) && ((($mode == 'reply' || $mode == 'bump') && $post_data['topic_visibility'] != ITEM_APPROVED) || ($mode == 'quote' && $post_data['post_visibility'] != ITEM_APPROVED)))
 229  {
 230      trigger_error(($mode == 'reply' || $mode == 'bump') ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED');
 231  }
 232  
 233  if ($mode == 'popup')
 234  {
 235      phpbb_upload_popup($post_data['forum_style']);
 236      return;
 237  }
 238  
 239  $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
 240  
 241  if ($config['enable_post_confirm'] && !$user->data['is_registered'])
 242  {
 243      $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
 244      $captcha->init(CONFIRM_POST);
 245  }
 246  
 247  // Use post_row values in favor of submitted ones...
 248  $forum_id    = (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
 249  $topic_id    = (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
 250  $post_id    = (!empty($post_data['post_id'])) ? (int) $post_data['post_id'] : (int) $post_id;
 251  
 252  // Need to login to passworded forum first?
 253  if ($post_data['forum_password'])
 254  {
 255      login_forum_box(array(
 256          'forum_id'            => $forum_id,
 257          'forum_name'        => $post_data['forum_name'],
 258          'forum_password'    => $post_data['forum_password'])
 259      );
 260  }
 261  
 262  // Check permissions
 263  if ($user->data['is_bot'])
 264  {
 265      redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 266  }
 267  
 268  // Is the user able to read within this forum?
 269  if (!$auth->acl_get('f_read', $forum_id))
 270  {
 271      if ($user->data['user_id'] != ANONYMOUS)
 272      {
 273          trigger_error('USER_CANNOT_READ');
 274      }
 275      $message = $user->lang['LOGIN_EXPLAIN_POST'];
 276  
 277      if ($request->is_ajax())
 278      {
 279          $json = new phpbb\json_response();
 280          $json->send(array(
 281              'title'        => $user->lang['INFORMATION'],
 282              'message'    => $message,
 283          ));
 284      }
 285  
 286      login_box('', $message);
 287  }
 288  
 289  // Permission to do the action asked?
 290  $is_authed = false;
 291  
 292  switch ($mode)
 293  {
 294      case 'post':
 295          if ($auth->acl_get('f_post', $forum_id))
 296          {
 297              $is_authed = true;
 298          }
 299      break;
 300  
 301      case 'bump':
 302          if ($auth->acl_get('f_bump', $forum_id))
 303          {
 304              $is_authed = true;
 305          }
 306      break;
 307  
 308      case 'quote':
 309  
 310          $post_data['post_edit_locked'] = 0;
 311  
 312      // no break;
 313  
 314      case 'reply':
 315          if ($auth->acl_get('f_reply', $forum_id))
 316          {
 317              $is_authed = true;
 318          }
 319      break;
 320  
 321      case 'edit':
 322          if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))
 323          {
 324              $is_authed = true;
 325          }
 326      break;
 327  
 328      case 'delete':
 329          if ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id))))
 330          {
 331              $is_authed = true;
 332          }
 333  
 334      // no break;
 335  
 336      case 'soft_delete':
 337          if (!$is_authed && $user->data['is_registered'] && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $post_data['post_edit_locked']))
 338          {
 339              // Fall back to soft_delete if we have no permissions to delete posts but to soft delete them
 340              $is_authed = true;
 341              $mode = 'soft_delete';
 342          }
 343          else if (!$is_authed)
 344          {
 345              // Display the same error message for softdelete we use for delete
 346              $mode = 'delete';
 347          }
 348      break;
 349  }
 350  /**
 351  * This event allows you to do extra auth checks and verify if the user
 352  * has the required permissions
 353  *
 354  * Extensions should only change the error and is_authed variables.
 355  *
 356  * @event core.modify_posting_auth
 357  * @var    int        post_id        ID of the post
 358  * @var    int        topic_id    ID of the topic
 359  * @var    int        forum_id    ID of the forum
 360  * @var    int        draft_id    ID of the draft
 361  * @var    int        lastclick    Timestamp of when the form was last loaded
 362  * @var    bool    submit        Whether or not the form has been submitted
 363  * @var    bool    preview        Whether or not the post is being previewed
 364  * @var    bool    save        Whether or not a draft is being saved
 365  * @var    bool    load        Whether or not a draft is being loaded
 366  * @var    bool    refresh        Whether or not to retain previously submitted data
 367  * @var    string    mode        What action to take if the form has been submitted
 368  *                            post|reply|quote|edit|delete|bump|smilies|popup
 369  * @var    array    error        Any error strings; a non-empty array aborts
 370  *                            form submission.
 371  *                            NOTE: Should be actual language strings, NOT
 372  *                            language keys.
 373  * @var    bool    is_authed    Does the user have the required permissions?
 374  * @var    array    post_data    All post data from database
 375  * @since 3.1.3-RC1
 376  * @changed 3.1.10-RC1 Added post_data
 377  */
 378  $vars = array(
 379      'post_id',
 380      'topic_id',
 381      'forum_id',
 382      'draft_id',
 383      'lastclick',
 384      'submit',
 385      'preview',
 386      'save',
 387      'load',
 388      'refresh',
 389      'mode',
 390      'error',
 391      'is_authed',
 392      'post_data',
 393  );
 394  extract($phpbb_dispatcher->trigger_event('core.modify_posting_auth', compact($vars)));
 395  
 396  if (!$is_authed)
 397  {
 398      $check_auth = ($mode == 'quote') ? 'reply' : $mode;
 399  
 400      if ($user->data['is_registered'])
 401      {
 402          trigger_error('USER_CANNOT_' . strtoupper($check_auth));
 403      }
 404      $message = $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)];
 405  
 406      if ($request->is_ajax())
 407      {
 408          $json = new phpbb\json_response();
 409          $json->send(array(
 410              'title'        => $user->lang['INFORMATION'],
 411              'message'    => $message,
 412          ));
 413      }
 414  
 415      login_box('', $message);
 416  }
 417  
 418  // Is the user able to post within this forum?
 419  if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
 420  {
 421      trigger_error('USER_CANNOT_FORUM_POST');
 422  }
 423  
 424  // Forum/Topic locked?
 425  if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get('m_edit', $forum_id))
 426  {
 427      trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
 428  }
 429  
 430  // Can we edit this post ... if we're a moderator with rights then always yes
 431  // else it depends on editing times, lock status and if we're the correct user
 432  if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id))
 433  {
 434      $force_edit_allowed = false;
 435  
 436      $s_cannot_edit = $user->data['user_id'] != $post_data['poster_id'];
 437      $s_cannot_edit_time = $config['edit_time'] && $post_data['post_time'] <= time() - ($config['edit_time'] * 60);
 438      $s_cannot_edit_locked = $post_data['post_edit_locked'];
 439  
 440      /**
 441      * This event allows you to modify the conditions for the "cannot edit post" checks
 442      *
 443      * @event core.posting_modify_cannot_edit_conditions
 444      * @var    array    post_data    Array with post data
 445      * @var    bool    force_edit_allowed        Allow the user to edit the post (all permissions and conditions are ignored)
 446      * @var    bool    s_cannot_edit            User can not edit the post because it's not his
 447      * @var    bool    s_cannot_edit_locked    User can not edit the post because it's locked
 448      * @var    bool    s_cannot_edit_time        User can not edit the post because edit_time has passed
 449      * @since 3.1.0-b4
 450      */
 451      $vars = array(
 452          'post_data',
 453          'force_edit_allowed',
 454          's_cannot_edit',
 455          's_cannot_edit_locked',
 456          's_cannot_edit_time',
 457      );
 458      extract($phpbb_dispatcher->trigger_event('core.posting_modify_cannot_edit_conditions', compact($vars)));
 459  
 460      if (!$force_edit_allowed)
 461      {
 462          if ($s_cannot_edit)
 463          {
 464              trigger_error('USER_CANNOT_EDIT');
 465          }
 466          else if ($s_cannot_edit_time)
 467          {
 468              trigger_error('CANNOT_EDIT_TIME');
 469          }
 470          else if ($s_cannot_edit_locked)
 471          {
 472              trigger_error('CANNOT_EDIT_POST_LOCKED');
 473          }
 474      }
 475  }
 476  
 477  // Handle delete mode...
 478  if ($mode == 'delete' || $mode == 'soft_delete')
 479  {
 480      if ($mode == 'soft_delete' && $post_data['post_visibility'] == ITEM_DELETED)
 481      {
 482          $user->setup('posting');
 483          trigger_error('NO_POST');
 484      }
 485  
 486      $delete_reason = $request->variable('delete_reason', '', true);
 487      phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, ($mode == 'soft_delete' && !$request->is_set_post('delete_permanent')), $delete_reason);
 488      return;
 489  }
 490  
 491  // Handle bump mode...
 492  if ($mode == 'bump')
 493  {
 494      if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])
 495          && check_link_hash(request_var('hash', ''), "topic_{$post_data['topic_id']}"))
 496      {
 497          $meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time);
 498          meta_refresh(3, $meta_url);
 499          $message = $user->lang['TOPIC_BUMPED'];
 500  
 501          if (!$request->is_ajax())
 502          {
 503              $message .= '<br /><br />' . $user->lang('VIEW_MESSAGE', '<a href="' . $meta_url . '">', '</a>');
 504              $message .= '<br /><br />' . $user->lang('RETURN_FORUM', '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 505          }
 506  
 507          trigger_error($message);
 508      }
 509  
 510      trigger_error('BUMP_ERROR');
 511  }
 512  
 513  // Subject length limiting to 60 characters if first post...
 514  if ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']))
 515  {
 516      $template->assign_var('S_NEW_MESSAGE', true);
 517  }
 518  
 519  // Determine some vars
 520  if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS)
 521  {
 522      $post_data['quote_username'] = (!empty($post_data['post_username'])) ? $post_data['post_username'] : $user->lang['GUEST'];
 523  }
 524  else
 525  {
 526      $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
 527  }
 528  
 529  $post_data['post_edit_locked']    = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0;
 530  $post_data['post_subject_md5']    = (isset($post_data['post_subject']) && $mode == 'edit') ? md5($post_data['post_subject']) : '';
 531  $post_data['post_subject']        = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : '');
 532  $post_data['topic_time_limit']    = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0;
 533  $post_data['poll_length']        = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0;
 534  $post_data['poll_start']        = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0;
 535  $post_data['icon_id']            = (!isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id'];
 536  $post_data['poll_options']        = array();
 537  
 538  // Get Poll Data
 539  if ($post_data['poll_start'])
 540  {
 541      $sql = 'SELECT poll_option_text
 542          FROM ' . POLL_OPTIONS_TABLE . "
 543          WHERE topic_id = $topic_id
 544          ORDER BY poll_option_id";
 545      $result = $db->sql_query($sql);
 546  
 547      while ($row = $db->sql_fetchrow($result))
 548      {
 549          $post_data['poll_options'][] = trim($row['poll_option_text']);
 550      }
 551      $db->sql_freeresult($result);
 552  }
 553  
 554  if ($mode == 'edit')
 555  {
 556      $original_poll_data = array(
 557          'poll_title'        => $post_data['poll_title'],
 558          'poll_length'        => $post_data['poll_length'],
 559          'poll_max_options'    => $post_data['poll_max_options'],
 560          'poll_option_text'    => implode("\n", $post_data['poll_options']),
 561          'poll_start'        => $post_data['poll_start'],
 562          'poll_last_vote'    => $post_data['poll_last_vote'],
 563          'poll_vote_change'    => $post_data['poll_vote_change'],
 564      );
 565  }
 566  
 567  $orig_poll_options_size = sizeof($post_data['poll_options']);
 568  
 569  $message_parser = new parse_message();
 570  $plupload = $phpbb_container->get('plupload');
 571  $mimetype_guesser = $phpbb_container->get('mimetype.guesser');
 572  $message_parser->set_plupload($plupload);
 573  $message_parser->set_mimetype_guesser($mimetype_guesser);
 574  
 575  if (isset($post_data['post_text']))
 576  {
 577      $message_parser->message = &$post_data['post_text'];
 578      unset($post_data['post_text']);
 579  }
 580  
 581  // Set some default variables
 582  $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
 583  
 584  foreach ($uninit as $var_name => $default_value)
 585  {
 586      if (!isset($post_data[$var_name]))
 587      {
 588          $post_data[$var_name] = $default_value;
 589      }
 590  }
 591  unset($uninit);
 592  
 593  // Always check if the submitted attachment data is valid and belongs to the user.
 594  // Further down (especially in submit_post()) we do not check this again.
 595  $message_parser->get_submitted_attachment_data($post_data['poster_id']);
 596  
 597  if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit')
 598  {
 599      // Do not change to SELECT *
 600      $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize
 601          FROM ' . ATTACHMENTS_TABLE . "
 602          WHERE post_msg_id = $post_id
 603              AND in_message = 0
 604              AND is_orphan = 0
 605          ORDER BY attach_id DESC";
 606      $result = $db->sql_query($sql);
 607      $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
 608      $db->sql_freeresult($result);
 609  }
 610  
 611  if ($post_data['poster_id'] == ANONYMOUS)
 612  {
 613      $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['post_username']) : '';
 614  }
 615  else
 616  {
 617      $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['username']) : '';
 618  }
 619  
 620  $post_data['enable_urls'] = $post_data['enable_magic_url'];
 621  
 622  if ($mode != 'edit')
 623  {
 624      $post_data['enable_sig']        = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false;
 625      $post_data['enable_smilies']    = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false;
 626      $post_data['enable_bbcode']        = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false;
 627      $post_data['enable_urls']        = true;
 628  }
 629  
 630  if ($mode == 'post')
 631  {
 632      $post_data['topic_status']        = ($request->is_set_post('lock_topic') && $auth->acl_gets('m_lock', 'f_user_lock', $forum_id)) ? ITEM_LOCKED : ITEM_UNLOCKED;
 633  }
 634  
 635  $post_data['enable_magic_url'] = $post_data['drafts'] = false;
 636  
 637  // User own some drafts?
 638  if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
 639  {
 640      $sql = 'SELECT draft_id
 641          FROM ' . DRAFTS_TABLE . '
 642          WHERE user_id = ' . $user->data['user_id'] .
 643              (($forum_id) ? ' AND forum_id = ' . (int) $forum_id : '') .
 644              (($topic_id) ? ' AND topic_id = ' . (int) $topic_id : '') .
 645              (($draft_id) ? " AND draft_id <> $draft_id" : '');
 646      $result = $db->sql_query_limit($sql, 1);
 647  
 648      if ($db->sql_fetchrow($result))
 649      {
 650          $post_data['drafts'] = true;
 651      }
 652      $db->sql_freeresult($result);
 653  }
 654  
 655  $check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
 656  
 657  // Check if user is watching this topic
 658  if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered'])
 659  {
 660      $sql = 'SELECT topic_id
 661          FROM ' . TOPICS_WATCH_TABLE . '
 662          WHERE topic_id = ' . $topic_id . '
 663              AND user_id = ' . $user->data['user_id'];
 664      $result = $db->sql_query($sql);
 665      $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
 666      $db->sql_freeresult($result);
 667  }
 668  
 669  // Do we want to edit our post ?
 670  if ($mode == 'edit' && $post_data['bbcode_uid'])
 671  {
 672      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
 673  }
 674  
 675  // HTML, BBCode, Smilies, Images and Flash status
 676  $bbcode_status    = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false;
 677  $smilies_status    = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false;
 678  $img_status        = ($bbcode_status && $auth->acl_get('f_img', $forum_id)) ? true : false;
 679  $url_status        = ($config['allow_post_links']) ? true : false;
 680  $flash_status    = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false;
 681  $quote_status    = true;
 682  
 683  // Save Draft
 684  if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
 685  {
 686      $subject = utf8_normalize_nfc(request_var('subject', '', true));
 687      $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
 688      $message = utf8_normalize_nfc(request_var('message', '', true));
 689  
 690      if ($subject && $message)
 691      {
 692          if (confirm_box(true))
 693          {
 694              $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 695                  'user_id'        => (int) $user->data['user_id'],
 696                  'topic_id'        => (int) $topic_id,
 697                  'forum_id'        => (int) $forum_id,
 698                  'save_time'        => (int) $current_time,
 699                  'draft_subject'    => (string) $subject,
 700                  'draft_message'    => (string) $message)
 701              );
 702              $db->sql_query($sql);
 703  
 704              $meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id");
 705  
 706              meta_refresh(3, $meta_info);
 707  
 708              $message = $user->lang['DRAFT_SAVED'] . '<br /><br />';
 709              $message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : '';
 710              $message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 711  
 712              trigger_error($message);
 713          }
 714          else
 715          {
 716              $s_hidden_fields = build_hidden_fields(array(
 717                  'mode'        => $mode,
 718                  'save'        => true,
 719                  'f'            => $forum_id,
 720                  't'            => $topic_id,
 721                  'subject'    => $subject,
 722                  'message'    => $message,
 723                  'attachment_data' => $message_parser->attachment_data,
 724                  )
 725              );
 726  
 727              $hidden_fields = array(
 728                  'icon_id'            => 0,
 729  
 730                  'disable_bbcode'    => false,
 731                  'disable_smilies'    => false,
 732                  'disable_magic_url'    => false,
 733                  'attach_sig'        => true,
 734                  'lock_topic'        => false,
 735  
 736                  'topic_type'        => POST_NORMAL,
 737                  'topic_time_limit'    => 0,
 738  
 739                  'poll_title'        => '',
 740                  'poll_option_text'    => '',
 741                  'poll_max_options'    => 1,
 742                  'poll_length'        => 0,
 743                  'poll_vote_change'    => false,
 744              );
 745  
 746              foreach ($hidden_fields as $name => $default)
 747              {
 748                  if (!isset($_POST[$name]))
 749                  {
 750                      // Don't include it, if its not available
 751                      unset($hidden_fields[$name]);
 752                      continue;
 753                  }
 754  
 755                  if (is_bool($default))
 756                  {
 757                      // Use the string representation
 758                      $hidden_fields[$name] = request_var($name, '');
 759                  }
 760                  else
 761                  {
 762                      $hidden_fields[$name] = request_var($name, $default);
 763                  }
 764              }
 765  
 766              $s_hidden_fields .= build_hidden_fields($hidden_fields);
 767  
 768              confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
 769          }
 770      }
 771      else
 772      {
 773          if (utf8_clean_string($subject) === '')
 774          {
 775              $error[] = $user->lang['EMPTY_SUBJECT'];
 776          }
 777  
 778          if (utf8_clean_string($message) === '')
 779          {
 780              $error[] = $user->lang['TOO_FEW_CHARS'];
 781          }
 782      }
 783      unset($subject, $message);
 784  }
 785  
 786  // Load requested Draft
 787  if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
 788  {
 789      $sql = 'SELECT draft_subject, draft_message
 790          FROM ' . DRAFTS_TABLE . "
 791          WHERE draft_id = $draft_id
 792              AND user_id = " . $user->data['user_id'];
 793      $result = $db->sql_query_limit($sql, 1);
 794      $row = $db->sql_fetchrow($result);
 795      $db->sql_freeresult($result);
 796  
 797      if ($row)
 798      {
 799          $post_data['post_subject'] = $row['draft_subject'];
 800          $message_parser->message = $row['draft_message'];
 801  
 802          $template->assign_var('S_DRAFT_LOADED', true);
 803      }
 804      else
 805      {
 806          $draft_id = 0;
 807      }
 808  }
 809  
 810  // Load draft overview
 811  if ($load && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_data['drafts'])
 812  {
 813      load_drafts($topic_id, $forum_id);
 814  }
 815  
 816  
 817  if ($submit || $preview || $refresh)
 818  {
 819      $post_data['topic_cur_post_id']    = request_var('topic_cur_post_id', 0);
 820      $post_data['post_subject']        = utf8_normalize_nfc(request_var('subject', '', true));
 821      $message_parser->message        = utf8_normalize_nfc(request_var('message', '', true));
 822  
 823      $post_data['username']            = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
 824      $post_data['post_edit_reason']    = ($request->variable('edit_reason', false, false, \phpbb\request\request_interface::POST) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : '';
 825  
 826      $post_data['orig_topic_type']    = $post_data['topic_type'];
 827      $post_data['topic_type']        = request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
 828      $post_data['topic_time_limit']    = request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
 829  
 830      if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
 831      {
 832          $post_data['icon_id'] = request_var('icon', (int) $post_data['icon_id']);
 833      }
 834  
 835      $post_data['enable_bbcode']        = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
 836      $post_data['enable_smilies']    = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
 837      $post_data['enable_urls']        = (isset($_POST['disable_magic_url'])) ? 0 : 1;
 838      $post_data['enable_sig']        = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
 839  
 840      if ($config['allow_topic_notify'] && $user->data['is_registered'])
 841      {
 842          $notify = (isset($_POST['notify'])) ? true : false;
 843      }
 844      else
 845      {
 846          $notify = false;
 847      }
 848  
 849      $topic_lock            = (isset($_POST['lock_topic'])) ? true : false;
 850      $post_lock            = (isset($_POST['lock_post'])) ? true : false;
 851      $poll_delete        = (isset($_POST['poll_delete'])) ? true : false;
 852  
 853      if ($submit)
 854      {
 855          $status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
 856          $status_switch = ($status_switch != $check_value);
 857      }
 858      else
 859      {
 860          $status_switch = 1;
 861      }
 862  
 863      // Delete Poll
 864      if ($poll_delete && $mode == 'edit' && sizeof($post_data['poll_options']) &&
 865          ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id)))
 866      {
 867          if ($submit && check_form_key('posting'))
 868          {
 869              $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . "
 870                  WHERE topic_id = $topic_id";
 871              $db->sql_query($sql);
 872  
 873              $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . "
 874                  WHERE topic_id = $topic_id";
 875              $db->sql_query($sql);
 876  
 877              $topic_sql = array(
 878                  'poll_title'        => '',
 879                  'poll_start'         => 0,
 880                  'poll_length'        => 0,
 881                  'poll_last_vote'    => 0,
 882                  'poll_max_options'    => 0,
 883                  'poll_vote_change'    => 0
 884              );
 885  
 886              $sql = 'UPDATE ' . TOPICS_TABLE . '
 887                  SET ' . $db->sql_build_array('UPDATE', $topic_sql) . "
 888                  WHERE topic_id = $topic_id";
 889              $db->sql_query($sql);
 890          }
 891  
 892          $post_data['poll_title'] = $post_data['poll_option_text'] = '';
 893          $post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0;
 894      }
 895      else
 896      {
 897          $post_data['poll_title']        = utf8_normalize_nfc(request_var('poll_title', '', true));
 898          $post_data['poll_length']        = request_var('poll_length', 0);
 899          $post_data['poll_option_text']    = utf8_normalize_nfc(request_var('poll_option_text', '', true));
 900          $post_data['poll_max_options']    = request_var('poll_max_options', 1);
 901          $post_data['poll_vote_change']    = ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
 902      }
 903  
 904      // If replying/quoting and last post id has changed
 905      // give user option to continue submit or return to post
 906      // notify and show user the post made between his request and the final submit
 907      if (($mode == 'reply' || $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id'])
 908      {
 909          // Only do so if it is allowed forum-wide
 910          if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
 911          {
 912              if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id']))
 913              {
 914                  $template->assign_var('S_POST_REVIEW', true);
 915              }
 916  
 917              $submit = false;
 918              $refresh = true;
 919          }
 920      }
 921  
 922      // Parse Attachments - before checksum is calculated
 923      $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
 924  
 925      /**
 926      * This event allows you to modify message text before parsing
 927      *
 928      * @event core.posting_modify_message_text
 929      * @var    array    post_data    Array with post data
 930      * @var    string    mode        What action to take if the form is submitted
 931      *                post|reply|quote|edit|delete|bump|smilies|popup
 932      * @var    int    post_id        ID of the post
 933      * @var    int    topic_id    ID of the topic
 934      * @var    int    forum_id    ID of the forum
 935      * @var    bool    submit        Whether or not the form has been submitted
 936      * @var    bool    preview        Whether or not the post is being previewed
 937      * @var    bool    save        Whether or not a draft is being saved
 938      * @var    bool    load        Whether or not a draft is being loaded
 939      * @var    bool    cancel        Whether or not to cancel the form (returns to
 940      *                viewtopic or viewforum depending on if the user
 941      *                is posting a new topic or editing a post)
 942      * @var    bool    refresh        Whether or not to retain previously submitted data
 943      * @var    object    message_parser    The message parser object
 944      * @since 3.1.2-RC1
 945      */
 946      $vars = array(
 947          'post_data',
 948          'mode',
 949          'post_id',
 950          'topic_id',
 951          'forum_id',
 952          'submit',
 953          'preview',
 954          'save',
 955          'load',
 956          'cancel',
 957          'refresh',
 958          'message_parser',
 959      );
 960      extract($phpbb_dispatcher->trigger_event('core.posting_modify_message_text', compact($vars)));
 961  
 962      // Grab md5 'checksum' of new message
 963      $message_md5 = md5($message_parser->message);
 964  
 965      // If editing and checksum has changed we know the post was edited while we're editing
 966      // Notify and show user the changed post
 967      if ($mode == 'edit' && $post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
 968      {
 969          $edit_post_message_checksum = request_var('edit_post_message_checksum', '');
 970          $edit_post_subject_checksum = request_var('edit_post_subject_checksum', '');
 971  
 972          // $post_data['post_checksum'] is the checksum of the post submitted in the meantime
 973          // $message_md5 is the checksum of the post we're about to submit
 974          // $edit_post_message_checksum is the checksum of the post we're editing
 975          // ...
 976  
 977          // We make sure nobody else made exactly the same change
 978          // we're about to submit by also checking $message_md5 != $post_data['post_checksum']
 979          if ($edit_post_message_checksum !== '' &&
 980              $edit_post_message_checksum != $post_data['post_checksum'] &&
 981              $message_md5 != $post_data['post_checksum']
 982              ||
 983              $edit_post_subject_checksum !== '' &&
 984              $edit_post_subject_checksum != $post_data['post_subject_md5'] &&
 985              md5($post_data['post_subject']) != $post_data['post_subject_md5'])
 986          {
 987              if (topic_review($topic_id, $forum_id, 'post_review_edit', $post_id))
 988              {
 989                  $template->assign_vars(array(
 990                      'S_POST_REVIEW'            => true,
 991  
 992                      'L_POST_REVIEW'            => $user->lang['POST_REVIEW_EDIT'],
 993                      'L_POST_REVIEW_EXPLAIN'    => $user->lang['POST_REVIEW_EDIT_EXPLAIN'],
 994                  ));
 995              }
 996  
 997              $submit = false;
 998              $refresh = true;
 999          }
1000      }
1001  
1002      // Check checksum ... don't re-parse message if the same
1003      $update_message = ($mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN) ? true : false;
1004  
1005      // Also check if subject got updated...
1006      $update_subject = $mode != 'edit' || ($post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']));
1007  
1008      // Parse message
1009      if ($update_message)
1010      {
1011          if (sizeof($message_parser->warn_msg))
1012          {
1013              $error[] = implode('<br />', $message_parser->warn_msg);
1014              $message_parser->warn_msg = array();
1015          }
1016  
1017          if (!$preview || !empty($message_parser->message))
1018          {
1019              $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
1020          }
1021  
1022          // On a refresh we do not care about message parsing errors
1023          if (sizeof($message_parser->warn_msg) && $refresh && !$preview)
1024          {
1025              $message_parser->warn_msg = array();
1026          }
1027      }
1028      else
1029      {
1030          $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
1031      }
1032  
1033      $ignore_flood = $auth->acl_get('u_ignoreflood') ? true : $auth->acl_get('f_ignoreflood', $forum_id);
1034      if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$ignore_flood)
1035      {
1036          // Flood check
1037          $last_post_time = 0;
1038  
1039          if ($user->data['is_registered'])
1040          {
1041              $last_post_time = $user->data['user_lastpost_time'];
1042          }
1043          else
1044          {
1045              $sql = 'SELECT post_time AS last_post_time
1046                  FROM ' . POSTS_TABLE . "
1047                  WHERE poster_ip = '" . $user->ip . "'
1048                      AND post_time > " . ($current_time - $config['flood_interval']);
1049              $result = $db->sql_query_limit($sql, 1);
1050              if ($row = $db->sql_fetchrow($result))
1051              {
1052                  $last_post_time = $row['last_post_time'];
1053              }
1054              $db->sql_freeresult($result);
1055          }
1056  
1057          if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval']))
1058          {
1059              $error[] = $user->lang['FLOOD_ERROR'];
1060          }
1061      }
1062  
1063      // Validate username
1064      if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']))
1065      {
1066          include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1067  
1068          $user->add_lang('ucp');
1069  
1070          if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false)
1071          {
1072              $error[] = $user->lang[$result . '_USERNAME'];
1073          }
1074  
1075          if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false)
1076          {
1077              $min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars'];
1078              $error[] = $user->lang('FIELD_' . $result, $min_max_amount, $user->lang['USERNAME']);
1079          }
1080      }
1081  
1082      if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
1083      {
1084          $captcha_data = array(
1085              'message'    => utf8_normalize_nfc(request_var('message', '', true)),
1086              'subject'    => utf8_normalize_nfc(request_var('subject', '', true)),
1087              'username'    => utf8_normalize_nfc(request_var('username', '', true)),
1088          );
1089          $vc_response = $captcha->validate($captcha_data);
1090          if ($vc_response)
1091          {
1092              $error[] = $vc_response;
1093          }
1094      }
1095  
1096      // check form
1097      if (($submit || $preview) && !check_form_key('posting'))
1098      {
1099          $error[] = $user->lang['FORM_INVALID'];
1100      }
1101  
1102      if ($submit && $mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED && !isset($_POST['soft_delete']) && $auth->acl_get('m_approve', $forum_id))
1103      {
1104          $is_first_post = ($post_id == $post_data['topic_first_post_id'] || !$post_data['topic_posts_approved']);
1105          $is_last_post = ($post_id == $post_data['topic_last_post_id'] || !$post_data['topic_posts_approved']);
1106          $updated_post_data = $phpbb_content_visibility->set_post_visibility(ITEM_APPROVED, $post_id, $post_data['topic_id'], $post_data['forum_id'], $user->data['user_id'], time(), '', $is_first_post, $is_last_post);
1107  
1108          if (!empty($updated_post_data))
1109          {
1110              // Update the post_data, so we don't need to refetch it.
1111              $post_data = array_merge($post_data, $updated_post_data);
1112          }
1113      }
1114  
1115      // Parse subject
1116      if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1117      {
1118          $error[] = $user->lang['EMPTY_SUBJECT'];
1119      }
1120  
1121      // Check for out-of-bounds characters that are currently
1122      // not supported by utf8_bin in MySQL
1123      if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
1124      {
1125          $character_list = implode('<br />', $matches[0]);
1126          $error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
1127      }
1128  
1129      $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;
1130  
1131      if ($post_data['poll_option_text'] &&
1132          ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1133          && $auth->acl_get('f_poll', $forum_id))
1134      {
1135          $poll = array(
1136              'poll_title'        => $post_data['poll_title'],
1137              'poll_length'        => $post_data['poll_length'],
1138              'poll_max_options'    => $post_data['poll_max_options'],
1139              'poll_option_text'    => $post_data['poll_option_text'],
1140              'poll_start'        => $post_data['poll_start'],
1141              'poll_last_vote'    => $post_data['poll_last_vote'],
1142              'poll_vote_change'    => $post_data['poll_vote_change'],
1143              'enable_bbcode'        => $post_data['enable_bbcode'],
1144              'enable_urls'        => $post_data['enable_urls'],
1145              'enable_smilies'    => $post_data['enable_smilies'],
1146              'img_status'        => $img_status
1147          );
1148  
1149          $message_parser->parse_poll($poll);
1150  
1151          $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1152          $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1153  
1154          /* We reset votes, therefore also allow removing options
1155          if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size))
1156          {
1157              $message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS'];
1158          }*/
1159      }
1160      else if ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id))
1161      {
1162          // The user removed all poll options, this is equal to deleting the poll.
1163          $poll = array(
1164              'poll_title'        => '',
1165              'poll_length'        => 0,
1166              'poll_max_options'    => 0,
1167              'poll_option_text'    => '',
1168              'poll_start'        => 0,
1169              'poll_last_vote'    => 0,
1170              'poll_vote_change'    => 0,
1171              'poll_options'        => array(),
1172          );
1173  
1174          $post_data['poll_options'] = array();
1175          $post_data['poll_title'] = '';
1176          $post_data['poll_start'] = $post_data['poll_length'] = $post_data['poll_max_options'] = $post_data['poll_last_vote'] = $post_data['poll_vote_change'] = 0;
1177      }
1178      else if (!$auth->acl_get('f_poll', $forum_id) && ($mode == 'edit') && ($post_id == $post_data['topic_first_post_id']) && ($original_poll_data['poll_title'] != ''))
1179      {
1180          // We have a poll but the editing user is not permitted to create/edit it.
1181          // So we just keep the original poll-data.
1182          $poll = array_merge($original_poll_data, array(
1183              'enable_bbcode'        => $post_data['enable_bbcode'],
1184              'enable_urls'        => $post_data['enable_urls'],
1185              'enable_smilies'    => $post_data['enable_smilies'],
1186              'img_status'        => $img_status,
1187          ));
1188  
1189          $message_parser->parse_poll($poll);
1190  
1191          $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1192          $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1193      }
1194      else
1195      {
1196          $poll = array();
1197      }
1198  
1199      // Check topic type
1200      if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1201      {
1202          switch ($post_data['topic_type'])
1203          {
1204              case POST_GLOBAL:
1205              case POST_ANNOUNCE:
1206                  $auth_option = 'f_announce';
1207              break;
1208  
1209              case POST_STICKY:
1210                  $auth_option = 'f_sticky';
1211              break;
1212  
1213              default:
1214                  $auth_option = '';
1215              break;
1216          }
1217  
1218          if ($auth_option != '' && !$auth->acl_get($auth_option, $forum_id))
1219          {
1220              // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod.
1221              // Another case would be a mod not having sticky permissions for example but edit permissions.
1222              if ($mode == 'edit')
1223              {
1224                  // To prevent non-authed users messing around with the topic type we reset it to the original one.
1225                  $post_data['topic_type'] = $post_data['orig_topic_type'];
1226              }
1227              else
1228              {
1229                  $error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))];
1230              }
1231          }
1232      }
1233  
1234      if (sizeof($message_parser->warn_msg))
1235      {
1236          $error[] = implode('<br />', $message_parser->warn_msg);
1237      }
1238  
1239      // DNSBL check
1240      if ($config['check_dnsbl'] && !$refresh)
1241      {
1242          if (($dnsbl = $user->check_dnsbl('post')) !== false)
1243          {
1244              $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
1245          }
1246      }
1247  
1248      /**
1249      * This event allows you to define errors before the post action is performed
1250      *
1251      * @event core.posting_modify_submission_errors
1252      * @var    array    post_data    Array with post data
1253      * @var    array    poll        Array with poll data from post (must be used instead of the post_data equivalent)
1254      * @var    string    mode        What action to take if the form is submitted
1255      *                post|reply|quote|edit|delete|bump|smilies|popup
1256      * @var    string    page_title    Title of the mode page
1257      * @var    int    post_id        ID of the post
1258      * @var    int    topic_id    ID of the topic
1259      * @var    int    forum_id    ID of the forum
1260      * @var    bool    submit        Whether or not the form has been submitted
1261      * @var    array    error        Any error strings; a non-empty array aborts form submission.
1262      *                NOTE: Should be actual language strings, NOT language keys.
1263      * @since 3.1.0-RC5
1264      * @change 3.1.5-RC1 Added poll array to the event
1265      */
1266      $vars = array(
1267          'post_data',
1268          'poll',
1269          'mode',
1270          'page_title',
1271          'post_id',
1272          'topic_id',
1273          'forum_id',
1274          'submit',
1275          'error',
1276      );
1277      extract($phpbb_dispatcher->trigger_event('core.posting_modify_submission_errors', compact($vars)));
1278  
1279      // Store message, sync counters
1280      if (!sizeof($error) && $submit)
1281      {
1282          if ($submit)
1283          {
1284              // Lock/Unlock Topic
1285              $change_topic_status = $post_data['topic_status'];
1286              $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;
1287  
1288              if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
1289              {
1290                  $change_topic_status = ITEM_UNLOCKED;
1291              }
1292              else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock)
1293              {
1294                  $change_topic_status = ITEM_LOCKED;
1295              }
1296  
1297              if ($change_topic_status != $post_data['topic_status'])
1298              {
1299                  $sql = 'UPDATE ' . TOPICS_TABLE . "
1300                      SET topic_status = $change_topic_status
1301                      WHERE topic_id = $topic_id
1302                          AND topic_moved_id = 0";
1303                  $db->sql_query($sql);
1304  
1305                  $user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : '';
1306  
1307                  add_log('mod', $forum_id, $topic_id, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), $post_data['topic_title']);
1308              }
1309  
1310              // Lock/Unlock Post Edit
1311              if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id))
1312              {
1313                  $post_data['post_edit_locked'] = ITEM_UNLOCKED;
1314              }
1315              else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id))
1316              {
1317                  $post_data['post_edit_locked'] = ITEM_LOCKED;
1318              }
1319  
1320              $data = array(
1321                  'topic_title'            => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'],
1322                  'topic_first_post_id'    => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0,
1323                  'topic_last_post_id'    => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0,
1324                  'topic_time_limit'        => (int) $post_data['topic_time_limit'],
1325                  'topic_attachment'        => (isset($post_data['topic_attachment'])) ? (int) $post_data['topic_attachment'] : 0,
1326                  'post_id'                => (int) $post_id,
1327                  'topic_id'                => (int) $topic_id,
1328                  'forum_id'                => (int) $forum_id,
1329                  'icon_id'                => (int) $post_data['icon_id'],
1330                  'poster_id'                => (int) $post_data['poster_id'],
1331                  'enable_sig'            => (bool) $post_data['enable_sig'],
1332                  'enable_bbcode'            => (bool) $post_data['enable_bbcode'],
1333                  'enable_smilies'        => (bool) $post_data['enable_smilies'],
1334                  'enable_urls'            => (bool) $post_data['enable_urls'],
1335                  'enable_indexing'        => (bool) $post_data['enable_indexing'],
1336                  'message_md5'            => (string) $message_md5,
1337                  'post_checksum'            => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '',
1338                  'post_edit_reason'        => $post_data['post_edit_reason'],
1339                  'post_edit_user'        => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0),
1340                  'forum_parents'            => $post_data['forum_parents'],
1341                  'forum_name'            => $post_data['forum_name'],
1342                  'notify'                => $notify,
1343                  'notify_set'            => $post_data['notify_set'],
1344                  'poster_ip'                => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip,
1345                  'post_edit_locked'        => (int) $post_data['post_edit_locked'],
1346                  'bbcode_bitfield'        => $message_parser->bbcode_bitfield,
1347                  'bbcode_uid'            => $message_parser->bbcode_uid,
1348                  'message'                => $message_parser->message,
1349                  'attachment_data'        => $message_parser->attachment_data,
1350                  'filename_data'            => $message_parser->filename_data,
1351                  'topic_status'            => $post_data['topic_status'],
1352  
1353                  'topic_visibility'            => (isset($post_data['topic_visibility'])) ? $post_data['topic_visibility'] : false,
1354                  'post_visibility'            => (isset($post_data['post_visibility'])) ? $post_data['post_visibility'] : false,
1355              );
1356  
1357              if ($mode == 'edit')
1358              {
1359                  $data['topic_posts_approved'] = $post_data['topic_posts_approved'];
1360                  $data['topic_posts_unapproved'] = $post_data['topic_posts_unapproved'];
1361                  $data['topic_posts_softdeleted'] = $post_data['topic_posts_softdeleted'];
1362              }
1363  
1364              // Only return the username when it is either a guest posting or we are editing a post and
1365              // the username was supplied; otherwise post_data might hold the data of the post that is
1366              // being quoted (which could result in the username being returned being that of the quoted
1367              // post's poster, not the poster of the current post). See: PHPBB3-11769 for more information.
1368              $post_author_name = ((!$user->data['is_registered'] || $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : '';
1369  
1370              /**
1371              * This event allows you to define errors before the post action is performed
1372              *
1373              * @event core.posting_modify_submit_post_before
1374              * @var    array    post_data    Array with post data
1375              * @var    array    poll        Array with poll data
1376              * @var    array    data        Array with post data going to be stored in the database
1377              * @var    string    mode        What action to take if the form is submitted
1378              *                post|reply|quote|edit|delete
1379              * @var    string    page_title    Title of the mode page
1380              * @var    int    post_id        ID of the post
1381              * @var    int    topic_id    ID of the topic
1382              * @var    int    forum_id    ID of the forum
1383              * @var    string    post_author_name    Author name for guest posts
1384              * @var    bool    update_message        Boolean if the post message was changed
1385              * @var    bool    update_subject        Boolean if the post subject was changed
1386              *                NOTE: Should be actual language strings, NOT language keys.
1387              * @since 3.1.0-RC5
1388              * @changed 3.1.6-RC1 remove submit and error from event  Submit and Error are checked previously prior to running event
1389              */
1390              $vars = array(
1391                  'post_data',
1392                  'poll',
1393                  'data',
1394                  'mode',
1395                  'page_title',
1396                  'post_id',
1397                  'topic_id',
1398                  'forum_id',
1399                  'post_author_name',
1400                  'update_message',
1401                  'update_subject',
1402              );
1403              extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_before', compact($vars)));
1404  
1405              // The last parameter tells submit_post if search indexer has to be run
1406              $redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
1407  
1408              /**
1409              * This event allows you to define errors after the post action is performed
1410              *
1411              * @event core.posting_modify_submit_post_after
1412              * @var    array    post_data    Array with post data
1413              * @var    array    poll        Array with poll data
1414              * @var    array    data        Array with post data going to be stored in the database
1415              * @var    string    mode        What action to take if the form is submitted
1416              *                post|reply|quote|edit|delete
1417              * @var    string    page_title    Title of the mode page
1418              * @var    int    post_id        ID of the post
1419              * @var    int    topic_id    ID of the topic
1420              * @var    int    forum_id    ID of the forum
1421              * @var    string    post_author_name    Author name for guest posts
1422              * @var    bool    update_message        Boolean if the post message was changed
1423              * @var    bool    update_subject        Boolean if the post subject was changed
1424              * @var    string    redirect_url        URL the user is going to be redirected to
1425              *                NOTE: Should be actual language strings, NOT language keys.
1426              * @since 3.1.0-RC5
1427              * @changed 3.1.6-RC1 remove submit and error from event  Submit and Error are checked previously prior to running event
1428              */
1429              $vars = array(
1430                  'post_data',
1431                  'poll',
1432                  'data',
1433                  'mode',
1434                  'page_title',
1435                  'post_id',
1436                  'topic_id',
1437                  'forum_id',
1438                  'post_author_name',
1439                  'update_message',
1440                  'update_subject',
1441                  'redirect_url',
1442              );
1443              extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_after', compact($vars)));
1444  
1445              if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1446              {
1447                  $captcha->reset();
1448              }
1449  
1450              // Handle delete mode...
1451              if ($request->is_set_post('delete') || $request->is_set_post('delete_permanent'))
1452              {
1453                  $delete_reason = $request->variable('delete_reason', '', true);
1454                  phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $delete_reason);
1455                  return;
1456              }
1457  
1458              // Check the permissions for post approval.
1459              // Moderators must go through post approval like ordinary users.
1460              if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state']))
1461              {
1462                  meta_refresh(10, $redirect_url);
1463                  $message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];
1464                  $message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']);
1465                  $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']) . '">', '</a>');
1466                  trigger_error($message);
1467              }
1468  
1469              redirect($redirect_url);
1470          }
1471      }
1472  }
1473  
1474  // Preview
1475  if (!sizeof($error) && $preview)
1476  {
1477      $post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time;
1478  
1479      $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
1480  
1481      $preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig'];
1482      $preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
1483      $preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
1484  
1485      // Signature
1486      if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id))
1487      {
1488          $parse_sig = new parse_message($preview_signature);
1489          $parse_sig->bbcode_uid = $preview_signature_uid;
1490          $parse_sig->bbcode_bitfield = $preview_signature_bitfield;
1491  
1492          // Not sure about parameters for bbcode/smilies/urls... in signatures
1493          $parse_sig->format_display($config['allow_sig_bbcode'], $config['allow_sig_links'], $config['allow_sig_smilies']);
1494          $preview_signature = $parse_sig->message;
1495          unset($parse_sig);
1496      }
1497      else
1498      {
1499          $preview_signature = '';
1500      }
1501  
1502      $preview_subject = censor_text($post_data['post_subject']);
1503  
1504      // Poll Preview
1505      if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1506      && $auth->acl_get('f_poll', $forum_id))
1507      {
1508          $parse_poll = new parse_message($post_data['poll_title']);
1509          $parse_poll->bbcode_uid = $message_parser->bbcode_uid;
1510          $parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield;
1511  
1512          $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1513  
1514          if ($post_data['poll_length'])
1515          {
1516              $poll_end = ($post_data['poll_length'] * 86400) + (($post_data['poll_start']) ? $post_data['poll_start'] : time());
1517          }
1518  
1519          $template->assign_vars(array(
1520              'S_HAS_POLL_OPTIONS'    => (sizeof($post_data['poll_options'])),
1521              'S_IS_MULTI_CHOICE'        => ($post_data['poll_max_options'] > 1) ? true : false,
1522  
1523              'POLL_QUESTION'        => $parse_poll->message,
1524  
1525              'L_POLL_LENGTH'        => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($poll_end)) : '',
1526              'L_MAX_VOTES'        => $user->lang('MAX_OPTIONS_SELECT', (int) $post_data['poll_max_options']),
1527          ));
1528  
1529          $preview_poll_options = array();
1530          foreach ($post_data['poll_options'] as $poll_option)
1531          {
1532              $parse_poll->message = $poll_option;
1533              $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1534              $preview_poll_options[] = $parse_poll->message;
1535          }
1536          unset($parse_poll);
1537  
1538          foreach ($preview_poll_options as $key => $option)
1539          {
1540              $template->assign_block_vars('poll_option', array(
1541                  'POLL_OPTION_CAPTION'    => $option,
1542                  'POLL_OPTION_ID'        => $key + 1)
1543              );
1544          }
1545          unset($preview_poll_options);
1546      }
1547  
1548      // Attachment Preview
1549      if (sizeof($message_parser->attachment_data))
1550      {
1551          $template->assign_var('S_HAS_ATTACHMENTS', true);
1552  
1553          $update_count = array();
1554          $attachment_data = $message_parser->attachment_data;
1555  
1556          parse_attachments($forum_id, $preview_message, $attachment_data, $update_count, true);
1557  
1558          foreach ($attachment_data as $i => $attachment)
1559          {
1560              $template->assign_block_vars('attachment', array(
1561                  'DISPLAY_ATTACHMENT'    => $attachment)
1562              );
1563          }
1564          unset($attachment_data);
1565      }
1566  
1567      if (!sizeof($error))
1568      {
1569          $template->assign_vars(array(
1570              'PREVIEW_SUBJECT'        => $preview_subject,
1571              'PREVIEW_MESSAGE'        => $preview_message,
1572              'PREVIEW_SIGNATURE'        => $preview_signature,
1573  
1574              'S_DISPLAY_PREVIEW'        => !empty($preview_message),
1575          ));
1576      }
1577  }
1578  
1579  // Remove quotes that would become nested too deep before decoding the text
1580  $generate_quote = ($mode == 'quote' && !$submit && !$preview && !$refresh);
1581  if ($generate_quote && $config['max_quote_depth'] > 0)
1582  {
1583      $tmp_bbcode_uid = $message_parser->bbcode_uid;
1584      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
1585      $message_parser->remove_nested_quotes($config['max_quote_depth'] - 1);
1586      $message_parser->bbcode_uid = $tmp_bbcode_uid;
1587  }
1588  
1589  // Decode text for message display
1590  $post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !sizeof($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
1591  $message_parser->decode_message($post_data['bbcode_uid']);
1592  
1593  if ($generate_quote)
1594  {
1595      // Remove attachment bbcode tags from the quoted message to avoid mixing with the new post attachments if any
1596      $message_parser->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#uis', '\\2', $message_parser->message);
1597  
1598      if ($config['allow_bbcode'])
1599      {
1600          $message_parser->message = '[quote=&quot;' . $post_data['quote_username'] . '&quot;]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
1601      }
1602      else
1603      {
1604          $offset = 0;
1605          $quote_string = "&gt; ";
1606          $message = censor_text(trim($message_parser->message));
1607          // see if we are nesting. It's easily tricked but should work for one level of nesting
1608          if (strpos($message, "&gt;") !== false)
1609          {
1610              $offset = 10;
1611          }
1612          $message = utf8_wordwrap($message, 75 + $offset, "\n");
1613  
1614          $message = $quote_string . $message;
1615          $message = str_replace("\n", "\n" . $quote_string, $message);
1616          $message_parser->message =  $post_data['quote_username'] . " " . $user->lang['WROTE'] . ":\n" . $message . "\n";
1617      }
1618  }
1619  
1620  if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh)
1621  {
1622      $post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']);
1623  }
1624  
1625  $attachment_data = $message_parser->attachment_data;
1626  $filename_data = $message_parser->filename_data;
1627  $post_data['post_text'] = $message_parser->message;
1628  
1629  if (sizeof($post_data['poll_options']) || !empty($post_data['poll_title']))
1630  {
1631      $message_parser->message = $post_data['poll_title'];
1632      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
1633  
1634      $message_parser->decode_message();
1635      $post_data['poll_title'] = $message_parser->message;
1636  
1637      $message_parser->message = implode("\n", $post_data['poll_options']);
1638      $message_parser->decode_message();
1639      $post_data['poll_options'] = explode("\n", $message_parser->message);
1640  }
1641  
1642  // MAIN POSTING PAGE BEGINS HERE
1643  
1644  // Forum moderators?
1645  $moderators = array();
1646  if ($config['load_moderators'])
1647  {
1648      get_moderators($moderators, $forum_id);
1649  }
1650  
1651  // Generate smiley listing
1652  generate_smilies('inline', $forum_id);
1653  
1654  // Generate inline attachment select box
1655  posting_gen_inline_attachments($attachment_data);
1656  
1657  // Do show topic type selection only in first post.
1658  $topic_type_toggle = false;
1659  
1660  if ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']))
1661  {
1662      $topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']);
1663  }
1664  
1665  $s_topic_icons = false;
1666  if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
1667  {
1668      $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
1669  }
1670  
1671  $bbcode_checked        = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1);
1672  $smilies_checked    = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1);
1673  $urls_checked        = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0;
1674  $sig_checked        = $post_data['enable_sig'];
1675  $lock_topic_checked    = (isset($topic_lock) && $topic_lock) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0);
1676  $lock_post_checked    = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked'];
1677  
1678  // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
1679  $notify_set            = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set'];
1680  $notify_checked        = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);
1681  
1682  // Page title & action URL
1683  $s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode&amp;f=$forum_id");
1684  $s_action .= ($topic_id) ? "&amp;t=$topic_id" : '';
1685  $s_action .= ($post_id) ? "&amp;p=$post_id" : '';
1686  
1687  switch ($mode)
1688  {
1689      case 'post':
1690          $page_title = $user->lang['POST_TOPIC'];
1691      break;
1692  
1693      case 'quote':
1694      case 'reply':
1695          $page_title = $user->lang['POST_REPLY'];
1696      break;
1697  
1698      case 'delete':
1699      case 'edit':
1700          $page_title = $user->lang['EDIT_POST'];
1701      break;
1702  }
1703  
1704  // Build Navigation Links
1705  generate_forum_nav($post_data);
1706  
1707  // Build Forum Rules
1708  generate_forum_rules($post_data);
1709  
1710  // Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed.
1711  if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1712  {
1713  
1714      $template->assign_vars(array(
1715          'S_CONFIRM_CODE'            => true,
1716          'CAPTCHA_TEMPLATE'            => $captcha->get_template(),
1717      ));
1718  }
1719  
1720  $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
1721  $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
1722  $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : '';
1723  
1724  if ($mode == 'edit')
1725  {
1726      $s_hidden_fields .= build_hidden_fields(array(
1727          'edit_post_message_checksum'    => $post_data['post_checksum'],
1728          'edit_post_subject_checksum'    => $post_data['post_subject_md5'],
1729      ));
1730  }
1731  
1732  // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
1733  if (isset($captcha) && $captcha->is_solved() !== false)
1734  {
1735      $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
1736  }
1737  
1738  $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"';
1739  add_form_key('posting');
1740  
1741  
1742  // Build array of variables for main posting page
1743  $page_data = array(
1744      'L_POST_A'                    => $page_title,
1745      'L_ICON'                    => ($mode == 'reply' || $mode == 'quote' || ($mode == 'edit' && $post_id != $post_data['topic_first_post_id'])) ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'],
1746      'L_MESSAGE_BODY_EXPLAIN'    => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']),
1747      'L_DELETE_POST_PERMANENTLY'    => $user->lang('DELETE_POST_PERMANENTLY', 1),
1748  
1749      'FORUM_NAME'            => $post_data['forum_name'],
1750      'FORUM_DESC'            => ($post_data['forum_desc']) ? generate_text_for_display($post_data['forum_desc'], $post_data['forum_desc_uid'], $post_data['forum_desc_bitfield'], $post_data['forum_desc_options']) : '',
1751      'TOPIC_TITLE'            => censor_text($post_data['topic_title']),
1752      'MODERATORS'            => (sizeof($moderators)) ? implode($user->lang['COMMA_SEPARATOR'], $moderators[$forum_id]) : '',
1753      'USERNAME'                => ((!$preview && $mode != 'quote') || $preview) ? $post_data['username'] : '',
1754      'SUBJECT'                => $post_data['post_subject'],
1755      'MESSAGE'                => $post_data['post_text'],
1756      'BBCODE_STATUS'            => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'),
1757      'IMG_STATUS'            => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
1758      'FLASH_STATUS'            => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
1759      'SMILIES_STATUS'        => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
1760      'URL_STATUS'            => ($bbcode_status && $url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
1761      'MAX_FONT_SIZE'            => (int) $config['max_post_font_size'],
1762      'MINI_POST_IMG'            => $user->img('icon_post_target', $user->lang['POST']),
1763      'POST_DATE'                => ($post_data['post_time']) ? $user->format_date($post_data['post_time']) : '',
1764      'ERROR'                    => (sizeof($error)) ? implode('<br />', $error) : '',
1765      'TOPIC_TIME_LIMIT'        => (int) $post_data['topic_time_limit'],
1766      'EDIT_REASON'            => $request->variable('edit_reason', '', true),
1767      'SHOW_PANEL'            => $request->variable('show_panel', ''),
1768      'U_VIEW_FORUM'            => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"),
1769      'U_VIEW_TOPIC'            => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id") : '',
1770      'U_PROGRESS_BAR'        => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup"),
1771      'UA_PROGRESS_BAR'        => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup")),
1772  
1773      'S_PRIVMSGS'                => false,
1774      'S_CLOSE_PROGRESS_WINDOW'    => (isset($_POST['add_file'])) ? true : false,
1775      'S_EDIT_POST'                => ($mode == 'edit') ? true : false,
1776      'S_EDIT_REASON'                => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1777      'S_DISPLAY_USERNAME'        => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
1778      'S_SHOW_TOPIC_ICONS'        => $s_topic_icons,
1779      'S_DELETE_ALLOWED'            => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])) || $auth->acl_get('m_delete', $forum_id))) ? true : false,
1780      'S_BBCODE_ALLOWED'            => ($bbcode_status) ? 1 : 0,
1781      'S_BBCODE_CHECKED'            => ($bbcode_checked) ? ' checked="checked"' : '',
1782      'S_SMILIES_ALLOWED'            => $smilies_status,
1783      'S_SMILIES_CHECKED'            => ($smilies_checked) ? ' checked="checked"' : '',
1784      'S_SIG_ALLOWED'                => ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false,
1785      'S_SIGNATURE_CHECKED'        => ($sig_checked) ? ' checked="checked"' : '',
1786      'S_NOTIFY_ALLOWED'            => (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify'] || !$config['email_enable']) ? false : true,
1787      'S_NOTIFY_CHECKED'            => ($notify_checked) ? ' checked="checked"' : '',
1788      'S_LOCK_TOPIC_ALLOWED'        => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote' || $mode == 'post') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false,
1789      'S_LOCK_TOPIC_CHECKED'        => ($lock_topic_checked) ? ' checked="checked"' : '',
1790      'S_LOCK_POST_ALLOWED'        => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1791      'S_LOCK_POST_CHECKED'        => ($lock_post_checked) ? ' checked="checked"' : '',
1792      'S_SOFTDELETE_CHECKED'        => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? ' checked="checked"' : '',
1793      'S_SOFTDELETE_ALLOWED'        => ($mode == 'edit' && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $lock_post_checked)) ? true : false,
1794      'S_RESTORE_ALLOWED'            => $auth->acl_get('m_approve', $forum_id),
1795      'S_IS_DELETED'                => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? true : false,
1796      'S_LINKS_ALLOWED'            => $url_status,
1797      'S_MAGIC_URL_CHECKED'        => ($urls_checked) ? ' checked="checked"' : '',
1798      'S_TYPE_TOGGLE'                => $topic_type_toggle,
1799      'S_SAVE_ALLOWED'            => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $mode != 'edit') ? true : false,
1800      'S_HAS_DRAFTS'                => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false,
1801      'S_FORM_ENCTYPE'            => $form_enctype,
1802  
1803      'S_BBCODE_IMG'            => $img_status,
1804      'S_BBCODE_URL'            => $url_status,
1805      'S_BBCODE_FLASH'        => $flash_status,
1806      'S_BBCODE_QUOTE'        => $quote_status,
1807  
1808      'S_POST_ACTION'            => $s_action,
1809      'S_HIDDEN_FIELDS'        => $s_hidden_fields,
1810      'S_ATTACH_DATA'            => json_encode($message_parser->attachment_data),
1811      'S_IN_POSTING'            => true,
1812  );
1813  
1814  // Build custom bbcodes array
1815  display_custom_bbcodes();
1816  
1817  // Poll entry
1818  if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1819      && $auth->acl_get('f_poll', $forum_id))
1820  {
1821      $page_data = array_merge($page_data, array(
1822          'S_SHOW_POLL_BOX'        => true,
1823          'S_POLL_VOTE_CHANGE'    => ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id)),
1824          'S_POLL_DELETE'            => ($mode == 'edit' && sizeof($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))),
1825          'S_POLL_DELETE_CHECKED'    => (!empty($poll_delete)) ? true : false,
1826  
1827          'L_POLL_OPTIONS_EXPLAIN'    => $user->lang('POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN', (int) $config['max_poll_options']),
1828  
1829          'VOTE_CHANGE_CHECKED'    => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '',
1830          'POLL_TITLE'            => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
1831          'POLL_OPTIONS'            => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '',
1832          'POLL_MAX_OPTIONS'        => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1,
1833          'POLL_LENGTH'            => $post_data['poll_length'],
1834          )
1835      );
1836  }
1837  
1838  /**
1839  * This event allows you to modify template variables for the posting screen
1840  *
1841  * @event core.posting_modify_template_vars
1842  * @var    array    post_data    Array with post data
1843  * @var    array    moderators    Array with forum moderators
1844  * @var    string    mode        What action to take if the form is submitted
1845  *                post|reply|quote|edit|delete|bump|smilies|popup
1846  * @var    string    page_title    Title of the mode page
1847  * @var    bool    s_topic_icons    Whether or not to show the topic icons
1848  * @var    string    form_enctype    If attachments are allowed for this form
1849  *                "multipart/form-data" or empty string
1850  * @var    string    s_action    The URL to submit the POST data to
1851  * @var    string    s_hidden_fields    Concatenated hidden input tags of posting form
1852  * @var    int    post_id        ID of the post
1853  * @var    int    topic_id    ID of the topic
1854  * @var    int    forum_id    ID of the forum
1855  * @var    int    draft_id    ID of the draft
1856  * @var    bool    submit        Whether or not the form has been submitted
1857  * @var    bool    preview        Whether or not the post is being previewed
1858  * @var    bool    save        Whether or not a draft is being saved
1859  * @var    bool    load        Whether or not a draft is being loaded
1860  * @var    bool    cancel        Whether or not to cancel the form (returns to
1861  *                viewtopic or viewforum depending on if the user
1862  *                is posting a new topic or editing a post)
1863  * @var    array    error        Any error strings; a non-empty array aborts
1864  *                form submission.
1865  *                NOTE: Should be actual language strings, NOT
1866  *                language keys.
1867  * @var    bool    refresh        Whether or not to retain previously submitted data
1868  * @var    array    page_data    Posting page data that should be passed to the
1869  *                posting page via $template->assign_vars()
1870  * @var    object    message_parser    The message parser object
1871  * @since 3.1.0-a1
1872  * @change 3.1.0-b3 Added vars post_data, moderators, mode, page_title,
1873  *        s_topic_icons, form_enctype, s_action, s_hidden_fields,
1874  *        post_id, topic_id, forum_id, submit, preview, save, load,
1875  *        delete, cancel, refresh, error, page_data, message_parser
1876  * @change 3.1.2-RC1 Removed 'delete' var as it does not exist
1877  * @change 3.1.5-RC1 Added poll variables to the page_data array
1878  * @change 3.1.6-RC1 Added 'draft_id' var
1879  */
1880  $vars = array(
1881      'post_data',
1882      'moderators',
1883      'mode',
1884      'page_title',
1885      's_topic_icons',
1886      'form_enctype',
1887      's_action',
1888      's_hidden_fields',
1889      'post_id',
1890      'topic_id',
1891      'forum_id',
1892      'draft_id',
1893      'submit',
1894      'preview',
1895      'save',
1896      'load',
1897      'cancel',
1898      'refresh',
1899      'error',
1900      'page_data',
1901      'message_parser',
1902  );
1903  extract($phpbb_dispatcher->trigger_event('core.posting_modify_template_vars', compact($vars)));
1904  
1905  // Start assigning vars for main posting page ...
1906  $template->assign_vars($page_data);
1907  
1908  // Show attachment box for adding attachments if true
1909  $allowed = ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && $form_enctype);
1910  
1911  if ($allowed)
1912  {
1913      $max_files = ($auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) ? 0 : (int) $config['max_attachments'];
1914      $plupload->configure($cache, $template, $s_action, $forum_id, $max_files);
1915  }
1916  
1917  // Attachment entry
1918  posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);
1919  
1920  // Output page ...
1921  page_header($page_title);
1922  
1923  $template->set_filenames(array(
1924      'body' => 'posting_body.html')
1925  );
1926  
1927  make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
1928  
1929  // Topic review
1930  if ($mode == 'reply' || $mode == 'quote')
1931  {
1932      if (topic_review($topic_id, $forum_id))
1933      {
1934          $template->assign_var('S_DISPLAY_REVIEW', true);
1935      }
1936  }
1937  
1938  page_footer();


Generated: Sun Feb 19 19:52:41 2017 Cross-referenced by PHPXref 0.7.1