[ Index ]

PHP Cross Reference of phpBB-3.2.0-deutsch

title

Body

[close]

/ -> posting.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  define('IN_PHPBB', true);
  18  $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
  19  $phpEx = substr(strrchr(__FILE__, '.'), 1);
  20  include($phpbb_root_path . 'common.' . $phpEx);
  21  include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
  22  include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
  23  include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
  24  
  25  
  26  // Start session management
  27  $user->session_begin();
  28  $auth->acl($user->data);
  29  
  30  
  31  // Grab only parameters needed here
  32  $post_id    = $request->variable('p', 0);
  33  $topic_id    = $request->variable('t', 0);
  34  $forum_id    = $request->variable('f', 0);
  35  $draft_id    = $request->variable('d', 0);
  36  $lastclick    = $request->variable('lastclick', 0);
  37  
  38  $preview    = (isset($_POST['preview'])) ? true : false;
  39  $save        = (isset($_POST['save'])) ? true : false;
  40  $load        = (isset($_POST['load'])) ? true : false;
  41  $confirm    = $request->is_set_post('confirm');
  42  $cancel        = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
  43  
  44  $refresh    = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load || $preview);
  45  $submit = $request->is_set_post('post') && !$refresh && !$preview;
  46  $mode        = $request->variable('mode', '');
  47  
  48  // If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here.
  49  if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_gets('f_delete', 'm_delete', $forum_id)))
  50  {
  51      $mode = 'soft_delete';
  52  }
  53  
  54  $error = $post_data = array();
  55  $current_time = time();
  56  
  57  /**
  58  * This event allows you to alter the above parameters, such as submit and mode
  59  *
  60  * Note: $refresh must be true to retain previously submitted form data.
  61  *
  62  * Note: The template class will not work properly until $user->setup() is
  63  * called, and it has not been called yet. Extensions requiring template
  64  * assignments should use an event that comes later in this file.
  65  *
  66  * @event core.modify_posting_parameters
  67  * @var    int        post_id        ID of the post
  68  * @var    int        topic_id    ID of the topic
  69  * @var    int        forum_id    ID of the forum
  70  * @var    int        draft_id    ID of the draft
  71  * @var    int        lastclick    Timestamp of when the form was last loaded
  72  * @var    bool    submit        Whether or not the form has been submitted
  73  * @var    bool    preview        Whether or not the post is being previewed
  74  * @var    bool    save        Whether or not a draft is being saved
  75  * @var    bool    load        Whether or not a draft is being loaded
  76  * @var    bool    cancel        Whether or not to cancel the form (returns to
  77  *                            viewtopic or viewforum depending on if the user
  78  *                            is posting a new topic or editing a post)
  79  * @var    bool    refresh        Whether or not to retain previously submitted data
  80  * @var    string    mode        What action to take if the form has been submitted
  81  *                            post|reply|quote|edit|delete|bump|smilies|popup
  82  * @var    array    error        Any error strings; a non-empty array aborts
  83  *                            form submission.
  84  *                            NOTE: Should be actual language strings, NOT
  85  *                            language keys.
  86  * @since 3.1.0-a1
  87  * @change 3.1.2-RC1            Removed 'delete' var as it does not exist
  88  */
  89  $vars = array(
  90      'post_id',
  91      'topic_id',
  92      'forum_id',
  93      'draft_id',
  94      'lastclick',
  95      'submit',
  96      'preview',
  97      'save',
  98      'load',
  99      'cancel',
 100      'refresh',
 101      'mode',
 102      'error',
 103  );
 104  extract($phpbb_dispatcher->trigger_event('core.modify_posting_parameters', compact($vars)));
 105  
 106  // Was cancel pressed? If so then redirect to the appropriate page
 107  if ($cancel)
 108  {
 109      $f = ($forum_id) ? 'f=' . $forum_id . '&amp;' : '';
 110      $redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx")));
 111      redirect($redirect);
 112  }
 113  
 114  if (in_array($mode, array('post', 'reply', 'quote', 'edit', 'delete')) && !$forum_id)
 115  {
 116      trigger_error('NO_FORUM');
 117  }
 118  
 119  /* @var $phpbb_content_visibility \phpbb\content_visibility */
 120  $phpbb_content_visibility = $phpbb_container->get('content.visibility');
 121  
 122  // We need to know some basic information in all cases before we do anything.
 123  switch ($mode)
 124  {
 125      case 'post':
 126          $sql = 'SELECT *
 127              FROM ' . FORUMS_TABLE . "
 128              WHERE forum_id = $forum_id";
 129      break;
 130  
 131      case 'bump':
 132      case 'reply':
 133          if (!$topic_id)
 134          {
 135              trigger_error('NO_TOPIC');
 136          }
 137  
 138          // Force forum id
 139          $sql = 'SELECT forum_id
 140              FROM ' . TOPICS_TABLE . '
 141              WHERE topic_id = ' . $topic_id;
 142          $result = $db->sql_query($sql);
 143          $f_id = (int) $db->sql_fetchfield('forum_id');
 144          $db->sql_freeresult($result);
 145  
 146          $forum_id = (!$f_id) ? $forum_id : $f_id;
 147  
 148          $sql = 'SELECT f.*, t.*
 149              FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
 150              WHERE t.topic_id = $topic_id
 151                  AND f.forum_id = t.forum_id
 152                  AND " . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id, 't.');
 153      break;
 154  
 155      case 'quote':
 156      case 'edit':
 157      case 'delete':
 158      case 'soft_delete':
 159          if (!$post_id)
 160          {
 161              $user->setup('posting');
 162              trigger_error('NO_POST');
 163          }
 164  
 165          // Force forum id
 166          $sql = 'SELECT forum_id
 167              FROM ' . POSTS_TABLE . '
 168              WHERE post_id = ' . $post_id;
 169          $result = $db->sql_query($sql);
 170          $f_id = (int) $db->sql_fetchfield('forum_id');
 171          $db->sql_freeresult($result);
 172  
 173          $forum_id = (!$f_id) ? $forum_id : $f_id;
 174  
 175          $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
 176              FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
 177              WHERE p.post_id = $post_id
 178                  AND t.topic_id = p.topic_id
 179                  AND u.user_id = p.poster_id
 180                  AND f.forum_id = t.forum_id
 181                  AND " . $phpbb_content_visibility->get_visibility_sql('post', $forum_id, 'p.');
 182      break;
 183  
 184      case 'smilies':
 185          $sql = '';
 186          generate_smilies('window', $forum_id);
 187      break;
 188  
 189      case 'popup':
 190          if ($forum_id)
 191          {
 192              $sql = 'SELECT forum_style
 193                  FROM ' . FORUMS_TABLE . '
 194                  WHERE forum_id = ' . $forum_id;
 195          }
 196          else
 197          {
 198              phpbb_upload_popup();
 199              return;
 200          }
 201      break;
 202  
 203      default:
 204          $sql = '';
 205      break;
 206  }
 207  
 208  if (!$sql)
 209  {
 210      $user->setup('posting');
 211      trigger_error('NO_POST_MODE');
 212  }
 213  
 214  $result = $db->sql_query($sql);
 215  $post_data = $db->sql_fetchrow($result);
 216  $db->sql_freeresult($result);
 217  
 218  if (!$post_data)
 219  {
 220      if (!($mode == 'post' || $mode == 'bump' || $mode == 'reply'))
 221      {
 222          $user->setup('posting');
 223      }
 224      trigger_error(($mode == 'post' || $mode == 'bump' || $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST');
 225  }
 226  
 227  // Not able to reply to unapproved posts/topics
 228  // TODO: add more descriptive language key
 229  if ($auth->acl_get('m_approve', $forum_id) && ((($mode == 'reply' || $mode == 'bump') && $post_data['topic_visibility'] != ITEM_APPROVED) || ($mode == 'quote' && $post_data['post_visibility'] != ITEM_APPROVED)))
 230  {
 231      trigger_error(($mode == 'reply' || $mode == 'bump') ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED');
 232  }
 233  
 234  if ($mode == 'popup')
 235  {
 236      phpbb_upload_popup($post_data['forum_style']);
 237      return;
 238  }
 239  
 240  $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
 241  
 242  if ($config['enable_post_confirm'] && !$user->data['is_registered'])
 243  {
 244      $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
 245      $captcha->init(CONFIRM_POST);
 246  }
 247  
 248  // Use post_row values in favor of submitted ones...
 249  $forum_id    = (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
 250  $topic_id    = (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
 251  $post_id    = (!empty($post_data['post_id'])) ? (int) $post_data['post_id'] : (int) $post_id;
 252  
 253  // Need to login to passworded forum first?
 254  if ($post_data['forum_password'])
 255  {
 256      login_forum_box(array(
 257          'forum_id'            => $forum_id,
 258          'forum_name'        => $post_data['forum_name'],
 259          'forum_password'    => $post_data['forum_password'])
 260      );
 261  }
 262  
 263  // Check permissions
 264  if ($user->data['is_bot'])
 265  {
 266      redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 267  }
 268  
 269  // Is the user able to read within this forum?
 270  if (!$auth->acl_get('f_read', $forum_id))
 271  {
 272      if ($user->data['user_id'] != ANONYMOUS)
 273      {
 274          trigger_error('USER_CANNOT_READ');
 275      }
 276      $message = $user->lang['LOGIN_EXPLAIN_POST'];
 277  
 278      if ($request->is_ajax())
 279      {
 280          $json = new phpbb\json_response();
 281          $json->send(array(
 282              'title'        => $user->lang['INFORMATION'],
 283              'message'    => $message,
 284          ));
 285      }
 286  
 287      login_box('', $message);
 288  }
 289  
 290  // Permission to do the action asked?
 291  $is_authed = false;
 292  
 293  switch ($mode)
 294  {
 295      case 'post':
 296          if ($auth->acl_get('f_post', $forum_id))
 297          {
 298              $is_authed = true;
 299          }
 300      break;
 301  
 302      case 'bump':
 303          if ($auth->acl_get('f_bump', $forum_id))
 304          {
 305              $is_authed = true;
 306          }
 307      break;
 308  
 309      case 'quote':
 310  
 311          $post_data['post_edit_locked'] = 0;
 312  
 313      // no break;
 314  
 315      case 'reply':
 316          if ($auth->acl_get('f_reply', $forum_id))
 317          {
 318              $is_authed = true;
 319          }
 320      break;
 321  
 322      case 'edit':
 323          if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))
 324          {
 325              $is_authed = true;
 326          }
 327      break;
 328  
 329      case 'delete':
 330          if ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id))))
 331          {
 332              $is_authed = true;
 333          }
 334  
 335      // no break;
 336  
 337      case 'soft_delete':
 338          if (!$is_authed && $user->data['is_registered'] && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $post_data['post_edit_locked']))
 339          {
 340              // Fall back to soft_delete if we have no permissions to delete posts but to soft delete them
 341              $is_authed = true;
 342              $mode = 'soft_delete';
 343          }
 344          else if (!$is_authed)
 345          {
 346              // Display the same error message for softdelete we use for delete
 347              $mode = 'delete';
 348          }
 349      break;
 350  }
 351  /**
 352  * This event allows you to do extra auth checks and verify if the user
 353  * has the required permissions
 354  *
 355  * Extensions should only change the error and is_authed variables.
 356  *
 357  * @event core.modify_posting_auth
 358  * @var    int        post_id        ID of the post
 359  * @var    int        topic_id    ID of the topic
 360  * @var    int        forum_id    ID of the forum
 361  * @var    int        draft_id    ID of the draft
 362  * @var    int        lastclick    Timestamp of when the form was last loaded
 363  * @var    bool    submit        Whether or not the form has been submitted
 364  * @var    bool    preview        Whether or not the post is being previewed
 365  * @var    bool    save        Whether or not a draft is being saved
 366  * @var    bool    load        Whether or not a draft is being loaded
 367  * @var    bool    refresh        Whether or not to retain previously submitted data
 368  * @var    string    mode        What action to take if the form has been submitted
 369  *                            post|reply|quote|edit|delete|bump|smilies|popup
 370  * @var    array    error        Any error strings; a non-empty array aborts
 371  *                            form submission.
 372  *                            NOTE: Should be actual language strings, NOT
 373  *                            language keys.
 374  * @var    bool    is_authed    Does the user have the required permissions?
 375  * @var    array    post_data    All post data from database
 376  * @since 3.1.3-RC1
 377  * @changed 3.1.10-RC1 Added post_data
 378  */
 379  $vars = array(
 380      'post_id',
 381      'topic_id',
 382      'forum_id',
 383      'draft_id',
 384      'lastclick',
 385      'submit',
 386      'preview',
 387      'save',
 388      'load',
 389      'refresh',
 390      'mode',
 391      'error',
 392      'is_authed',
 393      'post_data',
 394  );
 395  extract($phpbb_dispatcher->trigger_event('core.modify_posting_auth', compact($vars)));
 396  
 397  if (!$is_authed)
 398  {
 399      $check_auth = ($mode == 'quote') ? 'reply' : $mode;
 400  
 401      if ($user->data['is_registered'])
 402      {
 403          trigger_error('USER_CANNOT_' . strtoupper($check_auth));
 404      }
 405      $message = $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)];
 406  
 407      if ($request->is_ajax())
 408      {
 409          $json = new phpbb\json_response();
 410          $json->send(array(
 411              'title'        => $user->lang['INFORMATION'],
 412              'message'    => $message,
 413          ));
 414      }
 415  
 416      login_box('', $message);
 417  }
 418  
 419  // Is the user able to post within this forum?
 420  if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
 421  {
 422      trigger_error('USER_CANNOT_FORUM_POST');
 423  }
 424  
 425  // Forum/Topic locked?
 426  if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get('m_edit', $forum_id))
 427  {
 428      trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
 429  }
 430  
 431  // Can we edit this post ... if we're a moderator with rights then always yes
 432  // else it depends on editing times, lock status and if we're the correct user
 433  if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id))
 434  {
 435      $force_edit_allowed = false;
 436  
 437      $s_cannot_edit = $user->data['user_id'] != $post_data['poster_id'];
 438      $s_cannot_edit_time = $config['edit_time'] && $post_data['post_time'] <= time() - ($config['edit_time'] * 60);
 439      $s_cannot_edit_locked = $post_data['post_edit_locked'];
 440  
 441      /**
 442      * This event allows you to modify the conditions for the "cannot edit post" checks
 443      *
 444      * @event core.posting_modify_cannot_edit_conditions
 445      * @var    array    post_data    Array with post data
 446      * @var    bool    force_edit_allowed        Allow the user to edit the post (all permissions and conditions are ignored)
 447      * @var    bool    s_cannot_edit            User can not edit the post because it's not his
 448      * @var    bool    s_cannot_edit_locked    User can not edit the post because it's locked
 449      * @var    bool    s_cannot_edit_time        User can not edit the post because edit_time has passed
 450      * @since 3.1.0-b4
 451      */
 452      $vars = array(
 453          'post_data',
 454          'force_edit_allowed',
 455          's_cannot_edit',
 456          's_cannot_edit_locked',
 457          's_cannot_edit_time',
 458      );
 459      extract($phpbb_dispatcher->trigger_event('core.posting_modify_cannot_edit_conditions', compact($vars)));
 460  
 461      if (!$force_edit_allowed)
 462      {
 463          if ($s_cannot_edit)
 464          {
 465              trigger_error('USER_CANNOT_EDIT');
 466          }
 467          else if ($s_cannot_edit_time)
 468          {
 469              trigger_error('CANNOT_EDIT_TIME');
 470          }
 471          else if ($s_cannot_edit_locked)
 472          {
 473              trigger_error('CANNOT_EDIT_POST_LOCKED');
 474          }
 475      }
 476  }
 477  
 478  // Handle delete mode...
 479  if ($mode == 'delete' || $mode == 'soft_delete')
 480  {
 481      if ($mode == 'soft_delete' && $post_data['post_visibility'] == ITEM_DELETED)
 482      {
 483          $user->setup('posting');
 484          trigger_error('NO_POST');
 485      }
 486  
 487      $delete_reason = $request->variable('delete_reason', '', true);
 488      phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, ($mode == 'soft_delete' && !$request->is_set_post('delete_permanent')), $delete_reason);
 489      return;
 490  }
 491  
 492  // Handle bump mode...
 493  if ($mode == 'bump')
 494  {
 495      if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])
 496          && check_link_hash($request->variable('hash', ''), "topic_{$post_data['topic_id']}"))
 497      {
 498          $meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time);
 499          meta_refresh(3, $meta_url);
 500          $message = $user->lang['TOPIC_BUMPED'];
 501  
 502          if (!$request->is_ajax())
 503          {
 504              $message .= '<br /><br />' . $user->lang('VIEW_MESSAGE', '<a href="' . $meta_url . '">', '</a>');
 505              $message .= '<br /><br />' . $user->lang('RETURN_FORUM', '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 506          }
 507  
 508          trigger_error($message);
 509      }
 510  
 511      trigger_error('BUMP_ERROR');
 512  }
 513  
 514  // Subject length limiting to 60 characters if first post...
 515  if ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']))
 516  {
 517      $template->assign_var('S_NEW_MESSAGE', true);
 518  }
 519  
 520  // Determine some vars
 521  if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS)
 522  {
 523      $post_data['quote_username'] = (!empty($post_data['post_username'])) ? $post_data['post_username'] : $user->lang['GUEST'];
 524  }
 525  else
 526  {
 527      $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
 528  }
 529  
 530  $post_data['post_edit_locked']    = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0;
 531  $post_data['post_subject_md5']    = (isset($post_data['post_subject']) && $mode == 'edit') ? md5($post_data['post_subject']) : '';
 532  $post_data['post_subject']        = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : '');
 533  $post_data['topic_time_limit']    = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0;
 534  $post_data['poll_length']        = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0;
 535  $post_data['poll_start']        = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0;
 536  $post_data['icon_id']            = (!isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id'];
 537  $post_data['poll_options']        = array();
 538  
 539  // Get Poll Data
 540  if ($post_data['poll_start'])
 541  {
 542      $sql = 'SELECT poll_option_text
 543          FROM ' . POLL_OPTIONS_TABLE . "
 544          WHERE topic_id = $topic_id
 545          ORDER BY poll_option_id";
 546      $result = $db->sql_query($sql);
 547  
 548      while ($row = $db->sql_fetchrow($result))
 549      {
 550          $post_data['poll_options'][] = trim($row['poll_option_text']);
 551      }
 552      $db->sql_freeresult($result);
 553  }
 554  
 555  if ($mode == 'edit')
 556  {
 557      $original_poll_data = array(
 558          'poll_title'        => $post_data['poll_title'],
 559          'poll_length'        => $post_data['poll_length'],
 560          'poll_max_options'    => $post_data['poll_max_options'],
 561          'poll_option_text'    => implode("\n", $post_data['poll_options']),
 562          'poll_start'        => $post_data['poll_start'],
 563          'poll_last_vote'    => $post_data['poll_last_vote'],
 564          'poll_vote_change'    => $post_data['poll_vote_change'],
 565      );
 566  }
 567  
 568  $orig_poll_options_size = sizeof($post_data['poll_options']);
 569  
 570  $message_parser = new parse_message();
 571  /* @var $plupload \phpbb\plupload\plupload */
 572  $plupload = $phpbb_container->get('plupload');
 573  
 574  /* @var $mimetype_guesser \phpbb\mimetype\guesser */
 575  $mimetype_guesser = $phpbb_container->get('mimetype.guesser');
 576  $message_parser->set_plupload($plupload);
 577  
 578  if (isset($post_data['post_text']))
 579  {
 580      $message_parser->message = &$post_data['post_text'];
 581      unset($post_data['post_text']);
 582  }
 583  
 584  // Set some default variables
 585  $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
 586  
 587  foreach ($uninit as $var_name => $default_value)
 588  {
 589      if (!isset($post_data[$var_name]))
 590      {
 591          $post_data[$var_name] = $default_value;
 592      }
 593  }
 594  unset($uninit);
 595  
 596  // Always check if the submitted attachment data is valid and belongs to the user.
 597  // Further down (especially in submit_post()) we do not check this again.
 598  $message_parser->get_submitted_attachment_data($post_data['poster_id']);
 599  
 600  if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit')
 601  {
 602      // Do not change to SELECT *
 603      $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize
 604          FROM ' . ATTACHMENTS_TABLE . "
 605          WHERE post_msg_id = $post_id
 606              AND in_message = 0
 607              AND is_orphan = 0
 608          ORDER BY attach_id DESC";
 609      $result = $db->sql_query($sql);
 610      $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
 611      $db->sql_freeresult($result);
 612  }
 613  
 614  if ($post_data['poster_id'] == ANONYMOUS)
 615  {
 616      $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['post_username']) : '';
 617  }
 618  else
 619  {
 620      $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['username']) : '';
 621  }
 622  
 623  $post_data['enable_urls'] = $post_data['enable_magic_url'];
 624  
 625  if ($mode != 'edit')
 626  {
 627      $post_data['enable_sig']        = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false;
 628      $post_data['enable_smilies']    = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false;
 629      $post_data['enable_bbcode']        = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false;
 630      $post_data['enable_urls']        = true;
 631  }
 632  
 633  if ($mode == 'post')
 634  {
 635      $post_data['topic_status']        = ($request->is_set_post('lock_topic') && $auth->acl_gets('m_lock', 'f_user_lock', $forum_id)) ? ITEM_LOCKED : ITEM_UNLOCKED;
 636  }
 637  
 638  $post_data['enable_magic_url'] = $post_data['drafts'] = false;
 639  
 640  // User own some drafts?
 641  if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
 642  {
 643      $sql = 'SELECT draft_id
 644          FROM ' . DRAFTS_TABLE . '
 645          WHERE user_id = ' . $user->data['user_id'] .
 646              (($forum_id) ? ' AND forum_id = ' . (int) $forum_id : '') .
 647              (($topic_id) ? ' AND topic_id = ' . (int) $topic_id : '') .
 648              (($draft_id) ? " AND draft_id <> $draft_id" : '');
 649      $result = $db->sql_query_limit($sql, 1);
 650  
 651      if ($db->sql_fetchrow($result))
 652      {
 653          $post_data['drafts'] = true;
 654      }
 655      $db->sql_freeresult($result);
 656  }
 657  
 658  $check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
 659  
 660  // Check if user is watching this topic
 661  if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered'])
 662  {
 663      $sql = 'SELECT topic_id
 664          FROM ' . TOPICS_WATCH_TABLE . '
 665          WHERE topic_id = ' . $topic_id . '
 666              AND user_id = ' . $user->data['user_id'];
 667      $result = $db->sql_query($sql);
 668      $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
 669      $db->sql_freeresult($result);
 670  }
 671  
 672  // Do we want to edit our post ?
 673  if ($mode == 'edit' && $post_data['bbcode_uid'])
 674  {
 675      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
 676  }
 677  
 678  // HTML, BBCode, Smilies, Images and Flash status
 679  $bbcode_status    = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false;
 680  $smilies_status    = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false;
 681  $img_status        = ($bbcode_status && $auth->acl_get('f_img', $forum_id)) ? true : false;
 682  $url_status        = ($config['allow_post_links']) ? true : false;
 683  $flash_status    = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false;
 684  $quote_status    = true;
 685  
 686  // Save Draft
 687  if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
 688  {
 689      $subject = $request->variable('subject', '', true);
 690      $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
 691      $message = $request->variable('message', '', true);
 692  
 693      if ($subject && $message)
 694      {
 695          if (confirm_box(true))
 696          {
 697              $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 698                  'user_id'        => (int) $user->data['user_id'],
 699                  'topic_id'        => (int) $topic_id,
 700                  'forum_id'        => (int) $forum_id,
 701                  'save_time'        => (int) $current_time,
 702                  'draft_subject'    => (string) $subject,
 703                  'draft_message'    => (string) $message)
 704              );
 705              $db->sql_query($sql);
 706  
 707              $meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id");
 708  
 709              meta_refresh(3, $meta_info);
 710  
 711              $message = $user->lang['DRAFT_SAVED'] . '<br /><br />';
 712              $message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : '';
 713              $message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 714  
 715              trigger_error($message);
 716          }
 717          else
 718          {
 719              $s_hidden_fields = build_hidden_fields(array(
 720                  'mode'        => $mode,
 721                  'save'        => true,
 722                  'f'            => $forum_id,
 723                  't'            => $topic_id,
 724                  'subject'    => $subject,
 725                  'message'    => $message,
 726                  'attachment_data' => $message_parser->attachment_data,
 727                  )
 728              );
 729  
 730              $hidden_fields = array(
 731                  'icon_id'            => 0,
 732  
 733                  'disable_bbcode'    => false,
 734                  'disable_smilies'    => false,
 735                  'disable_magic_url'    => false,
 736                  'attach_sig'        => true,
 737                  'lock_topic'        => false,
 738  
 739                  'topic_type'        => POST_NORMAL,
 740                  'topic_time_limit'    => 0,
 741  
 742                  'poll_title'        => '',
 743                  'poll_option_text'    => '',
 744                  'poll_max_options'    => 1,
 745                  'poll_length'        => 0,
 746                  'poll_vote_change'    => false,
 747              );
 748  
 749              foreach ($hidden_fields as $name => $default)
 750              {
 751                  if (!isset($_POST[$name]))
 752                  {
 753                      // Don't include it, if its not available
 754                      unset($hidden_fields[$name]);
 755                      continue;
 756                  }
 757  
 758                  if (is_bool($default))
 759                  {
 760                      // Use the string representation
 761                      $hidden_fields[$name] = $request->variable($name, '');
 762                  }
 763                  else
 764                  {
 765                      $hidden_fields[$name] = $request->variable($name, $default);
 766                  }
 767              }
 768  
 769              $s_hidden_fields .= build_hidden_fields($hidden_fields);
 770  
 771              confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
 772          }
 773      }
 774      else
 775      {
 776          if (utf8_clean_string($subject) === '')
 777          {
 778              $error[] = $user->lang['EMPTY_SUBJECT'];
 779          }
 780  
 781          if (utf8_clean_string($message) === '')
 782          {
 783              $error[] = $user->lang['TOO_FEW_CHARS'];
 784          }
 785      }
 786      unset($subject, $message);
 787  }
 788  
 789  // Load requested Draft
 790  if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
 791  {
 792      $sql = 'SELECT draft_subject, draft_message
 793          FROM ' . DRAFTS_TABLE . "
 794          WHERE draft_id = $draft_id
 795              AND user_id = " . $user->data['user_id'];
 796      $result = $db->sql_query_limit($sql, 1);
 797      $row = $db->sql_fetchrow($result);
 798      $db->sql_freeresult($result);
 799  
 800      if ($row)
 801      {
 802          $post_data['post_subject'] = $row['draft_subject'];
 803          $message_parser->message = $row['draft_message'];
 804  
 805          $template->assign_var('S_DRAFT_LOADED', true);
 806      }
 807      else
 808      {
 809          $draft_id = 0;
 810      }
 811  }
 812  
 813  // Load draft overview
 814  if ($load && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_data['drafts'])
 815  {
 816      load_drafts($topic_id, $forum_id);
 817  }
 818  
 819  $bbcode_utils = $phpbb_container->get('text_formatter.utils');
 820  
 821  if ($submit || $preview || $refresh)
 822  {
 823      $post_data['topic_cur_post_id']    = $request->variable('topic_cur_post_id', 0);
 824      $post_data['post_subject']        = $request->variable('subject', '', true);
 825      $message_parser->message        = $request->variable('message', '', true);
 826  
 827      $post_data['username']            = $request->variable('username', $post_data['username'], true);
 828      $post_data['post_edit_reason']    = ($request->variable('edit_reason', false, false, \phpbb\request\request_interface::POST) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? $request->variable('edit_reason', '', true) : '';
 829  
 830      $post_data['orig_topic_type']    = $post_data['topic_type'];
 831      $post_data['topic_type']        = $request->variable('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
 832      $post_data['topic_time_limit']    = $request->variable('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
 833  
 834      if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
 835      {
 836          $post_data['icon_id'] = $request->variable('icon', (int) $post_data['icon_id']);
 837      }
 838  
 839      $post_data['enable_bbcode']        = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
 840      $post_data['enable_smilies']    = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
 841      $post_data['enable_urls']        = (isset($_POST['disable_magic_url'])) ? 0 : 1;
 842      $post_data['enable_sig']        = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
 843  
 844      if ($config['allow_topic_notify'] && $user->data['is_registered'])
 845      {
 846          $notify = (isset($_POST['notify'])) ? true : false;
 847      }
 848      else
 849      {
 850          $notify = false;
 851      }
 852  
 853      $topic_lock            = (isset($_POST['lock_topic'])) ? true : false;
 854      $post_lock            = (isset($_POST['lock_post'])) ? true : false;
 855      $poll_delete        = (isset($_POST['poll_delete'])) ? true : false;
 856  
 857      if ($submit)
 858      {
 859          $status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
 860          $status_switch = ($status_switch != $check_value);
 861      }
 862      else
 863      {
 864          $status_switch = 1;
 865      }
 866  
 867      // Delete Poll
 868      if ($poll_delete && $mode == 'edit' && sizeof($post_data['poll_options']) &&
 869          ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id)))
 870      {
 871          if ($submit && check_form_key('posting'))
 872          {
 873              $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . "
 874                  WHERE topic_id = $topic_id";
 875              $db->sql_query($sql);
 876  
 877              $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . "
 878                  WHERE topic_id = $topic_id";
 879              $db->sql_query($sql);
 880  
 881              $topic_sql = array(
 882                  'poll_title'        => '',
 883                  'poll_start'         => 0,
 884                  'poll_length'        => 0,
 885                  'poll_last_vote'    => 0,
 886                  'poll_max_options'    => 0,
 887                  'poll_vote_change'    => 0
 888              );
 889  
 890              $sql = 'UPDATE ' . TOPICS_TABLE . '
 891                  SET ' . $db->sql_build_array('UPDATE', $topic_sql) . "
 892                  WHERE topic_id = $topic_id";
 893              $db->sql_query($sql);
 894          }
 895  
 896          $post_data['poll_title'] = $post_data['poll_option_text'] = '';
 897          $post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0;
 898      }
 899      else
 900      {
 901          $post_data['poll_title']        = $request->variable('poll_title', '', true);
 902          $post_data['poll_length']        = $request->variable('poll_length', 0);
 903          $post_data['poll_option_text']    = $request->variable('poll_option_text', '', true);
 904          $post_data['poll_max_options']    = $request->variable('poll_max_options', 1);
 905          $post_data['poll_vote_change']    = ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
 906      }
 907  
 908      // If replying/quoting and last post id has changed
 909      // give user option to continue submit or return to post
 910      // notify and show user the post made between his request and the final submit
 911      if (($mode == 'reply' || $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id'])
 912      {
 913          // Only do so if it is allowed forum-wide
 914          if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
 915          {
 916              if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id']))
 917              {
 918                  $template->assign_var('S_POST_REVIEW', true);
 919              }
 920  
 921              $submit = false;
 922              $refresh = true;
 923          }
 924      }
 925  
 926      // Parse Attachments - before checksum is calculated
 927      $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
 928  
 929      /**
 930      * This event allows you to modify message text before parsing
 931      *
 932      * @event core.posting_modify_message_text
 933      * @var    array    post_data    Array with post data
 934      * @var    string    mode        What action to take if the form is submitted
 935      *                post|reply|quote|edit|delete|bump|smilies|popup
 936      * @var    int    post_id        ID of the post
 937      * @var    int    topic_id    ID of the topic
 938      * @var    int    forum_id    ID of the forum
 939      * @var    bool    submit        Whether or not the form has been submitted
 940      * @var    bool    preview        Whether or not the post is being previewed
 941      * @var    bool    save        Whether or not a draft is being saved
 942      * @var    bool    load        Whether or not a draft is being loaded
 943      * @var    bool    cancel        Whether or not to cancel the form (returns to
 944      *                viewtopic or viewforum depending on if the user
 945      *                is posting a new topic or editing a post)
 946      * @var    bool    refresh        Whether or not to retain previously submitted data
 947      * @var    object    message_parser    The message parser object
 948      * @since 3.1.2-RC1
 949      */
 950      $vars = array(
 951          'post_data',
 952          'mode',
 953          'post_id',
 954          'topic_id',
 955          'forum_id',
 956          'submit',
 957          'preview',
 958          'save',
 959          'load',
 960          'cancel',
 961          'refresh',
 962          'message_parser',
 963      );
 964      extract($phpbb_dispatcher->trigger_event('core.posting_modify_message_text', compact($vars)));
 965  
 966      // Grab md5 'checksum' of new message
 967      $message_md5 = md5($message_parser->message);
 968  
 969      // If editing and checksum has changed we know the post was edited while we're editing
 970      // Notify and show user the changed post
 971      if ($mode == 'edit' && $post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
 972      {
 973          $edit_post_message_checksum = $request->variable('edit_post_message_checksum', '');
 974          $edit_post_subject_checksum = $request->variable('edit_post_subject_checksum', '');
 975  
 976          // $post_data['post_checksum'] is the checksum of the post submitted in the meantime
 977          // $message_md5 is the checksum of the post we're about to submit
 978          // $edit_post_message_checksum is the checksum of the post we're editing
 979          // ...
 980  
 981          // We make sure nobody else made exactly the same change
 982          // we're about to submit by also checking $message_md5 != $post_data['post_checksum']
 983          if ($edit_post_message_checksum !== '' &&
 984              $edit_post_message_checksum != $post_data['post_checksum'] &&
 985              $message_md5 != $post_data['post_checksum']
 986              ||
 987              $edit_post_subject_checksum !== '' &&
 988              $edit_post_subject_checksum != $post_data['post_subject_md5'] &&
 989              md5($post_data['post_subject']) != $post_data['post_subject_md5'])
 990          {
 991              if (topic_review($topic_id, $forum_id, 'post_review_edit', $post_id))
 992              {
 993                  $template->assign_vars(array(
 994                      'S_POST_REVIEW'            => true,
 995  
 996                      'L_POST_REVIEW'            => $user->lang['POST_REVIEW_EDIT'],
 997                      'L_POST_REVIEW_EXPLAIN'    => $user->lang['POST_REVIEW_EDIT_EXPLAIN'],
 998                  ));
 999              }
1000  
1001              $submit = false;
1002              $refresh = true;
1003          }
1004      }
1005  
1006      // Check checksum ... don't re-parse message if the same
1007      $update_message = ($mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN) ? true : false;
1008  
1009      // Also check if subject got updated...
1010      $update_subject = $mode != 'edit' || ($post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']));
1011  
1012      // Parse message
1013      if ($update_message)
1014      {
1015          if (sizeof($message_parser->warn_msg))
1016          {
1017              $error[] = implode('<br />', $message_parser->warn_msg);
1018              $message_parser->warn_msg = array();
1019          }
1020  
1021          if (!$preview || !empty($message_parser->message))
1022          {
1023              $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
1024          }
1025  
1026          // On a refresh we do not care about message parsing errors
1027          if (sizeof($message_parser->warn_msg) && $refresh && !$preview)
1028          {
1029              $message_parser->warn_msg = array();
1030          }
1031      }
1032      else
1033      {
1034          $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
1035      }
1036  
1037      $ignore_flood = $auth->acl_get('u_ignoreflood') ? true : $auth->acl_get('f_ignoreflood', $forum_id);
1038      if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$ignore_flood)
1039      {
1040          // Flood check
1041          $last_post_time = 0;
1042  
1043          if ($user->data['is_registered'])
1044          {
1045              $last_post_time = $user->data['user_lastpost_time'];
1046          }
1047          else
1048          {
1049              $sql = 'SELECT post_time AS last_post_time
1050                  FROM ' . POSTS_TABLE . "
1051                  WHERE poster_ip = '" . $user->ip . "'
1052                      AND post_time > " . ($current_time - $config['flood_interval']);
1053              $result = $db->sql_query_limit($sql, 1);
1054              if ($row = $db->sql_fetchrow($result))
1055              {
1056                  $last_post_time = $row['last_post_time'];
1057              }
1058              $db->sql_freeresult($result);
1059          }
1060  
1061          if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval']))
1062          {
1063              $error[] = $user->lang['FLOOD_ERROR'];
1064          }
1065      }
1066  
1067      // Validate username
1068      if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']))
1069      {
1070          include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1071  
1072          $user->add_lang('ucp');
1073  
1074          if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false)
1075          {
1076              $error[] = $user->lang[$result . '_USERNAME'];
1077          }
1078  
1079          if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false)
1080          {
1081              $min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars'];
1082              $error[] = $user->lang('FIELD_' . $result, $min_max_amount, $user->lang['USERNAME']);
1083          }
1084      }
1085  
1086      if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
1087      {
1088          $captcha_data = array(
1089              'message'    => $request->variable('message', '', true),
1090              'subject'    => $request->variable('subject', '', true),
1091              'username'    => $request->variable('username', '', true),
1092          );
1093          $vc_response = $captcha->validate($captcha_data);
1094          if ($vc_response)
1095          {
1096              $error[] = $vc_response;
1097          }
1098      }
1099  
1100      // check form
1101      if (($submit || $preview) && !check_form_key('posting'))
1102      {
1103          $error[] = $user->lang['FORM_INVALID'];
1104      }
1105  
1106      if ($submit && $mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED && !isset($_POST['soft_delete']) && $auth->acl_get('m_approve', $forum_id))
1107      {
1108          $is_first_post = ($post_id == $post_data['topic_first_post_id'] || !$post_data['topic_posts_approved']);
1109          $is_last_post = ($post_id == $post_data['topic_last_post_id'] || !$post_data['topic_posts_approved']);
1110          $updated_post_data = $phpbb_content_visibility->set_post_visibility(ITEM_APPROVED, $post_id, $post_data['topic_id'], $post_data['forum_id'], $user->data['user_id'], time(), '', $is_first_post, $is_last_post);
1111  
1112          if (!empty($updated_post_data))
1113          {
1114              // Update the post_data, so we don't need to refetch it.
1115              $post_data = array_merge($post_data, $updated_post_data);
1116          }
1117      }
1118  
1119      // Parse subject
1120      if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1121      {
1122          $error[] = $user->lang['EMPTY_SUBJECT'];
1123      }
1124  
1125      // Check for out-of-bounds characters that are currently
1126      // not supported by utf8_bin in MySQL
1127      if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
1128      {
1129          $character_list = implode('<br />', $matches[0]);
1130          $error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
1131      }
1132  
1133      $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;
1134  
1135      if ($post_data['poll_option_text'] &&
1136          ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1137          && $auth->acl_get('f_poll', $forum_id))
1138      {
1139          $poll = array(
1140              'poll_title'        => $post_data['poll_title'],
1141              'poll_length'        => $post_data['poll_length'],
1142              'poll_max_options'    => $post_data['poll_max_options'],
1143              'poll_option_text'    => $post_data['poll_option_text'],
1144              'poll_start'        => $post_data['poll_start'],
1145              'poll_last_vote'    => $post_data['poll_last_vote'],
1146              'poll_vote_change'    => $post_data['poll_vote_change'],
1147              'enable_bbcode'        => $post_data['enable_bbcode'],
1148              'enable_urls'        => $post_data['enable_urls'],
1149              'enable_smilies'    => $post_data['enable_smilies'],
1150              'img_status'        => $img_status
1151          );
1152  
1153          $message_parser->parse_poll($poll);
1154  
1155          $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1156          $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1157  
1158          /* We reset votes, therefore also allow removing options
1159          if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size))
1160          {
1161              $message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS'];
1162          }*/
1163      }
1164      else if ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id))
1165      {
1166          // The user removed all poll options, this is equal to deleting the poll.
1167          $poll = array(
1168              'poll_title'        => '',
1169              'poll_length'        => 0,
1170              'poll_max_options'    => 0,
1171              'poll_option_text'    => '',
1172              'poll_start'        => 0,
1173              'poll_last_vote'    => 0,
1174              'poll_vote_change'    => 0,
1175              'poll_options'        => array(),
1176          );
1177  
1178          $post_data['poll_options'] = array();
1179          $post_data['poll_title'] = '';
1180          $post_data['poll_start'] = $post_data['poll_length'] = $post_data['poll_max_options'] = $post_data['poll_last_vote'] = $post_data['poll_vote_change'] = 0;
1181      }
1182      else if (!$auth->acl_get('f_poll', $forum_id) && ($mode == 'edit') && ($post_id == $post_data['topic_first_post_id']) && !$bbcode_utils->is_empty($original_poll_data['poll_title']))
1183      {
1184          // We have a poll but the editing user is not permitted to create/edit it.
1185          // So we just keep the original poll-data.
1186          $poll = array_merge($original_poll_data, array(
1187              'enable_bbcode'        => $post_data['enable_bbcode'],
1188              'enable_urls'        => $post_data['enable_urls'],
1189              'enable_smilies'    => $post_data['enable_smilies'],
1190              'img_status'        => $img_status,
1191          ));
1192  
1193          $message_parser->parse_poll($poll);
1194  
1195          $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1196          $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1197      }
1198      else
1199      {
1200          $poll = array();
1201      }
1202  
1203      // Check topic type
1204      if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1205      {
1206          switch ($post_data['topic_type'])
1207          {
1208              case POST_GLOBAL:
1209                  $auth_option = 'f_announce_global';
1210              break;
1211  
1212              case POST_ANNOUNCE:
1213                  $auth_option = 'f_announce';
1214              break;
1215  
1216              case POST_STICKY:
1217                  $auth_option = 'f_sticky';
1218              break;
1219  
1220              default:
1221                  $auth_option = '';
1222              break;
1223          }
1224  
1225          if ($auth_option != '' && !$auth->acl_get($auth_option, $forum_id))
1226          {
1227              // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod.
1228              // Another case would be a mod not having sticky permissions for example but edit permissions.
1229              if ($mode == 'edit')
1230              {
1231                  // To prevent non-authed users messing around with the topic type we reset it to the original one.
1232                  $post_data['topic_type'] = $post_data['orig_topic_type'];
1233              }
1234              else
1235              {
1236                  $error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))];
1237              }
1238          }
1239      }
1240  
1241      if (sizeof($message_parser->warn_msg))
1242      {
1243          $error[] = implode('<br />', $message_parser->warn_msg);
1244      }
1245  
1246      // DNSBL check
1247      if ($config['check_dnsbl'] && !$refresh)
1248      {
1249          if (($dnsbl = $user->check_dnsbl('post')) !== false)
1250          {
1251              $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
1252          }
1253      }
1254  
1255      /**
1256      * This event allows you to define errors before the post action is performed
1257      *
1258      * @event core.posting_modify_submission_errors
1259      * @var    array    post_data    Array with post data
1260      * @var    array    poll        Array with poll data from post (must be used instead of the post_data equivalent)
1261      * @var    string    mode        What action to take if the form is submitted
1262      *                post|reply|quote|edit|delete|bump|smilies|popup
1263      * @var    int    post_id        ID of the post
1264      * @var    int    topic_id    ID of the topic
1265      * @var    int    forum_id    ID of the forum
1266      * @var    bool    submit        Whether or not the form has been submitted
1267      * @var    array    error        Any error strings; a non-empty array aborts form submission.
1268      *                NOTE: Should be actual language strings, NOT language keys.
1269      * @since 3.1.0-RC5
1270      * @change 3.1.5-RC1 Added poll array to the event
1271      * @change 3.2.0-a1 Removed undefined page_title
1272      */
1273      $vars = array(
1274          'post_data',
1275          'poll',
1276          'mode',
1277          'post_id',
1278          'topic_id',
1279          'forum_id',
1280          'submit',
1281          'error',
1282      );
1283      extract($phpbb_dispatcher->trigger_event('core.posting_modify_submission_errors', compact($vars)));
1284  
1285      // Store message, sync counters
1286      if (!sizeof($error) && $submit)
1287      {
1288          if ($submit)
1289          {
1290              // Lock/Unlock Topic
1291              $change_topic_status = $post_data['topic_status'];
1292              $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;
1293  
1294              if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
1295              {
1296                  $change_topic_status = ITEM_UNLOCKED;
1297              }
1298              else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock)
1299              {
1300                  $change_topic_status = ITEM_LOCKED;
1301              }
1302  
1303              if ($change_topic_status != $post_data['topic_status'])
1304              {
1305                  $sql = 'UPDATE ' . TOPICS_TABLE . "
1306                      SET topic_status = $change_topic_status
1307                      WHERE topic_id = $topic_id
1308                          AND topic_moved_id = 0";
1309                  $db->sql_query($sql);
1310  
1311                  $user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : '';
1312  
1313                  $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), false, array(
1314                      'forum_id' => $forum_id,
1315                      'topic_id' => $topic_id,
1316                      $post_data['topic_title']
1317                  ));
1318              }
1319  
1320              // Lock/Unlock Post Edit
1321              if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id))
1322              {
1323                  $post_data['post_edit_locked'] = ITEM_UNLOCKED;
1324              }
1325              else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id))
1326              {
1327                  $post_data['post_edit_locked'] = ITEM_LOCKED;
1328              }
1329  
1330              $data = array(
1331                  'topic_title'            => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'],
1332                  'topic_first_post_id'    => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0,
1333                  'topic_last_post_id'    => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0,
1334                  'topic_time_limit'        => (int) $post_data['topic_time_limit'],
1335                  'topic_attachment'        => (isset($post_data['topic_attachment'])) ? (int) $post_data['topic_attachment'] : 0,
1336                  'post_id'                => (int) $post_id,
1337                  'topic_id'                => (int) $topic_id,
1338                  'forum_id'                => (int) $forum_id,
1339                  'icon_id'                => (int) $post_data['icon_id'],
1340                  'poster_id'                => (int) $post_data['poster_id'],
1341                  'enable_sig'            => (bool) $post_data['enable_sig'],
1342                  'enable_bbcode'            => (bool) $post_data['enable_bbcode'],
1343                  'enable_smilies'        => (bool) $post_data['enable_smilies'],
1344                  'enable_urls'            => (bool) $post_data['enable_urls'],
1345                  'enable_indexing'        => (bool) $post_data['enable_indexing'],
1346                  'message_md5'            => (string) $message_md5,
1347                  'post_checksum'            => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '',
1348                  'post_edit_reason'        => $post_data['post_edit_reason'],
1349                  'post_edit_user'        => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0),
1350                  'forum_parents'            => $post_data['forum_parents'],
1351                  'forum_name'            => $post_data['forum_name'],
1352                  'notify'                => $notify,
1353                  'notify_set'            => $post_data['notify_set'],
1354                  'poster_ip'                => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip,
1355                  'post_edit_locked'        => (int) $post_data['post_edit_locked'],
1356                  'bbcode_bitfield'        => $message_parser->bbcode_bitfield,
1357                  'bbcode_uid'            => $message_parser->bbcode_uid,
1358                  'message'                => $message_parser->message,
1359                  'attachment_data'        => $message_parser->attachment_data,
1360                  'filename_data'            => $message_parser->filename_data,
1361                  'topic_status'            => $post_data['topic_status'],
1362  
1363                  'topic_visibility'            => (isset($post_data['topic_visibility'])) ? $post_data['topic_visibility'] : false,
1364                  'post_visibility'            => (isset($post_data['post_visibility'])) ? $post_data['post_visibility'] : false,
1365              );
1366  
1367              if ($mode == 'edit')
1368              {
1369                  $data['topic_posts_approved'] = $post_data['topic_posts_approved'];
1370                  $data['topic_posts_unapproved'] = $post_data['topic_posts_unapproved'];
1371                  $data['topic_posts_softdeleted'] = $post_data['topic_posts_softdeleted'];
1372              }
1373  
1374              // Only return the username when it is either a guest posting or we are editing a post and
1375              // the username was supplied; otherwise post_data might hold the data of the post that is
1376              // being quoted (which could result in the username being returned being that of the quoted
1377              // post's poster, not the poster of the current post). See: PHPBB3-11769 for more information.
1378              $post_author_name = ((!$user->data['is_registered'] || $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : '';
1379  
1380              /**
1381              * This event allows you to define errors before the post action is performed
1382              *
1383              * @event core.posting_modify_submit_post_before
1384              * @var    array    post_data    Array with post data
1385              * @var    array    poll        Array with poll data
1386              * @var    array    data        Array with post data going to be stored in the database
1387              * @var    string    mode        What action to take if the form is submitted
1388              *                post|reply|quote|edit|delete
1389              * @var    int    post_id        ID of the post
1390              * @var    int    topic_id    ID of the topic
1391              * @var    int    forum_id    ID of the forum
1392              * @var    string    post_author_name    Author name for guest posts
1393              * @var    bool    update_message        Boolean if the post message was changed
1394              * @var    bool    update_subject        Boolean if the post subject was changed
1395              *                NOTE: Should be actual language strings, NOT language keys.
1396              * @since 3.1.0-RC5
1397              * @changed 3.1.6-RC1 remove submit and error from event  Submit and Error are checked previously prior to running event
1398              * @change 3.2.0-a1 Removed undefined page_title
1399              */
1400              $vars = array(
1401                  'post_data',
1402                  'poll',
1403                  'data',
1404                  'mode',
1405                  'post_id',
1406                  'topic_id',
1407                  'forum_id',
1408                  'post_author_name',
1409                  'update_message',
1410                  'update_subject',
1411              );
1412              extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_before', compact($vars)));
1413  
1414              // The last parameter tells submit_post if search indexer has to be run
1415              $redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
1416  
1417              /**
1418              * This event allows you to define errors after the post action is performed
1419              *
1420              * @event core.posting_modify_submit_post_after
1421              * @var    array    post_data    Array with post data
1422              * @var    array    poll        Array with poll data
1423              * @var    array    data        Array with post data going to be stored in the database
1424              * @var    string    mode        What action to take if the form is submitted
1425              *                post|reply|quote|edit|delete
1426              * @var    int    post_id        ID of the post
1427              * @var    int    topic_id    ID of the topic
1428              * @var    int    forum_id    ID of the forum
1429              * @var    string    post_author_name    Author name for guest posts
1430              * @var    bool    update_message        Boolean if the post message was changed
1431              * @var    bool    update_subject        Boolean if the post subject was changed
1432              * @var    string    redirect_url        URL the user is going to be redirected to
1433              *                NOTE: Should be actual language strings, NOT language keys.
1434              * @since 3.1.0-RC5
1435              * @changed 3.1.6-RC1 remove submit and error from event  Submit and Error are checked previously prior to running event
1436              * @change 3.2.0-a1 Removed undefined page_title
1437              */
1438              $vars = array(
1439                  'post_data',
1440                  'poll',
1441                  'data',
1442                  'mode',
1443                  'post_id',
1444                  'topic_id',
1445                  'forum_id',
1446                  'post_author_name',
1447                  'update_message',
1448                  'update_subject',
1449                  'redirect_url',
1450              );
1451              extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_after', compact($vars)));
1452  
1453              if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1454              {
1455                  $captcha->reset();
1456              }
1457  
1458              // Handle delete mode...
1459              if ($request->is_set_post('delete') || $request->is_set_post('delete_permanent'))
1460              {
1461                  $delete_reason = $request->variable('delete_reason', '', true);
1462                  phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $delete_reason);
1463                  return;
1464              }
1465  
1466              // Check the permissions for post approval.
1467              // Moderators must go through post approval like ordinary users.
1468              if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state']))
1469              {
1470                  meta_refresh(10, $redirect_url);
1471                  $message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];
1472                  $message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']);
1473                  $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']) . '">', '</a>');
1474                  trigger_error($message);
1475              }
1476  
1477              redirect($redirect_url);
1478          }
1479      }
1480  }
1481  
1482  // Preview
1483  if (!sizeof($error) && $preview)
1484  {
1485      $post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time;
1486  
1487      $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
1488  
1489      $preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig'];
1490      $preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
1491      $preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
1492  
1493      // Signature
1494      if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id))
1495      {
1496          $flags = ($config['allow_sig_bbcode']) ? OPTION_FLAG_BBCODE : 0;
1497          $flags |= ($config['allow_sig_links']) ? OPTION_FLAG_LINKS : 0;
1498          $flags |= ($config['allow_sig_smilies']) ? OPTION_FLAG_SMILIES : 0;
1499  
1500          $preview_signature = generate_text_for_display($preview_signature, $preview_signature_uid, $preview_signature_bitfield, $flags, false);
1501      }
1502      else
1503      {
1504          $preview_signature = '';
1505      }
1506  
1507      $preview_subject = censor_text($post_data['post_subject']);
1508  
1509      // Poll Preview
1510      if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1511      && $auth->acl_get('f_poll', $forum_id))
1512      {
1513          $parse_poll = new parse_message($post_data['poll_title']);
1514          $parse_poll->bbcode_uid = $message_parser->bbcode_uid;
1515          $parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield;
1516  
1517          $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1518  
1519          if ($post_data['poll_length'])
1520          {
1521              $poll_end = ($post_data['poll_length'] * 86400) + (($post_data['poll_start']) ? $post_data['poll_start'] : time());
1522          }
1523  
1524          $template->assign_vars(array(
1525              'S_HAS_POLL_OPTIONS'    => (sizeof($post_data['poll_options'])),
1526              'S_IS_MULTI_CHOICE'        => ($post_data['poll_max_options'] > 1) ? true : false,
1527  
1528              'POLL_QUESTION'        => $parse_poll->message,
1529  
1530              'L_POLL_LENGTH'        => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($poll_end)) : '',
1531              'L_MAX_VOTES'        => $user->lang('MAX_OPTIONS_SELECT', (int) $post_data['poll_max_options']),
1532          ));
1533  
1534          $preview_poll_options = array();
1535          foreach ($post_data['poll_options'] as $poll_option)
1536          {
1537              $parse_poll->message = $poll_option;
1538              $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1539              $preview_poll_options[] = $parse_poll->message;
1540          }
1541          unset($parse_poll);
1542  
1543          foreach ($preview_poll_options as $key => $option)
1544          {
1545              $template->assign_block_vars('poll_option', array(
1546                  'POLL_OPTION_CAPTION'    => $option,
1547                  'POLL_OPTION_ID'        => $key + 1)
1548              );
1549          }
1550          unset($preview_poll_options);
1551      }
1552  
1553      // Attachment Preview
1554      if (sizeof($message_parser->attachment_data))
1555      {
1556          $template->assign_var('S_HAS_ATTACHMENTS', true);
1557  
1558          $update_count = array();
1559          $attachment_data = $message_parser->attachment_data;
1560  
1561          parse_attachments($forum_id, $preview_message, $attachment_data, $update_count, true);
1562  
1563          foreach ($attachment_data as $i => $attachment)
1564          {
1565              $template->assign_block_vars('attachment', array(
1566                  'DISPLAY_ATTACHMENT'    => $attachment)
1567              );
1568          }
1569          unset($attachment_data);
1570      }
1571  
1572      if (!sizeof($error))
1573      {
1574          $template->assign_vars(array(
1575              'PREVIEW_SUBJECT'        => $preview_subject,
1576              'PREVIEW_MESSAGE'        => $preview_message,
1577              'PREVIEW_SIGNATURE'        => $preview_signature,
1578  
1579              'S_DISPLAY_PREVIEW'        => !empty($preview_message),
1580          ));
1581      }
1582  }
1583  
1584  // Remove quotes that would become nested too deep before decoding the text
1585  $generate_quote = ($mode == 'quote' && !$submit && !$preview && !$refresh);
1586  if ($generate_quote && $config['max_quote_depth'] > 0)
1587  {
1588      $tmp_bbcode_uid = $message_parser->bbcode_uid;
1589      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
1590      $message_parser->remove_nested_quotes($config['max_quote_depth'] - 1);
1591      $message_parser->bbcode_uid = $tmp_bbcode_uid;
1592  }
1593  
1594  // Decode text for message display
1595  $post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !sizeof($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
1596  $message_parser->decode_message($post_data['bbcode_uid']);
1597  
1598  if ($generate_quote)
1599  {
1600      // Remove attachment bbcode tags from the quoted message to avoid mixing with the new post attachments if any
1601      $message_parser->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#uis', '\\2', $message_parser->message);
1602  
1603      if ($config['allow_bbcode'])
1604      {
1605          $message_parser->message = $bbcode_utils->generate_quote(
1606              censor_text($message_parser->message),
1607              array(
1608                  'author'  => $post_data['quote_username'],
1609                  'post_id' => $post_data['post_id'],
1610                  'time'    => $post_data['post_time'],
1611                  'user_id' => $post_data['poster_id'],
1612              )
1613          );
1614          $message_parser->message .= "\n\n";
1615      }
1616      else
1617      {
1618          $offset = 0;
1619          $quote_string = "&gt; ";
1620          $message = censor_text(trim($message_parser->message));
1621          // see if we are nesting. It's easily tricked but should work for one level of nesting
1622          if (strpos($message, "&gt;") !== false)
1623          {
1624              $offset = 10;
1625          }
1626          $message = utf8_wordwrap($message, 75 + $offset, "\n");
1627  
1628          $message = $quote_string . $message;
1629          $message = str_replace("\n", "\n" . $quote_string, $message);
1630          $message_parser->message =  $post_data['quote_username'] . " " . $user->lang['WROTE'] . ":\n" . $message . "\n";
1631      }
1632  }
1633  
1634  if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh)
1635  {
1636      $post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']);
1637  }
1638  
1639  $attachment_data = $message_parser->attachment_data;
1640  $filename_data = $message_parser->filename_data;
1641  $post_data['post_text'] = $message_parser->message;
1642  
1643  if (sizeof($post_data['poll_options']) || (isset($post_data['poll_title']) && !$bbcode_utils->is_empty($post_data['poll_title'])))
1644  {
1645      $message_parser->message = $post_data['poll_title'];
1646      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
1647  
1648      $message_parser->decode_message();
1649      $post_data['poll_title'] = $message_parser->message;
1650  
1651      $message_parser->message = implode("\n", $post_data['poll_options']);
1652      $message_parser->decode_message();
1653      $post_data['poll_options'] = explode("\n", $message_parser->message);
1654  }
1655  
1656  // MAIN POSTING PAGE BEGINS HERE
1657  
1658  // Forum moderators?
1659  $moderators = array();
1660  if ($config['load_moderators'])
1661  {
1662      get_moderators($moderators, $forum_id);
1663  }
1664  
1665  // Generate smiley listing
1666  generate_smilies('inline', $forum_id);
1667  
1668  // Generate inline attachment select box
1669  posting_gen_inline_attachments($attachment_data);
1670  
1671  // Do show topic type selection only in first post.
1672  $topic_type_toggle = false;
1673  
1674  if ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']))
1675  {
1676      $topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']);
1677  }
1678  
1679  $s_topic_icons = false;
1680  if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
1681  {
1682      $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
1683  }
1684  
1685  $bbcode_checked        = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1);
1686  $smilies_checked    = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1);
1687  $urls_checked        = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0;
1688  $sig_checked        = $post_data['enable_sig'];
1689  $lock_topic_checked    = (isset($topic_lock) && $topic_lock) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0);
1690  $lock_post_checked    = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked'];
1691  
1692  // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
1693  $notify_set            = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set'];
1694  $notify_checked        = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);
1695  
1696  // Page title & action URL
1697  $s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode&amp;f=$forum_id");
1698  $s_action .= ($topic_id) ? "&amp;t=$topic_id" : '';
1699  $s_action .= ($post_id) ? "&amp;p=$post_id" : '';
1700  
1701  switch ($mode)
1702  {
1703      case 'post':
1704          $page_title = $user->lang['POST_TOPIC'];
1705      break;
1706  
1707      case 'quote':
1708      case 'reply':
1709          $page_title = $user->lang['POST_REPLY'];
1710      break;
1711  
1712      case 'delete':
1713      case 'edit':
1714          $page_title = $user->lang['EDIT_POST'];
1715      break;
1716  }
1717  
1718  // Build Navigation Links
1719  generate_forum_nav($post_data);
1720  
1721  // Build Forum Rules
1722  generate_forum_rules($post_data);
1723  
1724  // Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed.
1725  if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1726  {
1727  
1728      $template->assign_vars(array(
1729          'S_CONFIRM_CODE'            => true,
1730          'CAPTCHA_TEMPLATE'            => $captcha->get_template(),
1731      ));
1732  }
1733  
1734  $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
1735  $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
1736  $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . $request->variable('draft_loaded', $draft_id) . '" />' : '';
1737  
1738  if ($mode == 'edit')
1739  {
1740      $s_hidden_fields .= build_hidden_fields(array(
1741          'edit_post_message_checksum'    => $post_data['post_checksum'],
1742          'edit_post_subject_checksum'    => $post_data['post_subject_md5'],
1743      ));
1744  }
1745  
1746  // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
1747  if (isset($captcha) && $captcha->is_solved() !== false)
1748  {
1749      $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
1750  }
1751  
1752  $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"';
1753  add_form_key('posting');
1754  
1755  /** @var \phpbb\controller\helper $controller_helper */
1756  $controller_helper = $phpbb_container->get('controller.helper');
1757  
1758  // Build array of variables for main posting page
1759  $page_data = array(
1760      'L_POST_A'                    => $page_title,
1761      'L_ICON'                    => ($mode == 'reply' || $mode == 'quote' || ($mode == 'edit' && $post_id != $post_data['topic_first_post_id'])) ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'],
1762      'L_MESSAGE_BODY_EXPLAIN'    => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']),
1763      'L_DELETE_POST_PERMANENTLY'    => $user->lang('DELETE_POST_PERMANENTLY', 1),
1764  
1765      'FORUM_NAME'            => $post_data['forum_name'],
1766      'FORUM_DESC'            => ($post_data['forum_desc']) ? generate_text_for_display($post_data['forum_desc'], $post_data['forum_desc_uid'], $post_data['forum_desc_bitfield'], $post_data['forum_desc_options']) : '',
1767      'TOPIC_TITLE'            => censor_text($post_data['topic_title']),
1768      'MODERATORS'            => (sizeof($moderators)) ? implode($user->lang['COMMA_SEPARATOR'], $moderators[$forum_id]) : '',
1769      'USERNAME'                => ((!$preview && $mode != 'quote') || $preview) ? $post_data['username'] : '',
1770      'SUBJECT'                => $post_data['post_subject'],
1771      'MESSAGE'                => $post_data['post_text'],
1772      'BBCODE_STATUS'            => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
1773      'IMG_STATUS'            => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
1774      'FLASH_STATUS'            => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
1775      'SMILIES_STATUS'        => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
1776      'URL_STATUS'            => ($bbcode_status && $url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
1777      'MAX_FONT_SIZE'            => (int) $config['max_post_font_size'],
1778      'MINI_POST_IMG'            => $user->img('icon_post_target', $user->lang['POST']),
1779      'POST_DATE'                => ($post_data['post_time']) ? $user->format_date($post_data['post_time']) : '',
1780      'ERROR'                    => (sizeof($error)) ? implode('<br />', $error) : '',
1781      'TOPIC_TIME_LIMIT'        => (int) $post_data['topic_time_limit'],
1782      'EDIT_REASON'            => $request->variable('edit_reason', '', true),
1783      'SHOW_PANEL'            => $request->variable('show_panel', ''),
1784      'U_VIEW_FORUM'            => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"),
1785      'U_VIEW_TOPIC'            => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id") : '',
1786      'U_PROGRESS_BAR'        => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup"),
1787      'UA_PROGRESS_BAR'        => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup")),
1788  
1789      'S_PRIVMSGS'                => false,
1790      'S_CLOSE_PROGRESS_WINDOW'    => (isset($_POST['add_file'])) ? true : false,
1791      'S_EDIT_POST'                => ($mode == 'edit') ? true : false,
1792      'S_EDIT_REASON'                => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1793      'S_DISPLAY_USERNAME'        => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
1794      'S_SHOW_TOPIC_ICONS'        => $s_topic_icons,
1795      'S_DELETE_ALLOWED'            => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])) || $auth->acl_get('m_delete', $forum_id))) ? true : false,
1796      'S_BBCODE_ALLOWED'            => ($bbcode_status) ? 1 : 0,
1797      'S_BBCODE_CHECKED'            => ($bbcode_checked) ? ' checked="checked"' : '',
1798      'S_SMILIES_ALLOWED'            => $smilies_status,
1799      'S_SMILIES_CHECKED'            => ($smilies_checked) ? ' checked="checked"' : '',
1800      'S_SIG_ALLOWED'                => ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false,
1801      'S_SIGNATURE_CHECKED'        => ($sig_checked) ? ' checked="checked"' : '',
1802      'S_NOTIFY_ALLOWED'            => (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify'] || !$config['email_enable']) ? false : true,
1803      'S_NOTIFY_CHECKED'            => ($notify_checked) ? ' checked="checked"' : '',
1804      'S_LOCK_TOPIC_ALLOWED'        => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote' || $mode == 'post') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false,
1805      'S_LOCK_TOPIC_CHECKED'        => ($lock_topic_checked) ? ' checked="checked"' : '',
1806      'S_LOCK_POST_ALLOWED'        => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1807      'S_LOCK_POST_CHECKED'        => ($lock_post_checked) ? ' checked="checked"' : '',
1808      'S_SOFTDELETE_CHECKED'        => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? ' checked="checked"' : '',
1809      'S_SOFTDELETE_ALLOWED'        => ($mode == 'edit' && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $lock_post_checked)) ? true : false,
1810      'S_RESTORE_ALLOWED'            => $auth->acl_get('m_approve', $forum_id),
1811      'S_IS_DELETED'                => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? true : false,
1812      'S_LINKS_ALLOWED'            => $url_status,
1813      'S_MAGIC_URL_CHECKED'        => ($urls_checked) ? ' checked="checked"' : '',
1814      'S_TYPE_TOGGLE'                => $topic_type_toggle,
1815      'S_SAVE_ALLOWED'            => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $mode != 'edit') ? true : false,
1816      'S_HAS_DRAFTS'                => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false,
1817      'S_FORM_ENCTYPE'            => $form_enctype,
1818  
1819      'S_BBCODE_IMG'            => $img_status,
1820      'S_BBCODE_URL'            => $url_status,
1821      'S_BBCODE_FLASH'        => $flash_status,
1822      'S_BBCODE_QUOTE'        => $quote_status,
1823  
1824      'S_POST_ACTION'            => $s_action,
1825      'S_HIDDEN_FIELDS'        => $s_hidden_fields,
1826      'S_ATTACH_DATA'            => json_encode($message_parser->attachment_data),
1827      'S_IN_POSTING'            => true,
1828  );
1829  
1830  // Build custom bbcodes array
1831  display_custom_bbcodes();
1832  
1833  // Poll entry
1834  if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1835      && $auth->acl_get('f_poll', $forum_id))
1836  {
1837      $page_data = array_merge($page_data, array(
1838          'S_SHOW_POLL_BOX'        => true,
1839          'S_POLL_VOTE_CHANGE'    => ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id)),
1840          'S_POLL_DELETE'            => ($mode == 'edit' && sizeof($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))),
1841          'S_POLL_DELETE_CHECKED'    => (!empty($poll_delete)) ? true : false,
1842  
1843          'L_POLL_OPTIONS_EXPLAIN'    => $user->lang('POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN', (int) $config['max_poll_options']),
1844  
1845          'VOTE_CHANGE_CHECKED'    => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '',
1846          'POLL_TITLE'            => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
1847          'POLL_OPTIONS'            => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '',
1848          'POLL_MAX_OPTIONS'        => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1,
1849          'POLL_LENGTH'            => $post_data['poll_length'],
1850          )
1851      );
1852  }
1853  
1854  /**
1855  * This event allows you to modify template variables for the posting screen
1856  *
1857  * @event core.posting_modify_template_vars
1858  * @var    array    post_data    Array with post data
1859  * @var    array    moderators    Array with forum moderators
1860  * @var    string    mode        What action to take if the form is submitted
1861  *                post|reply|quote|edit|delete|bump|smilies|popup
1862  * @var    string    page_title    Title of the mode page
1863  * @var    bool    s_topic_icons    Whether or not to show the topic icons
1864  * @var    string    form_enctype    If attachments are allowed for this form
1865  *                "multipart/form-data" or empty string
1866  * @var    string    s_action    The URL to submit the POST data to
1867  * @var    string    s_hidden_fields    Concatenated hidden input tags of posting form
1868  * @var    int    post_id        ID of the post
1869  * @var    int    topic_id    ID of the topic
1870  * @var    int    forum_id    ID of the forum
1871  * @var    int    draft_id    ID of the draft
1872  * @var    bool    submit        Whether or not the form has been submitted
1873  * @var    bool    preview        Whether or not the post is being previewed
1874  * @var    bool    save        Whether or not a draft is being saved
1875  * @var    bool    load        Whether or not a draft is being loaded
1876  * @var    bool    cancel        Whether or not to cancel the form (returns to
1877  *                viewtopic or viewforum depending on if the user
1878  *                is posting a new topic or editing a post)
1879  * @var    array    error        Any error strings; a non-empty array aborts
1880  *                form submission.
1881  *                NOTE: Should be actual language strings, NOT
1882  *                language keys.
1883  * @var    bool    refresh        Whether or not to retain previously submitted data
1884  * @var    array    page_data    Posting page data that should be passed to the
1885  *                posting page via $template->assign_vars()
1886  * @var    object    message_parser    The message parser object
1887  * @since 3.1.0-a1
1888  * @change 3.1.0-b3 Added vars post_data, moderators, mode, page_title,
1889  *        s_topic_icons, form_enctype, s_action, s_hidden_fields,
1890  *        post_id, topic_id, forum_id, submit, preview, save, load,
1891  *        delete, cancel, refresh, error, page_data, message_parser
1892  * @change 3.1.2-RC1 Removed 'delete' var as it does not exist
1893  * @change 3.1.5-RC1 Added poll variables to the page_data array
1894  * @change 3.1.6-RC1 Added 'draft_id' var
1895  */
1896  $vars = array(
1897      'post_data',
1898      'moderators',
1899      'mode',
1900      'page_title',
1901      's_topic_icons',
1902      'form_enctype',
1903      's_action',
1904      's_hidden_fields',
1905      'post_id',
1906      'topic_id',
1907      'forum_id',
1908      'draft_id',
1909      'submit',
1910      'preview',
1911      'save',
1912      'load',
1913      'cancel',
1914      'refresh',
1915      'error',
1916      'page_data',
1917      'message_parser',
1918  );
1919  extract($phpbb_dispatcher->trigger_event('core.posting_modify_template_vars', compact($vars)));
1920  
1921  // Start assigning vars for main posting page ...
1922  $template->assign_vars($page_data);
1923  
1924  // Show attachment box for adding attachments if true
1925  $allowed = ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && $form_enctype);
1926  
1927  if ($allowed)
1928  {
1929      $max_files = ($auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) ? 0 : (int) $config['max_attachments'];
1930      $plupload->configure($cache, $template, $s_action, $forum_id, $max_files);
1931  }
1932  
1933  // Attachment entry
1934  posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);
1935  
1936  // Output page ...
1937  page_header($page_title);
1938  
1939  $template->set_filenames(array(
1940      'body' => 'posting_body.html')
1941  );
1942  
1943  make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
1944  
1945  // Topic review
1946  if ($mode == 'reply' || $mode == 'quote')
1947  {
1948      if (topic_review($topic_id, $forum_id))
1949      {
1950          $template->assign_var('S_DISPLAY_REVIEW', true);
1951      }
1952  }
1953  
1954  page_footer();


Generated: Sun Feb 19 19:47:08 2017 Cross-referenced by PHPXref 0.7.1