[ Index ]

PHP Cross Reference of phpBB-3.2.2-deutsch

title

Body

[close]

/ -> posting.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  define('IN_PHPBB', true);
  18  $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
  19  $phpEx = substr(strrchr(__FILE__, '.'), 1);
  20  include($phpbb_root_path . 'common.' . $phpEx);
  21  include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
  22  include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
  23  include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
  24  
  25  
  26  // Start session management
  27  $user->session_begin();
  28  $auth->acl($user->data);
  29  
  30  
  31  // Grab only parameters needed here
  32  $post_id    = $request->variable('p', 0);
  33  $topic_id    = $request->variable('t', 0);
  34  $forum_id    = $request->variable('f', 0);
  35  $draft_id    = $request->variable('d', 0);
  36  $lastclick    = $request->variable('lastclick', 0);
  37  
  38  $preview    = (isset($_POST['preview'])) ? true : false;
  39  $save        = (isset($_POST['save'])) ? true : false;
  40  $load        = (isset($_POST['load'])) ? true : false;
  41  $confirm    = $request->is_set_post('confirm');
  42  $cancel        = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
  43  
  44  $refresh    = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load || $preview);
  45  $submit = $request->is_set_post('post') && !$refresh && !$preview;
  46  $mode        = $request->variable('mode', '');
  47  
  48  // If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here.
  49  if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_gets('f_delete', 'm_delete', $forum_id)))
  50  {
  51      $mode = 'soft_delete';
  52  }
  53  
  54  $error = $post_data = array();
  55  $current_time = time();
  56  
  57  /**
  58  * This event allows you to alter the above parameters, such as submit and mode
  59  *
  60  * Note: $refresh must be true to retain previously submitted form data.
  61  *
  62  * Note: The template class will not work properly until $user->setup() is
  63  * called, and it has not been called yet. Extensions requiring template
  64  * assignments should use an event that comes later in this file.
  65  *
  66  * @event core.modify_posting_parameters
  67  * @var    int        post_id        ID of the post
  68  * @var    int        topic_id    ID of the topic
  69  * @var    int        forum_id    ID of the forum
  70  * @var    int        draft_id    ID of the draft
  71  * @var    int        lastclick    Timestamp of when the form was last loaded
  72  * @var    bool    submit        Whether or not the form has been submitted
  73  * @var    bool    preview        Whether or not the post is being previewed
  74  * @var    bool    save        Whether or not a draft is being saved
  75  * @var    bool    load        Whether or not a draft is being loaded
  76  * @var    bool    cancel        Whether or not to cancel the form (returns to
  77  *                            viewtopic or viewforum depending on if the user
  78  *                            is posting a new topic or editing a post)
  79  * @var    bool    refresh        Whether or not to retain previously submitted data
  80  * @var    string    mode        What action to take if the form has been submitted
  81  *                            post|reply|quote|edit|delete|bump|smilies|popup
  82  * @var    array    error        Any error strings; a non-empty array aborts
  83  *                            form submission.
  84  *                            NOTE: Should be actual language strings, NOT
  85  *                            language keys.
  86  * @since 3.1.0-a1
  87  * @changed 3.1.2-RC1            Removed 'delete' var as it does not exist
  88  */
  89  $vars = array(
  90      'post_id',
  91      'topic_id',
  92      'forum_id',
  93      'draft_id',
  94      'lastclick',
  95      'submit',
  96      'preview',
  97      'save',
  98      'load',
  99      'cancel',
 100      'refresh',
 101      'mode',
 102      'error',
 103  );
 104  extract($phpbb_dispatcher->trigger_event('core.modify_posting_parameters', compact($vars)));
 105  
 106  // Was cancel pressed? If so then redirect to the appropriate page
 107  if ($cancel)
 108  {
 109      $f = ($forum_id) ? 'f=' . $forum_id . '&amp;' : '';
 110      $redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx")));
 111      redirect($redirect);
 112  }
 113  
 114  if (in_array($mode, array('post', 'reply', 'quote', 'edit', 'delete')) && !$forum_id)
 115  {
 116      trigger_error('NO_FORUM');
 117  }
 118  
 119  /* @var $phpbb_content_visibility \phpbb\content_visibility */
 120  $phpbb_content_visibility = $phpbb_container->get('content.visibility');
 121  
 122  // We need to know some basic information in all cases before we do anything.
 123  switch ($mode)
 124  {
 125      case 'post':
 126          $sql = 'SELECT *
 127              FROM ' . FORUMS_TABLE . "
 128              WHERE forum_id = $forum_id";
 129      break;
 130  
 131      case 'bump':
 132      case 'reply':
 133          if (!$topic_id)
 134          {
 135              trigger_error('NO_TOPIC');
 136          }
 137  
 138          // Force forum id
 139          $sql = 'SELECT forum_id
 140              FROM ' . TOPICS_TABLE . '
 141              WHERE topic_id = ' . $topic_id;
 142          $result = $db->sql_query($sql);
 143          $f_id = (int) $db->sql_fetchfield('forum_id');
 144          $db->sql_freeresult($result);
 145  
 146          $forum_id = (!$f_id) ? $forum_id : $f_id;
 147  
 148          $sql = 'SELECT f.*, t.*
 149              FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
 150              WHERE t.topic_id = $topic_id
 151                  AND f.forum_id = t.forum_id
 152                  AND " . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id, 't.');
 153      break;
 154  
 155      case 'quote':
 156      case 'edit':
 157      case 'delete':
 158      case 'soft_delete':
 159          if (!$post_id)
 160          {
 161              $user->setup('posting');
 162              trigger_error('NO_POST');
 163          }
 164  
 165          // Force forum id
 166          $sql = 'SELECT forum_id
 167              FROM ' . POSTS_TABLE . '
 168              WHERE post_id = ' . $post_id;
 169          $result = $db->sql_query($sql);
 170          $f_id = (int) $db->sql_fetchfield('forum_id');
 171          $db->sql_freeresult($result);
 172  
 173          $forum_id = (!$f_id) ? $forum_id : $f_id;
 174  
 175          $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
 176              FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
 177              WHERE p.post_id = $post_id
 178                  AND t.topic_id = p.topic_id
 179                  AND u.user_id = p.poster_id
 180                  AND f.forum_id = t.forum_id
 181                  AND " . $phpbb_content_visibility->get_visibility_sql('post', $forum_id, 'p.');
 182      break;
 183  
 184      case 'smilies':
 185          $sql = '';
 186          generate_smilies('window', $forum_id);
 187      break;
 188  
 189      case 'popup':
 190          if ($forum_id)
 191          {
 192              $sql = 'SELECT forum_style
 193                  FROM ' . FORUMS_TABLE . '
 194                  WHERE forum_id = ' . $forum_id;
 195          }
 196          else
 197          {
 198              phpbb_upload_popup();
 199              return;
 200          }
 201      break;
 202  
 203      default:
 204          $sql = '';
 205      break;
 206  }
 207  
 208  if (!$sql)
 209  {
 210      $user->setup('posting');
 211      trigger_error('NO_POST_MODE');
 212  }
 213  
 214  $result = $db->sql_query($sql);
 215  $post_data = $db->sql_fetchrow($result);
 216  $db->sql_freeresult($result);
 217  
 218  if (!$post_data)
 219  {
 220      if (!($mode == 'post' || $mode == 'bump' || $mode == 'reply'))
 221      {
 222          $user->setup('posting');
 223      }
 224      trigger_error(($mode == 'post' || $mode == 'bump' || $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST');
 225  }
 226  
 227  // Not able to reply to unapproved posts/topics
 228  // TODO: add more descriptive language key
 229  if ($auth->acl_get('m_approve', $forum_id) && ((($mode == 'reply' || $mode == 'bump') && $post_data['topic_visibility'] != ITEM_APPROVED) || ($mode == 'quote' && $post_data['post_visibility'] != ITEM_APPROVED)))
 230  {
 231      trigger_error(($mode == 'reply' || $mode == 'bump') ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED');
 232  }
 233  
 234  if ($mode == 'popup')
 235  {
 236      phpbb_upload_popup($post_data['forum_style']);
 237      return;
 238  }
 239  
 240  $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
 241  
 242  if ($config['enable_post_confirm'] && !$user->data['is_registered'])
 243  {
 244      $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
 245      $captcha->init(CONFIRM_POST);
 246  }
 247  
 248  // Use post_row values in favor of submitted ones...
 249  $forum_id    = (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
 250  $topic_id    = (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
 251  $post_id    = (!empty($post_data['post_id'])) ? (int) $post_data['post_id'] : (int) $post_id;
 252  
 253  // Need to login to passworded forum first?
 254  if ($post_data['forum_password'])
 255  {
 256      login_forum_box(array(
 257          'forum_id'            => $forum_id,
 258          'forum_name'        => $post_data['forum_name'],
 259          'forum_password'    => $post_data['forum_password'])
 260      );
 261  }
 262  
 263  // Check permissions
 264  if ($user->data['is_bot'])
 265  {
 266      redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
 267  }
 268  
 269  // Is the user able to read within this forum?
 270  if (!$auth->acl_get('f_read', $forum_id))
 271  {
 272      if ($user->data['user_id'] != ANONYMOUS)
 273      {
 274          trigger_error('USER_CANNOT_READ');
 275      }
 276      $message = $user->lang['LOGIN_EXPLAIN_POST'];
 277  
 278      if ($request->is_ajax())
 279      {
 280          $json = new phpbb\json_response();
 281          $json->send(array(
 282              'title'        => $user->lang['INFORMATION'],
 283              'message'    => $message,
 284          ));
 285      }
 286  
 287      login_box('', $message);
 288  }
 289  
 290  // Permission to do the action asked?
 291  $is_authed = false;
 292  
 293  switch ($mode)
 294  {
 295      case 'post':
 296          if ($auth->acl_get('f_post', $forum_id))
 297          {
 298              $is_authed = true;
 299          }
 300      break;
 301  
 302      case 'bump':
 303          if ($auth->acl_get('f_bump', $forum_id))
 304          {
 305              $is_authed = true;
 306          }
 307      break;
 308  
 309      case 'quote':
 310  
 311          $post_data['post_edit_locked'] = 0;
 312  
 313      // no break;
 314  
 315      case 'reply':
 316          if ($auth->acl_get('f_reply', $forum_id))
 317          {
 318              $is_authed = true;
 319          }
 320      break;
 321  
 322      case 'edit':
 323          if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))
 324          {
 325              $is_authed = true;
 326          }
 327      break;
 328  
 329      case 'delete':
 330          if ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id))))
 331          {
 332              $is_authed = true;
 333          }
 334  
 335      // no break;
 336  
 337      case 'soft_delete':
 338          if (!$is_authed && $user->data['is_registered'] && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $post_data['post_edit_locked']))
 339          {
 340              // Fall back to soft_delete if we have no permissions to delete posts but to soft delete them
 341              $is_authed = true;
 342              $mode = 'soft_delete';
 343          }
 344      break;
 345  }
 346  /**
 347  * This event allows you to do extra auth checks and verify if the user
 348  * has the required permissions
 349  *
 350  * Extensions should only change the error and is_authed variables.
 351  *
 352  * @event core.modify_posting_auth
 353  * @var    int        post_id        ID of the post
 354  * @var    int        topic_id    ID of the topic
 355  * @var    int        forum_id    ID of the forum
 356  * @var    int        draft_id    ID of the draft
 357  * @var    int        lastclick    Timestamp of when the form was last loaded
 358  * @var    bool    submit        Whether or not the form has been submitted
 359  * @var    bool    preview        Whether or not the post is being previewed
 360  * @var    bool    save        Whether or not a draft is being saved
 361  * @var    bool    load        Whether or not a draft is being loaded
 362  * @var    bool    refresh        Whether or not to retain previously submitted data
 363  * @var    string    mode        What action to take if the form has been submitted
 364  *                            post|reply|quote|edit|delete|bump|smilies|popup
 365  * @var    array    error        Any error strings; a non-empty array aborts
 366  *                            form submission.
 367  *                            NOTE: Should be actual language strings, NOT
 368  *                            language keys.
 369  * @var    bool    is_authed    Does the user have the required permissions?
 370  * @var    array    post_data    All post data from database
 371  * @since 3.1.3-RC1
 372  * @changed 3.1.10-RC1 Added post_data
 373  */
 374  $vars = array(
 375      'post_id',
 376      'topic_id',
 377      'forum_id',
 378      'draft_id',
 379      'lastclick',
 380      'submit',
 381      'preview',
 382      'save',
 383      'load',
 384      'refresh',
 385      'mode',
 386      'error',
 387      'is_authed',
 388      'post_data',
 389  );
 390  extract($phpbb_dispatcher->trigger_event('core.modify_posting_auth', compact($vars)));
 391  
 392  if (!$is_authed || !empty($error))
 393  {
 394      $check_auth = ($mode == 'quote') ? 'reply' : (($mode == 'soft_delete') ? 'delete' : $mode);
 395  
 396      if ($user->data['is_registered'])
 397      {
 398          trigger_error(empty($error) ? 'USER_CANNOT_' . strtoupper($check_auth) : implode('<br/>', $error));
 399      }
 400      $message = $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)];
 401  
 402      if ($request->is_ajax())
 403      {
 404          $json = new phpbb\json_response();
 405          $json->send(array(
 406              'title'        => $user->lang['INFORMATION'],
 407              'message'    => $message,
 408          ));
 409      }
 410  
 411      login_box('', $message);
 412  }
 413  
 414  // Is the user able to post within this forum?
 415  if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
 416  {
 417      trigger_error('USER_CANNOT_FORUM_POST');
 418  }
 419  
 420  // Forum/Topic locked?
 421  if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get('m_edit', $forum_id))
 422  {
 423      trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
 424  }
 425  
 426  // Can we edit this post ... if we're a moderator with rights then always yes
 427  // else it depends on editing times, lock status and if we're the correct user
 428  if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id))
 429  {
 430      $force_edit_allowed = false;
 431  
 432      $s_cannot_edit = $user->data['user_id'] != $post_data['poster_id'];
 433      $s_cannot_edit_time = $config['edit_time'] && $post_data['post_time'] <= time() - ($config['edit_time'] * 60);
 434      $s_cannot_edit_locked = $post_data['post_edit_locked'];
 435  
 436      /**
 437      * This event allows you to modify the conditions for the "cannot edit post" checks
 438      *
 439      * @event core.posting_modify_cannot_edit_conditions
 440      * @var    array    post_data    Array with post data
 441      * @var    bool    force_edit_allowed        Allow the user to edit the post (all permissions and conditions are ignored)
 442      * @var    bool    s_cannot_edit            User can not edit the post because it's not his
 443      * @var    bool    s_cannot_edit_locked    User can not edit the post because it's locked
 444      * @var    bool    s_cannot_edit_time        User can not edit the post because edit_time has passed
 445      * @since 3.1.0-b4
 446      */
 447      $vars = array(
 448          'post_data',
 449          'force_edit_allowed',
 450          's_cannot_edit',
 451          's_cannot_edit_locked',
 452          's_cannot_edit_time',
 453      );
 454      extract($phpbb_dispatcher->trigger_event('core.posting_modify_cannot_edit_conditions', compact($vars)));
 455  
 456      if (!$force_edit_allowed)
 457      {
 458          if ($s_cannot_edit)
 459          {
 460              trigger_error('USER_CANNOT_EDIT');
 461          }
 462          else if ($s_cannot_edit_time)
 463          {
 464              trigger_error('CANNOT_EDIT_TIME');
 465          }
 466          else if ($s_cannot_edit_locked)
 467          {
 468              trigger_error('CANNOT_EDIT_POST_LOCKED');
 469          }
 470      }
 471  }
 472  
 473  // Handle delete mode...
 474  if ($mode == 'delete' || $mode == 'soft_delete')
 475  {
 476      if ($mode == 'soft_delete' && $post_data['post_visibility'] == ITEM_DELETED)
 477      {
 478          $user->setup('posting');
 479          trigger_error('NO_POST');
 480      }
 481  
 482      $delete_reason = $request->variable('delete_reason', '', true);
 483      phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, ($mode == 'soft_delete' && !$request->is_set_post('delete_permanent')), $delete_reason);
 484      return;
 485  }
 486  
 487  // Handle bump mode...
 488  if ($mode == 'bump')
 489  {
 490      if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])
 491          && check_link_hash($request->variable('hash', ''), "topic_{$post_data['topic_id']}"))
 492      {
 493          $meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time);
 494          meta_refresh(3, $meta_url);
 495          $message = $user->lang['TOPIC_BUMPED'];
 496  
 497          if (!$request->is_ajax())
 498          {
 499              $message .= '<br /><br />' . $user->lang('VIEW_MESSAGE', '<a href="' . $meta_url . '">', '</a>');
 500              $message .= '<br /><br />' . $user->lang('RETURN_FORUM', '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 501          }
 502  
 503          trigger_error($message);
 504      }
 505  
 506      trigger_error('BUMP_ERROR');
 507  }
 508  
 509  // Subject length limiting to 60 characters if first post...
 510  if ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']))
 511  {
 512      $template->assign_var('S_NEW_MESSAGE', true);
 513  }
 514  
 515  // Determine some vars
 516  if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS)
 517  {
 518      $post_data['quote_username'] = (!empty($post_data['post_username'])) ? $post_data['post_username'] : $user->lang['GUEST'];
 519  }
 520  else
 521  {
 522      $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
 523  }
 524  
 525  $post_data['post_edit_locked']    = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0;
 526  $post_data['post_subject_md5']    = (isset($post_data['post_subject']) && $mode == 'edit') ? md5($post_data['post_subject']) : '';
 527  $post_data['post_subject']        = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : '');
 528  $post_data['topic_time_limit']    = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0;
 529  $post_data['poll_length']        = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0;
 530  $post_data['poll_start']        = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0;
 531  $post_data['icon_id']            = (!isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id'];
 532  $post_data['poll_options']        = array();
 533  
 534  // Get Poll Data
 535  if ($post_data['poll_start'])
 536  {
 537      $sql = 'SELECT poll_option_text
 538          FROM ' . POLL_OPTIONS_TABLE . "
 539          WHERE topic_id = $topic_id
 540          ORDER BY poll_option_id";
 541      $result = $db->sql_query($sql);
 542  
 543      while ($row = $db->sql_fetchrow($result))
 544      {
 545          $post_data['poll_options'][] = trim($row['poll_option_text']);
 546      }
 547      $db->sql_freeresult($result);
 548  }
 549  
 550  /**
 551  * This event allows you to modify the post data before parsing
 552  *
 553  * @event core.posting_modify_post_data
 554  * @var    int        forum_id    ID of the forum
 555  * @var    string    mode        What action to take if the form has been submitted
 556  *                            post|reply|quote|edit|delete|bump|smilies|popup
 557  * @var    array    post_data    Array with post data
 558  * @var    int        post_id        ID of the post
 559  * @var    int        topic_id    ID of the topic
 560  * @since 3.2.2-RC1
 561  */
 562  $vars = array(
 563      'forum_id',
 564      'mode',
 565      'post_data',
 566      'post_id',
 567      'topic_id',
 568  );
 569  extract($phpbb_dispatcher->trigger_event('core.posting_modify_post_data', compact($vars)));
 570  
 571  if ($mode == 'edit')
 572  {
 573      $original_poll_data = array(
 574          'poll_title'        => $post_data['poll_title'],
 575          'poll_length'        => $post_data['poll_length'],
 576          'poll_max_options'    => $post_data['poll_max_options'],
 577          'poll_option_text'    => implode("\n", $post_data['poll_options']),
 578          'poll_start'        => $post_data['poll_start'],
 579          'poll_last_vote'    => $post_data['poll_last_vote'],
 580          'poll_vote_change'    => $post_data['poll_vote_change'],
 581      );
 582  }
 583  
 584  $orig_poll_options_size = count($post_data['poll_options']);
 585  
 586  $message_parser = new parse_message();
 587  /* @var $plupload \phpbb\plupload\plupload */
 588  $plupload = $phpbb_container->get('plupload');
 589  
 590  /* @var $mimetype_guesser \phpbb\mimetype\guesser */
 591  $mimetype_guesser = $phpbb_container->get('mimetype.guesser');
 592  $message_parser->set_plupload($plupload);
 593  
 594  if (isset($post_data['post_text']))
 595  {
 596      $message_parser->message = &$post_data['post_text'];
 597      unset($post_data['post_text']);
 598  }
 599  
 600  // Set some default variables
 601  $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
 602  
 603  foreach ($uninit as $var_name => $default_value)
 604  {
 605      if (!isset($post_data[$var_name]))
 606      {
 607          $post_data[$var_name] = $default_value;
 608      }
 609  }
 610  unset($uninit);
 611  
 612  // Always check if the submitted attachment data is valid and belongs to the user.
 613  // Further down (especially in submit_post()) we do not check this again.
 614  $message_parser->get_submitted_attachment_data($post_data['poster_id']);
 615  
 616  if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit')
 617  {
 618      // Do not change to SELECT *
 619      $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize
 620          FROM ' . ATTACHMENTS_TABLE . "
 621          WHERE post_msg_id = $post_id
 622              AND in_message = 0
 623              AND is_orphan = 0
 624          ORDER BY attach_id DESC";
 625      $result = $db->sql_query($sql);
 626      $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
 627      $db->sql_freeresult($result);
 628  }
 629  
 630  if ($post_data['poster_id'] == ANONYMOUS)
 631  {
 632      $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['post_username']) : '';
 633  }
 634  else
 635  {
 636      $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['username']) : '';
 637  }
 638  
 639  $post_data['enable_urls'] = $post_data['enable_magic_url'];
 640  
 641  if ($mode != 'edit')
 642  {
 643      $post_data['enable_sig']        = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false;
 644      $post_data['enable_smilies']    = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false;
 645      $post_data['enable_bbcode']        = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false;
 646      $post_data['enable_urls']        = true;
 647  }
 648  
 649  if ($mode == 'post')
 650  {
 651      $post_data['topic_status']        = ($request->is_set_post('lock_topic') && $auth->acl_gets('m_lock', 'f_user_lock', $forum_id)) ? ITEM_LOCKED : ITEM_UNLOCKED;
 652  }
 653  
 654  $post_data['enable_magic_url'] = $post_data['drafts'] = false;
 655  
 656  // User own some drafts?
 657  if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
 658  {
 659      $sql = 'SELECT draft_id
 660          FROM ' . DRAFTS_TABLE . '
 661          WHERE user_id = ' . $user->data['user_id'] .
 662              (($forum_id) ? ' AND forum_id = ' . (int) $forum_id : '') .
 663              (($topic_id) ? ' AND topic_id = ' . (int) $topic_id : '') .
 664              (($draft_id) ? " AND draft_id <> $draft_id" : '');
 665      $result = $db->sql_query_limit($sql, 1);
 666  
 667      if ($db->sql_fetchrow($result))
 668      {
 669          $post_data['drafts'] = true;
 670      }
 671      $db->sql_freeresult($result);
 672  }
 673  
 674  $check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
 675  
 676  // Check if user is watching this topic
 677  if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered'])
 678  {
 679      $sql = 'SELECT topic_id
 680          FROM ' . TOPICS_WATCH_TABLE . '
 681          WHERE topic_id = ' . $topic_id . '
 682              AND user_id = ' . $user->data['user_id'];
 683      $result = $db->sql_query($sql);
 684      $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
 685      $db->sql_freeresult($result);
 686  }
 687  
 688  // Do we want to edit our post ?
 689  if ($mode == 'edit' && $post_data['bbcode_uid'])
 690  {
 691      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
 692  }
 693  
 694  // HTML, BBCode, Smilies, Images and Flash status
 695  $bbcode_status    = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false;
 696  $smilies_status    = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false;
 697  $img_status        = ($bbcode_status && $auth->acl_get('f_img', $forum_id)) ? true : false;
 698  $url_status        = ($config['allow_post_links']) ? true : false;
 699  $flash_status    = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false;
 700  $quote_status    = true;
 701  
 702  // Save Draft
 703  if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
 704  {
 705      $subject = $request->variable('subject', '', true);
 706      $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
 707      $message = $request->variable('message', '', true);
 708  
 709      if ($subject && $message)
 710      {
 711          if (confirm_box(true))
 712          {
 713              $message_parser->message = $message;
 714              $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
 715  
 716              $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 717                  'user_id'        => (int) $user->data['user_id'],
 718                  'topic_id'        => (int) $topic_id,
 719                  'forum_id'        => (int) $forum_id,
 720                  'save_time'        => (int) $current_time,
 721                  'draft_subject'    => (string) $subject,
 722                  'draft_message'    => (string) $message_parser->message)
 723              );
 724              $db->sql_query($sql);
 725  
 726              $meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id");
 727  
 728              meta_refresh(3, $meta_info);
 729  
 730              $message = $user->lang['DRAFT_SAVED'] . '<br /><br />';
 731              $message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : '';
 732              $message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
 733  
 734              trigger_error($message);
 735          }
 736          else
 737          {
 738              $s_hidden_fields = build_hidden_fields(array(
 739                  'mode'        => $mode,
 740                  'save'        => true,
 741                  'f'            => $forum_id,
 742                  't'            => $topic_id,
 743                  'subject'    => $subject,
 744                  'message'    => $message,
 745                  'attachment_data' => $message_parser->attachment_data,
 746                  )
 747              );
 748  
 749              $hidden_fields = array(
 750                  'icon_id'            => 0,
 751  
 752                  'disable_bbcode'    => false,
 753                  'disable_smilies'    => false,
 754                  'disable_magic_url'    => false,
 755                  'attach_sig'        => true,
 756                  'lock_topic'        => false,
 757  
 758                  'topic_type'        => POST_NORMAL,
 759                  'topic_time_limit'    => 0,
 760  
 761                  'poll_title'        => '',
 762                  'poll_option_text'    => '',
 763                  'poll_max_options'    => 1,
 764                  'poll_length'        => 0,
 765                  'poll_vote_change'    => false,
 766              );
 767  
 768              foreach ($hidden_fields as $name => $default)
 769              {
 770                  if (!isset($_POST[$name]))
 771                  {
 772                      // Don't include it, if its not available
 773                      unset($hidden_fields[$name]);
 774                      continue;
 775                  }
 776  
 777                  if (is_bool($default))
 778                  {
 779                      // Use the string representation
 780                      $hidden_fields[$name] = $request->variable($name, '');
 781                  }
 782                  else
 783                  {
 784                      $hidden_fields[$name] = $request->variable($name, $default);
 785                  }
 786              }
 787  
 788              $s_hidden_fields .= build_hidden_fields($hidden_fields);
 789  
 790              confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
 791          }
 792      }
 793      else
 794      {
 795          if (utf8_clean_string($subject) === '')
 796          {
 797              $error[] = $user->lang['EMPTY_SUBJECT'];
 798          }
 799  
 800          if (utf8_clean_string($message) === '')
 801          {
 802              $error[] = $user->lang['TOO_FEW_CHARS'];
 803          }
 804      }
 805      unset($subject, $message);
 806  }
 807  
 808  // Load requested Draft
 809  if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
 810  {
 811      $sql = 'SELECT draft_subject, draft_message
 812          FROM ' . DRAFTS_TABLE . "
 813          WHERE draft_id = $draft_id
 814              AND user_id = " . $user->data['user_id'];
 815      $result = $db->sql_query_limit($sql, 1);
 816      $row = $db->sql_fetchrow($result);
 817      $db->sql_freeresult($result);
 818  
 819      if ($row)
 820      {
 821          $post_data['post_subject'] = $row['draft_subject'];
 822          $message_parser->message = $row['draft_message'];
 823  
 824          $template->assign_var('S_DRAFT_LOADED', true);
 825      }
 826      else
 827      {
 828          $draft_id = 0;
 829      }
 830  }
 831  
 832  // Load draft overview
 833  if ($load && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_data['drafts'])
 834  {
 835      load_drafts($topic_id, $forum_id);
 836  }
 837  
 838  $bbcode_utils = $phpbb_container->get('text_formatter.utils');
 839  
 840  if ($submit || $preview || $refresh)
 841  {
 842      $post_data['topic_cur_post_id']    = $request->variable('topic_cur_post_id', 0);
 843      $post_data['post_subject']        = $request->variable('subject', '', true);
 844      $message_parser->message        = $request->variable('message', '', true);
 845  
 846      $post_data['username']            = $request->variable('username', $post_data['username'], true);
 847      $post_data['post_edit_reason']    = ($request->variable('edit_reason', false, false, \phpbb\request\request_interface::POST) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? $request->variable('edit_reason', '', true) : '';
 848  
 849      $post_data['orig_topic_type']    = $post_data['topic_type'];
 850      $post_data['topic_type']        = $request->variable('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
 851      $post_data['topic_time_limit']    = $request->variable('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
 852  
 853      if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
 854      {
 855          $post_data['icon_id'] = $request->variable('icon', (int) $post_data['icon_id']);
 856      }
 857  
 858      $post_data['enable_bbcode']        = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
 859      $post_data['enable_smilies']    = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
 860      $post_data['enable_urls']        = (isset($_POST['disable_magic_url'])) ? 0 : 1;
 861      $post_data['enable_sig']        = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
 862  
 863      if ($config['allow_topic_notify'] && $user->data['is_registered'])
 864      {
 865          $notify = (isset($_POST['notify'])) ? true : false;
 866      }
 867      else
 868      {
 869          $notify = false;
 870      }
 871  
 872      $topic_lock            = (isset($_POST['lock_topic'])) ? true : false;
 873      $post_lock            = (isset($_POST['lock_post'])) ? true : false;
 874      $poll_delete        = (isset($_POST['poll_delete'])) ? true : false;
 875  
 876      if ($submit)
 877      {
 878          $status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
 879          $status_switch = ($status_switch != $check_value);
 880      }
 881      else
 882      {
 883          $status_switch = 1;
 884      }
 885  
 886      // Delete Poll
 887      if ($poll_delete && $mode == 'edit' && count($post_data['poll_options']) &&
 888          ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id)))
 889      {
 890          if ($submit && check_form_key('posting'))
 891          {
 892              $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . "
 893                  WHERE topic_id = $topic_id";
 894              $db->sql_query($sql);
 895  
 896              $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . "
 897                  WHERE topic_id = $topic_id";
 898              $db->sql_query($sql);
 899  
 900              $topic_sql = array(
 901                  'poll_title'        => '',
 902                  'poll_start'         => 0,
 903                  'poll_length'        => 0,
 904                  'poll_last_vote'    => 0,
 905                  'poll_max_options'    => 0,
 906                  'poll_vote_change'    => 0
 907              );
 908  
 909              $sql = 'UPDATE ' . TOPICS_TABLE . '
 910                  SET ' . $db->sql_build_array('UPDATE', $topic_sql) . "
 911                  WHERE topic_id = $topic_id";
 912              $db->sql_query($sql);
 913          }
 914  
 915          $post_data['poll_title'] = $post_data['poll_option_text'] = '';
 916          $post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0;
 917      }
 918      else
 919      {
 920          $post_data['poll_title']        = $request->variable('poll_title', '', true);
 921          $post_data['poll_length']        = $request->variable('poll_length', 0);
 922          $post_data['poll_option_text']    = $request->variable('poll_option_text', '', true);
 923          $post_data['poll_max_options']    = $request->variable('poll_max_options', 1);
 924          $post_data['poll_vote_change']    = ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
 925      }
 926  
 927      // If replying/quoting and last post id has changed
 928      // give user option to continue submit or return to post
 929      // notify and show user the post made between his request and the final submit
 930      if (($mode == 'reply' || $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id'])
 931      {
 932          // Only do so if it is allowed forum-wide
 933          if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
 934          {
 935              if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id']))
 936              {
 937                  $template->assign_var('S_POST_REVIEW', true);
 938              }
 939  
 940              $submit = false;
 941              $refresh = true;
 942          }
 943      }
 944  
 945      // Parse Attachments - before checksum is calculated
 946      $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
 947  
 948      /**
 949      * This event allows you to modify message text before parsing
 950      *
 951      * @event core.posting_modify_message_text
 952      * @var    array    post_data    Array with post data
 953      * @var    string    mode        What action to take if the form is submitted
 954      *                post|reply|quote|edit|delete|bump|smilies|popup
 955      * @var    int    post_id        ID of the post
 956      * @var    int    topic_id    ID of the topic
 957      * @var    int    forum_id    ID of the forum
 958      * @var    bool    submit        Whether or not the form has been submitted
 959      * @var    bool    preview        Whether or not the post is being previewed
 960      * @var    bool    save        Whether or not a draft is being saved
 961      * @var    bool    load        Whether or not a draft is being loaded
 962      * @var    bool    cancel        Whether or not to cancel the form (returns to
 963      *                viewtopic or viewforum depending on if the user
 964      *                is posting a new topic or editing a post)
 965      * @var    bool    refresh        Whether or not to retain previously submitted data
 966      * @var    object    message_parser    The message parser object
 967      * @var    array    error        Array of errors
 968      * @since 3.1.2-RC1
 969      * @changed 3.1.11-RC1 Added error
 970      */
 971      $vars = array(
 972          'post_data',
 973          'mode',
 974          'post_id',
 975          'topic_id',
 976          'forum_id',
 977          'submit',
 978          'preview',
 979          'save',
 980          'load',
 981          'cancel',
 982          'refresh',
 983          'message_parser',
 984          'error',
 985      );
 986      extract($phpbb_dispatcher->trigger_event('core.posting_modify_message_text', compact($vars)));
 987  
 988      // Grab md5 'checksum' of new message
 989      $message_md5 = md5($message_parser->message);
 990  
 991      // If editing and checksum has changed we know the post was edited while we're editing
 992      // Notify and show user the changed post
 993      if ($mode == 'edit' && $post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
 994      {
 995          $edit_post_message_checksum = $request->variable('edit_post_message_checksum', '');
 996          $edit_post_subject_checksum = $request->variable('edit_post_subject_checksum', '');
 997  
 998          // $post_data['post_checksum'] is the checksum of the post submitted in the meantime
 999          // $message_md5 is the checksum of the post we're about to submit
1000          // $edit_post_message_checksum is the checksum of the post we're editing
1001          // ...
1002  
1003          // We make sure nobody else made exactly the same change
1004          // we're about to submit by also checking $message_md5 != $post_data['post_checksum']
1005          if ($edit_post_message_checksum !== '' &&
1006              $edit_post_message_checksum != $post_data['post_checksum'] &&
1007              $message_md5 != $post_data['post_checksum']
1008              ||
1009              $edit_post_subject_checksum !== '' &&
1010              $edit_post_subject_checksum != $post_data['post_subject_md5'] &&
1011              md5($post_data['post_subject']) != $post_data['post_subject_md5'])
1012          {
1013              if (topic_review($topic_id, $forum_id, 'post_review_edit', $post_id))
1014              {
1015                  $template->assign_vars(array(
1016                      'S_POST_REVIEW'            => true,
1017  
1018                      'L_POST_REVIEW'            => $user->lang['POST_REVIEW_EDIT'],
1019                      'L_POST_REVIEW_EXPLAIN'    => $user->lang['POST_REVIEW_EDIT_EXPLAIN'],
1020                  ));
1021              }
1022  
1023              $submit = false;
1024              $refresh = true;
1025          }
1026      }
1027  
1028      // Check checksum ... don't re-parse message if the same
1029      $update_message = ($mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN) ? true : false;
1030  
1031      // Also check if subject got updated...
1032      $update_subject = $mode != 'edit' || ($post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']));
1033  
1034      // Parse message
1035      if ($update_message)
1036      {
1037          if (count($message_parser->warn_msg))
1038          {
1039              $error[] = implode('<br />', $message_parser->warn_msg);
1040              $message_parser->warn_msg = array();
1041          }
1042  
1043          if (!$preview || !empty($message_parser->message))
1044          {
1045              $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
1046          }
1047  
1048          // On a refresh we do not care about message parsing errors
1049          if (count($message_parser->warn_msg) && $refresh && !$preview)
1050          {
1051              $message_parser->warn_msg = array();
1052          }
1053      }
1054      else
1055      {
1056          $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
1057      }
1058  
1059      $ignore_flood = $auth->acl_get('u_ignoreflood') ? true : $auth->acl_get('f_ignoreflood', $forum_id);
1060      if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$ignore_flood)
1061      {
1062          // Flood check
1063          $last_post_time = 0;
1064  
1065          if ($user->data['is_registered'])
1066          {
1067              $last_post_time = $user->data['user_lastpost_time'];
1068          }
1069          else
1070          {
1071              $sql = 'SELECT post_time AS last_post_time
1072                  FROM ' . POSTS_TABLE . "
1073                  WHERE poster_ip = '" . $user->ip . "'
1074                      AND post_time > " . ($current_time - $config['flood_interval']);
1075              $result = $db->sql_query_limit($sql, 1);
1076              if ($row = $db->sql_fetchrow($result))
1077              {
1078                  $last_post_time = $row['last_post_time'];
1079              }
1080              $db->sql_freeresult($result);
1081          }
1082  
1083          if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval']))
1084          {
1085              $error[] = $user->lang['FLOOD_ERROR'];
1086          }
1087      }
1088  
1089      // Validate username
1090      if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']))
1091      {
1092          if (!function_exists('validate_username'))
1093          {
1094              include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1095          }
1096  
1097          $user->add_lang('ucp');
1098  
1099          if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false)
1100          {
1101              $error[] = $user->lang[$result . '_USERNAME'];
1102          }
1103  
1104          if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false)
1105          {
1106              $min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars'];
1107              $error[] = $user->lang('FIELD_' . $result, $min_max_amount, $user->lang['USERNAME']);
1108          }
1109      }
1110  
1111      if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
1112      {
1113          $captcha_data = array(
1114              'message'    => $request->variable('message', '', true),
1115              'subject'    => $request->variable('subject', '', true),
1116              'username'    => $request->variable('username', '', true),
1117          );
1118          $vc_response = $captcha->validate($captcha_data);
1119          if ($vc_response)
1120          {
1121              $error[] = $vc_response;
1122          }
1123      }
1124  
1125      // check form
1126      if (($submit || $preview) && !check_form_key('posting'))
1127      {
1128          $error[] = $user->lang['FORM_INVALID'];
1129      }
1130  
1131      if ($submit && $mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED && !isset($_POST['soft_delete']) && $auth->acl_get('m_approve', $forum_id))
1132      {
1133          $is_first_post = ($post_id == $post_data['topic_first_post_id'] || !$post_data['topic_posts_approved']);
1134          $is_last_post = ($post_id == $post_data['topic_last_post_id'] || !$post_data['topic_posts_approved']);
1135          $updated_post_data = $phpbb_content_visibility->set_post_visibility(ITEM_APPROVED, $post_id, $post_data['topic_id'], $post_data['forum_id'], $user->data['user_id'], time(), '', $is_first_post, $is_last_post);
1136  
1137          if (!empty($updated_post_data))
1138          {
1139              // Update the post_data, so we don't need to refetch it.
1140              $post_data = array_merge($post_data, $updated_post_data);
1141          }
1142      }
1143  
1144      // Parse subject
1145      if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1146      {
1147          $error[] = $user->lang['EMPTY_SUBJECT'];
1148      }
1149  
1150      // Check for out-of-bounds characters that are currently
1151      // not supported by utf8_bin in MySQL
1152      if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
1153      {
1154          $character_list = implode('<br />', $matches[0]);
1155          $error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
1156      }
1157  
1158      $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;
1159  
1160      if ($post_data['poll_option_text'] &&
1161          ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1162          && $auth->acl_get('f_poll', $forum_id))
1163      {
1164          $poll = array(
1165              'poll_title'        => $post_data['poll_title'],
1166              'poll_length'        => $post_data['poll_length'],
1167              'poll_max_options'    => $post_data['poll_max_options'],
1168              'poll_option_text'    => $post_data['poll_option_text'],
1169              'poll_start'        => $post_data['poll_start'],
1170              'poll_last_vote'    => $post_data['poll_last_vote'],
1171              'poll_vote_change'    => $post_data['poll_vote_change'],
1172              'enable_bbcode'        => $post_data['enable_bbcode'],
1173              'enable_urls'        => $post_data['enable_urls'],
1174              'enable_smilies'    => $post_data['enable_smilies'],
1175              'img_status'        => $img_status
1176          );
1177  
1178          $message_parser->parse_poll($poll);
1179  
1180          $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1181          $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1182  
1183          /* We reset votes, therefore also allow removing options
1184          if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size))
1185          {
1186              $message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS'];
1187          }*/
1188      }
1189      else if ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id))
1190      {
1191          // The user removed all poll options, this is equal to deleting the poll.
1192          $poll = array(
1193              'poll_title'        => '',
1194              'poll_length'        => 0,
1195              'poll_max_options'    => 0,
1196              'poll_option_text'    => '',
1197              'poll_start'        => 0,
1198              'poll_last_vote'    => 0,
1199              'poll_vote_change'    => 0,
1200              'poll_options'        => array(),
1201          );
1202  
1203          $post_data['poll_options'] = array();
1204          $post_data['poll_title'] = '';
1205          $post_data['poll_start'] = $post_data['poll_length'] = $post_data['poll_max_options'] = $post_data['poll_last_vote'] = $post_data['poll_vote_change'] = 0;
1206      }
1207      else if (!$auth->acl_get('f_poll', $forum_id) && ($mode == 'edit') && ($post_id == $post_data['topic_first_post_id']) && !$bbcode_utils->is_empty($original_poll_data['poll_title']))
1208      {
1209          // We have a poll but the editing user is not permitted to create/edit it.
1210          // So we just keep the original poll-data.
1211          // Decode the poll title and options text fisrt.
1212          $original_poll_data['poll_title'] = $bbcode_utils->unparse($original_poll_data['poll_title']);
1213          $original_poll_data['poll_option_text'] = $bbcode_utils->unparse($original_poll_data['poll_option_text']);
1214          $original_poll_data['poll_options'] = explode("\n", $original_poll_data['poll_option_text']);
1215  
1216          $poll = array_merge($original_poll_data, array(
1217              'enable_bbcode'        => $post_data['enable_bbcode'],
1218              'enable_urls'        => $post_data['enable_urls'],
1219              'enable_smilies'    => $post_data['enable_smilies'],
1220              'img_status'        => $img_status,
1221          ));
1222  
1223          $message_parser->parse_poll($poll);
1224  
1225          $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1226          $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1227      }
1228      else
1229      {
1230          $poll = array();
1231      }
1232  
1233      // Check topic type
1234      if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1235      {
1236          switch ($post_data['topic_type'])
1237          {
1238              case POST_GLOBAL:
1239                  $auth_option = 'f_announce_global';
1240              break;
1241  
1242              case POST_ANNOUNCE:
1243                  $auth_option = 'f_announce';
1244              break;
1245  
1246              case POST_STICKY:
1247                  $auth_option = 'f_sticky';
1248              break;
1249  
1250              default:
1251                  $auth_option = '';
1252              break;
1253          }
1254  
1255          if ($auth_option != '' && !$auth->acl_get($auth_option, $forum_id))
1256          {
1257              // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod.
1258              // Another case would be a mod not having sticky permissions for example but edit permissions.
1259              if ($mode == 'edit')
1260              {
1261                  // To prevent non-authed users messing around with the topic type we reset it to the original one.
1262                  $post_data['topic_type'] = $post_data['orig_topic_type'];
1263              }
1264              else
1265              {
1266                  $error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))];
1267              }
1268          }
1269      }
1270  
1271      if (count($message_parser->warn_msg))
1272      {
1273          $error[] = implode('<br />', $message_parser->warn_msg);
1274      }
1275  
1276      // DNSBL check
1277      if ($config['check_dnsbl'] && !$refresh)
1278      {
1279          if (($dnsbl = $user->check_dnsbl('post')) !== false)
1280          {
1281              $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
1282          }
1283      }
1284  
1285      /**
1286      * This event allows you to define errors before the post action is performed
1287      *
1288      * @event core.posting_modify_submission_errors
1289      * @var    array    post_data    Array with post data
1290      * @var    array    poll        Array with poll data from post (must be used instead of the post_data equivalent)
1291      * @var    string    mode        What action to take if the form is submitted
1292      *                post|reply|quote|edit|delete|bump|smilies|popup
1293      * @var    int    post_id        ID of the post
1294      * @var    int    topic_id    ID of the topic
1295      * @var    int    forum_id    ID of the forum
1296      * @var    bool    submit        Whether or not the form has been submitted
1297      * @var    array    error        Any error strings; a non-empty array aborts form submission.
1298      *                NOTE: Should be actual language strings, NOT language keys.
1299      * @since 3.1.0-RC5
1300      * @changed 3.1.5-RC1 Added poll array to the event
1301      * @changed 3.2.0-a1 Removed undefined page_title
1302      */
1303      $vars = array(
1304          'post_data',
1305          'poll',
1306          'mode',
1307          'post_id',
1308          'topic_id',
1309          'forum_id',
1310          'submit',
1311          'error',
1312      );
1313      extract($phpbb_dispatcher->trigger_event('core.posting_modify_submission_errors', compact($vars)));
1314  
1315      // Store message, sync counters
1316      if (!count($error) && $submit)
1317      {
1318          if ($submit)
1319          {
1320              // Lock/Unlock Topic
1321              $change_topic_status = $post_data['topic_status'];
1322              $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;
1323  
1324              if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
1325              {
1326                  $change_topic_status = ITEM_UNLOCKED;
1327              }
1328              else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock)
1329              {
1330                  $change_topic_status = ITEM_LOCKED;
1331              }
1332  
1333              if ($change_topic_status != $post_data['topic_status'])
1334              {
1335                  $sql = 'UPDATE ' . TOPICS_TABLE . "
1336                      SET topic_status = $change_topic_status
1337                      WHERE topic_id = $topic_id
1338                          AND topic_moved_id = 0";
1339                  $db->sql_query($sql);
1340  
1341                  $user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : '';
1342  
1343                  $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), false, array(
1344                      'forum_id' => $forum_id,
1345                      'topic_id' => $topic_id,
1346                      $post_data['topic_title']
1347                  ));
1348              }
1349  
1350              // Lock/Unlock Post Edit
1351              if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id))
1352              {
1353                  $post_data['post_edit_locked'] = ITEM_UNLOCKED;
1354              }
1355              else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id))
1356              {
1357                  $post_data['post_edit_locked'] = ITEM_LOCKED;
1358              }
1359  
1360              $data = array(
1361                  'topic_title'            => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'],
1362                  'topic_first_post_id'    => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0,
1363                  'topic_last_post_id'    => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0,
1364                  'topic_time_limit'        => (int) $post_data['topic_time_limit'],
1365                  'topic_attachment'        => (isset($post_data['topic_attachment'])) ? (int) $post_data['topic_attachment'] : 0,
1366                  'post_id'                => (int) $post_id,
1367                  'topic_id'                => (int) $topic_id,
1368                  'forum_id'                => (int) $forum_id,
1369                  'icon_id'                => (int) $post_data['icon_id'],
1370                  'poster_id'                => (int) $post_data['poster_id'],
1371                  'enable_sig'            => (bool) $post_data['enable_sig'],
1372                  'enable_bbcode'            => (bool) $post_data['enable_bbcode'],
1373                  'enable_smilies'        => (bool) $post_data['enable_smilies'],
1374                  'enable_urls'            => (bool) $post_data['enable_urls'],
1375                  'enable_indexing'        => (bool) $post_data['enable_indexing'],
1376                  'message_md5'            => (string) $message_md5,
1377                  'post_checksum'            => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '',
1378                  'post_edit_reason'        => $post_data['post_edit_reason'],
1379                  'post_edit_user'        => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0),
1380                  'forum_parents'            => $post_data['forum_parents'],
1381                  'forum_name'            => $post_data['forum_name'],
1382                  'notify'                => $notify,
1383                  'notify_set'            => $post_data['notify_set'],
1384                  'poster_ip'                => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip,
1385                  'post_edit_locked'        => (int) $post_data['post_edit_locked'],
1386                  'bbcode_bitfield'        => $message_parser->bbcode_bitfield,
1387                  'bbcode_uid'            => $message_parser->bbcode_uid,
1388                  'message'                => $message_parser->message,
1389                  'attachment_data'        => $message_parser->attachment_data,
1390                  'filename_data'            => $message_parser->filename_data,
1391                  'topic_status'            => $post_data['topic_status'],
1392  
1393                  'topic_visibility'            => (isset($post_data['topic_visibility'])) ? $post_data['topic_visibility'] : false,
1394                  'post_visibility'            => (isset($post_data['post_visibility'])) ? $post_data['post_visibility'] : false,
1395              );
1396  
1397              if ($mode == 'edit')
1398              {
1399                  $data['topic_posts_approved'] = $post_data['topic_posts_approved'];
1400                  $data['topic_posts_unapproved'] = $post_data['topic_posts_unapproved'];
1401                  $data['topic_posts_softdeleted'] = $post_data['topic_posts_softdeleted'];
1402              }
1403  
1404              // Only return the username when it is either a guest posting or we are editing a post and
1405              // the username was supplied; otherwise post_data might hold the data of the post that is
1406              // being quoted (which could result in the username being returned being that of the quoted
1407              // post's poster, not the poster of the current post). See: PHPBB3-11769 for more information.
1408              $post_author_name = ((!$user->data['is_registered'] || $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : '';
1409  
1410              /**
1411              * This event allows you to define errors before the post action is performed
1412              *
1413              * @event core.posting_modify_submit_post_before
1414              * @var    array    post_data    Array with post data
1415              * @var    array    poll        Array with poll data
1416              * @var    array    data        Array with post data going to be stored in the database
1417              * @var    string    mode        What action to take if the form is submitted
1418              *                post|reply|quote|edit|delete
1419              * @var    int    post_id        ID of the post
1420              * @var    int    topic_id    ID of the topic
1421              * @var    int    forum_id    ID of the forum
1422              * @var    string    post_author_name    Author name for guest posts
1423              * @var    bool    update_message        Boolean if the post message was changed
1424              * @var    bool    update_subject        Boolean if the post subject was changed
1425              *                NOTE: Should be actual language strings, NOT language keys.
1426              * @since 3.1.0-RC5
1427              * @changed 3.1.6-RC1 remove submit and error from event  Submit and Error are checked previously prior to running event
1428              * @change 3.2.0-a1 Removed undefined page_title
1429              */
1430              $vars = array(
1431                  'post_data',
1432                  'poll',
1433                  'data',
1434                  'mode',
1435                  'post_id',
1436                  'topic_id',
1437                  'forum_id',
1438                  'post_author_name',
1439                  'update_message',
1440                  'update_subject',
1441              );
1442              extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_before', compact($vars)));
1443  
1444              // The last parameter tells submit_post if search indexer has to be run
1445              $redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
1446  
1447              /**
1448              * This event allows you to define errors after the post action is performed
1449              *
1450              * @event core.posting_modify_submit_post_after
1451              * @var    array    post_data    Array with post data
1452              * @var    array    poll        Array with poll data
1453              * @var    array    data        Array with post data going to be stored in the database
1454              * @var    string    mode        What action to take if the form is submitted
1455              *                post|reply|quote|edit|delete
1456              * @var    int    post_id        ID of the post
1457              * @var    int    topic_id    ID of the topic
1458              * @var    int    forum_id    ID of the forum
1459              * @var    string    post_author_name    Author name for guest posts
1460              * @var    bool    update_message        Boolean if the post message was changed
1461              * @var    bool    update_subject        Boolean if the post subject was changed
1462              * @var    string    redirect_url        URL the user is going to be redirected to
1463              *                NOTE: Should be actual language strings, NOT language keys.
1464              * @since 3.1.0-RC5
1465              * @changed 3.1.6-RC1 remove submit and error from event  Submit and Error are checked previously prior to running event
1466              * @change 3.2.0-a1 Removed undefined page_title
1467              */
1468              $vars = array(
1469                  'post_data',
1470                  'poll',
1471                  'data',
1472                  'mode',
1473                  'post_id',
1474                  'topic_id',
1475                  'forum_id',
1476                  'post_author_name',
1477                  'update_message',
1478                  'update_subject',
1479                  'redirect_url',
1480              );
1481              extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_after', compact($vars)));
1482  
1483              if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1484              {
1485                  $captcha->reset();
1486              }
1487  
1488              // Handle delete mode...
1489              if ($request->is_set_post('delete') || $request->is_set_post('delete_permanent'))
1490              {
1491                  $delete_reason = $request->variable('delete_reason', '', true);
1492                  phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $delete_reason);
1493                  return;
1494              }
1495  
1496              // Check the permissions for post approval.
1497              // Moderators must go through post approval like ordinary users.
1498              if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state']))
1499              {
1500                  meta_refresh(10, $redirect_url);
1501                  $message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];
1502                  $message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']);
1503                  $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']) . '">', '</a>');
1504                  trigger_error($message);
1505              }
1506  
1507              redirect($redirect_url);
1508          }
1509      }
1510  }
1511  
1512  // Preview
1513  if (!count($error) && $preview)
1514  {
1515      $post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time;
1516  
1517      $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
1518  
1519      $preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig'];
1520      $preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
1521      $preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
1522  
1523      // Signature
1524      if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id))
1525      {
1526          $flags = ($config['allow_sig_bbcode']) ? OPTION_FLAG_BBCODE : 0;
1527          $flags |= ($config['allow_sig_links']) ? OPTION_FLAG_LINKS : 0;
1528          $flags |= ($config['allow_sig_smilies']) ? OPTION_FLAG_SMILIES : 0;
1529  
1530          $preview_signature = generate_text_for_display($preview_signature, $preview_signature_uid, $preview_signature_bitfield, $flags, false);
1531      }
1532      else
1533      {
1534          $preview_signature = '';
1535      }
1536  
1537      $preview_subject = censor_text($post_data['post_subject']);
1538  
1539      // Poll Preview
1540      if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1541      && $auth->acl_get('f_poll', $forum_id))
1542      {
1543          $parse_poll = new parse_message($post_data['poll_title']);
1544          $parse_poll->bbcode_uid = $message_parser->bbcode_uid;
1545          $parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield;
1546  
1547          $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1548  
1549          if ($post_data['poll_length'])
1550          {
1551              $poll_end = ($post_data['poll_length'] * 86400) + (($post_data['poll_start']) ? $post_data['poll_start'] : time());
1552          }
1553  
1554          $template->assign_vars(array(
1555              'S_HAS_POLL_OPTIONS'    => (count($post_data['poll_options'])),
1556              'S_IS_MULTI_CHOICE'        => ($post_data['poll_max_options'] > 1) ? true : false,
1557  
1558              'POLL_QUESTION'        => $parse_poll->message,
1559  
1560              'L_POLL_LENGTH'        => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($poll_end)) : '',
1561              'L_MAX_VOTES'        => $user->lang('MAX_OPTIONS_SELECT', (int) $post_data['poll_max_options']),
1562          ));
1563  
1564          $preview_poll_options = array();
1565          foreach ($post_data['poll_options'] as $poll_option)
1566          {
1567              $parse_poll->message = $poll_option;
1568              $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1569              $preview_poll_options[] = $parse_poll->message;
1570          }
1571          unset($parse_poll);
1572  
1573          foreach ($preview_poll_options as $key => $option)
1574          {
1575              $template->assign_block_vars('poll_option', array(
1576                  'POLL_OPTION_CAPTION'    => $option,
1577                  'POLL_OPTION_ID'        => $key + 1)
1578              );
1579          }
1580          unset($preview_poll_options);
1581      }
1582  
1583      // Attachment Preview
1584      if (count($message_parser->attachment_data))
1585      {
1586          $template->assign_var('S_HAS_ATTACHMENTS', true);
1587  
1588          $update_count = array();
1589          $attachment_data = $message_parser->attachment_data;
1590  
1591          parse_attachments($forum_id, $preview_message, $attachment_data, $update_count, true);
1592  
1593          foreach ($attachment_data as $i => $attachment)
1594          {
1595              $template->assign_block_vars('attachment', array(
1596                  'DISPLAY_ATTACHMENT'    => $attachment)
1597              );
1598          }
1599          unset($attachment_data);
1600      }
1601  
1602      if (!count($error))
1603      {
1604          $template->assign_vars(array(
1605              'PREVIEW_SUBJECT'        => $preview_subject,
1606              'PREVIEW_MESSAGE'        => $preview_message,
1607              'PREVIEW_SIGNATURE'        => $preview_signature,
1608  
1609              'S_DISPLAY_PREVIEW'        => !empty($preview_message),
1610          ));
1611      }
1612  }
1613  
1614  // Remove quotes that would become nested too deep before decoding the text
1615  $generate_quote = ($mode == 'quote' && !$submit && !$preview && !$refresh);
1616  if ($generate_quote && $config['max_quote_depth'] > 0)
1617  {
1618      $tmp_bbcode_uid = $message_parser->bbcode_uid;
1619      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
1620      $message_parser->remove_nested_quotes($config['max_quote_depth'] - 1);
1621      $message_parser->bbcode_uid = $tmp_bbcode_uid;
1622  }
1623  
1624  // Decode text for message display
1625  $post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !count($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
1626  $message_parser->decode_message($post_data['bbcode_uid']);
1627  
1628  if ($generate_quote)
1629  {
1630      // Remove attachment bbcode tags from the quoted message to avoid mixing with the new post attachments if any
1631      $message_parser->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#uis', '\\2', $message_parser->message);
1632  
1633      if ($config['allow_bbcode'])
1634      {
1635          $message_parser->message = $bbcode_utils->generate_quote(
1636              censor_text($message_parser->message),
1637              array(
1638                  'author'  => $post_data['quote_username'],
1639                  'post_id' => $post_data['post_id'],
1640                  'time'    => $post_data['post_time'],
1641                  'user_id' => $post_data['poster_id'],
1642              )
1643          );
1644          $message_parser->message .= "\n\n";
1645      }
1646      else
1647      {
1648          $offset = 0;
1649          $quote_string = "&gt; ";
1650          $message = censor_text(trim($message_parser->message));
1651          // see if we are nesting. It's easily tricked but should work for one level of nesting
1652          if (strpos($message, "&gt;") !== false)
1653          {
1654              $offset = 10;
1655          }
1656          $message = utf8_wordwrap($message, 75 + $offset, "\n");
1657  
1658          $message = $quote_string . $message;
1659          $message = str_replace("\n", "\n" . $quote_string, $message);
1660          $message_parser->message =  $post_data['quote_username'] . " " . $user->lang['WROTE'] . ":\n" . $message . "\n";
1661      }
1662  }
1663  
1664  if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh)
1665  {
1666      $post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']);
1667  }
1668  
1669  $attachment_data = $message_parser->attachment_data;
1670  $filename_data = $message_parser->filename_data;
1671  $post_data['post_text'] = $message_parser->message;
1672  
1673  if (count($post_data['poll_options']) || (isset($post_data['poll_title']) && !$bbcode_utils->is_empty($post_data['poll_title'])))
1674  {
1675      $message_parser->message = $post_data['poll_title'];
1676      $message_parser->bbcode_uid = $post_data['bbcode_uid'];
1677  
1678      $message_parser->decode_message();
1679      $post_data['poll_title'] = $message_parser->message;
1680  
1681      $message_parser->message = implode("\n", $post_data['poll_options']);
1682      $message_parser->decode_message();
1683      $post_data['poll_options'] = explode("\n", $message_parser->message);
1684  }
1685  
1686  // MAIN POSTING PAGE BEGINS HERE
1687  
1688  // Forum moderators?
1689  $moderators = array();
1690  if ($config['load_moderators'])
1691  {
1692      get_moderators($moderators, $forum_id);
1693  }
1694  
1695  // Generate smiley listing
1696  generate_smilies('inline', $forum_id);
1697  
1698  // Generate inline attachment select box
1699  posting_gen_inline_attachments($attachment_data);
1700  
1701  // Do show topic type selection only in first post.
1702  $topic_type_toggle = false;
1703  
1704  if ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']))
1705  {
1706      $topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']);
1707  }
1708  
1709  $s_topic_icons = false;
1710  if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
1711  {
1712      $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
1713  }
1714  
1715  $bbcode_checked        = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1);
1716  $smilies_checked    = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1);
1717  $urls_checked        = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0;
1718  $sig_checked        = $post_data['enable_sig'];
1719  $lock_topic_checked    = (isset($topic_lock) && $topic_lock) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0);
1720  $lock_post_checked    = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked'];
1721  
1722  // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
1723  $notify_set            = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set'];
1724  $notify_checked        = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);
1725  
1726  // Page title & action URL
1727  $s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode&amp;f=$forum_id");
1728  $s_action .= ($topic_id) ? "&amp;t=$topic_id" : '';
1729  $s_action .= ($post_id) ? "&amp;p=$post_id" : '';
1730  
1731  switch ($mode)
1732  {
1733      case 'post':
1734          $page_title = $user->lang['POST_TOPIC'];
1735      break;
1736  
1737      case 'quote':
1738      case 'reply':
1739          $page_title = $user->lang['POST_REPLY'];
1740      break;
1741  
1742      case 'delete':
1743      case 'edit':
1744          $page_title = $user->lang['EDIT_POST'];
1745      break;
1746  }
1747  
1748  // Build Navigation Links
1749  generate_forum_nav($post_data);
1750  
1751  // Build Forum Rules
1752  generate_forum_rules($post_data);
1753  
1754  // Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed.
1755  if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1756  {
1757  
1758      $template->assign_vars(array(
1759          'S_CONFIRM_CODE'            => true,
1760          'CAPTCHA_TEMPLATE'            => $captcha->get_template(),
1761      ));
1762  }
1763  
1764  $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
1765  $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
1766  $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . $request->variable('draft_loaded', $draft_id) . '" />' : '';
1767  
1768  if ($mode == 'edit')
1769  {
1770      $s_hidden_fields .= build_hidden_fields(array(
1771          'edit_post_message_checksum'    => $post_data['post_checksum'],
1772          'edit_post_subject_checksum'    => $post_data['post_subject_md5'],
1773      ));
1774  }
1775  
1776  // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
1777  if (isset($captcha) && $captcha->is_solved() !== false)
1778  {
1779      $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
1780  }
1781  
1782  $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"';
1783  add_form_key('posting');
1784  
1785  /** @var \phpbb\controller\helper $controller_helper */
1786  $controller_helper = $phpbb_container->get('controller.helper');
1787  
1788  // Build array of variables for main posting page
1789  $page_data = array(
1790      'L_POST_A'                    => $page_title,
1791      'L_ICON'                    => ($mode == 'reply' || $mode == 'quote' || ($mode == 'edit' && $post_id != $post_data['topic_first_post_id'])) ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'],
1792      'L_MESSAGE_BODY_EXPLAIN'    => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']),
1793      'L_DELETE_POST_PERMANENTLY'    => $user->lang('DELETE_POST_PERMANENTLY', 1),
1794  
1795      'FORUM_NAME'            => $post_data['forum_name'],
1796      'FORUM_DESC'            => ($post_data['forum_desc']) ? generate_text_for_display($post_data['forum_desc'], $post_data['forum_desc_uid'], $post_data['forum_desc_bitfield'], $post_data['forum_desc_options']) : '',
1797      'TOPIC_TITLE'            => censor_text($post_data['topic_title']),
1798      'MODERATORS'            => (count($moderators)) ? implode($user->lang['COMMA_SEPARATOR'], $moderators[$forum_id]) : '',
1799      'USERNAME'                => ((!$preview && $mode != 'quote') || $preview) ? $post_data['username'] : '',
1800      'SUBJECT'                => $post_data['post_subject'],
1801      'MESSAGE'                => $post_data['post_text'],
1802      'BBCODE_STATUS'            => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
1803      'IMG_STATUS'            => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
1804      'FLASH_STATUS'            => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
1805      'SMILIES_STATUS'        => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
1806      'URL_STATUS'            => ($bbcode_status && $url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
1807      'MAX_FONT_SIZE'            => (int) $config['max_post_font_size'],
1808      'MINI_POST_IMG'            => $user->img('icon_post_target', $user->lang['POST']),
1809      'POST_DATE'                => ($post_data['post_time']) ? $user->format_date($post_data['post_time']) : '',
1810      'ERROR'                    => (count($error)) ? implode('<br />', $error) : '',
1811      'TOPIC_TIME_LIMIT'        => (int) $post_data['topic_time_limit'],
1812      'EDIT_REASON'            => $request->variable('edit_reason', '', true),
1813      'SHOW_PANEL'            => $request->variable('show_panel', ''),
1814      'U_VIEW_FORUM'            => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"),
1815      'U_VIEW_TOPIC'            => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id") : '',
1816      'U_PROGRESS_BAR'        => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup"),
1817      'UA_PROGRESS_BAR'        => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&amp;mode=popup")),
1818  
1819      'S_PRIVMSGS'                => false,
1820      'S_CLOSE_PROGRESS_WINDOW'    => (isset($_POST['add_file'])) ? true : false,
1821      'S_EDIT_POST'                => ($mode == 'edit') ? true : false,
1822      'S_EDIT_REASON'                => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1823      'S_DISPLAY_USERNAME'        => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
1824      'S_SHOW_TOPIC_ICONS'        => $s_topic_icons,
1825      'S_DELETE_ALLOWED'            => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])) || $auth->acl_get('m_delete', $forum_id))) ? true : false,
1826      'S_BBCODE_ALLOWED'            => ($bbcode_status) ? 1 : 0,
1827      'S_BBCODE_CHECKED'            => ($bbcode_checked) ? ' checked="checked"' : '',
1828      'S_SMILIES_ALLOWED'            => $smilies_status,
1829      'S_SMILIES_CHECKED'            => ($smilies_checked) ? ' checked="checked"' : '',
1830      'S_SIG_ALLOWED'                => ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false,
1831      'S_SIGNATURE_CHECKED'        => ($sig_checked) ? ' checked="checked"' : '',
1832      'S_NOTIFY_ALLOWED'            => (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify'] || !$config['email_enable']) ? false : true,
1833      'S_NOTIFY_CHECKED'            => ($notify_checked) ? ' checked="checked"' : '',
1834      'S_LOCK_TOPIC_ALLOWED'        => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote' || $mode == 'post') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false,
1835      'S_LOCK_TOPIC_CHECKED'        => ($lock_topic_checked) ? ' checked="checked"' : '',
1836      'S_LOCK_POST_ALLOWED'        => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1837      'S_LOCK_POST_CHECKED'        => ($lock_post_checked) ? ' checked="checked"' : '',
1838      'S_SOFTDELETE_CHECKED'        => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? ' checked="checked"' : '',
1839      'S_SOFTDELETE_ALLOWED'        => ($mode == 'edit' && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $lock_post_checked)) ? true : false,
1840      'S_RESTORE_ALLOWED'            => $auth->acl_get('m_approve', $forum_id),
1841      'S_IS_DELETED'                => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? true : false,
1842      'S_LINKS_ALLOWED'            => $url_status,
1843      'S_MAGIC_URL_CHECKED'        => ($urls_checked) ? ' checked="checked"' : '',
1844      'S_TYPE_TOGGLE'                => $topic_type_toggle,
1845      'S_SAVE_ALLOWED'            => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $mode != 'edit') ? true : false,
1846      'S_HAS_DRAFTS'                => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false,
1847      'S_FORM_ENCTYPE'            => $form_enctype,
1848  
1849      'S_BBCODE_IMG'            => $img_status,
1850      'S_BBCODE_URL'            => $url_status,
1851      'S_BBCODE_FLASH'        => $flash_status,
1852      'S_BBCODE_QUOTE'        => $quote_status,
1853  
1854      'S_POST_ACTION'            => $s_action,
1855      'S_HIDDEN_FIELDS'        => $s_hidden_fields,
1856      'S_ATTACH_DATA'            => json_encode($message_parser->attachment_data),
1857      'S_IN_POSTING'            => true,
1858  );
1859  
1860  // Build custom bbcodes array
1861  display_custom_bbcodes();
1862  
1863  // Poll entry
1864  if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1865      && $auth->acl_get('f_poll', $forum_id))
1866  {
1867      $page_data = array_merge($page_data, array(
1868          'S_SHOW_POLL_BOX'        => true,
1869          'S_POLL_VOTE_CHANGE'    => ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id)),
1870          'S_POLL_DELETE'            => ($mode == 'edit' && count($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))),
1871          'S_POLL_DELETE_CHECKED'    => (!empty($poll_delete)) ? true : false,
1872  
1873          'L_POLL_OPTIONS_EXPLAIN'    => $user->lang('POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN', (int) $config['max_poll_options']),
1874  
1875          'VOTE_CHANGE_CHECKED'    => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '',
1876          'POLL_TITLE'            => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
1877          'POLL_OPTIONS'            => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '',
1878          'POLL_MAX_OPTIONS'        => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1,
1879          'POLL_LENGTH'            => $post_data['poll_length'],
1880          )
1881      );
1882  }
1883  
1884  /**
1885  * This event allows you to modify template variables for the posting screen
1886  *
1887  * @event core.posting_modify_template_vars
1888  * @var    array    post_data    Array with post data
1889  * @var    array    moderators    Array with forum moderators
1890  * @var    string    mode        What action to take if the form is submitted
1891  *                post|reply|quote|edit|delete|bump|smilies|popup
1892  * @var    string    page_title    Title of the mode page
1893  * @var    bool    s_topic_icons    Whether or not to show the topic icons
1894  * @var    string    form_enctype    If attachments are allowed for this form
1895  *                "multipart/form-data" or empty string
1896  * @var    string    s_action    The URL to submit the POST data to
1897  * @var    string    s_hidden_fields    Concatenated hidden input tags of posting form
1898  * @var    int    post_id        ID of the post
1899  * @var    int    topic_id    ID of the topic
1900  * @var    int    forum_id    ID of the forum
1901  * @var    int    draft_id    ID of the draft
1902  * @var    bool    submit        Whether or not the form has been submitted
1903  * @var    bool    preview        Whether or not the post is being previewed
1904  * @var    bool    save        Whether or not a draft is being saved
1905  * @var    bool    load        Whether or not a draft is being loaded
1906  * @var    bool    cancel        Whether or not to cancel the form (returns to
1907  *                viewtopic or viewforum depending on if the user
1908  *                is posting a new topic or editing a post)
1909  * @var    array    error        Any error strings; a non-empty array aborts
1910  *                form submission.
1911  *                NOTE: Should be actual language strings, NOT
1912  *                language keys.
1913  * @var    bool    refresh        Whether or not to retain previously submitted data
1914  * @var    array    page_data    Posting page data that should be passed to the
1915  *                posting page via $template->assign_vars()
1916  * @var    object    message_parser    The message parser object
1917  * @since 3.1.0-a1
1918  * @changed 3.1.0-b3 Added vars post_data, moderators, mode, page_title,
1919  *        s_topic_icons, form_enctype, s_action, s_hidden_fields,
1920  *        post_id, topic_id, forum_id, submit, preview, save, load,
1921  *        delete, cancel, refresh, error, page_data, message_parser
1922  * @changed 3.1.2-RC1 Removed 'delete' var as it does not exist
1923  * @changed 3.1.5-RC1 Added poll variables to the page_data array
1924  * @changed 3.1.6-RC1 Added 'draft_id' var
1925  */
1926  $vars = array(
1927      'post_data',
1928      'moderators',
1929      'mode',
1930      'page_title',
1931      's_topic_icons',
1932      'form_enctype',
1933      's_action',
1934      's_hidden_fields',
1935      'post_id',
1936      'topic_id',
1937      'forum_id',
1938      'draft_id',
1939      'submit',
1940      'preview',
1941      'save',
1942      'load',
1943      'cancel',
1944      'refresh',
1945      'error',
1946      'page_data',
1947      'message_parser',
1948  );
1949  extract($phpbb_dispatcher->trigger_event('core.posting_modify_template_vars', compact($vars)));
1950  
1951  // Start assigning vars for main posting page ...
1952  $template->assign_vars($page_data);
1953  
1954  // Show attachment box for adding attachments if true
1955  $allowed = ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && $form_enctype);
1956  
1957  if ($allowed)
1958  {
1959      $max_files = ($auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) ? 0 : (int) $config['max_attachments'];
1960      $plupload->configure($cache, $template, $s_action, $forum_id, $max_files);
1961  }
1962  
1963  // Attachment entry
1964  posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);
1965  
1966  // Output page ...
1967  page_header($page_title);
1968  
1969  $template->set_filenames(array(
1970      'body' => 'posting_body.html')
1971  );
1972  
1973  make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
1974  
1975  // Topic review
1976  if ($mode == 'reply' || $mode == 'quote')
1977  {
1978      if (topic_review($topic_id, $forum_id))
1979      {
1980          $template->assign_var('S_DISPLAY_REVIEW', true);
1981      }
1982  }
1983  
1984  page_footer();


Generated: Thu Jan 11 23:14:31 2018 Cross-referenced by PHPXref 0.7.1