| [ Index ] |
PHP Cross Reference of phpBB-3.3.12-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 define('IN_PHPBB', true); 18 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './'; 19 $phpEx = substr(strrchr(__FILE__, '.'), 1); 20 include($phpbb_root_path . 'common.' . $phpEx); 21 include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); 22 include($phpbb_root_path . 'includes/functions_display.' . $phpEx); 23 include($phpbb_root_path . 'includes/message_parser.' . $phpEx); 24 25 26 // Start session management 27 $user->session_begin(); 28 $auth->acl($user->data); 29 30 31 // Grab only parameters needed here 32 $draft_id = $request->variable('d', 0); 33 34 $preview = (isset($_POST['preview'])) ? true : false; 35 $save = (isset($_POST['save'])) ? true : false; 36 $load = (isset($_POST['load'])) ? true : false; 37 $confirm = $request->is_set_post('confirm'); 38 $cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false; 39 40 $refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load || $preview); 41 $submit = $request->is_set_post('post') && !$refresh && !$preview; 42 $mode = $request->variable('mode', ''); 43 44 // Only assign required URL parameters 45 $forum_id = 0; 46 $topic_id = 0; 47 $post_id = 0; 48 49 switch ($mode) 50 { 51 case 'popup': 52 case 'smilies': 53 $forum_id = $request->variable('f', 0); 54 break; 55 56 case 'post': 57 $forum_id = $request->variable('f', 0); 58 if (!$forum_id) 59 { 60 trigger_error('NO_FORUM'); 61 } 62 break; 63 64 case 'bump': 65 case 'reply': 66 $topic_id = $request->variable('t', 0); 67 if ($topic_id) 68 { 69 $sql = 'SELECT forum_id 70 FROM ' . TOPICS_TABLE . " 71 WHERE topic_id = $topic_id"; 72 $result = $db->sql_query($sql); 73 $forum_id = (int) $db->sql_fetchfield('forum_id'); 74 $db->sql_freeresult($result); 75 } 76 77 if (!$topic_id || !$forum_id) 78 { 79 trigger_error('NO_TOPIC'); 80 } 81 break; 82 83 case 'edit': 84 case 'delete': 85 case 'quote': 86 case 'soft_delete': 87 $post_id = $request->variable('p', 0); 88 if ($post_id) 89 { 90 $topic_forum = []; 91 92 $sql = 'SELECT t.topic_id, t.forum_id 93 FROM ' . TOPICS_TABLE . ' t, ' . POSTS_TABLE . ' p 94 WHERE p.post_id = ' . $post_id . ' 95 AND t.topic_id = p.topic_id'; 96 $result = $db->sql_query($sql); 97 $topic_forum = $db->sql_fetchrow($result); 98 $db->sql_freeresult($result); 99 } 100 101 if (!$post_id || !$topic_forum) 102 { 103 $user->setup('posting'); 104 trigger_error('NO_POST'); 105 } 106 107 // Need to update session forum_id to valid value for proper viewonline information 108 if (!$forum_id) 109 { 110 $user->page['forum'] = (int) $topic_forum['forum_id']; 111 $user->update_session_page = true; 112 $user->update_session_infos(); 113 } 114 115 $topic_id = (int) $topic_forum['topic_id']; 116 $forum_id = (int) $topic_forum['forum_id']; 117 118 break; 119 } 120 121 // If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here. 122 if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_gets('f_delete', 'm_delete', $forum_id))) 123 { 124 $mode = 'soft_delete'; 125 } 126 127 $error = $post_data = array(); 128 $current_time = time(); 129 130 /** 131 * This event allows you to alter the above parameters, such as submit and mode 132 * 133 * Note: $refresh must be true to retain previously submitted form data. 134 * 135 * Note: The template class will not work properly until $user->setup() is 136 * called, and it has not been called yet. Extensions requiring template 137 * assignments should use an event that comes later in this file. 138 * 139 * @event core.modify_posting_parameters 140 * @var int post_id ID of the post 141 * @var int topic_id ID of the topic 142 * @var int forum_id ID of the forum 143 * @var int draft_id ID of the draft 144 * @var bool submit Whether or not the form has been submitted 145 * @var bool preview Whether or not the post is being previewed 146 * @var bool save Whether or not a draft is being saved 147 * @var bool load Whether or not a draft is being loaded 148 * @var bool cancel Whether or not to cancel the form (returns to 149 * viewtopic or viewforum depending on if the user 150 * is posting a new topic or editing a post) 151 * @var bool refresh Whether or not to retain previously submitted data 152 * @var string mode What action to take if the form has been submitted 153 * post|reply|quote|edit|delete|bump|smilies|popup 154 * @var array error Any error strings; a non-empty array aborts 155 * form submission. 156 * NOTE: Should be actual language strings, NOT 157 * language keys. 158 * @since 3.1.0-a1 159 * @changed 3.1.2-RC1 Removed 'delete' var as it does not exist 160 * @changed 3.2.4-RC1 Remove unused 'lastclick' var 161 */ 162 $vars = array( 163 'post_id', 164 'topic_id', 165 'forum_id', 166 'draft_id', 167 'submit', 168 'preview', 169 'save', 170 'load', 171 'cancel', 172 'refresh', 173 'mode', 174 'error', 175 ); 176 extract($phpbb_dispatcher->trigger_event('core.modify_posting_parameters', compact($vars))); 177 178 // Was cancel pressed? If so then redirect to the appropriate page 179 if ($cancel) 180 { 181 $redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx"))); 182 redirect($redirect); 183 } 184 185 /* @var $phpbb_content_visibility \phpbb\content_visibility */ 186 $phpbb_content_visibility = $phpbb_container->get('content.visibility'); 187 188 // We need to know some basic information in all cases before we do anything. 189 switch ($mode) 190 { 191 case 'post': 192 $sql = 'SELECT * 193 FROM ' . FORUMS_TABLE . " 194 WHERE forum_id = $forum_id"; 195 break; 196 197 case 'bump': 198 case 'reply': 199 $sql = 'SELECT f.*, t.* 200 FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f 201 WHERE t.topic_id = $topic_id 202 AND f.forum_id = t.forum_id 203 AND " . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id, 't.'); 204 break; 205 206 case 'quote': 207 case 'edit': 208 case 'delete': 209 case 'soft_delete': 210 $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield 211 FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u 212 WHERE p.post_id = $post_id 213 AND t.topic_id = p.topic_id 214 AND u.user_id = p.poster_id 215 AND f.forum_id = t.forum_id 216 AND " . $phpbb_content_visibility->get_visibility_sql('post', $forum_id, 'p.'); 217 break; 218 219 case 'smilies': 220 $sql = ''; 221 generate_smilies('window', $forum_id); 222 break; 223 224 case 'popup': 225 if ($forum_id) 226 { 227 $sql = 'SELECT forum_style 228 FROM ' . FORUMS_TABLE . ' 229 WHERE forum_id = ' . $forum_id; 230 } 231 else 232 { 233 phpbb_upload_popup(); 234 return; 235 } 236 break; 237 238 default: 239 $sql = ''; 240 break; 241 } 242 243 if (!$sql) 244 { 245 $user->setup('posting'); 246 trigger_error('NO_POST_MODE'); 247 } 248 249 $result = $db->sql_query($sql); 250 $post_data = $db->sql_fetchrow($result); 251 $db->sql_freeresult($result); 252 253 if (!$post_data) 254 { 255 if (!($mode == 'post' || $mode == 'bump' || $mode == 'reply')) 256 { 257 $user->setup('posting'); 258 } 259 trigger_error(($mode == 'post' || $mode == 'bump' || $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST'); 260 } 261 262 /** 263 * This event allows you to bypass reply/quote test of an unapproved post. 264 * 265 * @event core.posting_modify_row_data 266 * @var array post_data All post data from database 267 * @var string mode What action to take if the form has been submitted 268 * post|reply|quote|edit|delete|bump|smilies|popup 269 * @var int topic_id ID of the topic 270 * @var int forum_id ID of the forum 271 * @since 3.2.8-RC1 272 */ 273 $vars = array( 274 'post_data', 275 'mode', 276 'topic_id', 277 'forum_id', 278 ); 279 extract($phpbb_dispatcher->trigger_event('core.posting_modify_row_data', compact($vars))); 280 281 // Not able to reply to unapproved posts/topics 282 // TODO: add more descriptive language key 283 if ($auth->acl_get('m_approve', $forum_id) && ((($mode == 'reply' || $mode == 'bump') && $post_data['topic_visibility'] != ITEM_APPROVED) || ($mode == 'quote' && $post_data['post_visibility'] != ITEM_APPROVED))) 284 { 285 trigger_error(($mode == 'reply' || $mode == 'bump') ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED'); 286 } 287 288 if ($mode == 'popup') 289 { 290 phpbb_upload_popup($post_data['forum_style']); 291 return; 292 } 293 294 $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']); 295 296 // Need to login to passworded forum first? 297 if ($post_data['forum_password']) 298 { 299 login_forum_box(array( 300 'forum_id' => $forum_id, 301 'forum_name' => $post_data['forum_name'], 302 'forum_password' => $post_data['forum_password']) 303 ); 304 } 305 306 // Check permissions 307 if ($user->data['is_bot']) 308 { 309 redirect(append_sid("{$phpbb_root_path}index.$phpEx")); 310 } 311 312 // Is the user able to read within this forum? 313 if (!$auth->acl_get('f_read', $forum_id)) 314 { 315 if ($user->data['user_id'] != ANONYMOUS) 316 { 317 trigger_error('USER_CANNOT_READ'); 318 } 319 $message = $user->lang['LOGIN_EXPLAIN_POST']; 320 321 if ($request->is_ajax()) 322 { 323 $json = new phpbb\json_response(); 324 $json->send(array( 325 'title' => $user->lang['INFORMATION'], 326 'message' => $message, 327 )); 328 } 329 330 login_box('', $message); 331 } 332 333 // Permission to do the action asked? 334 $is_authed = false; 335 336 switch ($mode) 337 { 338 case 'post': 339 if ($auth->acl_get('f_post', $forum_id)) 340 { 341 $is_authed = true; 342 } 343 break; 344 345 case 'bump': 346 if ($auth->acl_get('f_bump', $forum_id)) 347 { 348 $is_authed = true; 349 } 350 break; 351 352 case 'quote': 353 354 $post_data['post_edit_locked'] = 0; 355 356 // no break; 357 358 case 'reply': 359 if ($auth->acl_get('f_reply', $forum_id)) 360 { 361 $is_authed = true; 362 } 363 break; 364 365 case 'edit': 366 if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id)) 367 { 368 $is_authed = true; 369 } 370 break; 371 372 case 'delete': 373 if ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)))) 374 { 375 $is_authed = true; 376 } 377 378 // no break; 379 380 case 'soft_delete': 381 if (!$is_authed && $user->data['is_registered'] && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $post_data['post_edit_locked'])) 382 { 383 // Fall back to soft_delete if we have no permissions to delete posts but to soft delete them 384 $is_authed = true; 385 $mode = 'soft_delete'; 386 } 387 break; 388 } 389 /** 390 * This event allows you to do extra auth checks and verify if the user 391 * has the required permissions 392 * 393 * Extensions should only change the error and is_authed variables. 394 * 395 * @event core.modify_posting_auth 396 * @var int post_id ID of the post 397 * @var int topic_id ID of the topic 398 * @var int forum_id ID of the forum 399 * @var int draft_id ID of the draft 400 * @var bool submit Whether or not the form has been submitted 401 * @var bool preview Whether or not the post is being previewed 402 * @var bool save Whether or not a draft is being saved 403 * @var bool load Whether or not a draft is being loaded 404 * @var bool refresh Whether or not to retain previously submitted data 405 * @var string mode What action to take if the form has been submitted 406 * post|reply|quote|edit|delete|bump|smilies|popup 407 * @var array error Any error strings; a non-empty array aborts 408 * form submission. 409 * NOTE: Should be actual language strings, NOT 410 * language keys. 411 * @var bool is_authed Does the user have the required permissions? 412 * @var array post_data All post data from database 413 * @since 3.1.3-RC1 414 * @changed 3.1.10-RC1 Added post_data 415 * @changed 3.2.4-RC1 Remove unused 'lastclick' var 416 */ 417 $vars = array( 418 'post_id', 419 'topic_id', 420 'forum_id', 421 'draft_id', 422 'submit', 423 'preview', 424 'save', 425 'load', 426 'refresh', 427 'mode', 428 'error', 429 'is_authed', 430 'post_data', 431 ); 432 extract($phpbb_dispatcher->trigger_event('core.modify_posting_auth', compact($vars))); 433 434 if (!$is_authed || !empty($error)) 435 { 436 $check_auth = ($mode == 'quote') ? 'reply' : (($mode == 'soft_delete') ? 'delete' : $mode); 437 438 if ($user->data['is_registered']) 439 { 440 trigger_error(empty($error) ? 'USER_CANNOT_' . strtoupper($check_auth) : implode('<br/>', $error)); 441 } 442 $message = $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]; 443 444 if ($request->is_ajax()) 445 { 446 $json = new phpbb\json_response(); 447 $json->send(array( 448 'title' => $user->lang['INFORMATION'], 449 'message' => $message, 450 )); 451 } 452 453 login_box('', $message); 454 } 455 456 if ($config['enable_post_confirm'] && !$user->data['is_registered']) 457 { 458 $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); 459 $captcha->init(CONFIRM_POST); 460 } 461 462 // Is the user able to post within this forum? 463 if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply'))) 464 { 465 trigger_error('USER_CANNOT_FORUM_POST'); 466 } 467 468 // Forum/Topic locked? 469 if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get($mode == 'reply' ? 'm_lock' : 'm_edit', $forum_id)) 470 { 471 trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); 472 } 473 474 // Can we edit this post ... if we're a moderator with rights then always yes 475 // else it depends on editing times, lock status and if we're the correct user 476 if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id)) 477 { 478 $force_edit_allowed = false; 479 480 $s_cannot_edit = $user->data['user_id'] != $post_data['poster_id']; 481 $s_cannot_edit_time = $config['edit_time'] && $post_data['post_time'] <= time() - ($config['edit_time'] * 60); 482 $s_cannot_edit_locked = $post_data['post_edit_locked']; 483 484 /** 485 * This event allows you to modify the conditions for the "cannot edit post" checks 486 * 487 * @event core.posting_modify_cannot_edit_conditions 488 * @var array post_data Array with post data 489 * @var bool force_edit_allowed Allow the user to edit the post (all permissions and conditions are ignored) 490 * @var bool s_cannot_edit User can not edit the post because it's not his 491 * @var bool s_cannot_edit_locked User can not edit the post because it's locked 492 * @var bool s_cannot_edit_time User can not edit the post because edit_time has passed 493 * @since 3.1.0-b4 494 */ 495 $vars = array( 496 'post_data', 497 'force_edit_allowed', 498 's_cannot_edit', 499 's_cannot_edit_locked', 500 's_cannot_edit_time', 501 ); 502 extract($phpbb_dispatcher->trigger_event('core.posting_modify_cannot_edit_conditions', compact($vars))); 503 504 if (!$force_edit_allowed) 505 { 506 if ($s_cannot_edit) 507 { 508 trigger_error('USER_CANNOT_EDIT'); 509 } 510 else if ($s_cannot_edit_time) 511 { 512 trigger_error('CANNOT_EDIT_TIME'); 513 } 514 else if ($s_cannot_edit_locked) 515 { 516 trigger_error('CANNOT_EDIT_POST_LOCKED'); 517 } 518 } 519 } 520 521 // Handle delete mode... 522 if ($mode == 'delete' || $mode == 'soft_delete') 523 { 524 if ($mode == 'soft_delete' && $post_data['post_visibility'] == ITEM_DELETED) 525 { 526 $user->setup('posting'); 527 trigger_error('NO_POST'); 528 } 529 530 $delete_reason = $request->variable('delete_reason', '', true); 531 phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, ($mode == 'soft_delete' && !$request->is_set_post('delete_permanent')), $delete_reason); 532 return; 533 } 534 535 // Handle bump mode... 536 if ($mode == 'bump') 537 { 538 if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id']) 539 && check_link_hash($request->variable('hash', ''), "topic_{$post_data['topic_id']}")) 540 { 541 $meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time); 542 meta_refresh(3, $meta_url); 543 $message = $user->lang['TOPIC_BUMPED']; 544 545 if (!$request->is_ajax()) 546 { 547 $message .= '<br /><br />' . $user->lang('VIEW_MESSAGE', '<a href="' . $meta_url . '">', '</a>'); 548 $message .= '<br /><br />' . $user->lang('RETURN_FORUM', '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>'); 549 } 550 551 trigger_error($message); 552 } 553 554 trigger_error('BUMP_ERROR'); 555 } 556 557 // Subject length limiting to 60 characters if first post... 558 if ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id'])) 559 { 560 $template->assign_var('S_NEW_MESSAGE', true); 561 } 562 563 // Determine some vars 564 if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) 565 { 566 $post_data['quote_username'] = (!empty($post_data['post_username'])) ? $post_data['post_username'] : $user->lang['GUEST']; 567 } 568 else 569 { 570 $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : ''; 571 } 572 573 $post_data['post_edit_locked'] = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0; 574 $post_data['post_subject_md5'] = (isset($post_data['post_subject']) && $mode == 'edit') ? md5($post_data['post_subject']) : ''; 575 $post_data['post_subject'] = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : ''); 576 $post_data['topic_time_limit'] = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0; 577 $post_data['poll_length'] = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0; 578 $post_data['poll_start'] = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0; 579 $post_data['icon_id'] = (!isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id']; 580 $post_data['poll_options'] = array(); 581 582 // Get Poll Data 583 if ($post_data['poll_start']) 584 { 585 $sql = 'SELECT poll_option_text 586 FROM ' . POLL_OPTIONS_TABLE . " 587 WHERE topic_id = $topic_id 588 ORDER BY poll_option_id"; 589 $result = $db->sql_query($sql); 590 591 while ($row = $db->sql_fetchrow($result)) 592 { 593 $post_data['poll_options'][] = trim($row['poll_option_text']); 594 } 595 $db->sql_freeresult($result); 596 } 597 598 /** 599 * This event allows you to modify the post data before parsing 600 * 601 * @event core.posting_modify_post_data 602 * @var int forum_id ID of the forum 603 * @var string mode What action to take if the form has been submitted 604 * post|reply|quote|edit|delete|bump|smilies|popup 605 * @var array post_data Array with post data 606 * @var int post_id ID of the post 607 * @var int topic_id ID of the topic 608 * @since 3.2.2-RC1 609 */ 610 $vars = array( 611 'forum_id', 612 'mode', 613 'post_data', 614 'post_id', 615 'topic_id', 616 ); 617 extract($phpbb_dispatcher->trigger_event('core.posting_modify_post_data', compact($vars))); 618 619 if ($mode == 'edit') 620 { 621 $original_poll_data = array( 622 'poll_title' => $post_data['poll_title'], 623 'poll_length' => $post_data['poll_length'], 624 'poll_max_options' => $post_data['poll_max_options'], 625 'poll_option_text' => implode("\n", $post_data['poll_options']), 626 'poll_start' => $post_data['poll_start'], 627 'poll_last_vote' => $post_data['poll_last_vote'], 628 'poll_vote_change' => $post_data['poll_vote_change'], 629 ); 630 } 631 632 $orig_poll_options_size = count($post_data['poll_options']); 633 634 $message_parser = new parse_message(); 635 /* @var $plupload \phpbb\plupload\plupload */ 636 $plupload = $phpbb_container->get('plupload'); 637 638 /* @var $mimetype_guesser \phpbb\mimetype\guesser */ 639 $mimetype_guesser = $phpbb_container->get('mimetype.guesser'); 640 $message_parser->set_plupload($plupload); 641 642 if (isset($post_data['post_text'])) 643 { 644 $message_parser->message = &$post_data['post_text']; 645 unset($post_data['post_text']); 646 } 647 648 // Set some default variables 649 $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0); 650 651 /** 652 * This event allows you to modify the default variables for post_data, and unset them in post_data if needed 653 * 654 * @event core.posting_modify_default_variables 655 * @var array post_data Array with post data 656 * @var array uninit Array with default vars to put into post_data, if they aren't there 657 * @since 3.2.5-RC1 658 */ 659 $vars = array( 660 'post_data', 661 'uninit', 662 ); 663 extract($phpbb_dispatcher->trigger_event('core.posting_modify_default_variables', compact($vars))); 664 665 foreach ($uninit as $var_name => $default_value) 666 { 667 if (!isset($post_data[$var_name])) 668 { 669 $post_data[$var_name] = $default_value; 670 } 671 } 672 unset($uninit); 673 674 // Always check if the submitted attachment data is valid and belongs to the user. 675 // Further down (especially in submit_post()) we do not check this again. 676 $message_parser->get_submitted_attachment_data($post_data['poster_id']); 677 678 if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit') 679 { 680 // Do not change to SELECT * 681 $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize 682 FROM ' . ATTACHMENTS_TABLE . " 683 WHERE post_msg_id = $post_id 684 AND in_message = 0 685 AND is_orphan = 0 686 ORDER BY attach_id DESC"; 687 $result = $db->sql_query($sql); 688 $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result)); 689 $db->sql_freeresult($result); 690 } 691 692 if ($post_data['poster_id'] == ANONYMOUS) 693 { 694 $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['post_username']) : ''; 695 } 696 else 697 { 698 $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['username']) : ''; 699 } 700 701 $post_data['enable_urls'] = $post_data['enable_magic_url']; 702 703 if ($mode != 'edit') 704 { 705 $post_data['enable_sig'] = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false; 706 $post_data['enable_smilies'] = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false; 707 $post_data['enable_bbcode'] = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false; 708 $post_data['enable_urls'] = true; 709 } 710 711 if ($mode == 'post') 712 { 713 $post_data['topic_status'] = ($request->is_set_post('lock_topic') && $auth->acl_gets('m_lock', 'f_user_lock', $forum_id)) ? ITEM_LOCKED : ITEM_UNLOCKED; 714 } 715 716 $post_data['enable_magic_url'] = $post_data['drafts'] = false; 717 718 // User own some drafts? 719 if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote')) 720 { 721 $sql = 'SELECT draft_id 722 FROM ' . DRAFTS_TABLE . ' 723 WHERE user_id = ' . $user->data['user_id'] . 724 (($forum_id) ? ' AND forum_id = ' . (int) $forum_id : '') . 725 (($topic_id) ? ' AND topic_id = ' . (int) $topic_id : '') . 726 (($draft_id) ? " AND draft_id <> $draft_id" : ''); 727 $result = $db->sql_query_limit($sql, 1); 728 729 if ($db->sql_fetchrow($result)) 730 { 731 $post_data['drafts'] = true; 732 } 733 $db->sql_freeresult($result); 734 } 735 736 $check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1); 737 738 // Check if user is watching this topic 739 if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered']) 740 { 741 $sql = 'SELECT topic_id 742 FROM ' . TOPICS_WATCH_TABLE . ' 743 WHERE topic_id = ' . $topic_id . ' 744 AND user_id = ' . $user->data['user_id']; 745 $result = $db->sql_query($sql); 746 $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id'); 747 $db->sql_freeresult($result); 748 } 749 750 // Do we want to edit our post ? 751 if ($mode == 'edit' && $post_data['bbcode_uid']) 752 { 753 $message_parser->bbcode_uid = $post_data['bbcode_uid']; 754 } 755 756 // HTML, BBCode, Smilies, Images and Flash status 757 $bbcode_status = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false; 758 $smilies_status = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false; 759 $img_status = ($bbcode_status && $auth->acl_get('f_img', $forum_id)) ? true : false; 760 $url_status = ($config['allow_post_links']) ? true : false; 761 $flash_status = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false; 762 $quote_status = true; 763 764 /** 765 * Event to override message BBCode status indications 766 * 767 * @event core.posting_modify_bbcode_status 768 * 769 * @var bool bbcode_status BBCode status 770 * @var bool smilies_status Smilies status 771 * @var bool img_status Image BBCode status 772 * @var bool url_status URL BBCode status 773 * @var bool flash_status Flash BBCode status 774 * @var bool quote_status Quote BBCode status 775 * @since 3.3.3-RC1 776 */ 777 $vars = [ 778 'bbcode_status', 779 'smilies_status', 780 'img_status', 781 'url_status', 782 'flash_status', 783 'quote_status', 784 ]; 785 extract($phpbb_dispatcher->trigger_event('core.posting_modify_bbcode_status', compact($vars))); 786 787 // Save Draft 788 if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote')) 789 { 790 $subject = $request->variable('subject', '', true); 791 $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject; 792 $message = $request->variable('message', '', true); 793 794 /** 795 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR. 796 * Using their Numeric Character Reference's Hexadecimal notation. 797 */ 798 $subject = utf8_encode_ucr($subject); 799 800 if ($subject && $message) 801 { 802 if (confirm_box(true)) 803 { 804 $message_parser->message = $message; 805 $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']); 806 807 $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 808 'user_id' => (int) $user->data['user_id'], 809 'topic_id' => (int) $topic_id, 810 'forum_id' => (int) $forum_id, 811 'save_time' => (int) $current_time, 812 'draft_subject' => (string) $subject, 813 'draft_message' => (string) $message_parser->message) 814 ); 815 $db->sql_query($sql); 816 817 /** @var \phpbb\attachment\manager $attachment_manager */ 818 $attachment_manager = $phpbb_container->get('attachment.manager'); 819 $attachment_manager->delete('attach', array_column($message_parser->attachment_data, 'attach_id')); 820 821 $meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id"); 822 823 meta_refresh(3, $meta_info); 824 825 $message = $user->lang['DRAFT_SAVED'] . '<br /><br />'; 826 $message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : ''; 827 $message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>'); 828 829 trigger_error($message); 830 } 831 else 832 { 833 $s_hidden_fields = build_hidden_fields(array( 834 'mode' => $mode, 835 'save' => true, 836 'f' => $forum_id, 837 't' => $topic_id, 838 'subject' => $subject, 839 'message' => $message, 840 'attachment_data' => $message_parser->attachment_data, 841 ) 842 ); 843 844 $hidden_fields = array( 845 'icon_id' => 0, 846 847 'disable_bbcode' => false, 848 'disable_smilies' => false, 849 'disable_magic_url' => false, 850 'attach_sig' => true, 851 'lock_topic' => false, 852 853 'topic_type' => POST_NORMAL, 854 'topic_time_limit' => 0, 855 856 'poll_title' => '', 857 'poll_option_text' => '', 858 'poll_max_options' => 1, 859 'poll_length' => 0, 860 'poll_vote_change' => false, 861 ); 862 863 foreach ($hidden_fields as $name => $default) 864 { 865 if (!isset($_POST[$name])) 866 { 867 // Don't include it, if its not available 868 unset($hidden_fields[$name]); 869 continue; 870 } 871 872 if (is_bool($default)) 873 { 874 // Use the string representation 875 $hidden_fields[$name] = $request->variable($name, ''); 876 } 877 else 878 { 879 $hidden_fields[$name] = $request->variable($name, $default); 880 } 881 } 882 883 $s_hidden_fields .= build_hidden_fields($hidden_fields); 884 885 confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields); 886 } 887 } 888 else 889 { 890 if (utf8_clean_string($subject) === '') 891 { 892 $error[] = $user->lang['EMPTY_SUBJECT']; 893 } 894 895 if (utf8_clean_string($message) === '') 896 { 897 $error[] = $user->lang['TOO_FEW_CHARS']; 898 } 899 } 900 unset($subject, $message); 901 } 902 903 // Load requested Draft 904 if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts')) 905 { 906 $sql = 'SELECT draft_subject, draft_message 907 FROM ' . DRAFTS_TABLE . " 908 WHERE draft_id = $draft_id 909 AND user_id = " . $user->data['user_id']; 910 $result = $db->sql_query_limit($sql, 1); 911 $row = $db->sql_fetchrow($result); 912 $db->sql_freeresult($result); 913 914 if ($row) 915 { 916 $post_data['post_subject'] = $row['draft_subject']; 917 $message_parser->message = $row['draft_message']; 918 919 $template->assign_var('S_DRAFT_LOADED', true); 920 } 921 else 922 { 923 $draft_id = 0; 924 } 925 } 926 927 // Load draft overview 928 if ($load && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_data['drafts']) 929 { 930 load_drafts($topic_id, $forum_id); 931 } 932 933 /** @var \phpbb\textformatter\utils_interface $bbcode_utils */ 934 $bbcode_utils = $phpbb_container->get('text_formatter.utils'); 935 936 if ($submit || $preview || $refresh) 937 { 938 $post_data['topic_cur_post_id'] = $request->variable('topic_cur_post_id', 0); 939 $post_data['post_subject'] = $request->variable('subject', '', true); 940 $message_parser->message = $request->variable('message', '', true); 941 942 $post_data['username'] = $request->variable('username', $post_data['username'], true); 943 $post_data['post_edit_reason'] = ($request->variable('edit_reason', false, false, \phpbb\request\request_interface::POST) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? $request->variable('edit_reason', '', true) : ''; 944 945 $post_data['orig_topic_type'] = $post_data['topic_type']; 946 $post_data['topic_type'] = $request->variable('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL)); 947 $post_data['topic_time_limit'] = $request->variable('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0)); 948 949 if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id)) 950 { 951 $post_data['icon_id'] = $request->variable('icon', (int) $post_data['icon_id']); 952 } 953 954 $post_data['enable_bbcode'] = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; 955 $post_data['enable_smilies'] = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; 956 $post_data['enable_urls'] = (isset($_POST['disable_magic_url'])) ? 0 : 1; 957 $post_data['enable_sig'] = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false); 958 959 if ($config['allow_topic_notify'] && $user->data['is_registered']) 960 { 961 $notify = (isset($_POST['notify'])) ? true : false; 962 } 963 else 964 { 965 $notify = false; 966 } 967 968 $topic_lock = (isset($_POST['lock_topic'])) ? true : false; 969 $post_lock = (isset($_POST['lock_post'])) ? true : false; 970 $poll_delete = (isset($_POST['poll_delete'])) ? true : false; 971 972 if ($submit) 973 { 974 $status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1); 975 $status_switch = ($status_switch != $check_value); 976 } 977 else 978 { 979 $status_switch = 1; 980 } 981 982 // Delete Poll 983 if ($poll_delete && $mode == 'edit' && count($post_data['poll_options']) && 984 ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))) 985 { 986 if ($submit && check_form_key('posting')) 987 { 988 $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . " 989 WHERE topic_id = $topic_id"; 990 $db->sql_query($sql); 991 992 $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . " 993 WHERE topic_id = $topic_id"; 994 $db->sql_query($sql); 995 996 $topic_sql = array( 997 'poll_title' => '', 998 'poll_start' => 0, 999 'poll_length' => 0, 1000 'poll_last_vote' => 0, 1001 'poll_max_options' => 0, 1002 'poll_vote_change' => 0 1003 ); 1004 1005 $sql = 'UPDATE ' . TOPICS_TABLE . ' 1006 SET ' . $db->sql_build_array('UPDATE', $topic_sql) . " 1007 WHERE topic_id = $topic_id"; 1008 $db->sql_query($sql); 1009 } 1010 1011 $post_data['poll_title'] = $post_data['poll_option_text'] = ''; 1012 $post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0; 1013 } 1014 else 1015 { 1016 $post_data['poll_title'] = $request->variable('poll_title', '', true); 1017 $post_data['poll_length'] = $request->variable('poll_length', 0); 1018 $post_data['poll_option_text'] = $request->variable('poll_option_text', '', true); 1019 $post_data['poll_max_options'] = $request->variable('poll_max_options', 1); 1020 $post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0; 1021 } 1022 1023 // If replying/quoting and last post id has changed 1024 // give user option to continue submit or return to post 1025 // notify and show user the post made between his request and the final submit 1026 if (($mode == 'reply' || $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id']) 1027 { 1028 // Only do so if it is allowed forum-wide 1029 if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) 1030 { 1031 if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id'])) 1032 { 1033 $template->assign_var('S_POST_REVIEW', true); 1034 } 1035 1036 $submit = false; 1037 $refresh = true; 1038 } 1039 } 1040 1041 // Parse Attachments - before checksum is calculated 1042 if ($message_parser->check_attachment_form_token($language, $request, 'posting')) 1043 { 1044 $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); 1045 } 1046 1047 /** 1048 * This event allows you to modify message text before parsing 1049 * 1050 * @event core.posting_modify_message_text 1051 * @var array post_data Array with post data 1052 * @var string mode What action to take if the form is submitted 1053 * post|reply|quote|edit|delete|bump|smilies|popup 1054 * @var int post_id ID of the post 1055 * @var int topic_id ID of the topic 1056 * @var int forum_id ID of the forum 1057 * @var bool submit Whether or not the form has been submitted 1058 * @var bool preview Whether or not the post is being previewed 1059 * @var bool save Whether or not a draft is being saved 1060 * @var bool load Whether or not a draft is being loaded 1061 * @var bool cancel Whether or not to cancel the form (returns to 1062 * viewtopic or viewforum depending on if the user 1063 * is posting a new topic or editing a post) 1064 * @var bool refresh Whether or not to retain previously submitted data 1065 * @var object message_parser The message parser object 1066 * @var array error Array of errors 1067 * @since 3.1.2-RC1 1068 * @changed 3.1.11-RC1 Added error 1069 */ 1070 $vars = array( 1071 'post_data', 1072 'mode', 1073 'post_id', 1074 'topic_id', 1075 'forum_id', 1076 'submit', 1077 'preview', 1078 'save', 1079 'load', 1080 'cancel', 1081 'refresh', 1082 'message_parser', 1083 'error', 1084 ); 1085 extract($phpbb_dispatcher->trigger_event('core.posting_modify_message_text', compact($vars))); 1086 1087 // Grab md5 'checksum' of new message 1088 $message_md5 = md5($message_parser->message); 1089 1090 // If editing and checksum has changed we know the post was edited while we're editing 1091 // Notify and show user the changed post 1092 if ($mode == 'edit' && $post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) 1093 { 1094 $edit_post_message_checksum = $request->variable('edit_post_message_checksum', ''); 1095 $edit_post_subject_checksum = $request->variable('edit_post_subject_checksum', ''); 1096 1097 // $post_data['post_checksum'] is the checksum of the post submitted in the meantime 1098 // $message_md5 is the checksum of the post we're about to submit 1099 // $edit_post_message_checksum is the checksum of the post we're editing 1100 // ... 1101 1102 // We make sure nobody else made exactly the same change 1103 // we're about to submit by also checking $message_md5 != $post_data['post_checksum'] 1104 if ($edit_post_message_checksum !== '' && 1105 $edit_post_message_checksum != $post_data['post_checksum'] && 1106 $message_md5 != $post_data['post_checksum'] 1107 || 1108 $edit_post_subject_checksum !== '' && 1109 $edit_post_subject_checksum != $post_data['post_subject_md5'] && 1110 md5($post_data['post_subject']) != $post_data['post_subject_md5']) 1111 { 1112 if (topic_review($topic_id, $forum_id, 'post_review_edit', $post_id)) 1113 { 1114 $template->assign_vars(array( 1115 'S_POST_REVIEW' => true, 1116 1117 'L_POST_REVIEW' => $user->lang['POST_REVIEW_EDIT'], 1118 'L_POST_REVIEW_EXPLAIN' => $user->lang['POST_REVIEW_EDIT_EXPLAIN'], 1119 )); 1120 } 1121 1122 $submit = false; 1123 $refresh = true; 1124 } 1125 } 1126 1127 // Check checksum ... don't re-parse message if the same 1128 $update_message = ($mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN) ? true : false; 1129 1130 // Also check if subject got updated... 1131 $update_subject = $mode != 'edit' || ($post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject'])); 1132 1133 // Parse message 1134 if ($update_message) 1135 { 1136 if (count($message_parser->warn_msg)) 1137 { 1138 $error[] = implode('<br />', $message_parser->warn_msg); 1139 $message_parser->warn_msg = array(); 1140 } 1141 1142 if (!$preview || !empty($message_parser->message)) 1143 { 1144 $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']); 1145 } 1146 1147 // On a refresh we do not care about message parsing errors 1148 if (count($message_parser->warn_msg) && $refresh && !$preview) 1149 { 1150 $message_parser->warn_msg = array(); 1151 } 1152 } 1153 else 1154 { 1155 $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield']; 1156 } 1157 1158 $ignore_flood = $auth->acl_get('u_ignoreflood') ? true : $auth->acl_get('f_ignoreflood', $forum_id); 1159 if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$ignore_flood) 1160 { 1161 // Flood check 1162 $last_post_time = 0; 1163 1164 if ($user->data['is_registered']) 1165 { 1166 $last_post_time = $user->data['user_lastpost_time']; 1167 } 1168 else 1169 { 1170 $sql = 'SELECT post_time AS last_post_time 1171 FROM ' . POSTS_TABLE . " 1172 WHERE poster_ip = '" . $user->ip . "' 1173 AND post_time > " . ($current_time - $config['flood_interval']); 1174 $result = $db->sql_query_limit($sql, 1); 1175 if ($row = $db->sql_fetchrow($result)) 1176 { 1177 $last_post_time = $row['last_post_time']; 1178 } 1179 $db->sql_freeresult($result); 1180 } 1181 1182 if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval'])) 1183 { 1184 $error[] = $user->lang['FLOOD_ERROR']; 1185 } 1186 } 1187 1188 // Validate username 1189 if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username'])) 1190 { 1191 if (!function_exists('validate_username')) 1192 { 1193 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 1194 } 1195 1196 $user->add_lang('ucp'); 1197 1198 if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false) 1199 { 1200 $error[] = $user->lang[$result . '_USERNAME']; 1201 } 1202 1203 if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false) 1204 { 1205 $min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars']; 1206 $error[] = $user->lang('FIELD_' . $result, $min_max_amount, $user->lang['USERNAME']); 1207 } 1208 } 1209 1210 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) 1211 { 1212 $captcha_data = array( 1213 'message' => $request->variable('message', '', true), 1214 'subject' => $request->variable('subject', '', true), 1215 'username' => $request->variable('username', '', true), 1216 ); 1217 $vc_response = $captcha->validate($captcha_data); 1218 if ($vc_response) 1219 { 1220 $error[] = $vc_response; 1221 } 1222 } 1223 1224 // check form 1225 if (($submit || $preview) && !check_form_key('posting')) 1226 { 1227 $error[] = $user->lang['FORM_INVALID']; 1228 } 1229 1230 if ($submit && $mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED && !$request->is_set_post('delete') && $auth->acl_get('m_approve', $forum_id)) 1231 { 1232 $is_first_post = ($post_id <= $post_data['topic_first_post_id'] || !$post_data['topic_posts_approved']); 1233 $is_last_post = ($post_id >= $post_data['topic_last_post_id'] || !$post_data['topic_posts_approved']); 1234 $updated_post_data = $phpbb_content_visibility->set_post_visibility(ITEM_APPROVED, $post_id, $post_data['topic_id'], $post_data['forum_id'], $user->data['user_id'], time(), '', $is_first_post, $is_last_post); 1235 1236 if (!empty($updated_post_data)) 1237 { 1238 // Update the post_data, so we don't need to refetch it. 1239 $post_data = array_merge($post_data, $updated_post_data); 1240 } 1241 } 1242 1243 // Parse subject 1244 if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) 1245 { 1246 $error[] = $user->lang['EMPTY_SUBJECT']; 1247 } 1248 1249 /** 1250 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR. 1251 * Using their Numeric Character Reference's Hexadecimal notation. 1252 * Check the permissions for posting Emojis first. 1253 */ 1254 if ($auth->acl_get('u_emoji')) 1255 { 1256 $post_data['post_subject'] = utf8_encode_ucr($post_data['post_subject']); 1257 } 1258 else 1259 { 1260 /** 1261 * Check for out-of-bounds characters that are currently 1262 * not supported by utf8_bin in MySQL 1263 */ 1264 if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches)) 1265 { 1266 $character_list = implode('<br>', $matches[0]); 1267 1268 $error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list); 1269 } 1270 } 1271 1272 $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0; 1273 1274 if ($post_data['poll_option_text'] && 1275 ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/)) 1276 && $auth->acl_get('f_poll', $forum_id)) 1277 { 1278 $poll = array( 1279 'poll_title' => $post_data['poll_title'], 1280 'poll_length' => $post_data['poll_length'], 1281 'poll_max_options' => $post_data['poll_max_options'], 1282 'poll_option_text' => $post_data['poll_option_text'], 1283 'poll_start' => $post_data['poll_start'], 1284 'poll_last_vote' => $post_data['poll_last_vote'], 1285 'poll_vote_change' => $post_data['poll_vote_change'], 1286 'enable_bbcode' => $post_data['enable_bbcode'], 1287 'enable_urls' => $post_data['enable_urls'], 1288 'enable_smilies' => $post_data['enable_smilies'], 1289 'img_status' => $img_status 1290 ); 1291 1292 $message_parser->parse_poll($poll); 1293 1294 $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array(); 1295 $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : ''; 1296 1297 /* We reset votes, therefore also allow removing options 1298 if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size)) 1299 { 1300 $message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS']; 1301 }*/ 1302 } 1303 else if ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id)) 1304 { 1305 // The user removed all poll options, this is equal to deleting the poll. 1306 $poll = array( 1307 'poll_title' => '', 1308 'poll_length' => 0, 1309 'poll_max_options' => 0, 1310 'poll_option_text' => '', 1311 'poll_start' => 0, 1312 'poll_last_vote' => 0, 1313 'poll_vote_change' => 0, 1314 'poll_options' => array(), 1315 ); 1316 1317 $post_data['poll_options'] = array(); 1318 $post_data['poll_title'] = ''; 1319 $post_data['poll_start'] = $post_data['poll_length'] = $post_data['poll_max_options'] = $post_data['poll_last_vote'] = $post_data['poll_vote_change'] = 0; 1320 } 1321 else if (!$auth->acl_get('f_poll', $forum_id) && ($mode == 'edit') && ($post_id == $post_data['topic_first_post_id']) && !$bbcode_utils->is_empty($original_poll_data['poll_title'])) 1322 { 1323 // We have a poll but the editing user is not permitted to create/edit it. 1324 // So we just keep the original poll-data. 1325 // Decode the poll title and options text fisrt. 1326 $original_poll_data['poll_title'] = $bbcode_utils->unparse($original_poll_data['poll_title']); 1327 $original_poll_data['poll_option_text'] = $bbcode_utils->unparse($original_poll_data['poll_option_text']); 1328 $original_poll_data['poll_options'] = explode("\n", $original_poll_data['poll_option_text']); 1329 1330 $poll = array_merge($original_poll_data, array( 1331 'enable_bbcode' => $post_data['enable_bbcode'], 1332 'enable_urls' => $post_data['enable_urls'], 1333 'enable_smilies' => $post_data['enable_smilies'], 1334 'img_status' => $img_status, 1335 )); 1336 1337 $message_parser->parse_poll($poll); 1338 1339 $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array(); 1340 $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : ''; 1341 } 1342 else 1343 { 1344 $poll = array(); 1345 } 1346 1347 // Check topic type 1348 if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) 1349 { 1350 switch ($post_data['topic_type']) 1351 { 1352 case POST_GLOBAL: 1353 $auth_option = 'f_announce_global'; 1354 break; 1355 1356 case POST_ANNOUNCE: 1357 $auth_option = 'f_announce'; 1358 break; 1359 1360 case POST_STICKY: 1361 $auth_option = 'f_sticky'; 1362 break; 1363 1364 default: 1365 $auth_option = ''; 1366 break; 1367 } 1368 1369 if ($auth_option != '' && !$auth->acl_get($auth_option, $forum_id)) 1370 { 1371 // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod. 1372 // Another case would be a mod not having sticky permissions for example but edit permissions. 1373 if ($mode == 'edit') 1374 { 1375 // To prevent non-authed users messing around with the topic type we reset it to the original one. 1376 $post_data['topic_type'] = $post_data['orig_topic_type']; 1377 } 1378 else 1379 { 1380 $error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))]; 1381 } 1382 } 1383 } 1384 1385 if (count($message_parser->warn_msg)) 1386 { 1387 $error[] = implode('<br />', $message_parser->warn_msg); 1388 } 1389 1390 // DNSBL check 1391 if ($config['check_dnsbl'] && !$refresh) 1392 { 1393 if (($dnsbl = $user->check_dnsbl('post')) !== false) 1394 { 1395 $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]); 1396 } 1397 } 1398 1399 /** 1400 * This event allows you to define errors before the post action is performed 1401 * 1402 * @event core.posting_modify_submission_errors 1403 * @var array post_data Array with post data 1404 * @var array poll Array with poll data from post (must be used instead of the post_data equivalent) 1405 * @var string mode What action to take if the form is submitted 1406 * post|reply|quote|edit|delete|bump|smilies|popup 1407 * @var int post_id ID of the post 1408 * @var int topic_id ID of the topic 1409 * @var int forum_id ID of the forum 1410 * @var bool submit Whether or not the form has been submitted 1411 * @var array error Any error strings; a non-empty array aborts form submission. 1412 * NOTE: Should be actual language strings, NOT language keys. 1413 * @since 3.1.0-RC5 1414 * @changed 3.1.5-RC1 Added poll array to the event 1415 * @changed 3.2.0-a1 Removed undefined page_title 1416 */ 1417 $vars = array( 1418 'post_data', 1419 'poll', 1420 'mode', 1421 'post_id', 1422 'topic_id', 1423 'forum_id', 1424 'submit', 1425 'error', 1426 ); 1427 extract($phpbb_dispatcher->trigger_event('core.posting_modify_submission_errors', compact($vars))); 1428 1429 // Store message, sync counters 1430 if (!count($error) && $submit) 1431 { 1432 /** @var \phpbb\lock\posting $posting_lock */ 1433 $posting_lock = $phpbb_container->get('posting.lock'); 1434 1435 // Get creation time and form token, must be already checked at this point 1436 $creation_time = abs($request->variable('creation_time', 0)); 1437 $form_token = $request->variable('form_token', ''); 1438 1439 if ($posting_lock->acquire($creation_time, $form_token)) 1440 { 1441 // Lock/Unlock Topic 1442 $change_topic_status = $post_data['topic_status']; 1443 $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false; 1444 1445 if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock) 1446 { 1447 $change_topic_status = ITEM_UNLOCKED; 1448 } 1449 else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock) 1450 { 1451 $change_topic_status = ITEM_LOCKED; 1452 } 1453 1454 if ($change_topic_status != $post_data['topic_status']) 1455 { 1456 $sql = 'UPDATE ' . TOPICS_TABLE . " 1457 SET topic_status = $change_topic_status 1458 WHERE topic_id = $topic_id 1459 AND topic_moved_id = 0"; 1460 $db->sql_query($sql); 1461 1462 $user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : ''; 1463 1464 $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), false, array( 1465 'forum_id' => $forum_id, 1466 'topic_id' => $topic_id, 1467 $post_data['topic_title'] 1468 )); 1469 } 1470 1471 // Lock/Unlock Post Edit 1472 if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id)) 1473 { 1474 $post_data['post_edit_locked'] = ITEM_UNLOCKED; 1475 } 1476 else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id)) 1477 { 1478 $post_data['post_edit_locked'] = ITEM_LOCKED; 1479 } 1480 1481 $data = array( 1482 'topic_title' => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'], 1483 'topic_first_post_id' => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0, 1484 'topic_last_post_id' => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0, 1485 'topic_time_limit' => (int) $post_data['topic_time_limit'], 1486 'topic_attachment' => (isset($post_data['topic_attachment'])) ? (int) $post_data['topic_attachment'] : 0, 1487 'post_id' => (int) $post_id, 1488 'topic_id' => (int) $topic_id, 1489 'forum_id' => (int) $forum_id, 1490 'icon_id' => (int) $post_data['icon_id'], 1491 'poster_id' => (int) $post_data['poster_id'], 1492 'enable_sig' => (bool) $post_data['enable_sig'], 1493 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 1494 'enable_smilies' => (bool) $post_data['enable_smilies'], 1495 'enable_urls' => (bool) $post_data['enable_urls'], 1496 'enable_indexing' => (bool) $post_data['enable_indexing'], 1497 'message_md5' => (string) $message_md5, 1498 'post_checksum' => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '', 1499 'post_edit_reason' => $post_data['post_edit_reason'], 1500 'post_edit_user' => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0), 1501 'forum_parents' => $post_data['forum_parents'], 1502 'forum_name' => $post_data['forum_name'], 1503 'notify' => $notify, 1504 'notify_set' => $post_data['notify_set'], 1505 'poster_ip' => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip, 1506 'post_edit_locked' => (int) $post_data['post_edit_locked'], 1507 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 1508 'bbcode_uid' => $message_parser->bbcode_uid, 1509 'message' => $message_parser->message, 1510 'attachment_data' => $message_parser->attachment_data, 1511 'filename_data' => $message_parser->filename_data, 1512 'topic_status' => $post_data['topic_status'], 1513 1514 'topic_visibility' => (isset($post_data['topic_visibility'])) ? $post_data['topic_visibility'] : false, 1515 'post_visibility' => (isset($post_data['post_visibility'])) ? $post_data['post_visibility'] : false, 1516 ); 1517 1518 if ($mode == 'edit') 1519 { 1520 $data['topic_posts_approved'] = $post_data['topic_posts_approved']; 1521 $data['topic_posts_unapproved'] = $post_data['topic_posts_unapproved']; 1522 $data['topic_posts_softdeleted'] = $post_data['topic_posts_softdeleted']; 1523 } 1524 1525 // Only return the username when it is either a guest posting or we are editing a post and 1526 // the username was supplied; otherwise post_data might hold the data of the post that is 1527 // being quoted (which could result in the username being returned being that of the quoted 1528 // post's poster, not the poster of the current post). See: PHPBB3-11769 for more information. 1529 $post_author_name = ((!$user->data['is_registered'] || $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : ''; 1530 1531 /** 1532 * This event allows you to define errors before the post action is performed 1533 * 1534 * @event core.posting_modify_submit_post_before 1535 * @var array post_data Array with post data 1536 * @var array poll Array with poll data 1537 * @var array data Array with post data going to be stored in the database 1538 * @var string mode What action to take if the form is submitted 1539 * post|reply|quote|edit|delete 1540 * @var int post_id ID of the post 1541 * @var int topic_id ID of the topic 1542 * @var int forum_id ID of the forum 1543 * @var string post_author_name Author name for guest posts 1544 * @var bool update_message Boolean if the post message was changed 1545 * @var bool update_subject Boolean if the post subject was changed 1546 * NOTE: Should be actual language strings, NOT language keys. 1547 * @since 3.1.0-RC5 1548 * @changed 3.1.6-RC1 remove submit and error from event Submit and Error are checked previously prior to running event 1549 * @change 3.2.0-a1 Removed undefined page_title 1550 */ 1551 $vars = array( 1552 'post_data', 1553 'poll', 1554 'data', 1555 'mode', 1556 'post_id', 1557 'topic_id', 1558 'forum_id', 1559 'post_author_name', 1560 'update_message', 1561 'update_subject', 1562 ); 1563 extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_before', compact($vars))); 1564 1565 // The last parameter tells submit_post if search indexer has to be run 1566 $redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false); 1567 1568 /** 1569 * This event allows you to define errors after the post action is performed 1570 * 1571 * @event core.posting_modify_submit_post_after 1572 * @var array post_data Array with post data 1573 * @var array poll Array with poll data 1574 * @var array data Array with post data going to be stored in the database 1575 * @var string mode What action to take if the form is submitted 1576 * post|reply|quote|edit|delete 1577 * @var int post_id ID of the post 1578 * @var int topic_id ID of the topic 1579 * @var int forum_id ID of the forum 1580 * @var string post_author_name Author name for guest posts 1581 * @var bool update_message Boolean if the post message was changed 1582 * @var bool update_subject Boolean if the post subject was changed 1583 * @var string redirect_url URL the user is going to be redirected to 1584 * NOTE: Should be actual language strings, NOT language keys. 1585 * @since 3.1.0-RC5 1586 * @changed 3.1.6-RC1 remove submit and error from event Submit and Error are checked previously prior to running event 1587 * @change 3.2.0-a1 Removed undefined page_title 1588 */ 1589 $vars = array( 1590 'post_data', 1591 'poll', 1592 'data', 1593 'mode', 1594 'post_id', 1595 'topic_id', 1596 'forum_id', 1597 'post_author_name', 1598 'update_message', 1599 'update_subject', 1600 'redirect_url', 1601 ); 1602 extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_after', compact($vars))); 1603 1604 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) 1605 { 1606 $captcha->reset(); 1607 } 1608 1609 // Handle delete mode... 1610 if ($request->is_set_post('delete_permanent') || ($request->is_set_post('delete') && $post_data['post_visibility'] != ITEM_DELETED)) 1611 { 1612 $delete_reason = $request->variable('delete_reason', '', true); 1613 phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $delete_reason); 1614 return; 1615 } 1616 1617 // Check the permissions for post approval. 1618 // Moderators must go through post approval like ordinary users. 1619 if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state'])) 1620 { 1621 meta_refresh(10, $redirect_url); 1622 $message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD']; 1623 $message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']); 1624 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']) . '">', '</a>'); 1625 trigger_error($message); 1626 } 1627 1628 redirect($redirect_url); 1629 } 1630 else 1631 { 1632 // Posting was already locked before, hence form submission was already attempted once and is now invalid 1633 $error[] = $language->lang('FORM_INVALID'); 1634 } 1635 } 1636 } 1637 1638 // Preview 1639 if (!count($error) && $preview) 1640 { 1641 $post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time; 1642 1643 $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false); 1644 1645 $preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig']; 1646 $preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid']; 1647 $preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield']; 1648 1649 // Signature 1650 if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id)) 1651 { 1652 $flags = ($config['allow_sig_bbcode']) ? OPTION_FLAG_BBCODE : 0; 1653 $flags |= ($config['allow_sig_links']) ? OPTION_FLAG_LINKS : 0; 1654 $flags |= ($config['allow_sig_smilies']) ? OPTION_FLAG_SMILIES : 0; 1655 1656 $preview_signature = generate_text_for_display($preview_signature, $preview_signature_uid, $preview_signature_bitfield, $flags, false); 1657 } 1658 else 1659 { 1660 $preview_signature = ''; 1661 } 1662 1663 $preview_subject = censor_text($post_data['post_subject']); 1664 1665 // Poll Preview 1666 if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/)) 1667 && $auth->acl_get('f_poll', $forum_id)) 1668 { 1669 $parse_poll = new parse_message($post_data['poll_title']); 1670 $parse_poll->bbcode_uid = $message_parser->bbcode_uid; 1671 $parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield; 1672 1673 $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']); 1674 1675 if ($post_data['poll_length']) 1676 { 1677 $poll_end = ($post_data['poll_length'] * 86400) + (($post_data['poll_start']) ? $post_data['poll_start'] : time()); 1678 } 1679 1680 $template->assign_vars(array( 1681 'S_HAS_POLL_OPTIONS' => (count($post_data['poll_options'])), 1682 'S_IS_MULTI_CHOICE' => ($post_data['poll_max_options'] > 1) ? true : false, 1683 1684 'POLL_QUESTION' => $parse_poll->message, 1685 1686 'L_POLL_LENGTH' => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($poll_end)) : '', 1687 'L_MAX_VOTES' => $user->lang('MAX_OPTIONS_SELECT', (int) $post_data['poll_max_options']), 1688 )); 1689 1690 $preview_poll_options = array(); 1691 foreach ($post_data['poll_options'] as $poll_option) 1692 { 1693 $parse_poll->message = $poll_option; 1694 $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']); 1695 $preview_poll_options[] = $parse_poll->message; 1696 } 1697 unset($parse_poll); 1698 1699 foreach ($preview_poll_options as $key => $option) 1700 { 1701 $template->assign_block_vars('poll_option', array( 1702 'POLL_OPTION_CAPTION' => $option, 1703 'POLL_OPTION_ID' => $key + 1) 1704 ); 1705 } 1706 unset($preview_poll_options); 1707 } 1708 1709 // Attachment Preview 1710 if (count($message_parser->attachment_data)) 1711 { 1712 $template->assign_var('S_HAS_ATTACHMENTS', true); 1713 1714 $update_count = array(); 1715 $attachment_data = $message_parser->attachment_data; 1716 1717 parse_attachments($forum_id, $preview_message, $attachment_data, $update_count, true); 1718 1719 foreach ($attachment_data as $i => $attachment) 1720 { 1721 $template->assign_block_vars('attachment', array( 1722 'DISPLAY_ATTACHMENT' => $attachment) 1723 ); 1724 } 1725 unset($attachment_data); 1726 } 1727 1728 if (!count($error)) 1729 { 1730 $template->assign_vars(array( 1731 'PREVIEW_SUBJECT' => $preview_subject, 1732 'PREVIEW_MESSAGE' => $preview_message, 1733 'PREVIEW_SIGNATURE' => $preview_signature, 1734 1735 'S_DISPLAY_PREVIEW' => !empty($preview_message), 1736 )); 1737 } 1738 } 1739 1740 // Remove quotes that would become nested too deep before decoding the text 1741 $generate_quote = ($mode == 'quote' && !$submit && !$preview && !$refresh); 1742 if ($generate_quote && $config['max_quote_depth'] > 0) 1743 { 1744 $tmp_bbcode_uid = $message_parser->bbcode_uid; 1745 $message_parser->bbcode_uid = $post_data['bbcode_uid']; 1746 $message_parser->remove_nested_quotes($config['max_quote_depth'] - 1); 1747 $message_parser->bbcode_uid = $tmp_bbcode_uid; 1748 } 1749 1750 // Decode text for message display 1751 $post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !count($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid; 1752 $message_parser->decode_message($post_data['bbcode_uid']); 1753 1754 if ($generate_quote) 1755 { 1756 // Remove attachment bbcode tags from the quoted message to avoid mixing with the new post attachments if any 1757 $message_parser->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#uis', '\\2', $message_parser->message); 1758 1759 $quote_attributes = array( 1760 'author' => $post_data['quote_username'], 1761 'post_id' => $post_data['post_id'], 1762 'time' => $post_data['post_time'], 1763 'user_id' => $post_data['poster_id'], 1764 ); 1765 1766 /** 1767 * This event allows you to modify the quote attributes of the post being quoted 1768 * 1769 * @event core.posting_modify_quote_attributes 1770 * @var array quote_attributes Array with quote attributes 1771 * @var array post_data Array with post data 1772 * @since 3.2.6-RC1 1773 */ 1774 $vars = array( 1775 'quote_attributes', 1776 'post_data', 1777 ); 1778 extract($phpbb_dispatcher->trigger_event('core.posting_modify_quote_attributes', compact($vars))); 1779 1780 /** @var \phpbb\language\language $language */ 1781 $language = $phpbb_container->get('language'); 1782 phpbb_format_quote($language, $message_parser, $bbcode_utils, $bbcode_status, $quote_attributes); 1783 } 1784 1785 if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh) 1786 { 1787 $post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']); 1788 1789 $post_subject = $post_data['post_subject']; 1790 1791 /** 1792 * This event allows you to modify the post subject of the post being quoted 1793 * 1794 * @event core.posting_modify_post_subject 1795 * @var string post_subject String with the post subject already censored. 1796 * @since 3.2.8-RC1 1797 */ 1798 $vars = array('post_subject'); 1799 extract($phpbb_dispatcher->trigger_event('core.posting_modify_post_subject', compact($vars))); 1800 1801 $post_data['post_subject'] = $post_subject; 1802 } 1803 1804 $attachment_data = $message_parser->attachment_data; 1805 $filename_data = $message_parser->filename_data; 1806 $post_data['post_text'] = $message_parser->message; 1807 1808 if (count($post_data['poll_options']) || (isset($post_data['poll_title']) && !$bbcode_utils->is_empty($post_data['poll_title']))) 1809 { 1810 $message_parser->message = $post_data['poll_title']; 1811 $message_parser->bbcode_uid = $post_data['bbcode_uid']; 1812 1813 $message_parser->decode_message(); 1814 $post_data['poll_title'] = $message_parser->message; 1815 1816 $message_parser->message = implode("\n", $post_data['poll_options']); 1817 $message_parser->decode_message(); 1818 $post_data['poll_options'] = explode("\n", $message_parser->message); 1819 } 1820 1821 // MAIN POSTING PAGE BEGINS HERE 1822 1823 // Forum moderators? 1824 $moderators = array(); 1825 if ($config['load_moderators']) 1826 { 1827 get_moderators($moderators, $forum_id); 1828 } 1829 1830 // Generate smiley listing 1831 generate_smilies('inline', $forum_id); 1832 1833 // Generate inline attachment select box 1834 posting_gen_inline_attachments($attachment_data); 1835 1836 // Do show topic type selection only in first post. 1837 $topic_type_toggle = false; 1838 1839 if ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'])) 1840 { 1841 $topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']); 1842 } 1843 1844 $s_topic_icons = false; 1845 if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id)) 1846 { 1847 $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']); 1848 } 1849 1850 $bbcode_checked = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1); 1851 $smilies_checked = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1); 1852 $urls_checked = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0; 1853 $sig_checked = $post_data['enable_sig']; 1854 $lock_topic_checked = (isset($topic_lock) && $topic_lock) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0); 1855 $lock_post_checked = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked']; 1856 1857 // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting 1858 $notify_set = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set']; 1859 $notify_checked = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set); 1860 1861 // Page title & action URL 1862 $s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode"); 1863 1864 switch ($mode) 1865 { 1866 case 'post': 1867 $s_action .= $forum_id ? "&f=$forum_id" : ''; 1868 $page_title = $user->lang['POST_TOPIC']; 1869 break; 1870 1871 case 'reply': 1872 $s_action .= $topic_id ? "&t=$topic_id" : ''; 1873 $page_title = $user->lang['POST_REPLY']; 1874 break; 1875 1876 case 'quote': 1877 $s_action .= $post_id ? "&p=$post_id" : ''; 1878 $page_title = $user->lang['POST_REPLY']; 1879 break; 1880 1881 case 'delete': 1882 case 'edit': 1883 $s_action .= $post_id ? "&p=$post_id" : ''; 1884 $page_title = $user->lang['EDIT_POST']; 1885 break; 1886 } 1887 1888 // Build Navigation Links 1889 generate_forum_nav($post_data); 1890 1891 // Build Forum Rules 1892 generate_forum_rules($post_data); 1893 1894 // Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed. 1895 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) 1896 { 1897 1898 $template->assign_vars(array( 1899 'S_CONFIRM_CODE' => true, 1900 'CAPTCHA_TEMPLATE' => $captcha->get_template(), 1901 )); 1902 } 1903 1904 $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : ''; 1905 $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . $request->variable('draft_loaded', $draft_id) . '" />' : ''; 1906 1907 if ($mode == 'edit') 1908 { 1909 $s_hidden_fields .= build_hidden_fields(array( 1910 'edit_post_message_checksum' => $post_data['post_checksum'], 1911 'edit_post_subject_checksum' => $post_data['post_subject_md5'], 1912 )); 1913 } 1914 1915 // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview 1916 if (isset($captcha) && $captcha->is_solved() !== false) 1917 { 1918 $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); 1919 } 1920 1921 $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"'; 1922 add_form_key('posting'); 1923 1924 /** @var \phpbb\controller\helper $controller_helper */ 1925 $controller_helper = $phpbb_container->get('controller.helper'); 1926 1927 // Build array of variables for main posting page 1928 $page_data = array( 1929 'L_POST_A' => $page_title, 1930 'L_ICON' => ($mode == 'reply' || $mode == 'quote' || ($mode == 'edit' && $post_id != $post_data['topic_first_post_id'])) ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'], 1931 'L_MESSAGE_BODY_EXPLAIN' => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']), 1932 'L_DELETE_POST_PERMANENTLY' => $user->lang('DELETE_POST_PERMANENTLY', 1), 1933 1934 'FORUM_NAME' => $post_data['forum_name'], 1935 'FORUM_DESC' => ($post_data['forum_desc']) ? generate_text_for_display($post_data['forum_desc'], $post_data['forum_desc_uid'], $post_data['forum_desc_bitfield'], $post_data['forum_desc_options']) : '', 1936 'TOPIC_TITLE' => censor_text($post_data['topic_title']), 1937 'MODERATORS' => (count($moderators)) ? implode($user->lang['COMMA_SEPARATOR'], $moderators[$forum_id]) : '', 1938 'USERNAME' => ((!$preview && $mode != 'quote') || $preview) ? $post_data['username'] : '', 1939 'SUBJECT' => $post_data['post_subject'], 1940 'MESSAGE' => $post_data['post_text'], 1941 'BBCODE_STATUS' => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 1942 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 1943 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 1944 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 1945 'URL_STATUS' => ($bbcode_status && $url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 1946 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 1947 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']), 1948 'POST_DATE' => ($post_data['post_time']) ? $user->format_date($post_data['post_time']) : '', 1949 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 1950 'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'], 1951 'EDIT_REASON' => $request->variable('edit_reason', '', true), 1952 'SHOW_PANEL' => $request->variable('show_panel', ''), 1953 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"), 1954 'U_VIEW_TOPIC' => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id") : '', 1955 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup"), 1956 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup")), 1957 1958 'S_PRIVMSGS' => false, 1959 'S_CLOSE_PROGRESS_WINDOW' => (isset($_POST['add_file'])) ? true : false, 1960 'S_EDIT_POST' => ($mode == 'edit') ? true : false, 1961 'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false, 1962 'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false, 1963 'S_SHOW_TOPIC_ICONS' => $s_topic_icons, 1964 'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])) || $auth->acl_get('m_delete', $forum_id))) ? true : false, 1965 'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0, 1966 'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '', 1967 'S_SMILIES_ALLOWED' => $smilies_status, 1968 'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '', 1969 'S_SIG_ALLOWED' => ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false, 1970 'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '', 1971 'S_NOTIFY_ALLOWED' => (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify'] || !$config['email_enable']) ? false : true, 1972 'S_NOTIFY_CHECKED' => ($notify_checked) ? ' checked="checked"' : '', 1973 'S_LOCK_TOPIC_ALLOWED' => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote' || $mode == 'post') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false, 1974 'S_LOCK_TOPIC_CHECKED' => ($lock_topic_checked) ? ' checked="checked"' : '', 1975 'S_LOCK_POST_ALLOWED' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false, 1976 'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? ' checked="checked"' : '', 1977 'S_SOFTDELETE_CHECKED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? ' checked="checked"' : '', 1978 'S_SOFTDELETE_ALLOWED' => ($mode == 'edit' && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $lock_post_checked) && $post_id == $post_data['topic_last_post_id'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])) ? true : false, 1979 'S_RESTORE_ALLOWED' => $auth->acl_get('m_approve', $forum_id), 1980 'S_IS_DELETED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? true : false, 1981 'S_LINKS_ALLOWED' => $url_status, 1982 'S_MAGIC_URL_CHECKED' => ($urls_checked) ? ' checked="checked"' : '', 1983 'S_TYPE_TOGGLE' => $topic_type_toggle, 1984 'S_SAVE_ALLOWED' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $mode != 'edit') ? true : false, 1985 'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false, 1986 'S_FORM_ENCTYPE' => $form_enctype, 1987 1988 'S_BBCODE_IMG' => $img_status, 1989 'S_BBCODE_URL' => $url_status, 1990 'S_BBCODE_FLASH' => $flash_status, 1991 'S_BBCODE_QUOTE' => $quote_status, 1992 1993 'S_POST_ACTION' => $s_action, 1994 'S_HIDDEN_FIELDS' => $s_hidden_fields, 1995 'S_ATTACH_DATA' => json_encode($message_parser->attachment_data), 1996 'S_IN_POSTING' => true, 1997 ); 1998 1999 // Build custom bbcodes array 2000 display_custom_bbcodes(); 2001 2002 // Poll entry 2003 if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/)) 2004 && $auth->acl_get('f_poll', $forum_id)) 2005 { 2006 $page_data = array_merge($page_data, array( 2007 'S_SHOW_POLL_BOX' => true, 2008 'S_POLL_VOTE_CHANGE' => ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id)), 2009 'S_POLL_DELETE' => ($mode == 'edit' && count($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))), 2010 'S_POLL_DELETE_CHECKED' => (!empty($poll_delete)) ? true : false, 2011 2012 'L_POLL_OPTIONS_EXPLAIN' => $user->lang('POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN', (int) $config['max_poll_options']), 2013 2014 'VOTE_CHANGE_CHECKED' => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '', 2015 'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '', 2016 'POLL_OPTIONS' => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '', 2017 'POLL_MAX_OPTIONS' => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1, 2018 'POLL_LENGTH' => $post_data['poll_length'], 2019 ) 2020 ); 2021 } 2022 2023 /** 2024 * This event allows you to modify template variables for the posting screen 2025 * 2026 * @event core.posting_modify_template_vars 2027 * @var array post_data Array with post data 2028 * @var array moderators Array with forum moderators 2029 * @var string mode What action to take if the form is submitted 2030 * post|reply|quote|edit|delete|bump|smilies|popup 2031 * @var string page_title Title of the mode page 2032 * @var bool s_topic_icons Whether or not to show the topic icons 2033 * @var string form_enctype If attachments are allowed for this form 2034 * "multipart/form-data" or empty string 2035 * @var string s_action The URL to submit the POST data to 2036 * @var string s_hidden_fields Concatenated hidden input tags of posting form 2037 * @var int post_id ID of the post 2038 * @var int topic_id ID of the topic 2039 * @var int forum_id ID of the forum 2040 * @var int draft_id ID of the draft 2041 * @var bool submit Whether or not the form has been submitted 2042 * @var bool preview Whether or not the post is being previewed 2043 * @var bool save Whether or not a draft is being saved 2044 * @var bool load Whether or not a draft is being loaded 2045 * @var bool cancel Whether or not to cancel the form (returns to 2046 * viewtopic or viewforum depending on if the user 2047 * is posting a new topic or editing a post) 2048 * @var array error Any error strings; a non-empty array aborts 2049 * form submission. 2050 * NOTE: Should be actual language strings, NOT 2051 * language keys. 2052 * @var bool refresh Whether or not to retain previously submitted data 2053 * @var array page_data Posting page data that should be passed to the 2054 * posting page via $template->assign_vars() 2055 * @var object message_parser The message parser object 2056 * @since 3.1.0-a1 2057 * @changed 3.1.0-b3 Added vars post_data, moderators, mode, page_title, 2058 * s_topic_icons, form_enctype, s_action, s_hidden_fields, 2059 * post_id, topic_id, forum_id, submit, preview, save, load, 2060 * delete, cancel, refresh, error, page_data, message_parser 2061 * @changed 3.1.2-RC1 Removed 'delete' var as it does not exist 2062 * @changed 3.1.5-RC1 Added poll variables to the page_data array 2063 * @changed 3.1.6-RC1 Added 'draft_id' var 2064 */ 2065 $vars = array( 2066 'post_data', 2067 'moderators', 2068 'mode', 2069 'page_title', 2070 's_topic_icons', 2071 'form_enctype', 2072 's_action', 2073 's_hidden_fields', 2074 'post_id', 2075 'topic_id', 2076 'forum_id', 2077 'draft_id', 2078 'submit', 2079 'preview', 2080 'save', 2081 'load', 2082 'cancel', 2083 'refresh', 2084 'error', 2085 'page_data', 2086 'message_parser', 2087 ); 2088 extract($phpbb_dispatcher->trigger_event('core.posting_modify_template_vars', compact($vars))); 2089 2090 // Start assigning vars for main posting page ... 2091 $template->assign_vars($page_data); 2092 2093 // Show attachment box for adding attachments if true 2094 $allowed = ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && $form_enctype); 2095 2096 if ($allowed) 2097 { 2098 $max_files = ($auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) ? 0 : (int) $config['max_attachments']; 2099 $plupload->configure($cache, $template, $s_action, $forum_id, $max_files); 2100 } 2101 2102 // Attachment entry 2103 posting_gen_attachment_entry($attachment_data, $filename_data, $allowed, $forum_id); 2104 2105 // Output page ... 2106 page_header($page_title); 2107 2108 $template->set_filenames(array( 2109 'body' => 'posting_body.html') 2110 ); 2111 2112 make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx")); 2113 2114 // Topic review 2115 if ($mode == 'reply' || $mode == 'quote') 2116 { 2117 if (topic_review($topic_id, $forum_id)) 2118 { 2119 $template->assign_var('S_DISPLAY_REVIEW', true); 2120 } 2121 } 2122 2123 page_footer();
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Jun 23 12:25:44 2024 | Cross-referenced by PHPXref 0.7.1 |