$reportthread = ($rpforumid = $vbulletin->options['rpforumid'] AND $rpforuminfo = fetch_foruminfo($rpforumid)); $reportemail = ($vbulletin->options['enableemail'] AND $vbulletin->options['rpemail']); if (!$reportthread AND !$reportemail) { standard_error(fetch_error('emaildisabled')); } $navbits = array(); if ($blogid) { $bloginfo = verify_blog($blogid); if ($blogtextinfo AND $blogtextinfo['blogtextid'] != $bloginfo['firstblogtextid']) { if (!fetch_comment_perm('canviewcomments', $bloginfo, $blogtextinfo)) { print_no_permission(); } $reportobj = new vB_ReportItem_Blog_Comment($vbulletin); $reportobj->set_extrainfo('blog', $bloginfo); $forminfo = $reportobj->set_forminfo($blogtextinfo); } else { $blogtextinfo = array(); $bloginfo['blogtextid'] = $bloginfo['firstblogtextid']; $reportobj = new vB_ReportItem_Blog_Entry($vbulletin); $forminfo = $reportobj->set_forminfo($bloginfo); }
$vbulletin->GPC['editorid'] = preg_replace('/\\W/s', '', $vbulletin->GPC['editorid']); /* Check they can view a blog, any blog */ if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) and !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { $xml->add_tag('error', 'nopermission'); $xml->print_xml(); } $bloginfo = verify_blog($blogtextinfo['blogid'], 0, 'modifychild'); if (!$bloginfo) { $xml->add_tag('error', 'nopermission'); $xml->print_xml(); } if (!$blogtextinfo) { $xml->add_tag('error', 'nopermission'); $xml->print_xml(); } if ($bloginfo['firstblogtextid'] == $blogtextinfo['blogtextid'] or !fetch_comment_perm('caneditcomments', $bloginfo, $blogtextinfo)) { $xml->add_tag('error', 'nopermission'); $xml->print_xml(); } $show['quick_edit_form_tag'] = false; //$show['deletepostoption'] = (fetch_comment_perm('candeletecomments', $bloginfo, $blogtextinfo) OR fetch_comment_perm('canremovecomments', $bloginfo, $blogtextinfo)); $show['softdeleteoption'] = true; $show['physicaldeleteoption'] = can_moderate_blog('canremovecomments'); require_once DIR . '/includes/functions_editor.php'; $editorid = construct_edit_toolbar(htmlspecialchars_uni($blogtextinfo['pagetext']), false, 'blog_comment', $vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_allowsmilies'], $blogtextinfo['allowsmilie'], false, 'qe', $vbulletin->GPC['editorid']); $xml->add_group('quickedit'); $xml->add_tag('editor', $messagearea, array('reason' => $blogtextinfo['edit_reason'], 'parsetype' => 'blog_comment', 'parsesmilies' => $vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_allowsmilies'], 'mode' => $show['is_wysiwyg_editor'])); $xml->close_group(); $xml->print_xml(); } }
$saveparsed .= "({$comment['blogtextid']}, " . intval($bloginfo['lastcomment']) . ', ' . intval($response_handler->parsed_cache['has_images']) . ", '" . $db->escape_string($response_handler->parsed_cache['text']) . "', " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ")"; } if ($comment['dateline'] > $displayed_dateline) { $displayed_dateline = $comment['dateline']; } $oldest_comment = $comment['dateline']; if ($comment['state'] == 'deleted' or $ignore["{$comment['userid']}"]) { // be aware $factory->create can change $response['state'] $show['quickload'] = true; } } // This is only used by Quick Comment but init it either way $effective_lastcomment = max($displayed_dateline, $bloginfo['lastcomment']); $show['delete'] = (fetch_comment_perm('candeletecomments', $bloginfo) or fetch_comment_perm('canremovecomments', $bloginfo)); $show['undelete'] = fetch_comment_perm('canundeletecomments', $bloginfo); $show['approve'] = fetch_comment_perm('canmoderatecomments', $bloginfo); $show['inlinemod'] = ($responsebits and ($show['delete'] or $show['approve'] or $show['undelete'])); // Only allow AJAX QC on the last page and after one comment $allow_ajax_qc = ($comment_count > 0 and $vbulletin->GPC['pagenumber'] == ceil($comment_count / $vbulletin->options['blog_commentsperpage'])) ? 1 : 0; if ($vbulletin->userinfo['userid']) { mark_blog_read($bloginfo, $vbulletin->userinfo['userid'], $oldest_comment); } // Todo: allow ratings option or permission, hardcoded but we may want to add this $show['blograting'] = $bloginfo['state'] == 'visible'; $show['rateblog'] = ($show['blograting'] and (!$bloginfo['vote'] and $vbulletin->userinfo['userid'] or !$rated and !$vbulletin->userinfo['userid'] or $vbulletin->options['votechange'])); // Build Social Bookmark Links $guestuser = array('userid' => 0, 'usergroupid' => 0); cache_permissions($guestuser, false); $bookmarksites = ''; if ($guestuser['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'] and $vbulletin->options['socialbookmarks'] and is_array($vbulletin->bookmarksitecache) and !empty($vbulletin->bookmarksitecache) and $bloginfo['state'] == 'visible' and $bloginfo['guest_canviewmyblog'] and $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']) { foreach ($vbulletin->bookmarksitecache as $bookmarksite) {
'infractiongroupids' => $comment['blog_infractiongroupids'], 'membergroupids' => $comment['blog_membergroupids'], 'memberids' => $comment['memberids'], 'memberblogids' => $comment['memberblogids'], 'postedby_userid' => $comment['postedby_userid'], 'postedby_username' => $comment['postedby_username'], 'grouppermissions' => $comment['grouppermissions'], 'membermoderate' => $comment['membermoderate'], ); cache_permissions($trackback, false); cache_permissions($entryinfo, false); $show['edit_trackback'] = fetch_comment_perm('caneditcomments', $entryinfo, $trackback); $show['inlinemod_approve'] = fetch_comment_perm('canmoderatecomments', $entryinfo, $trackback); $show['inlinemod_delete'] = (fetch_comment_perm('candeletecomments', $entryinfo, $trackback) OR fetch_comment_perm('canremovecomments', $entryinfo, $trackback)); if ($show['inlinemod_delete'] OR $show['inlinemod_approve']) { $show['inlinemod_trackback'] = true; } $show['moderation'] = ($trackback['state'] == 'moderation'); $trackback['date'] = vbdate($vbulletin->options['dateformat'], $trackback['dateline'], true); $trackback['time'] = vbdate($vbulletin->options['timeformat'], $trackback['dateline'], true); $templater = vB_Template::create('blog_cp_manage_trackbacks_trackback'); $templater->register('trackback', $trackback); $trackbackbits .= $templater->render(); } if ($show['inlinemod_trackback']) {
/** * Fetches the permission value for a specific blog comment * * @param string The permission to check * @param array An array of information about the blog entry * @param array An array of information about the blog comment * * @return boolean Returns true if they have the permission else false */ function fetch_comment_perm($perm, $entryinfo = null, $blogtextinfo = null) { global $vbulletin; // Only moderator can manage a comment that is in a moderated/deleted post, not even the owner of the post can manage in this situation. if ( // Deleted Post ($entryinfo['state'] == 'deleted' AND !can_moderate_blog('candeleteentries') AND ($perm != 'canviewcomments' OR !is_member_of_blog($vbulletin->userinfo, $entryinfo['userid']))) OR // Moderated Post ($entryinfo['state'] == 'moderation' AND !can_moderate_blog('canmoderateentries') AND ($perm != 'canviewcomments' OR !is_member_of_blog($vbulletin->userinfo, $entryinfo))) ) { return false; } switch ($perm) { case 'canviewcomments': return ( ( ($blogtextinfo['state'] != 'deleted' OR can_moderate_blog('candeletecomments') OR is_member_of_blog($vbulletin->userinfo, $entryinfo)) AND ($blogtextinfo['state'] != 'moderation' OR is_member_of_blog($vbulletin->userinfo, $entryinfo) OR $vbulletin->userinfo['userid'] == $blogtextinfo['userid'] OR fetch_comment_perm('canmoderatecomments', $entryinfo, $blogtextinfo)) ) ); case 'caneditcomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) OR ( $vbulletin->userinfo['userid'] != $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry'] ) ) ) OR ( ($blogtextinfo['state'] == 'visible' OR $blogtextinfo['state'] == 'moderation') AND $blogtextinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_caneditowncomment'] ) OR ( can_moderate_blog('caneditcomments') AND ( $blogtextinfo['state'] != 'moderation' OR fetch_comment_perm('canmoderatecomments', $entryinfo, $blogtextinfo) ) AND ( $blogtextinfo['state'] != 'deleted' OR fetch_comment_perm('candeletecomments', $entryinfo, $blogtextinfo) ) ) ); case 'canmoderatecomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) OR ( $vbulletin->userinfo['userid'] != $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry'] ) ) ) OR ( ($blogtextinfo['state'] != 'deleted' OR can_moderate('candeletecomments')) AND can_moderate_blog('canmoderatecomments') ) ); case 'candeletecomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) OR ( $vbulletin->userinfo['userid'] != $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry'] ) ) ) OR ( can_moderate_blog('candeletecomments') ) OR ( $blogtextinfo['state'] == 'visible' AND $blogtextinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_candeleteowncomment'] ) ); case 'canremovecomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) ) ) OR ( can_moderate_blog('canremovecomments') ) ); case 'canundeletecomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) OR ( $vbulletin->userinfo['userid'] != $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry'] ) ) ) OR ( can_moderate_blog('candeletecomments') ) ); default: $handled = false; ($hook = vBulletinHook::fetch_hook('blog_fetch_comment_perm')) ? eval($hook) : false; if (!$handled) { trigger_error('fetch_comment_perm(): Argument #1; Invalid permission specified', E_USER_ERROR); } } }
'userid' => $comment['blog_userid'], 'usergroupid' => $comment['blog_usergroupid'], 'infractiongroupids' => $comment['blog_infractiongroupids'], 'membergroupids' => $comment['blog_membergroupids'], 'memberids' => $comment['memberids'], 'memberblogids' => $comment['memberblogids'], 'postedby_userid' => $comment['postedby_userid'], 'postedby_username' => $comment['postedby_username'], 'grouppermissions' => $comment['grouppermissions'], 'membermoderate' => $comment['membermoderate'], ); cache_permissions($comment, false); cache_permissions($entryinfo, false); if (!fetch_comment_perm('canundeletecomments', $entryinfo, $comment)) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_comments')); } $commentarray["$comment[blogtextid]"] = $comment; $bloglist["$comment[blogid]"] = true; if ($comment['dateline'] >= $comment['lastcomment']) { $userlist["$entryinfo[userid]"] = true; } } if (empty($commentarray)) {
); $usernamecode = vB_Template::create('newpost_usernamecode')->render(); // draw nav bar $navbits = array( 'blog.php?' . $vbulletin->session->vars['sessionurl'] . "u=$bloginfo[userid]" => $bloginfo['blog_title'], 'blog.php?' . $vbulletin->session->vars['sessionurl'] . "b=$bloginfo[blogid]" => $bloginfo['title'], '' => $vbphrase['edit_comment'], ); $show['parseurl'] = ($vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_allowbbcode']); $show['misc_options'] = ($show['parseurl'] OR !empty($disablesmiliesoption)); $show['additional_options'] = ($show['misc_options'] OR !empty($attachmentoption)); $show['edit'] = true; $show['delete'] = (fetch_comment_perm('candeletecomments', $bloginfo, $blogtextinfo) OR fetch_comment_perm('canremovecomments', $bloginfo, $blogtextinfo)); $show['physicaldeleteoption'] = can_moderate_blog('canremovecomments'); $sidebar =& build_user_sidebar($bloginfo, 0, 0, 'comment'); ($hook = vBulletinHook::fetch_hook('blog_post_editcomment_complete')) ? eval($hook) : false; $url =& $vbulletin->url; // complete $templater = vB_Template::create('blog_comment_editor'); $templater->register('attachmentoption', $attachmentoption); $templater->register('bloginfo', $bloginfo); $templater->register('blogtextinfo', $blogtextinfo); $templater->register('checked', $checked); $templater->register('disablesmiliesoption', $disablesmiliesoption); $templater->register('editorid', $editorid);
function process_display() { global $show; parent::process_display(); $show['edit_trackback'] = fetch_comment_perm('caneditcomments', $this->bloginfo, $this->response); $show['inlinemod_trackback'] = ( fetch_comment_perm('canremovecomments', $this->bloginfo) OR fetch_comment_perm('candeletecomments', $this->bloginfo) OR fetch_comment_perm('canmoderatecomments', $this->bloginfo) ); }