function qa_user_post_permit_error($permitoption, $post, $limitaction = null, $checkblocks = true)
{
return qa_user_permit_error($permitoption, $limitaction, qa_user_level_for_post($post), $checkblocks);
}
function qa_page_q_prepare_post_for_filters($post)
{
$in = array('content' => $post['content'], 'format' => $post['format'], 'text' => qa_viewer_text($post['content'], $post['format']), 'notify' => isset($post['notify']), 'email' => qa_email_validate($post['notify']) ? $post['notify'] : null, 'queued' => qa_user_moderation_reason(qa_user_level_for_post($post)) !== false);
if ($post['basetype'] == 'Q') {
$in['title'] = $post['title'];
$in['tags'] = qa_tagstring_to_tags($post['tags']);
$in['categoryid'] = $post['categoryid'];
$in['extra'] = $post['extra'];
}
return $in;
}
function qa_page_q_edit_c_submit($comment, $question, $parent, &$in, &$errors)
{
$commentid = $comment['postid'];
$prefix = 'c' . $commentid . '_';
$in = array();
if ($comment['isbyuser']) {
$in['name'] = qa_post_text($prefix . 'name');
$in['notify'] = qa_post_text($prefix . 'notify') ? true : false;
$in['email'] = qa_post_text($prefix . 'email');
}
if (!qa_user_post_permit_error('permit_edit_silent', $comment)) {
$in['silent'] = qa_post_text($prefix . 'silent');
}
qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']);
// here the $in array only contains values for parts of the form that were displayed, so those are only ones checked by filters
$errors = array();
if (!qa_check_form_security_code('edit-' . $commentid, qa_post_text($prefix . 'code'))) {
$errors['content'] = qa_lang_html('misc/form_security_again');
} else {
$in['queued'] = qa_opt('moderate_edited_again') && qa_user_moderation_reason(qa_user_level_for_post($comment));
$filtermodules = qa_load_modules_with('filter', 'filter_comment');
foreach ($filtermodules as $filtermodule) {
$oldin = $in;
$filtermodule->filter_comment($in, $errors, $question, $parent, $comment);
qa_update_post_text($in, $oldin);
}
if (empty($errors)) {
$userid = qa_get_logged_in_userid();
$handle = qa_get_logged_in_handle();
$cookieid = qa_cookie_get();
if (!isset($in['silent'])) {
$in['silent'] = false;
}
$setnotify = $comment['isbyuser'] ? qa_combine_notify_email($comment['userid'], $in['notify'], $in['email']) : $comment['notify'];
qa_comment_set_content($comment, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $parent, @$in['name'], $in['queued'], $in['silent']);
return true;
}
}
return false;
}
$qa_content['error'] = qa_insert_login_links(qa_lang_html('main/view_q_must_login'), $topage);
break;
case 'confirm':
$qa_content['error'] = qa_insert_login_links(qa_lang_html('main/view_q_must_confirm'), $topage);
break;
case 'approve':
$qa_content['error'] = qa_lang_html('main/view_q_must_be_approved');
break;
default:
$qa_content['error'] = qa_lang_html('users/no_permission');
break;
}
return $qa_content;
}
// Determine if captchas will be required
$captchareason = qa_user_captcha_reason(qa_user_level_for_post($question));
$usecaptcha = $captchareason != false;
// If we're responding to an HTTP POST, include file that handles all posting/editing/etc... logic
// This is in a separate file because it's a *lot* of logic, and will slow down ordinary page views
$pagestart = qa_get_start();
$pagestate = qa_get_state();
$showid = qa_get('show');
$pageerror = null;
$formtype = null;
$formpostid = null;
$jumptoanchor = null;
$commentsall = null;
if (substr($pagestate, 0, 13) == 'showcomments-') {
$commentsall = substr($pagestate, 13);
$pagestate = null;
} elseif (isset($showid)) {
function ra_ajax_add_answer()
{
// Load relevant information about this question
$questionid = qa_post_text('a_questionid');
$userid = qa_get_logged_in_userid();
list($question, $childposts) = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $questionid), qa_db_full_child_posts_selectspec($userid, $questionid));
// Check if the question exists, is not closed, and whether the user has permission to do this
if (@$question['basetype'] == 'Q' && !isset($question['closedbyid']) && !qa_user_post_permit_error('permit_post_a', $question, QA_LIMIT_ANSWERS)) {
require_once QA_INCLUDE_DIR . 'qa-app-captcha.php';
require_once QA_INCLUDE_DIR . 'qa-app-format.php';
require_once QA_INCLUDE_DIR . 'qa-app-post-create.php';
require_once QA_INCLUDE_DIR . 'qa-app-cookies.php';
require_once QA_INCLUDE_DIR . 'qa-page-question-view.php';
require_once QA_INCLUDE_DIR . 'qa-page-question-submit.php';
// Try to create the new answer
$usecaptcha = qa_user_use_captcha(qa_user_level_for_post($question));
$answers = qa_page_q_load_as($question, $childposts);
$answerid = qa_page_q_add_a_submit($question, $answers, false, $in, $errors);
if ($answerid) {
return true;
}
}
die;
}
require_once QA_INCLUDE_DIR . 'app/limits.php';
require_once QA_INCLUDE_DIR . 'db/selects.php';
// Load relevant information about this question
$questionid = qa_post_text('a_questionid');
$userid = qa_get_logged_in_userid();
list($question, $childposts) = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $questionid), qa_db_full_child_posts_selectspec($userid, $questionid));
// Check if the question exists, is not closed, and whether the user has permission to do this
if (@$question['basetype'] == 'Q' && !isset($question['closedbyid']) && !qa_user_post_permit_error('permit_post_a', $question, QA_LIMIT_ANSWERS)) {
require_once QA_INCLUDE_DIR . 'app/captcha.php';
require_once QA_INCLUDE_DIR . 'app/format.php';
require_once QA_INCLUDE_DIR . 'app/post-create.php';
require_once QA_INCLUDE_DIR . 'app/cookies.php';
require_once QA_INCLUDE_DIR . 'pages/question-view.php';
require_once QA_INCLUDE_DIR . 'pages/question-submit.php';
// Try to create the new answer
$usecaptcha = qa_user_use_captcha(qa_user_level_for_post($question));
$answers = qa_page_q_load_as($question, $childposts);
$answerid = qa_page_q_add_a_submit($question, $answers, $usecaptcha, $in, $errors);
// If successful, page content will be updated via Ajax
if (isset($answerid)) {
$answer = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $answerid));
$question = $question + qa_page_q_post_rules($question, null, null, $childposts);
// array union
$answer = $answer + qa_page_q_post_rules($answer, $question, $answers, null);
$usershtml = qa_userids_handles_html(array($answer), true);
$a_view = qa_page_q_answer_view($question, $answer, false, $usershtml, false);
$themeclass = qa_load_theme_class(qa_get_site_theme(), 'ajax-answer', null, null);
$themeclass->initialize();
echo "QA_AJAX_RESPONSE\n1\n";
// Send back whether the 'answer' button should still be visible
echo (int) qa_opt('allow_multi_answers') . "\n";
function do_delete($data, $post)
{
$userlevel = qa_user_level_for_post($post);
$deleteable = $post['hidden'] && !qa_user_permit_error('permit_delete_hidden', null, $userlevel);
$postid = (int) @$data['action_id'];
if (!$deleteable) {
return false;
}
require_once QA_INCLUDE_DIR . 'qa-app-posts.php';
qa_post_delete($postid);
return true;
}
function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $childposts = null)
{
if (qa_to_override(__FUNCTION__)) {
$args = func_get_args();
return qa_call_override(__FUNCTION__, $args);
}
$userid = qa_get_logged_in_userid();
$cookieid = qa_cookie_get();
$userlevel = qa_user_level_for_post($post);
$rules['isbyuser'] = qa_post_is_by_user($post, $userid, $cookieid);
$rules['queued'] = substr($post['type'], 1) == '_QUEUED';
$rules['closed'] = $post['basetype'] == 'Q' && (isset($post['closedbyid']) || isset($post['selchildid']) && qa_opt('do_close_on_select'));
// Cache some responses to the user permission checks
$permiterror_post_q = qa_user_permit_error('permit_post_q', null, $userlevel);
// don't check limits here, so we can show error message
$permiterror_post_a = qa_user_permit_error('permit_post_a', null, $userlevel);
$permiterror_post_c = qa_user_permit_error('permit_post_c', null, $userlevel);
$permiterror_edit = qa_user_permit_error($post['basetype'] == 'Q' ? 'permit_edit_q' : ($post['basetype'] == 'A' ? 'permit_edit_a' : 'permit_edit_c'), null, $userlevel);
$permiterror_retagcat = qa_user_permit_error('permit_retag_cat', null, $userlevel);
$permiterror_flag = qa_user_permit_error('permit_flag', null, $userlevel);
$permiterror_hide_show = qa_user_permit_error($rules['isbyuser'] ? null : 'permit_hide_show', null, $userlevel);
$permiterror_close_open = qa_user_permit_error($rules['isbyuser'] ? null : 'permit_close_q', null, $userlevel);
$permiterror_moderate = qa_user_permit_error('permit_moderate', null, $userlevel);
// General permissions
$rules['authorlast'] = !isset($post['lastuserid']) || $post['lastuserid'] === $post['userid'];
$rules['viewable'] = $post['hidden'] ? !$permiterror_hide_show : ($rules['queued'] ? $rules['isbyuser'] || !$permiterror_moderate : true);
// Answer, comment and edit might show the button even if the user still needs to do something (e.g. log in)
$rules['answerbutton'] = $post['type'] == 'Q' && $permiterror_post_a != 'level' && !$rules['closed'] && (qa_opt('allow_self_answer') || !$rules['isbyuser']);
$rules['commentbutton'] = ($post['type'] == 'Q' || $post['type'] == 'A') && $permiterror_post_c != 'level' && qa_opt($post['type'] == 'Q' ? 'comment_on_qs' : 'comment_on_as');
$rules['commentable'] = $rules['commentbutton'] && !$permiterror_post_c;
$rules['editbutton'] = !$post['hidden'] && !$rules['closed'] && ($rules['isbyuser'] || $permiterror_edit != 'level' && $permiterror_edit != 'approve' && !$rules['queued']);
$rules['editable'] = $rules['editbutton'] && ($rules['isbyuser'] || !$permiterror_edit);
$rules['retagcatbutton'] = $post['basetype'] == 'Q' && (qa_using_tags() || qa_using_categories()) && !$post['hidden'] && ($rules['isbyuser'] || $permiterror_retagcat != 'level' && $permiterror_retagcat != 'approve');
$rules['retagcatable'] = $rules['retagcatbutton'] && ($rules['isbyuser'] || !$permiterror_retagcat);
if ($rules['editbutton'] && $rules['retagcatbutton']) {
// only show one button since they lead to the same form
if ($rules['retagcatable'] && !$rules['editable']) {
$rules['editbutton'] = false;
} else {
$rules['retagcatbutton'] = false;
}
}
$rules['aselectable'] = $post['type'] == 'Q' && !qa_user_permit_error($rules['isbyuser'] ? null : 'permit_select_a', null, $userlevel);
$rules['flagbutton'] = qa_opt('flagging_of_posts') && !$rules['isbyuser'] && !$post['hidden'] && !$rules['queued'] && !@$post['userflag'] && $permiterror_flag != 'level' && $permiterror_flag != 'approve';
$rules['flagtohide'] = $rules['flagbutton'] && !$permiterror_flag && $post['flagcount'] + 1 >= qa_opt('flagging_hide_after');
$rules['unflaggable'] = @$post['userflag'] && !$post['hidden'];
$rules['clearflaggable'] = $post['flagcount'] >= (@$post['userflag'] ? 2 : 1) && !qa_user_permit_error('permit_hide_show', null, $userlevel);
// Other actions only show the button if it's immediately possible
$notclosedbyother = !($rules['closed'] && isset($post['closedbyid']) && !$rules['authorlast']);
$nothiddenbyother = !($post['hidden'] && !$rules['authorlast']);
$rules['closeable'] = qa_opt('allow_close_questions') && $post['type'] == 'Q' && !$rules['closed'] && !$permiterror_close_open;
$rules['reopenable'] = $rules['closed'] && isset($post['closedbyid']) && !$permiterror_close_open && !$post['hidden'] && ($notclosedbyother || !qa_user_permit_error('permit_close_q', null, $userlevel));
// cannot reopen a question if it's been hidden, or if it was closed by someone else and you don't have global closing permissions
$rules['moderatable'] = $rules['queued'] && !$permiterror_moderate;
$rules['hideable'] = !$post['hidden'] && ($rules['isbyuser'] || !$rules['queued']) && !$permiterror_hide_show && ($notclosedbyother || !qa_user_permit_error('permit_hide_show', null, $userlevel));
// cannot hide a question if it was closed by someone else and you don't have global hiding permissions
$rules['reshowimmed'] = $post['hidden'] && !qa_user_permit_error('permit_hide_show', null, $userlevel);
// means post can be reshown immediately without checking whether it needs moderation
$rules['reshowable'] = $post['hidden'] && !$permiterror_hide_show && ($rules['reshowimmed'] || $nothiddenbyother && !$post['flagcount']);
// cannot reshow a question if it was hidden by someone else, or if it has flags - unless you have global hide/show permissions
$rules['deleteable'] = $post['hidden'] && !qa_user_permit_error('permit_delete_hidden', null, $userlevel);
$rules['claimable'] = !isset($post['userid']) && isset($userid) && strlen(@$post['cookieid']) && strcmp(@$post['cookieid'], $cookieid) == 0 && !($post['basetype'] == 'Q' ? $permiterror_post_q : ($post['basetype'] == 'A' ? $permiterror_post_a : $permiterror_post_c));
$rules['followable'] = $post['type'] == 'A' ? qa_opt('follow_on_as') : false;
// Check for claims that could break rules about self answering and multiple answers
if ($rules['claimable'] && $post['basetype'] == 'A') {
if (!qa_opt('allow_self_answer') && isset($parentpost) && qa_post_is_by_user($parentpost, $userid, $cookieid)) {
$rules['claimable'] = false;
}
if (isset($siblingposts) && !qa_opt('allow_multi_answers')) {
foreach ($siblingposts as $siblingpost) {
if ($siblingpost['parentid'] == $post['parentid'] && $siblingpost['basetype'] == 'A' && qa_post_is_by_user($siblingpost, $userid, $cookieid)) {
$rules['claimable'] = false;
}
}
}
}
// Now make any changes based on the child posts
if (isset($childposts)) {
foreach ($childposts as $childpost) {
if ($childpost['parentid'] == $post['postid']) {
$rules['deleteable'] = false;
if ($childpost['basetype'] == 'A' && qa_post_is_by_user($childpost, $userid, $cookieid)) {
if (!qa_opt('allow_multi_answers')) {
$rules['answerbutton'] = false;
}
if (!qa_opt('allow_self_answer')) {
$rules['claimable'] = false;
}
}
}
}
}
// Return the resulting rules
return $rules;
}
