function remove_attachment_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; chdir("../"); $lang->load("member"); $parser = new postParser(); $input = Tapatalk_Input::filterXmlInput(array('attachment_id' => Tapatalk_Input::INT, 'forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'post_id' => Tapatalk_Input::INT), $xmlrpc_params); $fid = $input['forum_id']; $forum = get_forum($fid); if (!$forum) { return xmlrespfalse($lang->error_invalidforum); } $forumpermissions = forum_permissions($fid); if ($forum['open'] == 0 || $forum['type'] != "f") { return xmlrespfalse($lang->error_closedinvalidforum); } if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) { return tt_no_permission(); } tt_check_forum_password($forum['fid']); $posthash = $input['group_id']; $mybb->input['posthash'] = $posthash; // If we're removing an attachment that belongs to an existing post, some security checks... $query = $db->simple_select("attachments", "pid", "aid='{$input['attachment_id']}'"); $attachment = $db->fetch_array($query); $pid = $attachment['pid']; if ($pid > 0) { if ($pid != $input['post_id']) { return xmlrespfalse("The attachment you are trying to remove does not belong to this post"); } $query = $db->simple_select("posts", "*", "pid='{$pid}'"); $post = $db->fetch_array($query); if (!$post['pid']) { return xmlrespfalse($lang->error_invalidpost); } // Get thread info $tid = $post['tid']; $thread = get_thread($tid); if (!$thread['tid']) { return xmlrespfalse($lang->error_invalidthread); } if (!is_moderator($fid, "caneditposts")) { if ($thread['closed'] == 1) { return xmlrespfalse($lang->redirect_threadclosed); } if ($forumpermissions['caneditposts'] == 0) { return tt_no_permission(); } if ($mybb->user['uid'] != $post['uid']) { return tt_no_permission(); } } } else { $pid = 0; } require_once MYBB_ROOT . "inc/functions_upload.php"; remove_attachment($pid, $mybb->input['posthash'], $input['attachment_id']); return xmlresptrue(); }
$plugins->run_hooks("modcp_do_modqueue_end"); redirect("modcp.php?action=modqueue&type=posts", $lang->redirect_postsmoderated); } else { if (!empty($mybb->input['attachments'])) { $attachments = array_map("intval", array_keys($mybb->input['attachments'])); $query = $db->query("\n\t\t\tSELECT a.pid, a.aid\n\t\t\tFROM " . TABLE_PREFIX . "attachments a\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "posts p ON (a.pid=p.pid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE aid IN (" . implode(",", $attachments) . "){$tflist_queue_attach}\n\t\t"); while ($attachment = $db->fetch_array($query)) { if (!isset($mybb->input['attachments'][$attachment['aid']])) { continue; } $action = $mybb->input['attachments'][$attachment['aid']]; if ($action == "approve") { $db->update_query("attachments", array("visible" => 1), "aid='{$attachment['aid']}'"); } else { if ($action == "delete") { remove_attachment($attachment['pid'], '', $attachment['aid']); } } } $plugins->run_hooks("modcp_do_modqueue_end"); redirect("modcp.php?action=modqueue&type=attachments", $lang->redirect_attachmentsmoderated); } } } } if ($mybb->input['action'] == "modqueue") { $navsep = ''; if ($mybb->usergroup['canmanagemodqueue'] == 0) { error_no_permission(); } if ($nummodqueuethreads == 0 && $nummodqueueposts == 0 && $nummodqueueattach == 0 && $mybb->usergroup['issupermod'] != 1) {
} if (!empty($attachedfile['error'])) { $errors[] = $attachedfile['error']; $mybb->input['action'] = "newreply"; } if (!$mybb->get_input('submit')) { $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"{$pid}\" />"; $mybb->input['action'] = "newreply"; } } // Remove an attachment. if ($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); require_once MYBB_ROOT . "inc/functions_upload.php"; remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT)); if (!$mybb->get_input('submit')) { $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"{$pid}\" />"; $mybb->input['action'] = "newreply"; } } $reply_errors = $quoted_ids = ''; $hide_captcha = false; // Check the maximum posts per day for this user if ($mybb->usergroup['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1) { $daycut = TIME_NOW - 60 * 60 * 24; $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}"); $post_count = $db->fetch_field($query, "posts_today"); if ($post_count >= $mybb->usergroup['maxposts']) { $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']); error($lang->error_maxposts);
foreach ($mybb->input['orphaned_files'] as $file) { if (!@unlink(MYBB_ROOT . $mybb->settings['uploadspath'] . "/" . $file)) { $error = true; } } } // Deleting physical attachments which exist in database if (is_array($mybb->input['orphaned_attachments'])) { $mybb->input['orphaned_attachments'] = array_map("intval", $mybb->input['orphaned_attachments']); require_once MYBB_ROOT . "inc/functions_upload.php"; $query = $db->simple_select("attachments", "aid,pid,posthash", "aid IN (" . implode(",", $mybb->input['orphaned_attachments']) . ")"); while ($attachment = $db->fetch_array($query)) { if (!$attachment['pid']) { remove_attachment(null, $attachment['posthash'], $attachment['aid']); } else { remove_attachment($attachment['pid'], null, $attachment['aid']); } } } $plugins->run_hooks("admin_forum_attachments_delete_orphans_commit"); // Log admin action log_admin_action(); if ($error == true) { flash_message($lang->error_not_all_removed, 'error'); } else { flash_message($lang->success_orphan_deleted, 'success'); } admin_redirect("index.php?module=forum-attachments"); } if ($mybb->input['action'] == "orphans") { $plugins->run_hooks("admin_forum_attachments_orphans");
if ($attachedfile['error']) { $errors[] = $attachedfile['error']; $mybb->input['action'] = "newthread"; } // If we were dealing with an attachment but didn't click 'Post Thread', force the new thread page again. if (!$mybb->input['submit']) { //$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; $mybb->input['action'] = "newthread"; } } // Are we removing an attachment from the thread? if ($mybb->input['attachmentaid'] && $mybb->input['attachmentact'] == "remove") { // Verify incoming POST request verify_post_check($mybb->input['my_post_key']); require_once MYBB_ROOT . "inc/functions_upload.php"; remove_attachment($pid, $mybb->input['posthash'], $mybb->input['attachmentaid']); if (!$mybb->input['submit']) { $mybb->input['action'] = "newthread"; } } $thread_errors = ""; $hide_captcha = false; // Check the maximum posts per day for this user if ($mybb->settings['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1) { $daycut = TIME_NOW - 60 * 60 * 24; $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}"); $post_count = $db->fetch_field($query, "posts_today"); if ($post_count >= $mybb->settings['maxposts']) { $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']); error($lang->error_maxposts); }
$attachedfile = upload_attachment($_FILES['attachment'], $update_attachment); } if ($attachedfile['error']) { eval("\$attacherror = \"" . $templates->get("error_attacherror") . "\";"); $mybb->input['action'] = "editpost"; } if (!$mybb->input['submit']) { $mybb->input['action'] = "editpost"; } } if ($mybb->input['attachmentaid'] && isset($mybb->input['attachmentact']) && $mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->input['my_post_key']); $mybb->input['attachmentaid'] = intval($mybb->input['attachmentaid']); if ($mybb->input['attachmentact'] == "remove") { remove_attachment($pid, "", $mybb->input['attachmentaid']); } elseif ($mybb->input['attachmentact'] == "approve" && is_moderator($fid, 'caneditposts')) { $update_sql = array("visible" => 1); $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'"); update_thread_counters($post['tid'], array('attachmentcount' => "+1")); } elseif ($mybb->input['attachmentact'] == "unapprove" && is_moderator($fid, 'caneditposts')) { $update_sql = array("visible" => 0); $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'"); update_thread_counters($post['tid'], array('attachmentcount' => "-1")); } if (!$mybb->input['submit']) { $mybb->input['action'] = "editpost"; } } if ($mybb->input['action'] == "deletepost" && $mybb->request_method == "post") { // Verify incoming POST request