html_draw_top(sprintf("title=%s", gettext("Error"))); html_display_error_msg(gettext("That post does not exist in this thread!")); html_draw_bottom(); exit; } $post_edit_time = forum_get_setting('post_edit_time', null, 0); $uid = session::get_value('UID'); if ((forum_get_setting('allow_post_editing', 'N') || $uid != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $edit_message)); } if (forum_get_setting('require_post_approval', 'Y') && isset($edit_message['APPROVED']) && $edit_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $edit_message)); } if ($preview_message = messages_get($tid, $pid, 1)) { $preview_message['CONTENT'] = message_get_content($tid, $pid); if (strlen(trim($preview_message['CONTENT'])) < 1 && !thread_is_poll($tid)) { html_draw_top(sprintf("title=%s", gettext("Error"))); post_edit_refuse($tid, $pid); html_draw_bottom(); exit; } if ((session::get_value('UID') != $preview_message['FROM_UID'] || session::check_perm(USER_PERM_PILLORIED, 0)) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_top(sprintf("title=%s", gettext("Error"))); post_edit_refuse($tid, $pid); html_draw_bottom(); exit; } if (forum_get_setting('require_post_approval', 'Y') && isset($preview_message['APPROVED']) && $preview_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_top(sprintf("title=%s", gettext("Error"))); post_edit_refuse($tid, $pid); html_draw_bottom();
function post_delete($tid, $pid) { if (!is_numeric($tid)) { return false; } if (!is_numeric($pid)) { return false; } if (!($table_prefix = get_table_prefix())) { return false; } if (!($db = db::get())) { return false; } if (($approve_uid = session::get_value('UID')) === false) { return false; } $current_datetime = date(MYSQL_DATETIME, time()); if (thread_is_poll($tid) && $pid == 1) { $sql = "UPDATE LOW_PRIORITY `{$table_prefix}THREAD` SET POLL_FLAG = 'N', "; $sql .= "MODIFIED = CAST('{$current_datetime}' AS DATETIME) WHERE TID = '{$tid}'"; if (!$db->query($sql)) { return false; } } $sql = "UPDATE LOW_PRIORITY `{$table_prefix}THREAD` SET DELETED = 'Y', "; $sql .= "MODIFIED = CAST('{$current_datetime}' AS DATETIME) WHERE TID = '{$tid}' AND LENGTH = 1"; if (!$db->query($sql)) { return false; } $sql = "UPDATE LOW_PRIORITY `{$table_prefix}POST_CONTENT` SET CONTENT = NULL "; $sql .= "WHERE TID = '{$tid}' AND PID = '{$pid}'"; if (!$db->query($sql)) { return false; } $sql = "UPDATE LOW_PRIORITY `{$table_prefix}POST` "; $sql .= "SET APPROVED = CAST('{$current_datetime}' AS DATETIME), "; $sql .= "APPROVED_BY = '{$approve_uid}' WHERE TID = '{$tid}' "; $sql .= "AND PID = '{$pid}'"; if (!$db->query($sql)) { return false; } return true; }
$msg = $_POST['msg']; list($tid, $pid) = explode('.', $_POST['msg']); if (!($t_fid = thread_get_folder($tid, $pid))) { html_draw_error(gettext("The requested thread could not be found or access was denied.")); } } else { html_draw_error(gettext("No message specified for editing"), 'discussion.php', 'get', array('back' => gettext("Back"))); } } if (!($edit_message = messages_get($tid, $pid, 1))) { html_draw_top(sprintf("title=%s", gettext("Error"))); html_display_error_msg(gettext("That post does not exist in this thread!")); html_draw_bottom(); exit; } if (thread_is_poll($tid) && $pid == 1) { header_redirect("edit_poll.php?webtag={$webtag}&msg={$msg}"); exit; } if (session::check_perm(USER_PERM_EMAIL_CONFIRM, 0)) { html_email_confirmation_error(); exit; } if (!session::check_perm(USER_PERM_POST_EDIT | USER_PERM_POST_READ, $t_fid)) { html_draw_error(gettext("You cannot edit posts in this folder")); } if (!($thread_data = thread_get($tid))) { html_draw_error(gettext("The requested thread could not be found or access was denied.")); } $error_msg_array = array(); $show_sigs = session::get_value('VIEW_SIGS') == 'N' ? false : true;
echo " <td align=\"left\"> </td>\n"; echo " <td align=\"left\">", form_checkbox("merge_thread_con", "Y", gettext("Confirm")), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " </table>\n"; } else { if (!thread_is_poll($tid) && $thread_available_pids) { $thread_available_pids = array(' ') + $thread_available_pids; echo " <br />\n"; echo " <table class=\"box\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"posthead\">\n"; echo " <table class=\"posthead\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Merge / Split Thread"), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\">\n"; echo " <table class=\"posthead\" width=\"95%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" width=\"260\">", form_radio("thread_merge_split", 0, gettext("Merge with thread ID:"), false, false, 'posthead'), "</td>\n"; echo " <td align=\"left\" style=\"white-space: nowrap\">", form_input_text_search('merge_thread', '', 37, false, SEARCH_THREAD, false, "", "merge_thread_id"), "</td>\n";
list($tid, $pid) = explode('.', $edit_msg); if (!($fid = thread_get_folder($tid, $pid))) { html_draw_error(gettext("The requested thread could not be found or access was denied.")); } } else { if (isset($_POST['msg']) && validate_msg($_POST['msg'])) { $edit_msg = $_POST['msg']; list($tid, $pid) = explode('.', $_POST['msg']); if (!($fid = thread_get_folder($tid, $pid))) { html_draw_error(gettext("The requested thread could not be found or access was denied.")); } } else { html_draw_error(gettext("No message specified for editing")); } } if (!thread_is_poll($tid) || $pid != 1) { $uri = "edit.php?webtag={$webtag}"; if (isset($_GET['msg']) && validate_msg($_GET['msg'])) { $uri .= "&msg=" . $_GET['msg']; } else { if (isset($_POST['msg']) && validate_msg($_POST['msg'])) { $uri .= "&msg=" . $_POST['msg']; } } header_redirect($uri); } if (!folder_get_by_type_allowed(FOLDER_ALLOW_POLL_THREAD)) { html_message_type_error(); exit; } if (!($fid = thread_get_folder($tid))) {
$message['CONTENT'] = message_get_content($search_result['TID'], $search_result['PID']); $message['CONTENT'] = message_apply_formatting($message['CONTENT'], true); $message['CONTENT'] = trim(strip_tags($message['CONTENT'])); // Limit thread title to 20 characters. if (mb_strlen($message['TITLE']) > 20) { $message['TITLE'] = word_filter_add_ob_tags(mb_substr($message['TITLE'], 0, 20), true) . "…"; } else { $message['TITLE'] = word_filter_add_ob_tags($message['TITLE'], true); } // Limit displayed post content to 35 characters if (mb_strlen($message['CONTENT']) > 70) { $message['CONTENT'] = word_filter_add_ob_tags(fix_html(mb_substr($message['CONTENT'], 0, 70)), true) . "…"; } else { $message['CONTENT'] = word_filter_add_ob_tags($message['CONTENT'], true); } if (thread_is_poll($search_result['TID']) && $search_result['PID'] == 1 || strlen($message['CONTENT']) < 1) { echo " <li><p><a href=\"messages.php?webtag={$webtag}&msg={$search_result['TID']}.{$search_result['PID']}&hightlight=yes\" target=\"", html_get_frame_name('right'), "\"><b>{$message['TITLE']}</b></a><br />"; echo "<span><b>", gettext("From"), ":</b> ", word_filter_add_ob_tags(format_user_name($search_result['FROM_LOGON'], $search_result['FROM_NICKNAME']), true), ", ", format_date_time($search_result['CREATED']), "</span></p></li>\n"; } else { echo " <li><p><a href=\"messages.php?webtag={$webtag}&msg={$search_result['TID']}.{$search_result['PID']}&highlight=yes\" target=\"", html_get_frame_name('right'), "\"><b>{$message['TITLE']}</b></a><br />"; echo "{$message['CONTENT']}<br /><span><b>", gettext("From"), ":</b> ", word_filter_add_ob_tags(format_user_name($search_result['FROM_LOGON'], $search_result['FROM_NICKNAME']), true), ", ", format_date_time($search_result['CREATED']), "</span></p></li>\n"; } } } } echo "</ol>\n"; if (ceil($search_results_array['result_count'] / 20) > $page) { echo "", html_style_image('current_thread'), " <a href=\"search.php?webtag={$webtag}&page=", $page + 1, "&sort_by={$sort_by}&sort_dir={$sort_dir}\">", gettext("Find more"), "</a><br />\n"; } echo "<br />\n"; echo "<form accept-charset=\"utf-8\" name=\"f_nav\" method=\"get\" action=\"search.php\" target=\"_self\">\n";
function post_delete($tid, $pid) { if (!is_numeric($tid)) { return false; } if (!is_numeric($pid)) { return false; } if (!($table_prefix = get_table_prefix())) { return false; } if (!($db = db::get())) { return false; } if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) { return false; } $current_datetime = date(MYSQL_DATETIME, time()); $modified_cutoff_datetime = forum_get_unread_cutoff_datetime(); if (thread_is_poll($tid) && $pid == 1) { $sql = "UPDATE LOW_PRIORITY `{$table_prefix}THREAD` SET POLL_FLAG = 'N', "; $sql .= "MODIFIED = IF(MODIFIED < CAST('{$modified_cutoff_datetime}' AS DATETIME), "; $sql .= "MODIFIED, CAST('{$current_datetime}' AS DATETIME)) WHERE TID = '{$tid}'"; if (!$db->query($sql)) { return false; } } $sql = "UPDATE LOW_PRIORITY `{$table_prefix}THREAD` SET DELETED = 'Y', "; $sql .= "MODIFIED = IF(MODIFIED < CAST('{$modified_cutoff_datetime}' AS DATETIME), "; $sql .= "MODIFIED, CAST('{$current_datetime}' AS DATETIME)) WHERE TID = '{$tid}' "; $sql .= "AND LENGTH = 1"; if (!$db->query($sql)) { return false; } $sql = "UPDATE LOW_PRIORITY `{$table_prefix}POST_CONTENT` SET CONTENT = NULL "; $sql .= "WHERE TID = '{$tid}' AND PID = '{$pid}'"; if (!$db->query($sql)) { return false; } $sql = "UPDATE LOW_PRIORITY `{$table_prefix}POST` "; $sql .= "SET APPROVED = CAST('{$current_datetime}' AS DATETIME), "; $sql .= "APPROVED_BY = '{$_SESSION['UID']}' WHERE TID = '{$tid}' "; $sql .= "AND PID = '{$pid}'"; if (!$db->query($sql)) { return false; } post_delete_tags($tid, $pid); return true; }