Exemple #1
0
    locale_restore_previous();
}
// Plugins should cleanup their temporary data here:
$Plugins->trigger_event('MessageFormSentCleanup', array('success_message' => $success_message));
if (empty($redirect_to) && empty($Blog)) {
    $redirect_to = $baseurl;
}
if ($success_message) {
    // Never say to whom we sent the email -- prevent user enumeration.
    $Messages->add(T_('Your message has been sent by email.'), 'success');
    if (empty($redirect_to)) {
        $redirect_to = $Blog->gen_blogurl();
        if (!empty($recipient_User)) {
            $redirect_to = url_add_param($redirect_to, 'disp=msgform&recipient_id=' . $recipient_User->ID);
        }
    }
    header_redirect($redirect_to);
    // exited here
}
// unsuccessful message send, save message params into the Session to not lose the content
$unsaved_message_params = array();
$unsaved_message_params['sender_name'] = $sender_name;
$unsaved_message_params['sender_address'] = $sender_address;
$unsaved_message_params['subject'] = $subject;
$unsaved_message_params['message'] = $original_content;
save_message_params_to_session($unsaved_message_params);
if (param_errors_detected() || empty($redirect_to)) {
    $redirect_to = url_add_param($Blog->gen_blogurl(), 'disp=msgform&recipient_id=' . $recipient_id, '&');
}
header_redirect($redirect_to);
//exited here
 /**
  * Handle messaging module htsrv actions
  */
 function handle_htsrv_action()
 {
     global $current_User, $Blog, $Session, $Messages, $samedomain_htsrv_url;
     // Init objects we want to work on.
     $action = param_action(true, true);
     $disp = param('disp', '/^[a-z0-9\\-_]+$/', 'threads');
     // Check that this action request is not a CSRF hacked request:
     $Session->assert_received_crumb('messaging_' . $disp);
     // Load classes
     load_class('messaging/model/_thread.class.php', 'Thread');
     load_class('messaging/model/_message.class.php', 'Message');
     if (!is_logged_in()) {
         // user must be logged in
         debug_die('User must be logged in to proceed with messaging updates!');
     }
     // Check permission:
     $current_User->check_perm('perm_messaging', 'reply', true);
     // set where to redirect
     $redirect_to = param('redirect_to', 'url', NULL);
     if (empty($redirect_to)) {
         if (isset($Blog)) {
             $redirect_to = url_add_param($Blog->gen_baseurl(), 'disp=' . $disp);
         } else {
             $redirect_to = url_add_param($baseurl, 'disp=' . $disp);
         }
     }
     if ($disp != 'contacts' && ($thrd_ID = param('thrd_ID', 'integer', '', true))) {
         // Load thread from cache:
         $ThreadCache =& get_ThreadCache();
         if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) {
             unset($edited_Thread);
             forget_param('thrd_ID');
             $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error');
             $action = 'nil';
         }
     }
     switch ($disp) {
         // threads action
         case 'threads':
             if ($action != 'create') {
                 // Make sure we got a thrd_ID:
                 param('thrd_ID', 'integer', true);
             }
             switch ($action) {
                 case 'create':
                     // create thread
                     // check if create new thread is allowed
                     if (check_create_thread_limit()) {
                         // max new threads limit reached, don't allow to create new thread
                         debug_die('Invalid request, new conversation limit already reached!');
                     }
                     if (!create_new_thread()) {
                         // unsuccessful new thread creation
                         global $edited_Thread, $edited_Message, $thrd_recipients, $thrd_recipients_array;
                         $redirect_to .= '&action=new';
                         // save new message and thread params into the Session to not lose the content
                         $unsaved_message_params = array();
                         $unsaved_message_params['subject'] = $edited_Thread->title;
                         $unsaved_message_params['message'] = $edited_Message->text;
                         $unsaved_message_params['thrdtype'] = param('thrdtype', 'string', 'individual');
                         // alternative: discussion
                         $unsaved_message_params['thrd_recipients'] = $thrd_recipients;
                         $unsaved_message_params['thrd_recipients_array'] = $thrd_recipients_array;
                         save_message_params_to_session($unsaved_message_params);
                     }
                     break;
                 case 'delete':
                     // delete thread
                     // Check permission:
                     $current_User->check_perm('perm_messaging', 'delete', true);
                     $confirmed = param('confirmed', 'integer', 0);
                     if ($confirmed) {
                         $msg = sprintf(T_('Thread «%s» deleted.'), $edited_Thread->dget('title'));
                         $edited_Thread->dbdelete(true);
                         unset($edited_Thread);
                         forget_param('thrd_ID');
                         $Messages->add($msg, 'success');
                     } else {
                         $delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&thrd_ID=' . $edited_Thread->ID . '&action=delete&confirmed=1&redirect_to=' . $redirect_to . '&' . url_crumb('messaging_threads');
                         $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
                         $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
                         $msg = sprintf(T_('You are about to delete all messages in the conversation &laquo;%s&raquo;.'), $edited_Thread->dget('title'));
                         $msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button;
                         $Messages->add($msg, 'error');
                     }
                     break;
                 case 'leave':
                     // user wants to leave the thread
                     leave_thread($edited_Thread->ID, $current_User->ID, false);
                     $Messages->add(sprintf(T_('You have successfuly left the &laquo;%s&raquo; conversation!'), $edited_Thread->get('title')), 'success');
                     break;
                 case 'close':
                     // close the thread
                 // close the thread
                 case 'close_and_block':
                     // close the thread and block contact
                     leave_thread($edited_Thread->ID, $current_User->ID, true);
                     // user has closed this conversation because there was only one other user involved
                     $Messages->add(sprintf(T_('You have successfuly closed the &laquo;%s&raquo; conversation!'), $edited_Thread->get('title')), 'success');
                     if ($action == 'close_and_block') {
                         // user also wants to block contact with the other user involved in this thread
                         $block_user_ID = param('block_ID', 'integer', true);
                         $UserCache =& get_UserCache();
                         $blocked_User = $UserCache->get_by_ID($block_user_ID);
                         set_contact_blocked($block_user_ID, true);
                         $Messages->add(sprintf(T_('&laquo;%s&raquo; was blocked.'), $blocked_User->get('login')), 'success');
                     }
                     break;
             }
             break;
             // break from threads action switch
             // contacts action
         // break from threads action switch
         // contacts action
         case 'contacts':
             $user_ID = param('user_ID', 'string', true);
             if ($action != 'block' && $action != 'unblock') {
                 // only block or unblock is valid
                 debug_die("Invalid action param");
             }
             set_contact_blocked($user_ID, $action == 'block' ? 1 : 0);
             $redirect_to = str_replace('&amp;', '&', $redirect_to);
             break;
             // messages action
         // messages action
         case 'messages':
             if ($action == 'create') {
                 // create new message
                 create_new_message($thrd_ID);
             } elseif ($action == 'delete') {
                 // Check permission:
                 $current_User->check_perm('perm_messaging', 'delete', true);
                 $msg_ID = param('msg_ID', 'integer', true);
                 $MessageCache =& get_MessageCache();
                 if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) {
                     $Messages->add(sprintf(T_('Requested &laquo;%s&raquo; object does not exist any longer.'), T_('Message')), 'error');
                     break;
                 }
                 $confirmed = param('confirmed', 'integer', 0);
                 if ($confirmed) {
                     // delete message
                     $edited_Message->dbdelete();
                     unset($edited_Message);
                     $Messages->add(T_('Message deleted.'), 'success');
                 } else {
                     $delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&disp=messages&thrd_ID=' . $thrd_ID . '&msg_ID=' . $msg_ID . '&action=delete&confirmed=1';
                     $delete_url = url_add_param($delete_url, 'redirect_to=' . rawurlencode($redirect_to), '&') . '&' . url_crumb('messaging_messages');
                     $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
                     $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
                     $msg = T_('You are about to delete this message. ') . '<br /> ' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . $cancel_button;
                     $Messages->add($msg, 'error');
                 }
             }
             break;
     }
     header_redirect($redirect_to);
     // Will save $Messages into Session
 }