/** * Alerts user when someone comments on their forum topic * * @Param: the id of the topic * * @author: Joe Hoyle * @version 1.0 **/ function nm_alert_user_wrote_forum_reply($replyID) { $userInfo = wp_get_current_user(); $post = bb_get_post($replyID); $topicAuthor = get_topic_author($post->topic_id); $topicAuthor = get_userdatabylogin($topicAuthor); if ($post->poster_id != $topicAuthor->ID) { $alert = array(); $alert['content'] = '<a href="' . getProfileLink($post->poster_id) . '" title="View ' . nm_user_public_name($post->poster_id) . 's profile">' . nm_user_public_name($post->poster_id) . '</a> has replied to your forum topic: <a href="' . get_post_link($replyID) . '" title="View ' . get_topic_title($topic_id) . '">' . get_topic_title($topic_id) . '</a>.'; $alert['type'] = 'forum'; nm_add_alert($topicAuthor->ID, $alert); } return $topicID; }
function post_edit_text($post_id = 0) { $bb_post = bb_get_post(get_post_id($post_id)); if (bb_current_user_can('edit_post', $bb_post->post_id)) { $parts[] = ' | <a href="' . attribute_escape(apply_filters('post_edit_uri', bb_get_option('uri') . 'edit.php?id=' . $bb_post->post_id, $bb_post->post_id)) . '">Edit</a>'; } if (bb_current_user_can('delete_post', $bb_post->post_id)) { if (1 == $bb_post->post_status) { $parts[] = "<a href='" . attribute_escape(bb_nonce_url(bb_get_option('uri') . 'bb-admin/delete-post.php?id=' . $bb_post->post_id . '&status=0&view=all', 'delete-post_' . $bb_post->post_id)) . "' onclick='return confirm(\" " . js_escape(__('Are you sure you wanna undelete that?')) . " \");'>" . __('Undelete') . "</a>"; } else { $parts[] = "<a href='" . attribute_escape(bb_nonce_url(bb_get_option('uri') . 'bb-admin/delete-post.php?id=' . $bb_post->post_id . '&status=1', 'delete-post_' . $bb_post->post_id)) . "' onclick='return ajaxPostDelete(" . $bb_post->post_id . ", \"" . get_post_author($post_id) . "\");'>" . __('Delete') . "</a>"; } } if (count($parts) > 0) { echo implode(' | ', $parts); } }
function bp_forums_get_post($post_id) { do_action('bbpress_init'); return bb_get_post($post_id); }
function bb_attachments_process_post($post_id = 0, $display = 0) { global $bbdb, $bb_attachments; if (!$post_id) { $post_id = intval($_GET['bb_attachments']); } // only can upload if user is allowed to edit post $user_id = bb_get_current_user_info('id'); if (!isset($_FILES['bb_attachments']) || !is_array($_FILES['bb_attachments']) || !$user_id || !$post_id || !bb_current_user_can('edit_post', $post_id) || !bb_current_user_can($bb_attachments['role']['upload'])) { return; } $user_ip = $_SERVER["REMOTE_ADDR"]; // $GLOBALS["HTTP_SERVER_VARS"]["REMOTE_ADDR"]; $time = time(); $inject = ""; $bb_post = bb_get_post($post_id); $topic_id = $bb_post->topic_id; // fetch related topic $topic_attachments = intval(bb_get_topicmeta($topic_id, "bb_attachments")); // generally how many on topic (may be off if post moved) $count = intval($bbdb->get_var("SELECT COUNT(*) FROM " . $bb_attachments['db'] . " WHERE post_id = {$post_id} AND status = 0")); // how many currently on post $offset = 0; // counter for this pass $strip = array(' ', '`', '"', '\'', '\\', '/', '..', '__'); // filter for filenames $maxlength = bb_attachments_lookup($bb_attachments['max']['filename']); reset($_FILES); $output = "<h3>" . __("Uploads") . "</h3><ol>"; // start output while (list($key, $value) = each($_FILES['bb_attachments']['name'])) { if (!empty($value)) { // don't trust these, check after upload $_FILES['bb_attachments']['type'] $_FILES['bb_attachments']['size'] $filename = trim(str_replace($strip, '_', stripslashes($value))); // sanitize filename further ??? if (empty($filename)) { $filename = "unknown"; } if (intval($_FILES['bb_attachments']['error'][$key]) == 0 && $_FILES['bb_attachments']['size'][$key] > 0) { $ext = strrpos($filename, '.') === false ? "" : trim(strtolower(substr($filename, strrpos($filename, '.') + 1))); if (strlen($filename) > $maxlength) { $filename = substr($filename, 0, $maxlength - strlen($ext) + 1) . "." . $ext; } // fix filename length $tmp = $bb_attachments['path'] . md5(rand(0, 99999) . time() . $_FILES['bb_attachments']['tmp_name'][$key]); // make random temp name that can't be guessed if (@is_uploaded_file($_FILES['bb_attachments']['tmp_name'][$key]) && @move_uploaded_file($_FILES['bb_attachments']['tmp_name'][$key], $tmp)) { $size = filesize($tmp); $mime = bb_attachments_mime_type($tmp); $status = 0; $id = 0; } else { $status = 2; // file move to temp name failed for some unknown reason $size = $_FILES['bb_attachments']['size'][$key]; // we'll trust the upload sequence for the size since it doesn't matter, it failed $mime = ""; $id = 0; } if ($status == 0 && !in_array($ext, bb_attachments_lookup($bb_attachments['allowed']['extensions']))) { $status = 3; } // disallowed extension if ($status == 0 && !in_array($mime, bb_attachments_lookup($bb_attachments['allowed']['mime_types']))) { $status = 4; } // disallowed mime if ($status == 0 && $size > bb_attachments_lookup($bb_attachments['max']['size'], $ext)) { $status = 5; } // disallowed size if ($status == 0 && $count + 1 > bb_attachments_lookup($bb_attachments['max']['per_post'])) { $status = 6; } // disallowed attachment count if ($size > 0 && $filename) { // we still save the status code if any but don't copy file until status = 0 $failed = $bbdb->get_var("\n\t\t\t\tINSERT INTO " . $bb_attachments['db'] . " ( time , post_id , user_id, user_ip, status , size , ext , mime , filename )\n\t\t\t\tVALUES ('{$time}', '{$post_id}' , '{$user_id}' , inet_aton('{$user_ip}') , {$status}, '{$size}', '" . addslashes($ext) . "', '{$mime}', '" . addslashes($filename) . "')\t\t\t\t\n\t\t\t\t"); if ($status == 0 && !$failed) { $id = intval($bbdb->get_var("SELECT LAST_INSERT_ID()")); } // fetch the assigned unique id # if ($failed || !$id) { $status = 2; } // db failure ? if ($status == 0) { // successful db insert - bbdb returns NULL on success so that !NULL is it's wierd way $dir = $bb_attachments['path'] . floor($id / 1000); if (function_exists('get_current_user') && function_exists('posix_setuid')) { // try to set user's id so file/dir creation is under their account $current = get_current_user(); if (!($current && !in_array($current, array("nobody", "httpd", "apache", "root")) && strpos(__FILE__, $current))) { $current = ""; } $x = posix_getuid(); if (0 == $x && $current) { $org_uid = posix_getuid(); $pw_info = posix_getpwnam($current); $uid = $pw_info["uid"]; posix_setuid($uid); } } if (!file_exists($dir)) { // check for sub-directory based on file number 0,1,2,3,4 etc. $oldumask = umask(0); @mkdir($dir, 0755); // I've found that as long as the PARENT is 777, the children don't have to be umask($oldumask); } $file = $dir . "/" . $id . "." . $filename; // file is commited here if (!$failed && $id > 0 && file_exists($tmp)) { @rename($tmp, $file); // now it's officially named @chmod($file, 0777); // make accessable via ftp for ease of management if ($bb_attachments['aws']['enable']) { bb_attachments_aws("{$dir}/", "{$id}.{$filename}", $mime); } // copy to S3 $count++; $offset++; // count how many successfully uploaded this time } else { $status = 2; // failed - not necessarily user's fault, could be filesystem } if (isset($org_uid) && $org_uid > 0 && function_exists('posix_setuid')) { posix_setuid($org_uid); } } else { if ($status == 0) { $status = 2; } // failed for db? } } } else { $status = 2; } if (!empty($tmp) && file_exists($tmp)) { @unlink($tmp); } // never, ever, leave temporary file behind for security if ($status > 0) { if ($id > 0) { $bbdb->query("UPDATE " . $bb_attachments['db'] . " SET 'status' = {$status} WHERE 'id' = {$id}"); } $error = ""; if ($_FILES['bb_attachments']['error'][$key] > 0) { $error = " (" . $bb_attachments['errors'][$_FILES['bb_attachments']['error'][$key]] . ") "; } $output .= "<li><span style='color:red'><strong>{$filename} " . " <span class='num'>(" . round($size / 1024, 1) . " KB)</span> " . __('error:') . " " . $bb_attachments['status'][$status] . "</strong>{$error}</span></li>"; } else { $output .= "<li><span style='color:green'><strong>{$filename} " . " <span class='num'>(" . round($size / 1024, 1) . " KB)</span> " . __('successful') . "</strong></span></li>"; if ($bb_attachments['inline']['auto'] && (list($width, $height, $type) = getimagesize($file))) { if ($display) { $location = bb_attachments_location(); $can_inline = true; if (!($bb_attachments['role']['inline'] == "read" || bb_current_user_can($bb_attachments['role']['inline']))) { $can_inline = false; } if ($location == "edit.php" && $can_inline) { $output .= '<scr' . 'ipt type="text/javascript" defer="defer"> bbat_field = document.getElementsByTagName("textarea")[0]; bbat_value=" [attachment="+' . $post_id . '+","+' . $id . '+"] "; bbat_field.value += bbat_value;</script>'; } // above auto-injects newly uploaded attachment if edit form present } else { $inject .= " [attachment={$post_id},{$id}]"; } } } } // end !$empty } // end while $output .= "</ol>"; if ($display) { echo $output; } elseif (!empty($inject) && $bb_attachments['inline']['auto']) { $bb_post->post_text = apply_filters('edit_text', $bb_post->post_text . $inject); bb_insert_post($bb_post); } // auto-inject bb_update_topicmeta($topic_id, 'bb_attachments', $topic_attachments + $offset); }
function bb_export_post($post_id) { if (!($_post = bb_get_post($post_id))) { return; } $_post = get_object_vars($_post); $atts = array('type' => 'post', 'id' => $_post['post_id'], 'author' => 'user_' . $_post['poster_id']); $translate = array('post_time' => 'incept', 'post_text' => '!content', 'post_status' => '?status', 'post_id' => false, 'poster_id' => false, 'forum_id' => false, 'topic_id' => false, 'post_position' => false); $post = _bb_translate_for_export($translate, $_post); $post['meta'] = $_post; return _bb_export_object($atts, $post, 2); }
function mass_edit_get_post_link($post_id = 0) { // to do, get proper page link for delete posts based on complete post count, not position $bb_post = bb_get_post(get_post_id($post_id)); $page = get_page_number($bb_post->post_position); $link = get_topic_link($bb_post->topic_id, $page) . "#post-{$bb_post->post_id}"; if ($bb_post->post_status) { $link = add_query_arg('view', 'all', $link); } return $link; // apply_filters( 'get_post_link', $link, $bb_post->post_id ); }
function bb_ksd_post_delete_link($parts, $args) { if (!bb_current_user_can('moderate')) { return $parts; } $bb_post = bb_get_post(get_post_id($args['post_id'])); if (2 == $bb_post->post_status) { $query = array('id' => $bb_post->post_id, 'status' => 0, 'view' => 'all'); $display = __('Not Spam'); } else { $query = array('id' => $bb_post->post_id, 'status' => 2); $display = __('Spam'); } $uri = bb_get_uri('bb-admin/delete-post.php', $query, BB_URI_CONTEXT_A_HREF + BB_URI_CONTEXT_BB_ADMIN); $uri = esc_url(bb_nonce_url($uri, 'delete-post_' . $bb_post->post_id)); if (!is_array($parts)) { $parts = array(); $before = ''; $after = ''; } else { $before = $args['last_each']['before']; $after = $args['last_each']['after']; } // Make sure that the last tag in $before gets a class (if it's there) if (preg_match('/.*(<[^>]+>)[^<]*/', $before, $_node)) { if (preg_match('/class=(\'|")(.*)\\1/U', $_node[1], $_class)) { $before = str_replace($_class[0], 'class=' . $_class[1] . 'before-post-spam-link ' . $_class[2] . $_class[1], $before); } else { $before = preg_replace('/(.*)<([a-z0-9_-]+)(\\s?)([^>]*)>([^<]*)/i', '$1<$2 class="before-post-spam-link"$3$4>$5', $before, 1); } } $parts[] = $before . '<a class="post-spam-link" href="' . $uri . '" >' . $display . '</a>' . $after; return $parts; }
/** * Get a single post object by ID. * * Wrapper for {@link bb_get_post()}. * * @param int $post_id ID of the post being fetched. * @return object Post object. */ function bp_forums_get_post($post_id) { /** This action is documented in bp-forums/bp-forums-screens */ do_action('bbpress_init'); return bb_get_post($post_id); }
<?php require './bb-load.php'; bb_auth('logged_in'); $post_id = (int) $_POST['post_id']; $bb_post = bb_get_post($post_id); if (!$bb_post) { nxt_redirect(bb_get_uri(null, null, BB_URI_CONTEXT_HEADER)); die; } if (!bb_current_user_can('edit_post', $post_id)) { bb_die(__('Sorry, post is too old.')); } bb_check_admin_referer('edit-post_' . $post_id); if (0 != $bb_post->post_status && 'all' == $_GET['view']) { // We're trying to edit a deleted post add_filter('bb_is_first_where', 'bb_no_where'); } // Check possible anonymous user data $post_author = $post_email = $post_url = ''; if (!bb_get_user(get_post_author_id($post_id))) { if (!($post_author = sanitize_user(trim($_POST['author'])))) { bb_die(__('Every post needs an author name!')); } elseif (!($post_email = sanitize_email(trim($_POST['email'])))) { bb_die(__('Every post needs a valid email address!')); } if (!empty($_POST['url'])) { $post_url = esc_url(trim($_POST['url'])); } } // Loop through possible anonymous post data
function best_answer_post_link($link, $post_id) { // this needs to be rewritten for better performance somehow global $best_answer; static $posts_per_page; $post = bb_get_post($post_id); if (empty($posts_per_page)) { $posts_per_page = bb_get_option('page_topics'); } // speedup if ($post->post_position > $posts_per_page) { // is it beyond page 1 typically? $topic = get_topic($post->topic_id); if (!empty($topic->best_answer)) { if (!empty($best_answer['forums']) && !isset($best_answer['forums'][$topic->forum_id])) { return $link; } if (!is_array($topic->best_answer)) { (array) ($topic->best_answer = explode(',', $topic->best_answer)); $topic->best_answer = array_flip($topic->best_answer); } if (isset($topic->best_answer[$post_id])) { $link = get_topic_link($post->topic_id, 1) . "#post-{$post_id}"; } // change link to page 1 for best answers } } return $link; }
/** * Map meta capabilities to primitive capabilities. * * This does not actually compare whether the user ID has the actual capability, * just what the capability or capabilities are. Meta capability list value can * be 'delete_user', 'edit_user', 'delete_post', 'delete_page', 'edit_post', * 'edit_page', 'read_post', or 'read_page'. * * @since 0.7.2 * * @param array $caps Previously existing capabilities * @param string $cap Capability name. * @param int $user_id User ID. * @return array Actual capabilities for meta capability. */ function bb_map_meta_cap($caps, $cap, $user_id, $args) { // Unset the meta cap if (false !== ($cap_pos = array_search($cap, $caps))) { unset($caps[$cap_pos]); } switch ($cap) { case 'write_post': $caps[] = 'write_posts'; break; case 'edit_post': // edit_posts, edit_others_posts, edit_deleted, edit_closed, ignore_edit_lock if (!($bb_post = bb_get_post($args[0]))) { $caps[] = 'magically_provide_data_given_bad_input'; return $caps; } if ($user_id == $bb_post->poster_id) { $caps[] = 'edit_posts'; } else { $caps[] = 'edit_others_posts'; } if ($bb_post->post_status == '1') { $caps[] = 'edit_deleted'; } if (!topic_is_open($bb_post->topic_id)) { $caps[] = 'edit_closed'; } $post_time = bb_gmtstrtotime($bb_post->post_time); $curr_time = time() + 1; $edit_lock = bb_get_option('edit_lock'); if ($edit_lock >= 0 && $curr_time - $post_time > $edit_lock * 60) { $caps[] = 'ignore_edit_lock'; } break; case 'delete_post': // edit_deleted, delete_posts if (!($bb_post = bb_get_post($args[0]))) { $caps[] = 'magically_provide_data_given_bad_input'; return $caps; } if (0 != $bb_post->post_status) { $caps[] = 'edit_deleted'; } // NO BREAK // NO BREAK case 'manage_posts': // back compat $caps[] = 'delete_posts'; break; case 'write_topic': $caps[] = 'write_topics'; break; case 'edit_topic': // edit_closed, edit_deleted, edit_topics, edit_others_topics if (!($topic = get_topic($args[0]))) { $caps[] = 'magically_provide_data_given_bad_input'; return $caps; } if (!topic_is_open($args[0])) { $caps[] = 'edit_closed'; } if ('1' == $topic->topic_status) { $caps[] = 'edit_deleted'; } if ($user_id == $topic->topic_poster) { $caps[] = 'edit_topics'; } else { $caps[] = 'edit_others_topics'; } break; case 'move_topic': $caps[] = 'move_topics'; break; case 'stick_topic': $caps[] = 'stick_topics'; break; case 'close_topic': $caps[] = 'close_topics'; break; case 'delete_topic': $caps[] = 'delete_topics'; add_filter('get_topic_where', 'bb_no_where', 9999); if (!($topic = get_topic($args[0]))) { $caps[] = 'magically_provide_data_given_bad_input'; return $caps; } if (0 != $topic->topic_status) { $caps[] = 'edit_deleted'; } remove_filter('get_topic_where', 'bb_no_where', 9999); break; case 'manage_topics': // back compat $caps[] = 'move_topics'; $caps[] = 'stick_topics'; $caps[] = 'close_topics'; $caps[] = 'delete_topics'; break; case 'add_tag_to': // edit_closed, edit_deleted, edit_tags; if (!($topic = get_topic($args[0]))) { $caps[] = 'magically_provide_data_given_bad_input'; return $caps; } if (!topic_is_open($topic->topic_id)) { $caps[] = 'edit_closed'; } if ('1' == $topic->topic_status) { $caps[] = 'edit_deleted'; } $caps[] = 'edit_tags'; break; case 'edit_tag_by_on': // edit_closed, edit_deleted, edit_tags, edit_others_tags if (!($topic = get_topic($args[1]))) { $caps[] = 'magically_provide_data_given_bad_input'; return $caps; } if (!topic_is_open($topic->topic_id)) { $caps[] = 'edit_closed'; } if ('1' == $topic->topic_status) { $caps[] = 'edit_deleted'; } if ($user_id == $args[0]) { $caps[] = 'edit_tags'; } else { $caps[] = 'edit_others_tags'; } break; case 'edit_user': // edit_profile, edit_users; if ($user_id == $args[0]) { $caps[] = 'edit_profile'; } else { $caps[] = 'edit_users'; } break; case 'edit_favorites_of': // edit_favorites, edit_others_favorites; if ($user_id == $args[0]) { $caps[] = 'edit_favorites'; } else { $caps[] = 'edit_others_favorites'; } break; case 'delete_forum': $caps[] = 'delete_forums'; break; case 'change_user_password': // change_password, edit_users $caps[] = 'change_password'; if ($user_id != $args[0]) { $caps[] = 'edit_users'; } break; default: // If no meta caps match, return the original cap. $caps[] = $cap; } return $caps; }
function bb_topics_replied_on_undelete_post($post_id) { global $bbdb; $bb_post = bb_get_post($post_id); $topic = get_topic($bb_post->topic_id); $user_posts = new BB_Query('post', array('post_author_id' => $bb_post->poster_id, 'topic_id' => $topic->topic_id)); if (1 == count($user_posts) && ($user = bb_get_user($bb_post->poster_id))) { bb_update_usermeta($user->ID, $bbdb->prefix . 'topics_replied', $user->topics_replied + 1); } }
function bp_ning_import_process_inline_images_new($type, $post_ID, $post_type = 'post') { switch ($post_type) { case 'post': $post = get_post($post_ID); $text = $post->post_content; break; case 'topic': $topic = bb_get_first_post($post_ID); $post_ID = (int) $topic->post_id; $text = $topic->post_text; break; case 'topic_reply': $reply = bb_get_post($post_ID); $text = $reply->post_text; break; case 'comment': $comment = get_comment($post_ID); $text = $comment->comment_content; break; } $ning_dir = content_url('/ning-files/'); $real_images = array(); // Only worry about local images if (preg_match_all('#"(' . $type . '/.*?\\.(?:gif|jpg|jpeg|png|bmp))(?:\\?(?:[^"]*?))?"#', $text, $images)) { // $images is an array of file names in import-from-ning/json/discussions. Move 'em foreach ($images[1] as $image) { $real_name = bp_ning_real_image_name($image); if (!isset($real_images[$real_name])) { $html = media_sideload_image($ning_dir . $image, $post_ID); if (is_wp_error($html)) { continue; } preg_match("#<img src='(.*?)'#", $html, $matches); $url = $real_images[$real_name] = $matches[1]; } else { $url = $real_images[$real_name]; } $text = str_replace($image, $url, $text); } } else { return; } switch ($post_type) { case 'post': $args = array('ID' => $post_ID, 'post_content' => $text); $args = add_magic_quotes($args); wp_update_post($args); break; case 'topic': case 'topic_reply': $args = array('post_id' => $post_ID, 'post_text' => $text); bb_insert_post($args); break; case 'comment': $args = array('comment_ID' => $post_ID, 'comment_content' => $text); wp_update_comment($args); break; } }
function bb_bozo_delete_post($post_id, $new_status, $old_status) { $bb_post = bb_get_post($post_id); if (1 < $new_status && 2 > $old_status) { bb_bozon($bb_post->poster_id, $bb_post->topic_id); } elseif (2 > $new_status && 1 < $old_status) { bb_fermion($bb_post->poster_id, $bb_post->topic_id); } }
/** * When a new forum topic or post is posted in bbPress, either: * 1) Send emails to all group subscribers * 2) Prepares to record it for digest purposes - see {@link ass_group_forum_record_digest()}. * * Hooks into the bbPress action - 'bb_new_post' - to easily identify new forum posts vs edits. */ function ass_group_notification_forum_posts($post_id) { global $bp, $wpdb; $post = bb_get_post($post_id); // Check to see if user has been registered long enough if (!ass_registered_long_enough($post->poster_id)) { return; } $topic = get_topic($post->topic_id); $group = groups_get_current_group(); // if the current group isn't available, grab it if (empty($group)) { // get the group ID by looking up the forum ID in the groupmeta table $group_id = $wpdb->get_var($wpdb->prepare("\n\t\t\t\tSELECT group_id\n\t\t\t\tFROM {$bp->groups->table_name_groupmeta}\n\t\t\t\tWHERE meta_key = %s\n\t\t\t\tAND meta_value = %d\n\t\t\t", 'forum_id', $topic->forum_id)); // now get the group $group = groups_get_group(array('group_id' => $group_id)); } $primary_link = trailingslashit(bp_get_group_permalink($group) . 'forum/topic/' . $topic->topic_slug); $blogname = '[' . get_blog_option(BP_ROOT_BLOG, 'blogname') . ']'; $is_topic = false; // initialize faux activity object for backpat filter reasons // // due to r-a-y being an idiot here: // https://github.com/boonebgorges/buddypress-group-email-subscription/commit/526b80c617fe9058a859ac4eb4cfb1d42d333aa0 // // because we moved the email recording process to 'bb_new_post' from the BP activity save hook, // we need to ensure that 3rd-party code will continue to work as-is // // we can't add the 'id' because we're firing the filters before the activity item is created :( $activity = new stdClass(); $activity->user_id = $post->poster_id; $activity->component = 'groups'; $activity->item_id = $group->id; $activity->content = $post->post_text; // this is a new topic if ($post->post_position == 1) { $is_topic = true; // more faux activity items! $activity->type = 'new_forum_topic'; $activity->secondary_item_id = $topic->topic_id; $activity->primary_link = $primary_link; $action = $activity->action = sprintf(__('%s started the forum topic "%s" in the group "%s"', 'bp-ass'), bp_core_get_user_displayname($post->poster_id), $topic->topic_title, $group->name); $subject = apply_filters('bp_ass_new_topic_subject', $action . ' ' . $blogname, $action, $blogname); $the_content = apply_filters('bp_ass_new_topic_content', $post->post_text, $activity, $topic, $group); } else { // more faux activity items! $activity->type = 'new_forum_post'; $activity->secondary_item_id = $post_id; $action = $activity->action = sprintf(__('%s replied to the forum topic "%s" in the group "%s"', 'bp-ass'), bp_core_get_user_displayname($post->poster_id), $topic->topic_title, $group->name); // calculate the topic page for pagination purposes $pag_num = apply_filters('bp_ass_topic_pag_num', 15); $page = ceil($topic->topic_posts / $pag_num); if ($page > 1) { $primary_link .= '?topic_page=' . $page; } $primary_link .= "#post-" . $post_id; $activity->primary_link = $primary_link; $subject = apply_filters('bp_ass_forum_reply_subject', $action . ' ' . $blogname, $action, $blogname); $the_content = apply_filters('bp_ass_forum_reply_content', $post->post_text, $activity, $topic, $group); } // Convert entities and do other cleanup $the_content = ass_clean_content($the_content); // if group is not public, change primary link to login URL to verify // authentication and for easier redirection after logging in if ($group->status != 'public') { $primary_link = ass_get_login_redirect_url($primary_link, 'legacy_forums_view'); $text_before_primary = __('To view or reply to this topic, go to:', 'bp-ass'); // if public, show standard text } else { $text_before_primary = __('To view or reply to this topic, log in and go to:', 'bp-ass'); } // setup the email meessage $message = sprintf(__('%s "%s" %s %s --------------------- ', 'bp-ass'), $action . ':', $the_content, $text_before_primary, $primary_link); // get subscribed users $subscribed_users = groups_get_groupmeta($group->id, 'ass_subscribed_users'); // do this for forum replies only if (!$is_topic) { // pre-load these arrays to reduce db calls in the loop $ass_replies_to_my_topic = ass_user_settings_array('ass_replies_to_my_topic'); $ass_replies_after_me_topic = ass_user_settings_array('ass_replies_after_me_topic'); $previous_posters = ass_get_previous_posters($post->topic_id); // make sure manually-subscribed topic users and regular group subscribed users are combined $user_topic_status = groups_get_groupmeta($group->id, 'ass_user_topic_status_' . $topic->topic_id); if (!empty($subscribed_users) && !empty($user_topic_status)) { $subscribed_users = $subscribed_users + $user_topic_status; } // consolidate the arrays to speed up processing foreach (array_keys($previous_posters) as $previous_poster) { if (empty($subscribed_users[$previous_poster])) { $subscribed_users[$previous_poster] = 'prev-post'; } } } // setup our temporary GES object $bp->ges = new stdClass(); $bp->ges->items = array(); // digest key iterator $d = 0; // now let's either send the email or record it for digest purposes foreach ((array) $subscribed_users as $user_id => $group_status) { $self_notify = ''; // Does the author want updates of their own forum posts? if ($user_id == $post->poster_id) { $self_notify = ass_self_post_notification($user_id); // Author does not want notifications of their own posts if (!$self_notify) { continue; } } $send_it = $notice = false; // default settings link $settings_link = ass_get_login_redirect_url(trailingslashit(bp_get_group_permalink($group) . 'notifications'), 'legacy_forums_settings'); // Self-notification emails if ($self_notify === true) { $send_it = true; $group_status = 'self_notify'; // notification settings link $settings_link = trailingslashit(bp_core_get_user_domain($user_id) . bp_get_settings_slug()) . 'notifications/'; // set notice $notice = __('You are currently receiving notifications for your own posts.', 'bp-ass'); $notice .= "\n\n" . sprintf(__('To disable these notifications please log in and go to: %s', 'bp-ass'), $settings_link); $notice .= "\n" . __('Once you are logged in, uncheck "Receive notifications of your own posts?".', 'bp-ass'); // do the following for new topics } elseif ($is_topic) { if ($group_status == 'sub' || $group_status == 'supersub') { $send_it = true; $notice .= "\n" . __('Your email setting for this group is: ', 'bp-ass') . ass_subscribe_translate($group_status); // until we get a real follow link, this will have to do if ($group_status == 'sub') { $notice .= __(", therefore you won't receive replies to this topic. To get them, click the link to view this topic on the web then click the 'Follow this topic' button.", 'bp-ass'); } elseif ($group_status == 'supersub') { $notice .= "\n" . sprintf(__('To change your email setting for this group, please log in and go to: %s', 'bp-ass'), $settings_link); } $notice .= "\n\n" . ass_group_unsubscribe_links($user_id); } // do the following for forum replies } else { $topic_status = isset($user_topic_status[$user_id]) ? $user_topic_status[$user_id] : ''; // the topic mute button will override the subscription options below if ($topic_status == 'mute') { continue; } // skip if user set to weekly summary and they're not following this topic // maybe not neccesary, but good to be cautious if ($group_status == 'sum' && $topic_status != 'sub') { continue; } // User's group setting is "All Mail", so we should send this if ($group_status == 'supersub') { $send_it = true; $notice = __('Your email setting for this group is: ', 'bp-ass') . ass_subscribe_translate($group_status); $notice .= "\n" . sprintf(__('To change your email setting for this group, please log in and go to: %s', 'bp-ass'), $settings_link); $notice .= "\n\n" . ass_group_unsubscribe_links($user_id); } elseif ($topic_status == 'sub') { $send_it = true; $group_status = 'manual_topic'; // change settings link to the forum thread // get rid of any query args and anchors from the thread permalink $settings_link = trailingslashit(strtok($primary_link, '?')); // let's change the notice to accurately reflect that the user is following this topic $notice = sprintf(__('To disable these notifications please log in and go to: %s', 'bp-ass'), $settings_link); $notice .= "\n" . __('Once you are logged in, click on the "Mute this topic" button to unsubscribe from the forum thread.', 'bp-ass'); } elseif ($topic->topic_poster == $user_id && isset($ass_replies_to_my_topic[$user_id]) && $ass_replies_to_my_topic[$user_id] != 'no') { $send_it = true; $group_status = 'replies_to_my_topic'; // override settings link to user's notifications $settings_link = trailingslashit(bp_core_get_user_domain($user_id) . bp_get_settings_slug()) . 'notifications/'; // let's change the notice to accurately reflect that the user is receiving replies based on their settings $notice = __('You are currently receiving notifications to topics that you have started.', 'bp-ass'); $notice .= "\n\n" . sprintf(__('To disable these notifications please log in and go to: %s', 'bp-ass'), $settings_link); $notice .= "\n" . __('Once you are logged in, uncheck "A member replies in a forum topic you\'ve started".', 'bp-ass'); } elseif (isset($previous_posters[$user_id]) && isset($ass_replies_after_me_topic[$user_id]) && $ass_replies_after_me_topic[$user_id] != 'no') { $send_it = true; $group_status = 'replies_after_me_topic'; // override settings link to user's notifications $settings_link = trailingslashit(bp_core_get_user_domain($user_id) . bp_get_settings_slug()) . 'notifications/'; // let's change the notice to accurately reflect that the user is receiving replies based on their settings $notice = __('You are currently receiving notifications to topics that you have replied in.', 'bp-ass'); $notice .= "\n\n" . sprintf(__('To disable these notifications please log in and go to: %s', 'bp-ass'), $settings_link); $notice .= "\n" . __('Once you are logged in, uncheck "A member replies after you in a forum topic".', 'bp-ass'); } } // if we're good to send, send the email! if ($send_it) { // One last chance to filter the message content $user_message = apply_filters('bp_ass_forum_notification_message', $message . $notice, array('message' => $message, 'notice' => $notice, 'user_id' => $user_id, 'subscription_type' => $group_status, 'content' => $the_content, 'view_link' => $primary_link, 'settings_link' => $settings_link)); // Get the details for the user $user = bp_core_get_core_userdata($user_id); // Send the email if ($user->user_email) { wp_mail($user->user_email, $subject, $user_message); } } // otherwise if digest or summary, record it! // temporarily save some variables to pass to groups_record_activity() // actual digest recording occurs in ass_group_forum_record_digest() if ($group_status == 'dig' || $is_topic && $group_status == 'sum') { $bp->ges->items[$d] = new stdClass(); $bp->ges->items[$d]->user_id = $user_id; $bp->ges->items[$d]->group_id = $group->id; $bp->ges->items[$d]->group_status = $group_status; // iterate our key value ++$d; } unset($notice); } }
function bb_get_postmeta($post_id, $meta_key) { if (!($post = bb_get_post($post_id))) { return; } $meta_key = bb_sanitize_meta_key($meta_key); if (!isset($post->{$meta_key})) { return; } return $post->{$meta_key}; }
die('1'); } } elseif (false === $is_fav) { if (bb_add_user_favorite($user_id, $topic->topic_id)) { die('1'); } } break; case 'delete-post': // $id is post_id if (!bb_current_user_can('delete_post', $id)) { die('-1'); } bb_check_ajax_referer("delete-post_{$id}"); $status = (int) $_POST['status']; if (!($bb_post = bb_get_post($id))) { die('0'); } if ($status == $bb_post->post_status) { die('1'); } // We're already there if (bb_delete_post($id, $status)) { die('1'); } break; /* case 'add-post' : // Can put last_modified stuff back in later bb_check_ajax_referer( $action ); $error = false; $post_id = 0;
function get_post_author_id($post_id = 0) { $bb_post = bb_get_post(get_post_id($post_id)); return apply_filters('get_post_author_id', (int) $bb_post->poster_id, get_post_id($post_id)); }
/** * Process subscription checkbox submission. * * Get ID of and new subscription status and pass values to * bb_user_subscribe_checkbox_update function * * @since 1.1 * * @param int $post_id ID of new/edited post */ function bb_user_subscribe_checkbox_update($post_id) { if (!bb_is_user_logged_in()) { return false; } $post = bb_get_post($post_id); $topic_id = (int) $post->topic_id; $subscribed = bb_is_user_subscribed(array('topic_id' => $topic_id, 'user_id' => $post->poster_id)) ? true : false; $check = $_REQUEST['subscription_checkbox']; do_action('bb_user_subscribe_checkbox_update', $post_id, $topic_id, $subscribe, $check); if ('subscribe' == $check && !$subscribed) { bb_subscription_management($topic_id, 'add'); } elseif (!$check && $subscribed) { bb_subscription_management($topic_id, 'remove'); } }
/** * Deletes an existing post * * @since 1.0 * @return integer|object 1 when successfully deleted, 0 when already deleted or an IXR_Error object on failure * @param array $args Arguments passed by the XML-RPC call * @param string $args[0] The username for authentication * @param string $args[1] The password for authentication * @param array $args[2] The unique id of the post * @param array $args[3] 1 deletes the post, 0 undeletes the post (optional) * * XML-RPC request to delete the post with an id of 4301 * <methodCall> * <methodName>bb.editPost</methodName> * <params> * <param><value><string>joeblow</string></value></param> * <param><value><string>123password</string></value></param> * <param><value><int>4301</int></value></param> * </params> * </methodCall> */ function bb_deletePost($args) { do_action('bb_xmlrpc_call', 'bb.deletePost'); // Escape args $this->escape($args); // Get the login credentials $username = $args[0]; $password = (string) $args[1]; // Check the user is valid $user = $this->authenticate($username, $password, 'delete_posts', __('You do not have permission to delete posts.')); do_action('bb_xmlrpc_call_authenticated', 'bb.deletePost'); // If an error was raised by authentication or by an action then return it if ($this->error) { return $this->error; } // Can be numeric id or slug $post_id = isset($args[2]) ? (int) $args[2] : false; // Check for bad data if (!$post_id) { $this->error = new IXR_Error(400, __('The post id is invalid.')); return $this->error; } // Check the requested topic exists if (!($post = bb_get_post($post_id))) { $this->error = new IXR_Error(400, __('No post found.')); return $this->error; } // Re-assign the post id $post_id = (int) $post->post_id; // Make sure they are allowed to delete this post if (!bb_current_user_can('delete_post', $post_id)) { $this->error = new IXR_Error(403, __('You do not have permission to delete this post.')); return $this->error; } $status = isset($args[3]) ? (int) $args[3] : 1; if ($status === (int) $post->post_status) { return 0; } // Delete the post if (!($post_id = bb_delete_post($post_id, $status))) { $this->error = new IXR_Error(500, __('The post could not be edited.')); return $this->error; } $result = 1; do_action('bb_xmlrpc_call_return', 'bb.deletePost'); return $result; }
function blocklist_check($post_id = 0, $wall = false) { if (bb_current_user_can('moderate') || bb_current_user_can('throttle')) { return; } if ($wall) { $bb_post = user_wall_get_post($post_id); } else { $bb_post = bb_get_post($post_id); } if (empty($post_id) || empty($bb_post) || !empty($bb_post->post_status)) { return; } global $blocklist, $bbdb; blocklist_initialize(); if (empty($blocklist['data'])) { return; } (array) ($data = explode("\r\n", $blocklist['data'])); $user = bb_get_user($bb_post->poster_id); foreach ($data as $item) { if (empty($item) || strlen($item) < 4 || ord($item) == 35) { continue; } if (preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/', $item)) { // is IP if (strpos($bb_post->poster_ip, $item) === 0) { $found = "IP address"; $bad = $item; break; } } else { // is word $qitem = preg_quote($item); if (preg_match('/\\b' . $qitem . '/simU', $user->user_email)) { $found = "email"; $bad = $item; break; } if (preg_match('/\\b' . $qitem . '/simU', $user->user_login)) { $found = "username"; $bad = $item; break; } if (preg_match('/\\b' . $qitem . '/simU', $bb_post->post_text)) { $found = "post text"; $bad = $item; break; } elseif (!$wall && $bb_post->post_position == 1) { if (empty($topic)) { $topic = get_topic($bb_post->topic_id); } if (!empty($topic->topic_title) && preg_match('/\\b' . $qitem . '/simU', $topic->topic_title)) { $found = "topic title"; $bad = $item; break; } } } if (!empty($bad)) { break; } } if (!empty($bad)) { if ($wall) { user_wall_delete_post($post_id, 2); $uri = bb_get_option('uri') . "bb-admin/admin-base.php?post_status=2&plugin=user_wall_admin&user-wall-recent=1"; } else { bb_delete_post($post_id, 2); if (empty($topic)) { $topic = get_topic($bb_post->topic_id); } if (empty($topic->topic_posts)) { bb_delete_topic($topic->topic_id, 2); } // if no posts in topic, also set topic to spam $uri = bb_get_option('uri') . 'bb-admin/' . (defined('BACKPRESS_PATH') ? '' : 'content-') . 'posts.php?post_status=2'; } if (empty($blocklist['email'])) { return; } (array) ($email = explode("\r\n", $blocklist['email'])); $message = "The blocklist has been triggered... \r\n\r\n"; $message .= "Matching entry " . '"' . $bad . '"' . " found in {$found}.\r\n"; $message .= "{$uri}\r\n\r\n"; $message .= sprintf(__('Username: %s'), stripslashes($user->user_login)) . "\r\n"; $message .= sprintf(__('Profile: %s'), get_user_profile_link($user->ID)) . "\r\n"; $message .= sprintf(__('Email: %s'), stripslashes($user->user_email)) . "\r\n"; $message .= sprintf(__('IP address: %s'), $_SERVER['REMOTE_ADDR']) . "\r\n"; $message .= sprintf(__('Agent: %s'), substr(stripslashes($_SERVER["HTTP_USER_AGENT"]), 0, 255)) . "\r\n\r\n"; foreach ($email as $to) { if (empty($to) || strlen($to) < 8) { continue; } @bb_mail($to, "[" . bb_get_option('name') . "] blocklist triggered", $message); } } }
function generate_topic_sql($_part_of_post_query = false) { global $bbdb; $q =& $this->query_vars; $distinct = ''; $sql_calc_found_rows = 'found_rows' === $q['count'] ? 'SQL_CALC_FOUND_ROWS' : ''; // unfiltered $fields = 't.*'; $index_hint = ''; $join = ''; $where = ''; $group_by = ''; $having = ''; $order_by = ''; $post_where = ''; $post_queries = array('post_author_id', 'post_author', 'posted', 'post_status', 'position', 'post_text', 'poster_ip'); if (!$_part_of_post_query && ($q['search'] || array_diff($post_queries, $this->not_set))) { $join .= " JOIN {$bbdb->posts} as p ON ( t.topic_id = p.topic_id )"; $post_where = $this->generate_post_sql(true); if ($q['search']) { $post_where .= ' AND ( '; $post_where .= $this->generate_topic_title_sql($q['search']); $post_where .= ' OR '; $post_where .= $this->generate_post_text_sql($q['search']); $post_where .= ' )'; } $group_by = 't.topic_id'; $fields .= ", MIN(p.post_id) as post_id"; if ($bbdb->has_cap('GROUP_CONCAT', $bbdb->posts)) { $fields .= ", GROUP_CONCAT(p.post_text SEPARATOR ' ') AS post_text"; } else { $fields .= ", p.post_text"; } if ($this->match_query) { $fields .= ", AVG({$this->match_query}) AS search_score"; if (!$q['order_by']) { $q['order_by'] = 'search_score'; } } elseif ($q['search'] || $q['post_text']) { $fields .= ", 0 AS search_score"; } } if (!$_part_of_post_query) { if ($q['post_id']) { $post_topics = $post_topics_no = array(); $op = substr($q['post_id'], 0, 1); if (in_array($op, array('>', '<'))) { $post_topics = $bbdb->get_col("SELECT DISTINCT topic_id FROM {$bbdb->posts} WHERE post_id {$op} '" . (int) substr($q['post_id'], 1) . "'"); } else { $posts = explode(',', $q['post_id']); $get_posts = array(); foreach ($posts as $post_id) { $post_id = (int) $post_id; $_post_id = abs($post_id); $get_posts[] = $_post_id; } bb_cache_posts($get_posts); foreach ($posts as $post_id) { $post = bb_get_post(abs($post_id)); if ($post_id < 0) { $post_topics_no[] = $post->topic_id; } else { $post_topics[] = $post->topic_id; } } } if ($post_topics) { $where .= " AND t.topic_id IN (" . join(',', $post_topics) . ")"; } if ($post_topics_no) { $where .= " AND t.topic_id NOT IN (" . join(',', $post_topics_no) . ")"; } } if ($q['topic_id']) { $where .= $this->parse_value('t.topic_id', $q['topic_id']); } elseif ($q['topic']) { $q['topic'] = bb_slug_sanitize($q['topic']); $where .= " AND t.topic_slug = '{$q['topic']}'"; } if ($q['forum_id']) { $where .= $this->parse_value('t.forum_id', $q['forum_id']); } elseif ($q['forum']) { if (!($q['forum_id'] = bb_get_id_from_slug('forum', $q['forum']))) { $this->error('query_var:forum', 'No forum by that name'); } $where .= " AND t.forum_id = {$q['forum_id']}"; } if ($q['tag'] && !is_int($q['tag_id'])) { $q['tag_id'] = (int) bb_get_tag_id($q['tag']); } if (is_numeric($q['tag_id'])) { $join .= " JOIN `{$bbdb->term_relationships}` AS tr ON ( t.`topic_id` = tr.`object_id` AND tr.`term_taxonomy_id` = {$q['tag_id']} )"; } if (is_numeric($q['favorites']) && ($f_user = bb_get_user($q['favorites']))) { $where .= $this->parse_value('t.topic_id', $f_user->favorites); } } // !_part_of_post_query if ($q['topic_title']) { $where .= ' AND ' . $this->generate_topic_title_sql($q['topic_title']); } if ($q['started']) { $where .= $this->date('t.topic_start_time', $q['started']); } if ($q['updated']) { $where .= $this->date('t.topic_time', $q['updated']); } if ($q['topic_author_id']) { $where .= $this->parse_value('t.topic_poster', $q['topic_author_id']); } elseif ($q['topic_author']) { $user = bb_get_user($q['topic_author'], array('by' => 'login')); if (!($q['topic_author_id'] = (int) $user->ID)) { $this->error('query_var:user', 'No user by that name'); } $where .= " AND t.topic_poster = {$q['topic_author_id']}"; } if (!$q['topic_status']) { $where .= " AND t.topic_status = '0'"; } elseif (false === strpos($q['topic_status'], 'all')) { $stati = array('normal' => 0, 'deleted' => 1); $q['topic_status'] = str_replace(array_keys($stati), array_values($stati), $q['topic_status']); $where .= $this->parse_value('t.topic_status', $q['topic_status']); } if (false !== $q['open'] && false === strpos($q['open'], 'all')) { $stati = array('no' => 0, 'closed' => 0, 'yes' => 1, 'open' => 1); $q['open'] = str_replace(array_keys($stati), array_values($stati), $q['open']); $where .= $this->parse_value('t.topic_open', $q['open']); } if (false !== $q['sticky'] && false === strpos($q['sticky'], 'all')) { $stickies = array('no' => 0, 'normal' => 0, 'forum' => 1, 'super' => 2, 'front' => 2, 'sticky' => '-0'); $q['sticky'] = str_replace(array_keys($stickies), array_values($stickies), $q['sticky']); $where .= $this->parse_value('t.topic_sticky', $q['sticky']); } if (false !== $q['post_count']) { $where .= $this->parse_value('t.topic_posts', $q['post_count']); } if (false !== $q['tag_count']) { $where .= $this->parse_value('t.tag_count', $q['tag_count']); } if ($q['meta_key'] && ($q['meta_key'] = preg_replace('|[^a-z0-9_-]|i', '', $q['meta_key']))) { if ('-' == substr($q['meta_key'], 0, 1)) { $join .= " LEFT JOIN {$bbdb->meta} AS tm ON ( tm.object_type = 'bb_topic' AND t.topic_id = tm.object_id AND tm.meta_key = '" . substr($q['meta_key'], 1) . "' )"; $where .= " AND tm.meta_key IS NULL"; } else { $join .= " JOIN {$bbdb->meta} AS tm ON ( tm.object_type = 'bb_topic' AND t.topic_id = tm.object_id AND tm.meta_key = '{$q['meta_key']}' )"; if ($q['meta_value']) { $q['meta_value'] = maybe_serialize($q['meta_value']); if (strpos($q['meta_value'], 'NULL') !== false) { $join = ' LEFT' . $join; } $where .= $this->parse_value('tm.meta_value', $q['meta_value']); } } } // Just getting topic part for inclusion in post query if ($_part_of_post_query) { return $where; } $where .= $post_where; if ($where) { // Get rid of initial " AND " (this is pre-filters) $where = substr($where, 5); } if ($q['index_hint']) { $index_hint = $q['index_hint']; } if ($q['order_by']) { $order_by = $q['order_by']; } else { $order_by = 't.topic_time'; } $bits = compact(array('distinct', 'sql_calc_found_rows', 'fields', 'index_hint', 'join', 'where', 'group_by', 'having', 'order_by')); $this->request = $this->_filter_sql($bits, "{$bbdb->topics} AS t"); return $this->request; }
/** * BP Group Email Subscription (GES) plugin compatibility. * * GES hooks into the 'bb_new_post' action to send emails in groups, so let's not reinvent the wheel. * Here, we test to see if a forum topic / post is being made and we'll let GES handle the rest! * * @global object $bp * @param int $post_id The forum post ID created by bbPress * @since 1.0-beta */ public function group_forum_listener($post_id) { global $bp; // requires latest version of GES if (!function_exists('ass_group_notification_forum_posts')) { return; } $this->listener = new stdClass(); $this->listener->component = 'forums'; // get the topic ID if it's locally cached if (!empty($bp->rbe->temp->topic_id)) { $topic_id = $bp->rbe->temp->topic_id; $user_id = $bp->rbe->temp->user_id; // query for the topic ID } else { $post = bb_get_post($post_id); $topic_id = $post->topic_id; $user_id = $post->poster_id; } // topic id $this->listener->item_id = $topic_id; // user ID $this->listener->user_id = $user_id; // group id; we filter bp_get_current_group_id() when we post from our IMAP inbox check via WP-cron // @see BP_Reply_By_Email::get_temporary_variables() // @see BP_Reply_By_Email::set_group_id() $this->listener->secondary_item_id = bp_get_current_group_id(); }