Esempio n. 1
0
     while ($attachment = $db->fetch_array($attachs)) {
         if (!$attachment['build_thumbnail']) {
             $attachment['hasthumbnail'] = false;
         }
         $postattach["{$attachment['attachmentid']}"] = $attachment;
     }
     // Attachments added since the edit began.
     $attachs = $db->query_read("\n\t\t\tSELECT dateline, thumbnail_dateline, filename, filesize, visible, attachmentid, counter,\n\t\t\t\tIF(thumbnail_filesize > 0, 1, 0) AS hasthumbnail, thumbnail_filesize,\n\t\t\t\tattachmenttype.thumbnail AS build_thumbnail, attachmenttype.newwindow\n\t\t\tFROM " . TABLE_PREFIX . "attachment AS attachment\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "attachmenttype AS attachmenttype USING (extension)\n\t\t\tWHERE posthash = '" . $db->escape_string($posthash) . "'\n\t\t\t\tAND (userid = " . $vbulletin->userinfo['userid'] . " OR userid = {$postinfo['userid']})\n\t\t\tORDER BY attachmentid\n\t\t");
     while ($attachment = $db->fetch_array($attachs)) {
         if (!$attachment['build_thumbnail']) {
             $attachment['hasthumbnail'] = false;
         }
         $postattach["{$attachment['attachmentid']}"] = $attachment;
     }
     // ### PREVIEW POST ###
     $postpreview = process_post_preview($edit, $postinfo['userid'], $postattach);
     $previewpost = true;
     $_REQUEST['do'] = 'editpost';
 } else {
     if ($vbulletin->GPC['advanced']) {
         // Don't display preview on QuickEdit->Advanced as parseurl is turned off and so the preview won't be correct unless the post originally had checked to not parse links
         // If you turn on parseurl then the opposite happens and you have to go unparse your links if that is what you want. Compromise
         $_REQUEST['do'] = 'editpost';
     } else {
         // ### POST HAS NO ERRORS ###
         $dataman->save();
         $update_edit_log = true;
         // don't show edited by AND reason unchanged - don't update edit log
         if (!($permissions['genericoptions'] & $vbulletin->bf_ugp_genericoptions['showeditedby']) and $edit['reason'] == $postinfo['edit_reason']) {
             $update_edit_log = false;
         }
Esempio n. 2
0
                $errors[] = fetch_error('pmfloodcheck', $vbulletin->options['pmfloodtime'], $vbulletin->options['pmfloodtime'] - $timepassed);
            }
        }
    }
    // process errors if there are any
    $errors = array_merge($errors, $pmdm->errors);
    if (!empty($errors)) {
        define('PMPREVIEW', 1);
        $preview = construct_errors($errors);
        // this will take the preview's place
        $_REQUEST['do'] = 'newpm';
    } else {
        if ($vbulletin->GPC['preview'] != '') {
            define('PMPREVIEW', 1);
            $foruminfo = array('forumid' => 'privatemessage', 'allowicons' => $vbulletin->options['privallowicons']);
            $preview = process_post_preview($pm);
            $_REQUEST['do'] = 'newpm';
        } else {
            // everything's good!
            $pmdm->save();
            // force pm counters to be rebuilt
            $vbulletin->userinfo['pmunread'] = -1;
            build_pm_counters();
            ($hook = vBulletinHook::fetch_hook('private_insertpm_complete')) ? eval($hook) : false;
            $vbulletin->url = 'private.php' . $vbulletin->session->vars['sessionurl_q'];
            eval(print_standard_redirect('pm_messagesent'));
        }
    }
}
// ############################### start new pm ###############################
// form for creating a new private message
Esempio n. 3
0
     $newpost['message'] = htmlspecialchars_uni($newpost['message']);
     $podcasturl = htmlspecialchars_uni($newpost['podcasturl']);
     $podcastsize = $newpost['podcastsize'] ? $newpost['podcastsize'] : '';
     $podcastkeywords = htmlspecialchars_uni($newpost['podcastkeywords']);
     $podcastsubtitle = htmlspecialchars_uni($newpost['podcastsubtitle']);
     $podcastauthor = htmlspecialchars_uni($newpost['podcastauthor']);
     $explicitchecked = $newpost['podcastexplicit'] ? 'checked="checked"' : '';
 } else {
     if ($newpost['preview']) {
         if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] and $vbulletin->userinfo['userid'] and !empty($vbulletin->userinfo['attachmentextensions'])) {
             require_once DIR . '/packages/vbattach/attach.php';
             $attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post');
             $postattach = $attach->fetch_postattach($posthash);
         }
         // ### PREVIEW POST ###
         $postpreview = process_post_preview($newpost, 0, $postattach);
         $_REQUEST['do'] = 'newthread';
         $newpost['message'] = htmlspecialchars_uni($newpost['message']);
         $podcasturl = htmlspecialchars_uni($newpost['podcasturl']);
         $podcastsize = $newpost['podcastsize'] ? $newpost['podcastsize'] : '';
         $podcastkeywords = htmlspecialchars_uni($newpost['podcastkeywords']);
         $podcastsubtitle = htmlspecialchars_uni($newpost['podcastsubtitle']);
         $podcastauthor = htmlspecialchars_uni($newpost['podcastauthor']);
         $explicitchecked = $newpost['podcastexplicit'] ? 'checked="checked"' : '';
     } else {
         // ### NOT PREVIEW - ACTUAL POST ###
         $threadinfo = fetch_threadinfo($newpost['threadid']);
         // need the forumread variable from this
         mark_thread_read($threadinfo, $foruminfo, $vbulletin->userinfo['userid'], TIMENOW);
         ($hook = vBulletinHook::fetch_hook('newthread_post_complete')) ? eval($hook) : false;
         if ($newpost['postpoll']) {
Esempio n. 4
0
     $ids = $vbulletin->db->query_read_slave("\n\t\t\tSELECT postid\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE\n\t\t\t\tthreadid = {$postinfo['threadid']}\n\t\t\t\t\tAND\n\t\t\t\tattach > 0\n\t\t");
     while ($id = $vbulletin->db->fetch_array($ids)) {
         $idlist[] = $id['postid'];
     }
     $postattach = $attach->fetch_postattach($posthash, $idlist, $postinfo['userid'], true);
     if ($postattach['bycontent'][0]) {
         if ($postattach['bycontent'][$postinfo['postid']]) {
             $postattach['bycontent'][$postinfo['postid']] = $postattach['bycontent'][$postinfo['postid']] + $postattach['bycontent'][0];
         } else {
             $postattach['bycontent'][$postinfo['postid']] = $postattach['bycontent'][0];
         }
         unset($postattach['bycontent'][0]);
     }
     $edit['postid'] = $postinfo['postid'];
     // ### PREVIEW POST ###
     $postpreview = process_post_preview($edit, $postinfo['userid'], $postattach['bycontent'][$postinfo['postid']], $postattach['byattachment']);
     $previewpost = true;
     $_REQUEST['do'] = 'editpost';
 } else {
     if ($vbulletin->GPC['advanced']) {
         // Don't display preview on QuickEdit->Advanced as parseurl is turned off and so the preview won't be correct unless the post originally had checked to not parse links
         // If you turn on parseurl then the opposite happens and you have to go unparse your links if that is what you want. Compromise
         $_REQUEST['do'] = 'editpost';
     } else {
         // ### POST HAS NO ERRORS ###
         $dataman->save();
         clear_autosave_text('vBForum_Post', $postinfo['postid'], 0, $vbulletin->userinfo['userid']);
         $update_edit_log = true;
         // don't show edited by AND reason unchanged - don't update edit log
         if (!($permissions['genericoptions'] & $vbulletin->bf_ugp_genericoptions['showeditedby']) and $edit['reason'] == $postinfo['edit_reason']) {
             $update_edit_log = false;
Esempio n. 5
0
function do_send_pm()
{
    global $vbulletin, $db, $permissions;
    if (!$vbulletin->userinfo['userid']) {
        json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN);
    }
    $vbulletin->input->clean_array_gpc('r', array('wysiwyg' => TYPE_BOOL, 'title' => TYPE_NOHTML, 'message' => TYPE_STR, 'parseurl' => TYPE_BOOL, 'savecopy' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'receipt' => TYPE_BOOL, 'preview' => TYPE_STR, 'recipients' => TYPE_STR, 'bccrecipients' => TYPE_STR, 'iconid' => TYPE_UINT, 'forward' => TYPE_BOOL, 'folderid' => TYPE_INT, 'sendanyway' => TYPE_BOOL));
    if ($vbulletin->GPC['message']) {
        $vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']);
    }
    if ($vbulletin->GPC['title']) {
        $vbulletin->GPC['title'] = prepare_remote_utf8_string($vbulletin->GPC['title']);
    }
    if ($vbulletin->GPC['recipients']) {
        $vbulletin->GPC['recipients'] = prepare_remote_utf8_string($vbulletin->GPC['recipients']);
    }
    $vbulletin->GPC['savecopy'] = true;
    if ($permissions['pmquota'] < 1) {
        json_error(ERR_NO_PERMISSION);
    } else {
        if (!$vbulletin->userinfo['receivepm']) {
            json_error(strip_tags(fetch_error('pm_turnedoff')), RV_POST_ERROR);
        }
    }
    if (fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid'])) {
        json_error(strip_tags(fetch_error('pm_throttle_reached', $vbulletin->userinfo['permissions']['pmthrottlequantity'], $vbulletin->options['pmthrottleperiod'])), RV_POST_ERROR);
    }
    // include useful functions
    require_once DIR . '/includes/functions_newpost.php';
    // parse URLs in message text
    if ($vbulletin->options['privallowbbcode'] and $vbulletin->GPC['parseurl']) {
        $vbulletin->GPC['message'] = convert_url_to_bbcode($vbulletin->GPC['message']);
    }
    $pm['message'] =& $vbulletin->GPC['message'];
    $pm['title'] =& $vbulletin->GPC['title'];
    $pm['parseurl'] =& $vbulletin->GPC['parseurl'];
    $pm['savecopy'] =& $vbulletin->GPC['savecopy'];
    $pm['signature'] =& $vbulletin->GPC['signature'];
    $pm['disablesmilies'] =& $vbulletin->GPC['disablesmilies'];
    $pm['sendanyway'] =& $vbulletin->GPC['sendanyway'];
    $pm['receipt'] =& $vbulletin->GPC['receipt'];
    $pm['recipients'] =& $vbulletin->GPC['recipients'];
    $pm['bccrecipients'] =& $vbulletin->GPC['bccrecipients'];
    $pm['pmid'] =& $vbulletin->GPC['pmid'];
    $pm['iconid'] =& $vbulletin->GPC['iconid'];
    $pm['forward'] =& $vbulletin->GPC['forward'];
    $pm['folderid'] =& $vbulletin->GPC['folderid'];
    // *************************************************************
    // PROCESS THE MESSAGE AND INSERT IT INTO THE DATABASE
    $errors = array();
    // catches errors
    if ($vbulletin->userinfo['pmtotal'] > $permissions['pmquota'] or $vbulletin->userinfo['pmtotal'] == $permissions['pmquota'] and $pm['savecopy']) {
        json_error(strip_tags(fetch_error('yourpmquotaexceeded')), RV_POST_ERROR);
    }
    // create the DM to do error checking and insert the new PM
    $pmdm =& datamanager_init('PM', $vbulletin, ERRTYPE_ARRAY);
    $pmdm->set_info('savecopy', $pm['savecopy']);
    $pmdm->set_info('receipt', $pm['receipt']);
    $pmdm->set_info('cantrackpm', $cantrackpm);
    $pmdm->set_info('forward', $pm['forward']);
    $pmdm->set_info('bccrecipients', $pm['bccrecipients']);
    if ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) {
        $pmdm->overridequota = true;
    }
    $pmdm->set('fromuserid', $vbulletin->userinfo['userid']);
    $pmdm->set('fromusername', $vbulletin->userinfo['username']);
    $pmdm->setr('title', $pm['title']);
    $pmdm->set_recipients($pm['recipients'], $permissions, 'cc');
    $pmdm->set_recipients($pm['bccrecipients'], $permissions, 'bcc');
    $pmdm->setr('message', $pm['message']);
    $pmdm->setr('iconid', $pm['iconid']);
    $pmdm->set('dateline', TIMENOW);
    $pmdm->setr('showsignature', $pm['signature']);
    $pmdm->set('allowsmilie', $pm['disablesmilies'] ? 0 : 1);
    if (!$pm['forward']) {
        $pmdm->set_info('parentpmid', $pm['pmid']);
    }
    $pmdm->set_info('replypmid', $pm['pmid']);
    ($hook = vBulletinHook::fetch_hook('private_insertpm_process')) ? eval($hook) : false;
    $pmdm->pre_save();
    // deal with user using receivepmbuddies sending to non-buddies
    if ($vbulletin->userinfo['receivepmbuddies'] and is_array($pmdm->info['recipients'])) {
        $users_not_on_list = array();
        // get a list of super mod groups
        $smod_groups = array();
        foreach ($vbulletin->usergroupcache as $ugid => $groupinfo) {
            if ($groupinfo['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) {
                // super mod group
                $smod_groups[] = $ugid;
            }
        }
        // now filter out all moderators (and super mods) from the list of recipients
        // to check against the buddy list
        $check_recipients = $pmdm->info['recipients'];
        $mods = $db->query_read_slave("\n\t\t\tSELECT user.userid\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "moderator AS moderator ON (moderator.userid = user.userid)\n\t\t\tWHERE user.userid IN (" . implode(',', array_keys($check_recipients)) . ")\n\t\t\t\tAND ((moderator.userid IS NOT NULL AND moderator.forumid <> -1)\n\t\t\t\t" . (!empty($smod_groups) ? "OR user.usergroupid IN (" . implode(',', $smod_groups) . ")" : '') . "\n\t\t\t\t)\n\t\t");
        while ($mod = $db->fetch_array($mods)) {
            unset($check_recipients["{$mod['userid']}"]);
        }
        if (!empty($check_recipients)) {
            // filter those on our buddy list out
            $users = $db->query_read_slave("\n\t\t\t\tSELECT userlist.relationid\n\t\t\t\tFROM " . TABLE_PREFIX . "userlist AS userlist\n\t\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\t\tAND userlist.relationid IN(" . implode(array_keys($check_recipients), ',') . ")\n\t\t\t\t\tAND type = 'buddy'\n\t\t\t");
            while ($user = $db->fetch_array($users)) {
                unset($check_recipients["{$user['relationid']}"]);
            }
        }
        // what's left must be those who are neither mods or on our buddy list
        foreach ($check_recipients as $userid => $user) {
            $users_not_on_list["{$userid}"] = $user['username'];
        }
        if (!empty($users_not_on_list) and (!$vbulletin->GPC['sendanyway'] or !empty($errors))) {
            $users = '';
            foreach ($users_not_on_list as $userid => $username) {
                $users .= "<li><a href=\"member.php?" . $vbulletin->session->vars['sessionurl'] . "u={$userid}\" target=\"profile\">{$username}</a></li>";
            }
            $pmdm->error('pm_non_contacts_cant_reply', $users);
        }
    }
    // check for message flooding
    if ($vbulletin->options['pmfloodtime'] > 0 and !$vbulletin->GPC['preview']) {
        if (!($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and !can_moderate()) {
            $floodcheck = $db->query_first("\n\t\t\t\tSELECT pmtextid, title, dateline\n\t\t\t\tFROM " . TABLE_PREFIX . "pmtext AS pmtext\n\t\t\t\tWHERE fromuserid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tORDER BY dateline DESC\n\t\t\t");
            if (($timepassed = TIMENOW - $floodcheck['dateline']) < $vbulletin->options['pmfloodtime']) {
                json_error(strip_tags(fetch_error('pmfloodcheck', $vbulletin->options['pmfloodtime'], $vbulletin->options['pmfloodtime'] - $timepassed)), RV_POST_ERROR);
            }
        }
    }
    // process errors if there are any
    $errors = array_merge($errors, $pmdm->errors);
    if (!empty($errors)) {
        json_error(strip_tags($errors[0]), RV_POST_ERROR);
    } else {
        if ($vbulletin->GPC['preview'] != '') {
            define('PMPREVIEW', 1);
            $foruminfo = array('forumid' => 'privatemessage', 'allowicons' => $vbulletin->options['privallowicons']);
            $preview = process_post_preview($pm);
            $_REQUEST['do'] = 'newpm';
        } else {
            // everything's good!
            $pmdm->save();
            // force pm counters to be rebuilt
            $vbulletin->userinfo['pmunread'] = -1;
            build_pm_counters();
        }
    }
    return array('success' => 1);
}
Esempio n. 6
0
function do_post_edit()
{
    global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo;
    global $postinfo, $vbphrase, $stylevar, $permissions;
    $checked = array();
    $edit = array();
    $postattach = array();
    $contenttype = 'vBForum_Post';
    if (!$postinfo['postid'] or $postinfo['isdeleted'] or !$postinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
        json_error(ERR_INVALID_TOP, RV_POST_ERROR);
    }
    if (!$threadinfo['threadid'] or $threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
        json_error(ERR_INVALID_TOP, RV_POST_ERROR);
    }
    if ($vbulletin->options['wordwrap']) {
        $threadinfo['title'] = fetch_word_wrapped_string($threadinfo['title']);
    }
    // get permissions info
    $_permsgetter_ = 'edit post';
    $forumperms = fetch_permissions($threadinfo['forumid']);
    if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
        json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
    }
    $foruminfo = fetch_foruminfo($threadinfo['forumid'], false);
    // check if there is a forum password and if so, ensure the user has it set
    verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
    // need to get last post-type information
    cache_ordered_forums(1);
    // determine if we are allowed to be updating the thread's info
    $can_update_thread = ($threadinfo['firstpostid'] == $postinfo['postid'] and (can_moderate($threadinfo['forumid'], 'caneditthreads') or $postinfo['dateline'] + $vbulletin->options['editthreadtitlelimit'] * 60 > TIMENOW));
    // otherwise, post is being edited
    if (!can_moderate($threadinfo['forumid'], 'caneditposts')) {
        // check for moderator
        if (!$threadinfo['open']) {
            $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}";
            json_error(fetch_error('threadclosed'), RV_POST_ERROR);
        }
        if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['caneditpost'])) {
            json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
        } else {
            if ($vbulletin->userinfo['userid'] != $postinfo['userid']) {
                // check user owns this post
                json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
            } else {
                // check for time limits
                if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) {
                    json_error(fetch_error('edittimelimit', $vbulletin->options['edittimelimit'], $vbulletin->options['contactuslink']), RV_POST_ERROR);
                }
            }
        }
    }
    // Variables reused in templates
    $poststarttime =& $vbulletin->input->clean_gpc('r', poststarttime, TYPE_UINT);
    $posthash = md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']);
    $vbulletin->input->clean_array_gpc('p', array('stickunstick' => TYPE_BOOL, 'openclose' => TYPE_BOOL, 'wysiwyg' => TYPE_BOOL, 'message' => TYPE_STR, 'title' => TYPE_STR, 'prefixid' => TYPE_NOHTML, 'iconid' => TYPE_UINT, 'parseurl' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'reason' => TYPE_NOHTML, 'preview' => TYPE_STR, 'folderid' => TYPE_UINT, 'emailupdate' => TYPE_UINT, 'ajax' => TYPE_BOOL, 'advanced' => TYPE_BOOL, 'postcount' => TYPE_UINT, 'podcasturl' => TYPE_STR, 'podcastsize' => TYPE_UINT, 'podcastexplicit' => TYPE_BOOL, 'podcastkeywords' => TYPE_STR, 'podcastsubtitle' => TYPE_STR, 'podcastauthor' => TYPE_STR, 'quickeditnoajax' => TYPE_BOOL));
    if ($vbulletin->GPC['message']) {
        $vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']);
    }
    $vbulletin->GPC['signature'] = $vbulletin->GPC_exists['signature'] = true;
    // Make sure the posthash is valid
    ($hook = vBulletinHook::fetch_hook('editpost_update_start')) ? eval($hook) : false;
    if (md5($poststarttime . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $posthash) {
        $posthash = 'invalid posthash';
        // don't phrase me
    }
    // ### PREP INPUT ###
    if ($vbulletin->GPC['wysiwyg']) {
        require_once DIR . '/includes/functions_wysiwyg.php';
        $edit['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $foruminfo['allowhtml']);
    } else {
        $edit['message'] =& $vbulletin->GPC['message'];
    }
    $cansubscribe = true;
    // Are we editing someone else's post? If so load that users subscription info for this thread.
    if ($vbulletin->userinfo['userid'] != $postinfo['userid']) {
        if ($postinfo['userid']) {
            $userinfo = fetch_userinfo($postinfo['userid']);
            cache_permissions($userinfo);
        }
        $cansubscribe = ($userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canview'] and $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($threadinfo['postuserid'] == $userinfo['userid'] or $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewothers']));
        if ($cansubscribe and $otherthreadinfo = $db->query_first_slave("\n\t\t\tSELECT emailupdate, folderid\n\t\t\tFROM " . TABLE_PREFIX . "subscribethread\n\t\t\tWHERE threadid = {$threadinfo['threadid']} AND\n\t\t\t\tuserid = {$postinfo['userid']} AND\n\t\t\t\tcanview = 1")) {
            $threadinfo['issubscribed'] = true;
            $threadinfo['emailupdate'] = $otherthreadinfo['emailupdate'];
            $threadinfo['folderid'] = $otherthreadinfo['folderid'];
        } else {
            $threadinfo['issubscribed'] = false;
            // use whatever emailupdate setting came through
        }
    }
    if ($vbulletin->GPC['ajax'] or $vbulletin->GPC['quickeditnoajax']) {
        // quick edit
        $tmpmessage = $vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($edit['message']) : $edit['message'];
        $edit = $postinfo;
        $edit['message'] =& $tmpmessage;
        $edit['title'] = unhtmlspecialchars($edit['title']);
        $edit['signature'] =& $edit['showsignature'];
        $edit['enablesmilies'] =& $edit['allowsmilie'];
        $edit['disablesmilies'] = $edit['enablesmilies'] ? 0 : 1;
        $edit['parseurl'] = true;
        $edit['prefixid'] = $threadinfo['prefixid'];
        $edit['reason'] = fetch_censored_text($vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($vbulletin->GPC['reason']) : $vbulletin->GPC['reason']);
    } else {
        $edit['iconid'] =& $vbulletin->GPC['iconid'];
        $edit['title'] =& $vbulletin->GPC['title'];
        $edit['prefixid'] = ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) ? $vbulletin->GPC['prefixid'] : $threadinfo['prefixid'];
        $edit['podcasturl'] =& $vbulletin->GPC['podcasturl'];
        $edit['podcastsize'] =& $vbulletin->GPC['podcastsize'];
        $edit['podcastexplicit'] =& $vbulletin->GPC['podcastexplicit'];
        $edit['podcastkeywords'] =& $vbulletin->GPC['podcastkeywords'];
        $edit['podcastsubtitle'] =& $vbulletin->GPC['podcastsubtitle'];
        $edit['podcastauthor'] =& $vbulletin->GPC['podcastauthor'];
        // Leave this off for quickedit->advanced so that a post with unparsed links doesn't get parsed just by going to Advanced Edit
        $edit['parseurl'] = true;
        $edit['signature'] =& $vbulletin->GPC['signature'];
        $edit['disablesmilies'] =& $vbulletin->GPC['disablesmilies'];
        $edit['enablesmilies'] = $edit['allowsmilie'] = $edit['disablesmilies'] ? 0 : 1;
        $edit['stickunstick'] =& $vbulletin->GPC['stickunstick'];
        $edit['openclose'] =& $vbulletin->GPC['openclose'];
        $edit['reason'] = fetch_censored_text($vbulletin->GPC['reason']);
        $edit['preview'] =& $vbulletin->GPC['preview'];
        $edit['folderid'] =& $vbulletin->GPC['folderid'];
        if (!$vbulletin->GPC['advanced']) {
            if ($vbulletin->GPC_exists['emailupdate']) {
                $edit['emailupdate'] =& $vbulletin->GPC['emailupdate'];
            } else {
                $edit['emailupdate'] = array_pop($array = array_keys(fetch_emailchecked($threadinfo)));
            }
        }
    }
    $dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
    $dataman->set_existing($postinfo);
    ($hook = vBulletinHook::fetch_hook('editpost_update_process')) ? eval($hook) : false;
    // set info
    $dataman->set_info('parseurl', $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL and $foruminfo['allowbbcode'] and $edit['parseurl']);
    $dataman->set_info('posthash', $posthash);
    $dataman->set_info('forum', $foruminfo);
    $dataman->set_info('thread', $threadinfo);
    $dataman->set_info('show_title_error', true);
    $dataman->set_info('podcasturl', $edit['podcasturl']);
    $dataman->set_info('podcastsize', $edit['podcastsize']);
    $dataman->set_info('podcastexplicit', $edit['podcastexplicit']);
    $dataman->set_info('podcastkeywords', $edit['podcastkeywords']);
    $dataman->set_info('podcastsubtitle', $edit['podcastsubtitle']);
    $dataman->set_info('podcastauthor', $edit['podcastauthor']);
    if ($postinfo['userid'] == $vbulletin->userinfo['userid']) {
        $dataman->set_info('user', $vbulletin->userinfo);
    }
    // set options
    $dataman->setr('showsignature', $edit['signature']);
    $dataman->setr('allowsmilie', $edit['enablesmilies']);
    // set data
    /*$dataman->setr('userid', $vbulletin->userinfo['userid']);
    	if ($vbulletin->userinfo['userid'] == 0)
    	{
    		$dataman->setr('username', $post['username']);
    	}*/
    $dataman->setr('title', $edit['title']);
    $dataman->setr('pagetext', $edit['message']);
    if ($postinfo['userid'] != $vbulletin->userinfo['userid']) {
        $dataman->setr('iconid', $edit['iconid'], true, false);
    } else {
        $dataman->setr('iconid', $edit['iconid']);
    }
    $postusername = $vbulletin->userinfo['username'];
    $dataman->pre_save();
    if ($dataman->errors) {
        $errors = $dataman->errors;
    }
    if ($dataman->info['podcastsize']) {
        $edit['podcastsize'] = $dataman->info['podcastsize'];
    }
    if (sizeof($errors) > 0) {
        fr_standard_error($errors[0]);
    } else {
        if ($edit['preview']) {
            require_once DIR . '/packages/vbattach/attach.php';
            $attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post');
            $postattach = $attach->fetch_postattach($posthash, $postinfo['postid']);
            // ### PREVIEW POST ###
            $postpreview = process_post_preview($edit, $postinfo['userid'], $postattach);
            $previewpost = true;
            $_REQUEST['do'] = 'editpost';
        } else {
            if ($vbulletin->GPC['advanced']) {
                // Don't display preview on QuickEdit->Advanced as parseurl is turned off and so the preview won't be correct unless the post originally had checked to not parse links
                // If you turn on parseurl then the opposite happens and you have to go unparse your links if that is what you want. Compromise
                $_REQUEST['do'] = 'editpost';
            } else {
                // ### POST HAS NO ERRORS ###
                $dataman->save();
                $update_edit_log = true;
                // don't show edited by AND reason unchanged - don't update edit log
                if (!($permissions['genericoptions'] & $vbulletin->bf_ugp_genericoptions['showeditedby']) and $edit['reason'] == $postinfo['edit_reason']) {
                    $update_edit_log = false;
                }
                if ($update_edit_log) {
                    // ug perm: show edited by
                    if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['noeditedbytime'] * 60 or !empty($edit['reason'])) {
                        // save the postedithistory
                        if ($vbulletin->options['postedithistory']) {
                            // insert original post on first edit
                            if (!$db->query_first("SELECT postedithistoryid FROM " . TABLE_PREFIX . "postedithistory WHERE original = 1 AND postid = " . $postinfo['postid'])) {
                                $db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, original, pagetext)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t\t" . $postinfo['userid'] . ",\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['username']) . "',\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['title']) . "',\n\t\t\t\t\t\t\t\t{$postinfo['iconid']},\n\t\t\t\t\t\t\t\t" . $postinfo['dateline'] . ",\n\t\t\t\t\t\t\t\t'',\n\t\t\t\t\t\t\t\t1,\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['pagetext']) . "')\n\t\t\t\t\t\t");
                            }
                            // insert the new version
                            $db->query_write("\n\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, pagetext)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['title']) . "',\n\t\t\t\t\t\t\t{$edit['iconid']},\n\t\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['message']) . "')\n\t\t\t\t\t");
                        }
                        /*insert query*/
                        $db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "editlog\n\t\t\t\t\t\t(postid, userid, username, dateline, reason, hashistory)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t" . ($vbulletin->options['postedithistory'] ? 1 : 0) . ")\n\t\t\t\t");
                    }
                }
                $date = vbdate($vbulletin->options['dateformat'], TIMENOW);
                $time = vbdate($vbulletin->options['timeformat'], TIMENOW);
                // initialize thread / forum update clauses
                $forumupdate = false;
                $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost');
                $threadman->set_existing($threadinfo);
                $threadman->set_info('pagetext', $edit['message']);
                if ($can_update_thread and $edit['title'] != '') {
                    // need to update thread title and iconid
                    if (!can_moderate($threadinfo['forumid'])) {
                        $threadman->set_info('skip_moderator_log', true);
                    }
                    $threadman->set_info('skip_first_post_update', true);
                    if ($edit['title'] != $postinfo['title']) {
                        $threadman->set('title', unhtmlspecialchars($edit['title']));
                    }
                    if ($edit['iconid'] != $postinfo['iconid']) {
                        $threadman->set('iconid', $edit['iconid']);
                    }
                    if ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) {
                        $threadman->set('prefixid', $vbulletin->GPC['prefixid']);
                        if ($threadman->thread['prefixid'] === '' and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) {
                            // the prefix wasn't valid or was set to an empty one, but that's not allowed
                            $threadman->do_unset('prefixid');
                        }
                    }
                    // do we need to update the forum counters?
                    $forumupdate = $foruminfo['lastthreadid'] == $threadinfo['threadid'] ? true : false;
                }
                // can this user open/close this thread if they want to?
                if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) {
                    $threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
                }
                if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
                    $threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
                }
                ($hook = vBulletinHook::fetch_hook('editpost_update_thread')) ? eval($hook) : false;
                $threadman->save();
                // if this is a mod edit, then log it
                if ($vbulletin->userinfo['userid'] != $postinfo['userid'] and can_moderate($threadinfo['forumid'], 'caneditposts')) {
                    $modlog = array('threadid' => $threadinfo['threadid'], 'forumid' => $threadinfo['forumid'], 'postid' => $postinfo['postid']);
                    log_moderator_action($modlog, 'post_x_edited', $postinfo['title']);
                }
                require_once DIR . '/includes/functions_databuild.php';
                // do forum update if necessary
                if ($forumupdate) {
                    build_forum_counters($threadinfo['forumid']);
                }
                // don't do thread subscriptions if we are doing quick edit
                if (!$vbulletin->GPC['ajax'] and !$vbulletin->GPC['quickeditnoajax']) {
                    // ### DO THREAD SUBSCRIPTION ###
                    // We use $postinfo[userid] so that we update the user who posted this, not the user who is editing this
                    if (!$threadinfo['issubscribed'] and $edit['emailupdate'] != 9999) {
                        // user is not subscribed to this thread so insert it
                        /*insert query*/
                        $db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t");
                    } else {
                        // User is subscribed, see if they changed the settings for this thread
                        if ($edit['emailupdate'] == 9999) {
                            // Remove this subscription, user chose 'No Subscription'
                            /*insert query*/
                            $db->query_write("\n\t\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\t\t\t\tAND userid = {$postinfo['userid']}\n\t\t\t\t\t");
                        } else {
                            if ($threadinfo['emailupdate'] != $edit['emailupdate'] or $threadinfo['folderid'] != $edit['folderid']) {
                                // User changed the settings so update the current record
                                /*insert query*/
                                $db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t\t");
                            }
                        }
                    }
                }
                ($hook = vBulletinHook::fetch_hook('editpost_update_complete')) ? eval($hook) : false;
            }
        }
    }
    return array('success' => true);
}
Esempio n. 7
0
         $quote_postids = explode(',', $vbulletin->GPC['vbulletin_multiquote']);
     } else {
         $quote_postids = array();
     }
     if ($quote_postids) {
         fetch_quotable_posts($quote_postids, $threadinfo['threadid'], $unquoted_post_count, $quoted_post_ids);
         // handle MQ VBIV-388
         $multiquote_empty = 'only';
     }
     if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] and $vbulletin->userinfo['userid'] and !empty($vbulletin->userinfo['attachmentextensions'])) {
         require_once DIR . '/packages/vbattach/attach.php';
         $attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post');
         $postattach = $attach->fetch_postattach($posthash, 0, $postinfo['userid'], true, $attachid);
     }
     // ### PREVIEW POST ###
     $postpreview = process_post_preview($newpost, 0, $postattach['bycontent'][0], $postattach['byattachment']);
     $_REQUEST['do'] = 'newreply';
     $newpost['message'] = htmlspecialchars_uni($newpost['message']);
 } else {
     // ### NOT PREVIEW - ACTUAL POST ###
     if ($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) {
         $threadview = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - $vbulletin->options['markinglimit'] * 86400);
     } else {
         $threadview = intval(fetch_bbarray_cookie('thread_lastview', $thread['threadid']));
         if (!$threadview) {
             $threadview = $vbulletin->userinfo['lastvisit'];
         }
     }
     $newpostid = $newpost['postid'];
     if ($cms_comment_thread) {
         // Expire any CMS comments cache entries.