if ((session::get_value('UID') != $preview_message['FROM_UID'] || session::check_perm(USER_PERM_PILLORIED, 0)) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_top(sprintf("title=%s", gettext("Error"))); post_edit_refuse($tid, $pid); html_draw_bottom(); exit; } if (forum_get_setting('require_post_approval', 'Y') && isset($preview_message['APPROVED']) && $preview_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_top(sprintf("title=%s", gettext("Error"))); post_edit_refuse($tid, $pid); html_draw_bottom(); exit; } } if (isset($_POST['endpoll'])) { if (poll_close($tid)) { post_add_edit_text($tid, 1); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $preview_message['FROM_UID'] != session::get_value('UID')) { admin_add_log_entry(EDIT_POST, array($t_fid, $tid, $pid)); } } if ($thread_data['LENGTH'] > 1) { header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&edit_success={$msg}"); exit; } else { header_redirect("discussion.php?webtag={$webtag}&edit_success={$msg}"); exit; } } html_draw_top(sprintf("title=%s", gettext("Close Poll")), "post.js", "resize_width=720", "basetarget=_blank", 'class=window_title'); echo "<h1>", gettext("Close Poll"), " {$tid}.{$pid}</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
$error_msg_array[] = gettext("You cannot post attachments in this folder. Remove attachments to continue."); $valid = false; } if ((forum_get_setting('allow_post_editing', 'N') || $uid != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg)); } if (forum_get_setting('require_post_approval', 'Y') && isset($edit_message['APPROVED']) && $edit_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg)); } if ($valid) { $t_content_new = $t_content; if ($allow_sig == true && isset($t_sig)) { $t_content_new .= "<div class=\"sig\">{$t_sig}</div>"; } if (post_update($t_fid, $tid, $pid, $t_content_new)) { post_add_edit_text($tid, $pid); post_save_attachment_id($tid, $pid, $aid); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $edit_message['FROM_UID'] != $uid) { admin_add_log_entry(EDIT_POST, array($t_fid, $tid, $pid)); } header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&edit_success={$msg}"); exit; } else { $error_msg_array[] = gettext("Error updating post"); } } } else { if (isset($_POST['emots_toggle']) || isset($_POST['sig_toggle'])) { if (isset($_POST['emots_toggle'])) { $page_prefs = (double) $page_prefs ^ POST_EMOTICONS_DISPLAY; } else {
function attachments_delete_thumbnail($hash) { if (!is_md5($hash)) { return false; } if (!($db = db::get())) { return false; } if (($uid = session::get_value('UID')) === false) { return false; } if (!($attachment_dir = forum_get_setting('attachment_dir'))) { return false; } // Fetch the attachment to make sure the user // is able to delete it, i.e. it belongs to them. if ($table_prefix = get_table_prefix()) { $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, "; $sql .= "PAI.PID, THREAD.FID FROM POST_ATTACHMENT_FILES PAF "; $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) "; $sql .= "LEFT JOIN `{$table_prefix}THREAD` THREAD ON (THREAD.TID = PAI.TID) "; $sql .= "WHERE PAF.HASH = '{$hash}'"; } else { $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, "; $sql .= "PAI.PID FROM POST_ATTACHMENT_FILES PAF "; $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) "; $sql .= "WHERE PAF.HASH = '{$hash}'"; } if (!($result = $db->query($sql))) { return false; } if ($result->num_rows == 0) { return false; } $attachment_data = $result->fetch_assoc(); if (!isset($attachment_data['FID'])) { $attachment_data['FID'] = 0; } if (!($attachment_data['UID'] == $uid || session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']))) { return false; } if (isset($attachment_data['TID']) && isset($attachment_data['PID'])) { post_add_edit_text($attachment_data['TID'], $attachment_data['PID']); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']) && $attachment_data['UID'] != $uid) { $log_data = array($attachment_data['TID'], $attachment_data['PID'], $attachment_data['FILENAME']); admin_add_log_entry(ATTACHMENTS_DELETE, $log_data); } } @unlink("{$attachment_dir}/{$hash}.thumb"); return true; }
function attachments_delete_thumbnail($hash) { if (!is_md5($hash)) { return false; } if (!($db = db::get())) { return false; } if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) { return false; } if (!($attachment_dir = attachments_check_dir())) { return false; } $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, "; $sql .= "PAI.PID FROM POST_ATTACHMENT_FILES PAF "; $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) "; $sql .= "WHERE PAF.HASH = '{$hash}'"; if (!($result = $db->query($sql))) { return false; } if ($result->num_rows == 0) { return false; } $attachment_data = $result->fetch_assoc(); if (!isset($attachment_data['FID'])) { $attachment_data['FID'] = 0; } if (!($attachment_data['UID'] == $_SESSION['UID'] || session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']))) { return false; } if (isset($attachment_data['TID']) && isset($attachment_data['PID'])) { post_add_edit_text($attachment_data['TID'], $attachment_data['PID']); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']) && $attachment_data['UID'] != $_SESSION['UID']) { $log_data = array($attachment_data['TID'], $attachment_data['PID'], $attachment_data['FILENAME']); admin_add_log_entry(ATTACHMENTS_DELETE, $log_data); } } @unlink("{$attachment_dir}/{$hash}.thumb"); return true; }
$process_valid = false; } if ($process_valid && !session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid)) { $process_valid = false; } if ($process_valid && !($thread_data = thread_get($delete_tid, false, false, true))) { $process_valid = false; } if ($process_valid && !($preview_message = messages_get($delete_tid, $delete_pid, 1))) { $process_valid = false; } if ($process_valid && isset($preview_message['APPROVED'])) { $process_valid = false; } if ($process_valid && post_delete($delete_tid, $delete_pid)) { post_add_edit_text($delete_tid, $delete_pid); if (session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid) && (!isset($preview_message['FROM_UID']) || $preview_message['FROM_UID'] != $_SESSION['UID'])) { admin_add_log_entry(DELETE_POST, array($delete_fid, $delete_tid, $delete_pid)); } } else { $valid = false; } } if ($valid) { header_redirect("admin_post_approve.php?webtag={$webtag}&page={$page}&delete_success=true"); exit; } else { $error_msg_array[] = gettext("Failed to delete some messages"); } } else { html_draw_top(array('title' => gettext('Delete Message'), 'class' => 'window_title'));