function queue_post_voters_flaggers($post) { if (!qa_user_post_permit_error('permit_view_voters_flaggers', $post)) { $postids = array(@$post['postid'], @$post['opostid']); // opostid can be relevant for flags foreach ($postids as $postid) { if (isset($postid) && !isset($this->qa_voters_flaggers_cache[$postid])) { $this->qa_voters_flaggers_queue[$postid] = true; } } } }
function qa_page_q_edit_c_submit($comment, $question, $parent, &$in, &$errors) { $commentid = $comment['postid']; $prefix = 'c' . $commentid . '_'; $in = array(); if ($comment['isbyuser']) { $in['name'] = qa_post_text($prefix . 'name'); $in['notify'] = qa_post_text($prefix . 'notify') ? true : false; $in['email'] = qa_post_text($prefix . 'email'); } if (!qa_user_post_permit_error('permit_edit_silent', $comment)) { $in['silent'] = qa_post_text($prefix . 'silent'); } qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']); // here the $in array only contains values for parts of the form that were displayed, so those are only ones checked by filters $errors = array(); if (!qa_check_form_security_code('edit-' . $commentid, qa_post_text($prefix . 'code'))) { $errors['content'] = qa_lang_html('misc/form_security_again'); } else { $in['queued'] = qa_opt('moderate_edited_again') && qa_user_moderation_reason(qa_user_level_for_post($comment)); $filtermodules = qa_load_modules_with('filter', 'filter_comment'); foreach ($filtermodules as $filtermodule) { $oldin = $in; $filtermodule->filter_comment($in, $errors, $question, $parent, $comment); qa_update_post_text($in, $oldin); } if (empty($errors)) { $userid = qa_get_logged_in_userid(); $handle = qa_get_logged_in_handle(); $cookieid = qa_cookie_get(); if (!isset($in['silent'])) { $in['silent'] = false; } $setnotify = $comment['isbyuser'] ? qa_combine_notify_email($comment['userid'], $in['notify'], $in['email']) : $comment['notify']; qa_comment_set_content($comment, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $parent, @$in['name'], $in['queued'], $in['silent']); return true; } } return false; }
function qa_get_vote_view($postorbasetype, $full = false, $enabledif = true) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } // The 'level' and 'approve' permission errors are taken care of by disabling the voting buttons. // Others are reported to the user after they click, in qa_vote_error_html(...) if (is_array($postorbasetype)) { // deal with dual-use parameter $basetype = $postorbasetype['basetype']; $post = $postorbasetype; } else { $basetype = $postorbasetype; $post = null; } $disabledsuffix = ''; if ($basetype == 'Q' || $basetype == 'A') { $view = $basetype == 'A' ? qa_opt('voting_on_as') : qa_opt('voting_on_qs'); if (!($enabledif && ($basetype == 'A' || $full || !qa_opt('voting_on_q_page_only')))) { $disabledsuffix = '-disabled-page'; } else { if ($basetype == 'A') { $permiterror = isset($post) ? qa_user_post_permit_error('permit_vote_a', $post) : qa_user_permit_error('permit_vote_a'); } else { $permiterror = isset($post) ? qa_user_post_permit_error('permit_vote_q', $post) : qa_user_permit_error('permit_vote_q'); } if ($permiterror == 'level') { $disabledsuffix = '-disabled-level'; } elseif ($permiterror == 'approve') { $disabledsuffix = '-disabled-approve'; } else { $permiterrordown = isset($post) ? qa_user_post_permit_error('permit_vote_down', $post) : qa_user_permit_error('permit_vote_down'); if ($permiterrordown == 'level') { $disabledsuffix = '-uponly-level'; } elseif ($permiterrordown == 'approve') { $disabledsuffix = '-uponly-approve'; } } } } else { $view = false; } return $view ? (qa_opt('votes_separated') ? 'updown' : 'net') . $disabledsuffix : false; }
$htmlfields['url'] = $htmlfields['what_url']; } $htmlfields['what_2'] = qa_lang_html('main/hidden'); if (@$htmloptions['whenview']) { $updated = @$question[isset($question['opostid']) ? 'oupdated' : 'updated']; if (isset($updated)) { $htmlfields['when_2'] = qa_when_to_html($updated, @$htmloptions['fulldatedays']); } } $buttons = array(); $posttype = qa_strtolower(isset($question['obasetype']) ? $question['obasetype'] : $question['basetype']); if (!qa_user_post_permit_error('permit_hide_show', $question)) { // Possible values for popup: reshow_q_popup, reshow_a_popup, reshow_c_popup $buttons['reshow'] = array('tags' => 'name="admin_' . qa_html($qhiddenpostid[$key]) . '_reshow" onclick="return qa_admin_click(this);"', 'label' => qa_lang_html('question/reshow_button'), 'popup' => qa_lang_html(sprintf('question/reshow_%s_popup', $posttype))); } if (!qa_user_post_permit_error('permit_delete_hidden', $question) && !$dependcounts[$qhiddenpostid[$key]]) { // Possible values for popup: delete_q_popup, delete_a_popup, delete_c_popup $buttons['delete'] = array('tags' => 'name="admin_' . qa_html($qhiddenpostid[$key]) . '_delete" onclick="return qa_admin_click(this);"', 'label' => qa_lang_html('question/delete_button'), 'popup' => qa_lang_html(sprintf('question/delete_%s_popup', $posttype))); } if (count($buttons)) { $htmlfields['form'] = array('style' => 'light', 'buttons' => $buttons); } $qa_content['q_list']['qs'][] = $htmlfields; } } else { $qa_content['title'] = qa_lang_html('admin/no_hidden_found'); } $qa_content['navigation']['sub'] = qa_admin_sub_navigation(); $qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION; return $qa_content; /*
$userid = qa_get_logged_in_userid(); list($queuedquestions, $queuedanswers, $queuedcomments) = qa_db_select_with_pending(qa_db_qs_selectspec($userid, 'created', 0, null, null, 'Q_QUEUED', true), qa_db_recent_a_qs_selectspec($userid, 0, null, null, 'A_QUEUED', true), qa_db_recent_c_qs_selectspec($userid, 0, null, null, 'C_QUEUED', true)); // Check admin privileges (do late to allow one DB query) if (qa_user_maximum_permit_error('permit_moderate')) { $qa_content = qa_content_prepare(); $qa_content['error'] = qa_lang_html('users/no_permission'); return $qa_content; } // Check to see if any were approved/rejected here $pageerror = qa_admin_check_clicks(); // Combine sets of questions and remove those this user has no permission to moderate $questions = qa_any_sort_by_date(array_merge($queuedquestions, $queuedanswers, $queuedcomments)); if (qa_user_permit_error('permit_moderate')) { // if user not allowed to moderate all posts foreach ($questions as $index => $question) { if (qa_user_post_permit_error('permit_moderate', $question)) { unset($questions[$index]); } } } // Get information for users $usershtml = qa_userids_handles_html(qa_any_get_userids_handles($questions)); // Prepare content for theme $qa_content = qa_content_prepare(); $qa_content['title'] = qa_lang_html('admin/recent_approve_title'); $qa_content['error'] = isset($pageerror) ? $pageerror : qa_admin_page_error(); $qa_content['q_list'] = array('form' => array('tags' => 'method="post" action="' . qa_self_html() . '"', 'hidden' => array('code' => qa_get_form_security_code('admin/click'))), 'qs' => array()); if (count($questions)) { foreach ($questions as $question) { $postid = qa_html(isset($question['opostid']) ? $question['opostid'] : $question['postid']); $elementid = 'p' . $postid;
function qa_admin_single_click($entityid, $action) { $userid = qa_get_logged_in_userid(); if (!QA_FINAL_EXTERNAL_USERS && ($action == 'userapprove' || $action == 'userblock')) { // approve/block moderated users require_once QA_INCLUDE_DIR . 'db/selects.php'; $useraccount = qa_db_select_with_pending(qa_db_user_account_selectspec($entityid, true)); if (isset($useraccount) && qa_get_logged_in_level() >= QA_USER_LEVEL_MODERATOR) { switch ($action) { case 'userapprove': if ($useraccount['level'] <= QA_USER_LEVEL_APPROVED) { // don't demote higher level users require_once QA_INCLUDE_DIR . 'app/users-edit.php'; qa_set_user_level($useraccount['userid'], $useraccount['handle'], QA_USER_LEVEL_APPROVED, $useraccount['level']); return true; } break; case 'userblock': require_once QA_INCLUDE_DIR . 'app/users-edit.php'; qa_set_user_blocked($useraccount['userid'], $useraccount['handle'], true); return true; break; } } } else { // something to do with a post require_once QA_INCLUDE_DIR . 'app/posts.php'; $post = qa_post_get_full($entityid); if (isset($post)) { $queued = substr($post['type'], 1) == '_QUEUED'; switch ($action) { case 'approve': if ($queued && !qa_user_post_permit_error('permit_moderate', $post)) { qa_post_set_hidden($entityid, false, $userid); return true; } break; case 'reject': if ($queued && !qa_user_post_permit_error('permit_moderate', $post)) { qa_post_set_hidden($entityid, true, $userid); return true; } break; case 'hide': if (!$queued && !qa_user_post_permit_error('permit_hide_show', $post)) { qa_post_set_hidden($entityid, true, $userid); return true; } break; case 'reshow': if ($post['hidden'] && !qa_user_post_permit_error('permit_hide_show', $post)) { qa_post_set_hidden($entityid, false, $userid); return true; } break; case 'delete': if ($post['hidden'] && !qa_user_post_permit_error('permit_delete_hidden', $post)) { qa_post_delete($entityid); return true; } break; case 'clearflags': require_once QA_INCLUDE_DIR . 'app/votes.php'; if (!qa_user_post_permit_error('permit_hide_show', $post)) { qa_flags_clear_all($post, $userid, qa_get_logged_in_handle(), null); return true; } break; } } } return false; }
/** * @deprecated This function will become private in Q2A 1.8. It is specific to this plugin and * should not be used by outside code. */ public function queue_post_voters_flaggers($post) { if (!qa_user_post_permit_error('permit_view_voters_flaggers', $post)) { $postkeys = array('postid', 'opostid'); foreach ($postkeys as $key) { if (isset($post[$key]) && !isset($this->qa_voters_flaggers_cache[$post[$key]])) { $this->qa_voters_flaggers_queue[$post[$key]] = true; } } } }
function ra_ajax_add_answer() { // Load relevant information about this question $questionid = qa_post_text('a_questionid'); $userid = qa_get_logged_in_userid(); list($question, $childposts) = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $questionid), qa_db_full_child_posts_selectspec($userid, $questionid)); // Check if the question exists, is not closed, and whether the user has permission to do this if (@$question['basetype'] == 'Q' && !isset($question['closedbyid']) && !qa_user_post_permit_error('permit_post_a', $question, QA_LIMIT_ANSWERS)) { require_once QA_INCLUDE_DIR . 'qa-app-captcha.php'; require_once QA_INCLUDE_DIR . 'qa-app-format.php'; require_once QA_INCLUDE_DIR . 'qa-app-post-create.php'; require_once QA_INCLUDE_DIR . 'qa-app-cookies.php'; require_once QA_INCLUDE_DIR . 'qa-page-question-view.php'; require_once QA_INCLUDE_DIR . 'qa-page-question-submit.php'; // Try to create the new answer $usecaptcha = qa_user_use_captcha(qa_user_level_for_post($question)); $answers = qa_page_q_load_as($question, $childposts); $answerid = qa_page_q_add_a_submit($question, $answers, false, $in, $errors); if ($answerid) { return true; } } die; }
} if (!$question['viewable']) { $qa_content = qa_content_prepare(); if ($question['queued']) { $qa_content['error'] = qa_lang_html('question/q_waiting_approval'); } elseif ($question['flagcount'] && !isset($question['lastuserid'])) { $qa_content['error'] = qa_lang_html('question/q_hidden_flagged'); } elseif ($question['authorlast']) { $qa_content['error'] = qa_lang_html('question/q_hidden_author'); } else { $qa_content['error'] = qa_lang_html('question/q_hidden_other'); } $qa_content['suggest_next'] = qa_html_suggest_qs_tags(qa_using_tags()); return $qa_content; } $permiterror = qa_user_post_permit_error('permit_view_q_page', $question, null, false); if ($permiterror && (qa_is_human_probably() || !qa_opt('allow_view_q_bots'))) { $qa_content = qa_content_prepare(); $topage = qa_q_request($questionid, $question['title']); switch ($permiterror) { case 'login': $qa_content['error'] = qa_insert_login_links(qa_lang_html('main/view_q_must_login'), $topage); break; case 'confirm': $qa_content['error'] = qa_insert_login_links(qa_lang_html('main/view_q_must_confirm'), $topage); break; case 'approve': $qa_content['error'] = qa_lang_html('main/view_q_must_be_approved'); break; default: $qa_content['error'] = qa_lang_html('users/no_permission');
function qa_flag_error_html($post, $userid, $topage) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } // The 'login', 'confirm', 'limit', 'userblock' and 'ipblock' permission errors are reported to the user here. // Others ('approve', 'level') prevent the flag button being shown, in qa_page_q_post_rules(...) require_once QA_INCLUDE_DIR . 'db/selects.php'; require_once QA_INCLUDE_DIR . 'app/options.php'; require_once QA_INCLUDE_DIR . 'app/users.php'; require_once QA_INCLUDE_DIR . 'app/limits.php'; if (is_array($post) && qa_opt('flagging_of_posts') && (!isset($post['userid']) || !isset($userid) || $post['userid'] != $userid)) { switch (qa_user_post_permit_error('permit_flag', $post, QA_LIMIT_FLAGS)) { case 'login': return qa_insert_login_links(qa_lang_html('question/flag_must_login'), $topage); break; case 'confirm': return qa_insert_login_links(qa_lang_html('question/flag_must_confirm'), $topage); break; case 'limit': return qa_lang_html('question/flag_limit'); break; default: return qa_lang_html('users/no_permission'); break; case false: return false; } } else { return qa_lang_html('question/flag_not_allowed'); } // flagging option should not have been presented }
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'app/users.php'; require_once QA_INCLUDE_DIR . 'app/limits.php'; require_once QA_INCLUDE_DIR . 'db/selects.php'; // Load relevant information about this question $questionid = qa_post_text('a_questionid'); $userid = qa_get_logged_in_userid(); list($question, $childposts) = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $questionid), qa_db_full_child_posts_selectspec($userid, $questionid)); // Check if the question exists, is not closed, and whether the user has permission to do this if (@$question['basetype'] == 'Q' && !isset($question['closedbyid']) && !qa_user_post_permit_error('permit_post_a', $question, QA_LIMIT_ANSWERS)) { require_once QA_INCLUDE_DIR . 'app/captcha.php'; require_once QA_INCLUDE_DIR . 'app/format.php'; require_once QA_INCLUDE_DIR . 'app/post-create.php'; require_once QA_INCLUDE_DIR . 'app/cookies.php'; require_once QA_INCLUDE_DIR . 'pages/question-view.php'; require_once QA_INCLUDE_DIR . 'pages/question-submit.php'; // Try to create the new answer $usecaptcha = qa_user_use_captcha(qa_user_level_for_post($question)); $answers = qa_page_q_load_as($question, $childposts); $answerid = qa_page_q_add_a_submit($question, $answers, $usecaptcha, $in, $errors); // If successful, page content will be updated via Ajax if (isset($answerid)) { $answer = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $answerid)); $question = $question + qa_page_q_post_rules($question, null, null, $childposts); // array union
// Find most flagged questions, answers, comments $userid = qa_get_logged_in_userid(); $questions = qa_db_select_with_pending(qa_db_flagged_post_qs_selectspec($userid, 0, true)); // Check admin privileges (do late to allow one DB query) if (qa_user_maximum_permit_error('permit_hide_show')) { $qa_content = qa_content_prepare(); $qa_content['error'] = qa_lang_html('users/no_permission'); return $qa_content; } // Check to see if any were cleared or hidden here $pageerror = qa_admin_check_clicks(); // Remove questions the user has no permission to hide/show if (qa_user_permit_error('permit_hide_show')) { // if user not allowed to show/hide all posts foreach ($questions as $index => $question) { if (qa_user_post_permit_error('permit_hide_show', $question)) { unset($questions[$index]); } } } // Get information for users $usershtml = qa_userids_handles_html(qa_any_get_userids_handles($questions)); // Prepare content for theme $qa_content = qa_content_prepare(); $qa_content['title'] = qa_lang_html('admin/most_flagged_title'); $qa_content['error'] = isset($pageerror) ? $pageerror : qa_admin_page_error(); $qa_content['q_list'] = array('form' => array('tags' => 'method="post" action="' . qa_self_html() . '"', 'hidden' => array('code' => qa_get_form_security_code('admin/click'))), 'qs' => array()); if (count($questions)) { foreach ($questions as $question) { $postid = qa_html(isset($question['opostid']) ? $question['opostid'] : $question['postid']); $elementid = 'p' . $postid;
function qa_page_q_add_c_form(&$qa_content, $question, $parent, $formid, $captchareason, $in, $errors, $loadfocusnow) { // The 'approve', 'login', 'confirm', 'userblock', 'ipblock' permission errors are reported to the user here // The other option ('level') prevents the comment button being shown, in qa_page_q_post_rules(...) switch (qa_user_post_permit_error('permit_post_c', $parent, QA_LIMIT_COMMENTS)) { case 'login': $form = array('title' => qa_insert_login_links(qa_lang_html('question/comment_must_login'), qa_request())); break; case 'confirm': $form = array('title' => qa_insert_login_links(qa_lang_html('question/comment_must_confirm'), qa_request())); break; case 'approve': $form = array('title' => qa_lang_html('question/comment_must_be_approved')); break; case 'limit': $form = array('title' => qa_lang_html('question/comment_limit')); break; default: $form = array('title' => qa_lang_html('users/no_permission')); break; case false: $prefix = 'c' . $parent['postid'] . '_'; $editorname = isset($in['editor']) ? $in['editor'] : qa_opt('editor_for_cs'); $editor = qa_load_editor(@$in['content'], @$in['format'], $editorname); if (method_exists($editor, 'update_script')) { $updatescript = $editor->update_script($prefix . 'content'); } else { $updatescript = ''; } $custom = qa_opt('show_custom_comment') ? trim(qa_opt('custom_comment')) : ''; $form = array('tags' => 'method="post" action="' . qa_self_html() . '" name="c_form_' . qa_html($parent['postid']) . '"', 'title' => qa_lang_html($question['postid'] == $parent['postid'] ? 'question/your_comment_q' : 'question/your_comment_a'), 'fields' => array('custom' => array('type' => 'custom', 'note' => $custom), 'content' => array_merge(qa_editor_load_field($editor, $qa_content, @$in['content'], @$in['format'], $prefix . 'content', 4, $loadfocusnow, $loadfocusnow), array('error' => qa_html(@$errors['content'])))), 'buttons' => array('comment' => array('tags' => 'onclick="' . $updatescript . ' return qa_submit_comment(' . qa_js($question['postid']) . ', ' . qa_js($parent['postid']) . ', this);"', 'label' => qa_lang_html('question/add_comment_button')), 'cancel' => array('tags' => 'name="docancel"', 'label' => qa_lang_html('main/cancel_button'))), 'hidden' => array($prefix . 'editor' => qa_html($editorname), $prefix . 'doadd' => '1', $prefix . 'code' => qa_get_form_security_code('comment-' . $parent['postid']))); if (!strlen($custom)) { unset($form['fields']['custom']); } if (!qa_is_logged_in()) { qa_set_up_name_field($qa_content, $form['fields'], @$in['name'], $prefix); } qa_set_up_notify_fields($qa_content, $form['fields'], 'C', qa_get_logged_in_email(), isset($in['notify']) ? $in['notify'] : qa_opt('notify_users_default'), $in['email'], @$errors['email'], $prefix); $onloads = array(); if ($captchareason) { $captchaloadscript = qa_set_up_captcha_field($qa_content, $form['fields'], $errors, qa_captcha_reason_note($captchareason)); if (strlen($captchaloadscript)) { $onloads[] = 'document.getElementById(' . qa_js($formid) . ').qa_show=function() { ' . $captchaloadscript . ' };'; } } if (!$loadfocusnow) { if (method_exists($editor, 'load_script')) { $onloads[] = 'document.getElementById(' . qa_js($formid) . ').qa_load=function() { ' . $editor->load_script($prefix . 'content') . ' };'; } if (method_exists($editor, 'focus_script')) { $onloads[] = 'document.getElementById(' . qa_js($formid) . ').qa_focus=function() { ' . $editor->focus_script($prefix . 'content') . ' };'; } $form['buttons']['cancel']['tags'] .= ' onclick="return qa_toggle_element()"'; } if (count($onloads)) { $qa_content['script_onloads'][] = $onloads; } } $form['id'] = $formid; $form['collapse'] = !$loadfocusnow; $form['style'] = 'tall'; return $form; }
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'app/users.php'; require_once QA_INCLUDE_DIR . 'app/limits.php'; require_once QA_INCLUDE_DIR . 'db/selects.php'; // Load relevant information about this question and the comment parent $questionid = qa_post_text('c_questionid'); $parentid = qa_post_text('c_parentid'); $userid = qa_get_logged_in_userid(); list($question, $parent, $children) = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $questionid), qa_db_full_post_selectspec($userid, $parentid), qa_db_full_child_posts_selectspec($userid, $parentid)); // Check if the question and parent exist, and whether the user has permission to do this if (@$question['basetype'] == 'Q' && (@$parent['basetype'] == 'Q' || @$parent['basetype'] == 'A') && !qa_user_post_permit_error('permit_post_c', $parent, QA_LIMIT_COMMENTS)) { require_once QA_INCLUDE_DIR . 'app/captcha.php'; require_once QA_INCLUDE_DIR . 'app/format.php'; require_once QA_INCLUDE_DIR . 'app/post-create.php'; require_once QA_INCLUDE_DIR . 'app/cookies.php'; require_once QA_INCLUDE_DIR . 'pages/question-view.php'; require_once QA_INCLUDE_DIR . 'pages/question-submit.php'; require_once QA_INCLUDE_DIR . 'util/sort.php'; // Try to create the new comment $usecaptcha = qa_user_use_captcha(qa_user_level_for_post($question)); $commentid = qa_page_q_add_c_submit($question, $parent, $children, $usecaptcha, $in, $errors); // If successful, page content will be updated via Ajax if (isset($commentid)) { $children = qa_db_select_with_pending(qa_db_full_child_posts_selectspec($userid, $parentid)); $parent = $parent + qa_page_q_post_rules($parent, $questionid == $parentid ? null : $question, null, $children); // in theory we should retrieve the parent's siblings for the above, but they're not going to be relevant