}
if (!hasPermission($config['mod']['editpost'], $boardName)) {
error($config['error']['noaccess']);
}
$postID =& $matches[2];
$query = prepare(sprintf("SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $postID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$post = $query->fetch() or error($config['error']['invalidpost']);
if (isset($_POST['submit']) && isset($_POST['body']) && isset($_POST['subject'])) {
if (mb_strlen($_POST['subject']) > 100) {
error(sprintf($config['error']['toolong'], 'subject'));
}
$body = $_POST['body'];
$body_nomarkup = $body;
wordfilters($body);
$tracked_cites = markup($body, true);
$query = prepare("DELETE FROM `cites` WHERE `board` = :board AND `post` = :post");
$query->bindValue(':board', $board['uri']);
$query->bindValue(':post', $postID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $postID, PDO::PARAM_INT);
$query->bindValue(':body', $body);
$query->bindValue(':body_nomarkup', $body_nomarkup);
$query->bindValue(':subject', utf8tohtml($_POST['subject']));
$query->execute() or error(db_error($query));
if (isset($tracked_cites)) {
foreach ($tracked_cites as $cite) {
$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');
$query->bindValue(':board', $board['uri']);
if (mb_strlen($post['email']) > 40) {
error(sprintf($config['error']['toolong'], 'email'));
}
if (mb_strlen($post['subject']) > 100) {
error(sprintf($config['error']['toolong'], 'subject'));
}
if (!$mod && mb_strlen($post['body']) > $config['max_body']) {
error($config['error']['toolong_body']);
}
if (mb_strlen($post['body']) < $config['min_body'] && $post['op']) {
error(sprintf(_('OP must be at least %d chars on this board.'), $config['min_body']));
}
if (mb_strlen($post['password']) > 20) {
error(sprintf($config['error']['toolong'], 'password'));
}
wordfilters($post['body']);
if ($config['max_newlines'] > 0) {
preg_match_all("/\n/", $post['body'], $nlmatches);
if (isset($nlmatches[0]) && sizeof($nlmatches[0]) > $config['max_newlines']) {
error(sprintf(_('Your post contains too many lines. This board only allows %d maximum.'), $config['max_newlines']));
}
}
$post['body'] = escape_markup_modifiers($post['body']);
if ($mod && isset($post['raw']) && $post['raw']) {
$post['body'] .= "\n<tinyboard raw html>1</tinyboard>";
}
if ($config['country_flags'] && (!$config['allow_no_country'] || $config['force_flag']) || $config['country_flags'] && $config['allow_no_country'] && !isset($_POST['no_country'])) {
require 'inc/lib/geoip/geoip.inc';
$gi = geoip\geoip_open('inc/lib/geoip/GeoIPv6.dat', GEOIP_STANDARD);
function ipv4to6($ip)
{
