function qa_user_post_permit_error($permitoption, $post, $limitaction = null, $checkblocks = true) { return qa_user_permit_error($permitoption, $limitaction, qa_user_level_for_post($post), $checkblocks); }
function qa_page_q_prepare_post_for_filters($post) { $in = array('content' => $post['content'], 'format' => $post['format'], 'text' => qa_viewer_text($post['content'], $post['format']), 'notify' => isset($post['notify']), 'email' => qa_email_validate($post['notify']) ? $post['notify'] : null, 'queued' => qa_user_moderation_reason(qa_user_level_for_post($post)) !== false); if ($post['basetype'] == 'Q') { $in['title'] = $post['title']; $in['tags'] = qa_tagstring_to_tags($post['tags']); $in['categoryid'] = $post['categoryid']; $in['extra'] = $post['extra']; } return $in; }
function qa_page_q_edit_c_submit($comment, $question, $parent, &$in, &$errors) { $commentid = $comment['postid']; $prefix = 'c' . $commentid . '_'; $in = array(); if ($comment['isbyuser']) { $in['name'] = qa_post_text($prefix . 'name'); $in['notify'] = qa_post_text($prefix . 'notify') ? true : false; $in['email'] = qa_post_text($prefix . 'email'); } if (!qa_user_post_permit_error('permit_edit_silent', $comment)) { $in['silent'] = qa_post_text($prefix . 'silent'); } qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']); // here the $in array only contains values for parts of the form that were displayed, so those are only ones checked by filters $errors = array(); if (!qa_check_form_security_code('edit-' . $commentid, qa_post_text($prefix . 'code'))) { $errors['content'] = qa_lang_html('misc/form_security_again'); } else { $in['queued'] = qa_opt('moderate_edited_again') && qa_user_moderation_reason(qa_user_level_for_post($comment)); $filtermodules = qa_load_modules_with('filter', 'filter_comment'); foreach ($filtermodules as $filtermodule) { $oldin = $in; $filtermodule->filter_comment($in, $errors, $question, $parent, $comment); qa_update_post_text($in, $oldin); } if (empty($errors)) { $userid = qa_get_logged_in_userid(); $handle = qa_get_logged_in_handle(); $cookieid = qa_cookie_get(); if (!isset($in['silent'])) { $in['silent'] = false; } $setnotify = $comment['isbyuser'] ? qa_combine_notify_email($comment['userid'], $in['notify'], $in['email']) : $comment['notify']; qa_comment_set_content($comment, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $parent, @$in['name'], $in['queued'], $in['silent']); return true; } } return false; }
$qa_content['error'] = qa_insert_login_links(qa_lang_html('main/view_q_must_login'), $topage); break; case 'confirm': $qa_content['error'] = qa_insert_login_links(qa_lang_html('main/view_q_must_confirm'), $topage); break; case 'approve': $qa_content['error'] = qa_lang_html('main/view_q_must_be_approved'); break; default: $qa_content['error'] = qa_lang_html('users/no_permission'); break; } return $qa_content; } // Determine if captchas will be required $captchareason = qa_user_captcha_reason(qa_user_level_for_post($question)); $usecaptcha = $captchareason != false; // If we're responding to an HTTP POST, include file that handles all posting/editing/etc... logic // This is in a separate file because it's a *lot* of logic, and will slow down ordinary page views $pagestart = qa_get_start(); $pagestate = qa_get_state(); $showid = qa_get('show'); $pageerror = null; $formtype = null; $formpostid = null; $jumptoanchor = null; $commentsall = null; if (substr($pagestate, 0, 13) == 'showcomments-') { $commentsall = substr($pagestate, 13); $pagestate = null; } elseif (isset($showid)) {
function ra_ajax_add_answer() { // Load relevant information about this question $questionid = qa_post_text('a_questionid'); $userid = qa_get_logged_in_userid(); list($question, $childposts) = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $questionid), qa_db_full_child_posts_selectspec($userid, $questionid)); // Check if the question exists, is not closed, and whether the user has permission to do this if (@$question['basetype'] == 'Q' && !isset($question['closedbyid']) && !qa_user_post_permit_error('permit_post_a', $question, QA_LIMIT_ANSWERS)) { require_once QA_INCLUDE_DIR . 'qa-app-captcha.php'; require_once QA_INCLUDE_DIR . 'qa-app-format.php'; require_once QA_INCLUDE_DIR . 'qa-app-post-create.php'; require_once QA_INCLUDE_DIR . 'qa-app-cookies.php'; require_once QA_INCLUDE_DIR . 'qa-page-question-view.php'; require_once QA_INCLUDE_DIR . 'qa-page-question-submit.php'; // Try to create the new answer $usecaptcha = qa_user_use_captcha(qa_user_level_for_post($question)); $answers = qa_page_q_load_as($question, $childposts); $answerid = qa_page_q_add_a_submit($question, $answers, false, $in, $errors); if ($answerid) { return true; } } die; }
require_once QA_INCLUDE_DIR . 'app/limits.php'; require_once QA_INCLUDE_DIR . 'db/selects.php'; // Load relevant information about this question $questionid = qa_post_text('a_questionid'); $userid = qa_get_logged_in_userid(); list($question, $childposts) = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $questionid), qa_db_full_child_posts_selectspec($userid, $questionid)); // Check if the question exists, is not closed, and whether the user has permission to do this if (@$question['basetype'] == 'Q' && !isset($question['closedbyid']) && !qa_user_post_permit_error('permit_post_a', $question, QA_LIMIT_ANSWERS)) { require_once QA_INCLUDE_DIR . 'app/captcha.php'; require_once QA_INCLUDE_DIR . 'app/format.php'; require_once QA_INCLUDE_DIR . 'app/post-create.php'; require_once QA_INCLUDE_DIR . 'app/cookies.php'; require_once QA_INCLUDE_DIR . 'pages/question-view.php'; require_once QA_INCLUDE_DIR . 'pages/question-submit.php'; // Try to create the new answer $usecaptcha = qa_user_use_captcha(qa_user_level_for_post($question)); $answers = qa_page_q_load_as($question, $childposts); $answerid = qa_page_q_add_a_submit($question, $answers, $usecaptcha, $in, $errors); // If successful, page content will be updated via Ajax if (isset($answerid)) { $answer = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $answerid)); $question = $question + qa_page_q_post_rules($question, null, null, $childposts); // array union $answer = $answer + qa_page_q_post_rules($answer, $question, $answers, null); $usershtml = qa_userids_handles_html(array($answer), true); $a_view = qa_page_q_answer_view($question, $answer, false, $usershtml, false); $themeclass = qa_load_theme_class(qa_get_site_theme(), 'ajax-answer', null, null); $themeclass->initialize(); echo "QA_AJAX_RESPONSE\n1\n"; // Send back whether the 'answer' button should still be visible echo (int) qa_opt('allow_multi_answers') . "\n";
function do_delete($data, $post) { $userlevel = qa_user_level_for_post($post); $deleteable = $post['hidden'] && !qa_user_permit_error('permit_delete_hidden', null, $userlevel); $postid = (int) @$data['action_id']; if (!$deleteable) { return false; } require_once QA_INCLUDE_DIR . 'qa-app-posts.php'; qa_post_delete($postid); return true; }
function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $childposts = null) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } $userid = qa_get_logged_in_userid(); $cookieid = qa_cookie_get(); $userlevel = qa_user_level_for_post($post); $rules['isbyuser'] = qa_post_is_by_user($post, $userid, $cookieid); $rules['queued'] = substr($post['type'], 1) == '_QUEUED'; $rules['closed'] = $post['basetype'] == 'Q' && (isset($post['closedbyid']) || isset($post['selchildid']) && qa_opt('do_close_on_select')); // Cache some responses to the user permission checks $permiterror_post_q = qa_user_permit_error('permit_post_q', null, $userlevel); // don't check limits here, so we can show error message $permiterror_post_a = qa_user_permit_error('permit_post_a', null, $userlevel); $permiterror_post_c = qa_user_permit_error('permit_post_c', null, $userlevel); $permiterror_edit = qa_user_permit_error($post['basetype'] == 'Q' ? 'permit_edit_q' : ($post['basetype'] == 'A' ? 'permit_edit_a' : 'permit_edit_c'), null, $userlevel); $permiterror_retagcat = qa_user_permit_error('permit_retag_cat', null, $userlevel); $permiterror_flag = qa_user_permit_error('permit_flag', null, $userlevel); $permiterror_hide_show = qa_user_permit_error($rules['isbyuser'] ? null : 'permit_hide_show', null, $userlevel); $permiterror_close_open = qa_user_permit_error($rules['isbyuser'] ? null : 'permit_close_q', null, $userlevel); $permiterror_moderate = qa_user_permit_error('permit_moderate', null, $userlevel); // General permissions $rules['authorlast'] = !isset($post['lastuserid']) || $post['lastuserid'] === $post['userid']; $rules['viewable'] = $post['hidden'] ? !$permiterror_hide_show : ($rules['queued'] ? $rules['isbyuser'] || !$permiterror_moderate : true); // Answer, comment and edit might show the button even if the user still needs to do something (e.g. log in) $rules['answerbutton'] = $post['type'] == 'Q' && $permiterror_post_a != 'level' && !$rules['closed'] && (qa_opt('allow_self_answer') || !$rules['isbyuser']); $rules['commentbutton'] = ($post['type'] == 'Q' || $post['type'] == 'A') && $permiterror_post_c != 'level' && qa_opt($post['type'] == 'Q' ? 'comment_on_qs' : 'comment_on_as'); $rules['commentable'] = $rules['commentbutton'] && !$permiterror_post_c; $rules['editbutton'] = !$post['hidden'] && !$rules['closed'] && ($rules['isbyuser'] || $permiterror_edit != 'level' && $permiterror_edit != 'approve' && !$rules['queued']); $rules['editable'] = $rules['editbutton'] && ($rules['isbyuser'] || !$permiterror_edit); $rules['retagcatbutton'] = $post['basetype'] == 'Q' && (qa_using_tags() || qa_using_categories()) && !$post['hidden'] && ($rules['isbyuser'] || $permiterror_retagcat != 'level' && $permiterror_retagcat != 'approve'); $rules['retagcatable'] = $rules['retagcatbutton'] && ($rules['isbyuser'] || !$permiterror_retagcat); if ($rules['editbutton'] && $rules['retagcatbutton']) { // only show one button since they lead to the same form if ($rules['retagcatable'] && !$rules['editable']) { $rules['editbutton'] = false; } else { $rules['retagcatbutton'] = false; } } $rules['aselectable'] = $post['type'] == 'Q' && !qa_user_permit_error($rules['isbyuser'] ? null : 'permit_select_a', null, $userlevel); $rules['flagbutton'] = qa_opt('flagging_of_posts') && !$rules['isbyuser'] && !$post['hidden'] && !$rules['queued'] && !@$post['userflag'] && $permiterror_flag != 'level' && $permiterror_flag != 'approve'; $rules['flagtohide'] = $rules['flagbutton'] && !$permiterror_flag && $post['flagcount'] + 1 >= qa_opt('flagging_hide_after'); $rules['unflaggable'] = @$post['userflag'] && !$post['hidden']; $rules['clearflaggable'] = $post['flagcount'] >= (@$post['userflag'] ? 2 : 1) && !qa_user_permit_error('permit_hide_show', null, $userlevel); // Other actions only show the button if it's immediately possible $notclosedbyother = !($rules['closed'] && isset($post['closedbyid']) && !$rules['authorlast']); $nothiddenbyother = !($post['hidden'] && !$rules['authorlast']); $rules['closeable'] = qa_opt('allow_close_questions') && $post['type'] == 'Q' && !$rules['closed'] && !$permiterror_close_open; $rules['reopenable'] = $rules['closed'] && isset($post['closedbyid']) && !$permiterror_close_open && !$post['hidden'] && ($notclosedbyother || !qa_user_permit_error('permit_close_q', null, $userlevel)); // cannot reopen a question if it's been hidden, or if it was closed by someone else and you don't have global closing permissions $rules['moderatable'] = $rules['queued'] && !$permiterror_moderate; $rules['hideable'] = !$post['hidden'] && ($rules['isbyuser'] || !$rules['queued']) && !$permiterror_hide_show && ($notclosedbyother || !qa_user_permit_error('permit_hide_show', null, $userlevel)); // cannot hide a question if it was closed by someone else and you don't have global hiding permissions $rules['reshowimmed'] = $post['hidden'] && !qa_user_permit_error('permit_hide_show', null, $userlevel); // means post can be reshown immediately without checking whether it needs moderation $rules['reshowable'] = $post['hidden'] && !$permiterror_hide_show && ($rules['reshowimmed'] || $nothiddenbyother && !$post['flagcount']); // cannot reshow a question if it was hidden by someone else, or if it has flags - unless you have global hide/show permissions $rules['deleteable'] = $post['hidden'] && !qa_user_permit_error('permit_delete_hidden', null, $userlevel); $rules['claimable'] = !isset($post['userid']) && isset($userid) && strlen(@$post['cookieid']) && strcmp(@$post['cookieid'], $cookieid) == 0 && !($post['basetype'] == 'Q' ? $permiterror_post_q : ($post['basetype'] == 'A' ? $permiterror_post_a : $permiterror_post_c)); $rules['followable'] = $post['type'] == 'A' ? qa_opt('follow_on_as') : false; // Check for claims that could break rules about self answering and multiple answers if ($rules['claimable'] && $post['basetype'] == 'A') { if (!qa_opt('allow_self_answer') && isset($parentpost) && qa_post_is_by_user($parentpost, $userid, $cookieid)) { $rules['claimable'] = false; } if (isset($siblingposts) && !qa_opt('allow_multi_answers')) { foreach ($siblingposts as $siblingpost) { if ($siblingpost['parentid'] == $post['parentid'] && $siblingpost['basetype'] == 'A' && qa_post_is_by_user($siblingpost, $userid, $cookieid)) { $rules['claimable'] = false; } } } } // Now make any changes based on the child posts if (isset($childposts)) { foreach ($childposts as $childpost) { if ($childpost['parentid'] == $post['postid']) { $rules['deleteable'] = false; if ($childpost['basetype'] == 'A' && qa_post_is_by_user($childpost, $userid, $cookieid)) { if (!qa_opt('allow_multi_answers')) { $rules['answerbutton'] = false; } if (!qa_opt('allow_self_answer')) { $rules['claimable'] = false; } } } } } // Return the resulting rules return $rules; }