/** * @param QuotePostRequest $quoteRequest * * @return \Illuminate\View\View */ public function viewQuotes(QuotePostRequest $quoteRequest) { $contents = $quoteRequest->input('posts'); $data = $posts = $conversations = []; //TODO: conversations foreach ($contents as $content) { if (is_array($content)) { $data[] = [(string) $content['id'], $content['data']]; // It isn't XSS, we parsed it with JS. $content = $content['id']; } else { $content = (string) $content; $data[] = [$content, '']; } $content = explode('_', $content); switch ($content[0]) { case 'post': $posts[] = (int) $content[1]; break; case 'conversation': $conversations[] = (int) $content[1]; break; } } $myPosts = $this->postsRepository->getPostsByIds($posts); $posts = []; $content = []; foreach ($myPosts as $post) { $posts[$post->id] = $post; } $i = 0; foreach ($data as $value) { list($type, $id) = explode('_', $value[0]); $value = $value[1]; switch ($type) { case 'post': $post = $posts[$id]; if ($value) { $oldContent = $post->content; $oldContentParsed = $post->content_parsed; $post->content = $value; $post->content_parsed = e($value); } $author = $post->author; if ($post->author) { $author = app()->make('MyBB\\Core\\Presenters\\User', [$post->author]); } $content[] = ['id' => $i++, 'quote' => $this->quoteRenderer->renderFromPost($post), 'content_parsed' => $post->content_parsed, 'post' => app()->make('MyBB\\Core\\Presenters\\Post', [$post]), 'author' => $author]; if ($value) { $post->content = $oldContent; $post->content_parsed = $oldContentParsed; } break; case 'conversation': // TODO break; } } return view('post.quotes', ['contents' => $content]); }
/** * @param string $slug * @param int $id * @param Request $request * @param MessageFormatter $formatter * @param int $postId * * @return \Illuminate\View\View * * @throws \Exception */ public function reply($slug, $id, Request $request, MessageFormatter $formatter, $postId = null) { // Forum permissions are checked in "find" $topic = $this->topicRepository->find($id); if (!$topic) { throw new TopicNotFoundException(); } if ($topic->closed) { throw new \Exception(trans('topic.closed')); } $content = ''; if ($postId) { $post = $this->postRepository->find($postId); if (!$post || $post->topic_id != $topic->id) { throw new TopicNotFoundException(); } $content = $this->quoteRenderer->renderFromPost($post); } $this->breadcrumbs->setCurrentRoute('topics.reply', $topic); $username = trans('general.guest'); if ($request->has('content')) { $content = $request->get('content'); } if ($request->has('username')) { $username = $request->get('username'); } $preview = null; if ($request->has('content')) { if (!$this->guard->check()) { $userId = null; } else { $userId = $this->guard->user()->id; $username = $this->guard->user()->name; } $preview = new Post(['user_id' => $userId, 'username' => $username, 'content' => $request->get('content'), 'content_parsed' => $formatter->parse($request->get('content'), [MessageFormatter::ME_USERNAME => $this->guard->user()->name]), 'created_at' => new \DateTime()]); } return view('topic.reply', compact('topic', 'content', 'username', 'preview')); }