public function edit() { //hacking attempt if ($_POST['end_of_line'] != "") { exit; } $tid = (int) $_POST['tid']; $topic = new \CODOF\Forum\Topic($this->db); $topic_info = $topic->get_topic_info($tid); //i have come to edit the topic $tuid = $topic_info['uid']; $cid = $topic_info['cat_id']; $topic_status = (int) $topic_info['topic_status']; $req_cid = (int) $_POST['cat']; $topicNeedsToBeMoved = $cid != $req_cid; $has_permission = $topic->canViewTopic($tuid, $cid, $tid) && $topic->canEditTopic($tuid, $cid, $tid); $user = \CODOF\User\User::get(); if ($topicNeedsToBeMoved) { $has_permission = $has_permission && $user->can('move topics', $req_cid); } if ($has_permission) { if (isset($_POST['title']) && isset($_POST['cat']) && isset($_POST['imesg']) && isset($_POST['omesg'])) { if ($topicNeedsToBeMoved) { \DB::table(PREFIX . 'codo_notify_subscribers')->where('tid', '=', $tid)->update(array('cid' => $req_cid)); //above also checks whether category exists \DB::table(PREFIX . 'codo_categories')->where('cat_id', $cid)->update(array('no_topics' => \DB::raw('no_topics-1'), 'no_posts' => \DB::raw('no_posts-' . $topic_info['no_posts']))); \DB::table(PREFIX . 'codo_categories')->where('cat_id', $req_cid)->update(array('no_topics' => \DB::raw('no_topics+1'), 'no_posts' => \DB::raw('no_posts+' . $topic_info['no_posts']))); $cid = $req_cid; if ($_POST['notify'] === 'true') { $categoryName = $topic->getCatNameFromId($cid); $topicData = array("label" => 'Topic moved', "cid" => $req_cid, "tid" => $tid, "pid" => $topic_info['post_id'], "notification" => "%actor% moved <b>%title%</b> to %category%", "bindings" => array("title" => \CODOF\Util::start_cut($topic_info['title'], 100), "category" => $categoryName)); $notifier = new \CODOF\Forum\Notification\Notifier(); $notifier->queueNotify('ofTopic', $topicData); } } $sticky = $_POST['sticky'] === "true" ? 'yes' : 'no'; $frontpage = $_POST['frontpage'] === "true" ? 'yes' : 'no'; $new_topic_status = $topic_status; if ($sticky == 'yes' && $user->can('make sticky')) { if ($frontpage == 'yes') { $new_topic_status = \CODOF\Forum\Forum::STICKY; } else { $new_topic_status = \CODOF\Forum\Forum::STICKY_ONLY_CATEGORY; } } if ($sticky == 'no' && \CODOF\Forum\Forum::isSticky($topic_status)) { $new_topic_status = \CODOF\Forum\Forum::APPROVED; } $topic->edit_topic($cid, $tid, $topic_info['post_id'], $_POST['title'], $_POST['imesg'], $_POST['omesg'], $new_topic_status); } if (isset($_POST['tags']) && $user->can('add tags')) { $tags = $_POST['tags']; $dbTags = $topic->getTags($tid); $_tags = $topic->getTagStatus($dbTags, $tags); $topic->insertTags($tid, $_tags['toInsert']); $topic->removeTags($tid, $_tags['toDelete']); } echo json_encode(array('tid' => $tid)); } else { echo _t("You do not have permission to ") . _t("edit this topic"); } }
public function topic($tid, $page) { $topic = new \CODOF\Forum\Topic($this->db); $post = new \CODOF\Forum\Post($this->db); $topic_info = $topic->get_topic_info($tid); if ($topic_info['topic_status'] == \CODOF\Forum\Forum::MERGED_REDIRECT_ONLY) { $tid = $topic_info['redirect_to']; $topic_info = $topic->get_topic_info($tid); } if ($topic_info['topic_status'] == \CODOF\Forum\Forum::MODERATION_BY_FILTER) { $topic_is_spam = true; } else { $topic_is_spam = false; } $this->smarty->assign('topic_is_spam', $topic_is_spam); $user = \CODOF\User\User::get(); if ($topic_is_spam) { if (!($user->can('moderate topics') || $user->id == $topic_info['uid'])) { $this->view = 'access_denied'; return false; } } if (!$topic->canViewTopic($topic_info['uid'], $topic_info['cat_id'], $topic_info['topic_id'])) { //\CODOF\Hook::call('page not found', array('type' => 'topic', 'id' => $tid)); \CODOF\Store::set('sub_title', _t('Access denied')); $this->view = 'access_denied'; return; } $tracker = new \CODOF\Forum\Tracker($this->db); $tracker->mark_topic_as_read($topic_info['cat_id'], $tid); if (!$topic_info) { $this->view = 'not_found'; } else { $posts_per_page = \CODOF\Util::get_opt("num_posts_per_topic"); if (strpos($page, "post-") !== FALSE) { $pid = (int) str_replace("post-", "", $page); $prev_posts = $post->get_num_prev_posts($tid, $pid); $from = floor($prev_posts / $posts_per_page); } else { $from = (int) $page - 1; } $topic_info['no_replies'] = $topic_info['no_posts'] - 1; $name = \CODOF\Filter::URL_safe($topic_info['title']); $subscriber = new \CODOF\Forum\Notification\Subscriber(); $this->smarty->assign('no_followers', $subscriber->followersOfTopic($topic_info['topic_id'])); if (\CODOF\User\CurrentUser\CurrentUser::loggedIn()) { $this->smarty->assign('my_subscription_type', $subscriber->levelForTopic($topic_info['topic_id'])); } $this->smarty->assign('tags', $topic->getTags($topic_info['topic_id'])); $api = new Ajax\forum\topic(); $posts_data = $api->get_posts($tid, $from, $topic_info); $num_pages = $posts_data['num_pages']; $posts = $posts_data['posts']; $posts_tpl = \CODOF\HB\Render::tpl('forum/topic', $posts_data); $this->smarty->assign('posts', $posts_tpl); $this->smarty->assign('topic_info', $topic_info); $this->smarty->assign('title', htmlentities($topic_info['title'], ENT_QUOTES, "UTF-8")); $search_data = array(); if (isset($_GET['str'])) { $search_data = array('str' => strip_tags($_GET['str'])); } $this->smarty->assign('search_data', json_encode($search_data)); $url = 'topic/' . $topic_info['topic_id'] . '/' . $name . '/'; $this->smarty->assign('pagination', $post->paginate($num_pages, $from + 1, $url, false, $search_data)); if (ceil(($topic_info['no_posts'] + 1) / $posts_per_page) > $num_pages) { //next reply will go to next page $this->smarty->assign('new_page', 'yes'); } else { $this->smarty->assign('new_page', 'nope'); } $cat = new \CODOF\Forum\Category($this->db); $cats = $cat->get_categories(); $cid = $topic_info['cat_id']; $parents = $cat->find_parents($cats, $cid); array_push($parents, array("name" => $topic_info['cat_name'], "alias" => $topic_info['cat_alias'])); $this->smarty->assign('can_search', $user->can('use search')); $this->smarty->assign('parents', $parents); $this->smarty->assign('num_pages', $num_pages); $this->smarty->assign('curr_page', $from + 1); //starts from 1 $this->smarty->assign('url', RURI . $url); $this->assign_editor_vars(); $tuid = $topic_info['uid']; $this->assign_admin_vars($tuid); $this->css_files = array('topic', 'editor', 'jquery.textcomplete'); $arr = array(array('topic/topic.js', array('type' => 'defer')), array('modal.js', array('type' => 'defer')), array('bootstrap-slider.js', array('type' => 'defer'))); $this->js_files = array_merge($arr, $post->get_js_editor_files()); \CODOF\Hook::call('on_topic_view', array($topic_info)); $this->view = 'forum/topic'; \CODOF\Store::set('sub_title', $topic_info['title']); \CODOF\Store::set('og:type', 'article'); \CODOF\Store::set('og:title', $topic_info['title']); \CODOF\Store::set('og:url', RURI . $url); $mesg = $posts[0]['imessage']; \CODOF\Store::set('og:desc', strlen($mesg) > 200 ? substr($mesg, 0, 197) . "..." : $mesg); if ($from > 0) { //previous page exists \CODOF\Store::set('rel:prev', RURI . $url . $from); } $curr_page = $from + 1; if ($curr_page < $num_pages) { //next page exists \CODOF\Store::set('rel:next', RURI . $url . ($curr_page + 1)); } \CODOF\Store::set('article:published', date('c', $topic_info['topic_created'])); if ($topic_info['topic_updated'] > 0) { \CODOF\Store::set('article:modified', date('c', $topic_info['topic_updated'])); } } }