} if (!hasPermission($config['mod']['editpost'], $boardName)) { error($config['error']['noaccess']); } $postID =& $matches[2]; $query = prepare(sprintf("SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $post = $query->fetch() or error($config['error']['invalidpost']); if (isset($_POST['submit']) && isset($_POST['body']) && isset($_POST['subject'])) { if (mb_strlen($_POST['subject']) > 100) { error(sprintf($config['error']['toolong'], 'subject')); } $body = $_POST['body']; $body_nomarkup = $body; wordfilters($body); $tracked_cites = markup($body, true); $query = prepare("DELETE FROM `cites` WHERE `board` = :board AND `post` = :post"); $query->bindValue(':board', $board['uri']); $query->bindValue(':post', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->bindValue(':body', $body); $query->bindValue(':body_nomarkup', $body_nomarkup); $query->bindValue(':subject', utf8tohtml($_POST['subject'])); $query->execute() or error(db_error($query)); if (isset($tracked_cites)) { foreach ($tracked_cites as $cite) { $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); $query->bindValue(':board', $board['uri']);
if (mb_strlen($post['email']) > 40) { error(sprintf($config['error']['toolong'], 'email')); } if (mb_strlen($post['subject']) > 100) { error(sprintf($config['error']['toolong'], 'subject')); } if (!$mod && mb_strlen($post['body']) > $config['max_body']) { error($config['error']['toolong_body']); } if (mb_strlen($post['body']) < $config['min_body'] && $post['op']) { error(sprintf(_('OP must be at least %d chars on this board.'), $config['min_body'])); } if (mb_strlen($post['password']) > 20) { error(sprintf($config['error']['toolong'], 'password')); } wordfilters($post['body']); if ($config['max_newlines'] > 0) { preg_match_all("/\n/", $post['body'], $nlmatches); if (isset($nlmatches[0]) && sizeof($nlmatches[0]) > $config['max_newlines']) { error(sprintf(_('Your post contains too many lines. This board only allows %d maximum.'), $config['max_newlines'])); } } $post['body'] = escape_markup_modifiers($post['body']); if ($mod && isset($post['raw']) && $post['raw']) { $post['body'] .= "\n<tinyboard raw html>1</tinyboard>"; } if ($config['country_flags'] && (!$config['allow_no_country'] || $config['force_flag']) || $config['country_flags'] && $config['allow_no_country'] && !isset($_POST['no_country'])) { require 'inc/lib/geoip/geoip.inc'; $gi = geoip\geoip_open('inc/lib/geoip/GeoIPv6.dat', GEOIP_STANDARD); function ipv4to6($ip) {