public function edit() { //hacking attempt if ($_POST['end_of_line'] != "") { exit; } $tid = (int) $_POST['tid']; $topic = new \CODOF\Forum\Topic($this->db); $topic_info = $topic->get_topic_info($tid); //i have come to edit the topic $tuid = $topic_info['uid']; $cid = $topic_info['cat_id']; $topic_status = (int) $topic_info['topic_status']; $req_cid = (int) $_POST['cat']; $topicNeedsToBeMoved = $cid != $req_cid; $has_permission = $topic->canViewTopic($tuid, $cid, $tid) && $topic->canEditTopic($tuid, $cid, $tid); $user = \CODOF\User\User::get(); if ($topicNeedsToBeMoved) { $has_permission = $has_permission && $user->can('move topics', $req_cid); } if ($has_permission) { if (isset($_POST['title']) && isset($_POST['cat']) && isset($_POST['imesg']) && isset($_POST['omesg'])) { if ($topicNeedsToBeMoved) { \DB::table(PREFIX . 'codo_notify_subscribers')->where('tid', '=', $tid)->update(array('cid' => $req_cid)); //above also checks whether category exists \DB::table(PREFIX . 'codo_categories')->where('cat_id', $cid)->update(array('no_topics' => \DB::raw('no_topics-1'), 'no_posts' => \DB::raw('no_posts-' . $topic_info['no_posts']))); \DB::table(PREFIX . 'codo_categories')->where('cat_id', $req_cid)->update(array('no_topics' => \DB::raw('no_topics+1'), 'no_posts' => \DB::raw('no_posts+' . $topic_info['no_posts']))); $cid = $req_cid; if ($_POST['notify'] === 'true') { $categoryName = $topic->getCatNameFromId($cid); $topicData = array("label" => 'Topic moved', "cid" => $req_cid, "tid" => $tid, "pid" => $topic_info['post_id'], "notification" => "%actor% moved <b>%title%</b> to %category%", "bindings" => array("title" => \CODOF\Util::start_cut($topic_info['title'], 100), "category" => $categoryName)); $notifier = new \CODOF\Forum\Notification\Notifier(); $notifier->queueNotify('ofTopic', $topicData); } } $sticky = $_POST['sticky'] === "true" ? 'yes' : 'no'; $frontpage = $_POST['frontpage'] === "true" ? 'yes' : 'no'; $new_topic_status = $topic_status; if ($sticky == 'yes' && $user->can('make sticky')) { if ($frontpage == 'yes') { $new_topic_status = \CODOF\Forum\Forum::STICKY; } else { $new_topic_status = \CODOF\Forum\Forum::STICKY_ONLY_CATEGORY; } } if ($sticky == 'no' && \CODOF\Forum\Forum::isSticky($topic_status)) { $new_topic_status = \CODOF\Forum\Forum::APPROVED; } $topic->edit_topic($cid, $tid, $topic_info['post_id'], $_POST['title'], $_POST['imesg'], $_POST['omesg'], $new_topic_status); } if (isset($_POST['tags']) && $user->can('add tags')) { $tags = $_POST['tags']; $dbTags = $topic->getTags($tid); $_tags = $topic->getTagStatus($dbTags, $tags); $topic->insertTags($tid, $_tags['toInsert']); $topic->removeTags($tid, $_tags['toDelete']); } echo json_encode(array('tid' => $tid)); } else { echo _t("You do not have permission to ") . _t("edit this topic"); } }