Context Navigation

edit.php

Revision 54, 7.0 KB (checked in by daris, 3 years ago)
ajax post edit: better error reporting, crsf confirmation and some other changes + release 1.7.1

Line
1	<?php
2
3	define('FORUM_ROOT', '../../');
4	require FORUM_ROOT.'include/common.php';
5
6	($hook = get_hook('ape_start')) ? eval($hook) : null;
7
8	if ($forum_user['g_read_board'] == '0')
9	message($lang_common['No view']);
10
11	require_once FORUM_ROOT.'include/parser.php';
12
13	// Load the topic.php and post.php language file
14	require FORUM_ROOT.'lang/'.$forum_user['language'].'/topic.php';
15	require FORUM_ROOT.'lang/'.$forum_user['language'].'/post.php';
16
17	if (file_exists(FORUM_ROOT.'extensions/ajax_post_edit/lang/'.$forum_user['language'].'.php'))
18	require FORUM_ROOT.'extensions/ajax_post_edit/lang/'.$forum_user['language'].'.php';
19	else
20	require FORUM_ROOT.'extensions/ajax_post_edit/lang/English.php';
21
22	$action = isset($_POST['action']) ? $_POST['action'] : null;
23	$id = isset($_POST['id']) ? intval($_POST['id']) : null;
24
25	if (!isset($id))
26	message($lang_common['Bad request']);
27
28	$query = array(
29	'SELECT' => 'f.id AS fid, f.moderators, f.redirect_url, t.id AS tid, t.closed, t.subject, t.first_post_id, p.poster, p.poster_id, p.hide_smilies, p.message, p.edited, p.edited_by, p.posted',
30	'FROM' => 'posts AS p',
31	'JOINS' => array(
32	array(
33	'INNER JOIN' => 'topics AS t',
34	'ON' => 't.id=p.topic_id'
35	),
36	array(
37	'INNER JOIN' => 'forums AS f',
38	'ON' => 'f.id=t.forum_id'
39	),
40	array(
41	'LEFT JOIN' => 'forum_perms AS fp',
42	'ON' => '(fp.forum_id=f.id AND fp.group_id='.$forum_user['g_id'].')'
43	)
44	),
45	'WHERE' => '(fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id
46	);
47
48	($hook = get_hook('ape_qr_get_post_info')) ? eval($hook) : null;
49	$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
50	if (!$forum_db->num_rows($result))
51	message($lang_common['Bad request']);
52
53	$cur_post = $forum_db->fetch_assoc($result);
54
55	// Sort out who the moderators are and if we are currently a moderator (or an admin)
56	$mods_array = ($cur_post['moderators'] != '') ? unserialize($cur_post['moderators']) : array();
57	$forum_page['is_admmod'] = ($forum_user['g_id'] == FORUM_ADMIN \|\| ($forum_user['g_moderator'] == '1' && array_key_exists($forum_user['username'], $mods_array))) ? true : false;
58
59	// Do we have permission to edit this post?
60	if (($forum_user['g_edit_posts'] == '0' \|\|
61	$cur_post['poster_id'] != $forum_user['id'] \|\|
62	$cur_post['closed'] == '1') &&
63	!$forum_page['is_admmod'])
64	message($lang_common['No permission']);
65
66	$can_edit_subject = $id == $cur_post['first_post_id'];
67
68	// it's a request for get post message
69	if ($action == 'get')
70	{
71	($hook = get_hook('ape_pre_message_box')) ? eval($hook) : null;
72
73	?>
74	<div class="main-content frm" id="ajax_post_edit">
75	<form style="padding: 10px" id="post_edit_form" method="post" action="<?php echo forum_link($forum_url['edit'], $id) ?>">
76	<div class="hidden">
77	<input type="hidden" name="csrf_token" value="<?php echo generate_form_token(forum_link($forum_url['edit'], $id)) ?>" />
78	<input type="hidden" name="form_sent" value="1" />
79	<input type="hidden" name="preview" value="1" />
80	<?php if ($can_edit_subject): ?>
81	<input type="hidden" id="req_subject" name="req_subject" value="<?php echo forum_htmlencode($cur_post['subject']) ?>" />
82	<?php endif; ?>
83	</div>
84
85	<?php ($hook = get_hook('ed_pre_message_box')) ? eval($hook) : null; // This hook is not changed, it allows displaying a bbcode bar ?>
86	<div style="margin-top: 5px">
87	<textarea id="postedit" name="req_message" style="width: 100%"><?php echo forum_htmlencode($cur_post['message']) ?></textarea>
88	</div>
89
90	<?php if ($forum_page['is_admmod']) : ?>
91	<div style="margin-top: 5px">
92	<label for="fldsilent"><input type="checkbox" id="fldsilent" name="silent" value="1" checked="checked" /> <?php echo $lang_post['Silent edit'] ?></label>
93	</div>
94	<?php endif; ?>
95
96	<div style="margin-top: 5px">
97	<div style="float:right; display:none" id="edit_info">
98	<img src="<?php echo $base_url ?>/extensions/ajax_post_edit/loading.gif" /> <?php echo $lang_ape['Saving'] ?>
99	</div>
100	<input type="button" onclick="ape_update_post(<?php echo $id ?>)" value="<?php echo $lang_ape['Update'] ?>" id="btn_updatePost" />
101	<input type="submit" value="<?php echo $lang_ape['Advanced Edit'] ?>" id="btn_fullEdit" />
102	<input type="button" onclick="ape_cancel_edit(<?php echo $id ?>)" value="<?php echo $lang_ape['Cancel'] ?>" id="btn_cancelUpdate" />
103	</div>
104	</form>
105	</div>
106
107	<!-- END FORM -->
108	<parsed_message><?php echo parse_message($cur_post['message'], $cur_post['hide_smilies']) ?></parsed_message>
109
110	<?php
111
112	}
113
114	// it's a request for update post in database
115	elseif ($action == 'update')
116	{
117	// If it is a topic it must contain a subject
118	if ($can_edit_subject)
119	{
120	$subject = trim($_POST['req_subject']);
121
122	if ($subject == '')
123	$errors[] = $lang_post['No subject'];
124	else if (utf8_strlen($subject) > 70)
125	$errors[] = $lang_post['Too long subject'];
126	else if ($forum_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && !$forum_page['is_admmod'])
127	$subject = ucwords(strtolower($subject));
128	}
129
130	// Clean up message from POST
131	$message = forum_linebreaks(trim($_POST['req_message']));
132
133	if ($message == '')
134	$errors[] = $lang_post['No message'];
135	if (strlen($message) > FORUM_MAX_POSTSIZE_BYTES)
136	$errors[] = sprintf($lang_post['Too long message'], forum_number_format(strlen($message)), forum_number_format(FORUM_MAX_POSTSIZE_BYTES));
137	else if ($forum_config['p_message_all_caps'] == '0' && utf8_strtoupper($message) == $message && !$forum_page['is_admmod'])
138	$errors[] = $lang_post['All caps message'];
139
140	// Validate BBCode syntax
141	if ($forum_config['p_message_bbcode'] == '1' \|\| $forum_config['o_make_links'] == '1')
142	$message = preparse_bbcode($message, $errors);
143
144	($hook = get_hook('ape_end_validation')) ? eval($hook) : null;
145
146	// If there were any errors, show them
147	if (!empty($errors))
148	{
149	$errors_list = array();
150	while (list(, $cur_error) = each($errors))
151	$errors_list[] = '<li class="warn"><span>'.$cur_error.'</span></li>';
152	?>
153	<error>
154	<div class="frm-error" id="edit-error">
155	<h3 class="warn"><?php echo $lang_post['Post errors'] ?></h3>
156	<ul>
157	<?php echo implode("\n\t\t\t\t\t", $errors_list)."\n" ?>
158	</ul>
159	</div>
160	</error>
161	<?php
162	}
163
164	else
165	{
166	$edited_by = '';
167	$edited = 0;
168
169	if ($_POST['silent'] == 0)
170	{
171	$edited_by = $forum_user['username'];
172	$edited = time();
173	}
174	elseif ($cur_post['edited'] != '')
175	{
176	$edited_by = $cur_post['edited_by'];
177	$edited = $cur_post['edited'];
178	}
179
180	// save post
181	$query = array(
182	'UPDATE' => 'posts',
183	'SET' => 'message=\''.$forum_db->escape($message).'\'',
184	'WHERE' => 'id='.$id
185	);
186
187	if (!($_POST['silent'] == 1 && $forum_page['is_admmod']))
188	$query['SET'] .= ', edited='.$edited.', edited_by=\''.$forum_db->escape($edited_by).'\'';
189
190	($hook = get_hook('ape_qr_update_post')) ? eval($hook) : null;
191	$forum_db->query_build($query) or error(__FILE__, __LINE__);
192
193	?>
194	<message><?php echo parse_message($message, $cur_post['hide_smilies']) ?></message>
195
196	<?php if ($edited_by && $edited) : ?>
197	<last_edit>
198	<p class="lastedit"><em><?php echo sprintf($lang_topic['Last edited'], forum_htmlencode($edited_by), format_time($edited)) ?></em></p>
199	</last_edit>
200	<?php endif;
201
202	}
203
204	}
205

Note: See TracBrowser for help on using the browser.

PunBB extensions

Context Navigation

root/branches/ajax_post_edit/edit.php

Download in other formats: