| [ Index ] |
|
Code source de Phorum 5.1.25 |
1 <?php 2 3 //////////////////////////////////////////////////////////////////////////////// 4 // // 5 // Copyright (C) 2006 Phorum Development Team // 6 // http://www.phorum.org // 7 // // 8 // This program is free software. You can redistribute it and/or modify // 9 // it under the terms of either the current Phorum License (viewable at // 10 // phorum.org) or the Phorum License that was distributed with this file // 11 // // 12 // This program is distributed in the hope that it will be useful, // 13 // but WITHOUT ANY WARRANTY, without even the implied warranty of // 14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // 15 // // 16 // You should have received a copy of the Phorum License // 17 // along with this program. // 18 //////////////////////////////////////////////////////////////////////////////// 19 20 // This script can initially be called in multiple ways to indicate what 21 // type of posting mode will be used. The parameters are: 22 // 23 // 1) The forum id. 24 // 25 // 2) The mode to use. Possibilities are: 26 // 27 // - post Post a new message (default if no mode is issued) 28 // - edit User edit of an already posted message 29 // - moderation Moderator edit of an already posted message 30 // - reply Reply to a message 31 // - quote Reply to a message, with quoting of the original message 32 // 33 // 3) If edit, moderation or reply is used: the message id. 34 // 35 // Examples: 36 // http://yoursite/phorum/posting.php?10,quote,15 37 // http://yoursite/phorum/posting.php?10,edit,20 38 // http://yoursite/phorum/posting.php?10,post 39 // 40 // This script can also be included in another page (for putting the editor 41 // screen inline in a page), by setting up the $PHORUM["postingargs"] before 42 // including: 43 // 44 // $PHORUM["postingargs"]["as_include"] any true value, to flag included state 45 // $PHORUM["postingargs"][0] the forum id 46 // $PHORUM["postingargs"][1] the mode to use (post,reply,quote,edit,moderation) 47 // $PHORUM["postingargs"][2] the message id to work with (omit for "post") 48 // 49 50 // ---------------------------------------------------------------------- 51 // Basic setup and checks 52 // ---------------------------------------------------------------------- 53 54 if (! defined('phorum_page')) { 55 define('phorum_page', 'post'); 56 } 57 58 include_once ("./common.php"); 59 include_once ("include/format_functions.php"); 60 61 // Check if the Phorum is in read-only mode. 62 if(isset($PHORUM["status"]) && $PHORUM["status"]=="read-only"){ 63 phorum_build_common_urls(); 64 $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["ReadOnlyMessage"]; 65 // Only show header and footer when not included in another page. 66 if (phorum_page == "post") { 67 include phorum_get_template("header"); 68 phorum_hook("after_header"); 69 } 70 include phorum_get_template("message"); 71 if (phorum_page == "post") { 72 phorum_hook("before_footer"); 73 include phorum_get_template("footer"); 74 } 75 return; 76 } 77 78 // No forum id was set. Take the user back to the index. 79 if(empty($PHORUM["forum_id"])){ 80 $dest_url = phorum_get_url(PHORUM_INDEX_URL); 81 phorum_redirect_by_url($dest_url); 82 exit(); 83 } 84 85 // Somehow we got to a folder in posting.php. Take the 86 // user back to the folder. 87 if($PHORUM["folder_flag"]){ 88 $dest_url = phorum_get_url(PHORUM_INDEX_URL, $PHORUM["forum_id"]); 89 phorum_redirect_by_url($dest_url); 90 exit(); 91 } 92 93 // ---------------------------------------------------------------------- 94 // Definitions 95 // ---------------------------------------------------------------------- 96 97 // A list of valid posting modes. 98 $valid_modes = array( 99 "post", // Post a new message 100 "reply", // Post a reply to a message 101 "quote", // Post a reply with quoting of the message replied to 102 "edit", // Edit a message 103 "moderation", // Edit a message in moderator modus 104 ); 105 106 // Form field configuration: 107 // ------------------------- 108 // 109 // Configuration that we use for fields that we use in the editor form. 110 // The format for the array elements is: 111 // 112 // [0] The type of field. One of: string, integer, boolean, array. 113 // [1] Whether the value must be included as a hidden form field 114 // This is used for identifying values which are always implemented 115 // as hidden form fields. 116 // [2] Whether the field is read-only or not. If a field is marked to be 117 // read-only, then the posting scripts will always use the field data 118 // that is stored in the database for the edited message, regardless 119 // what field data the client sent. Within the editing process, 120 // this parameter can be changed to make the field writable. 121 // (for example if a moderator is editing a message, some fields 122 // become writable). 123 // Put otherwise: client side read-only, server side read-only. 124 // [3] Whether to sign the field data. If this field is set to a true 125 // value, then the data that is sent to the user is signed by Phorum. 126 // When the data is sent back to Phorum, the signature is checked, to 127 // see if the data did not change. This can be used for preventing 128 // tampering with form data for fields that cannot be edited by the 129 // user, but which can be edited by the Phorum software and modules. 130 // Put otherwise: client side read-only, server side writable. 131 // [4] A default value to initialize the form field with. 132 // 133 // Common combinations for fields 1, 2 and 3: 134 // 135 // hidden r/o signed Description 136 // --------------------------------------------------------------------------- 137 // false false false A standard field that can always be edited. 138 // Typically, fields like subject and body use this. 139 // true true false Totally read-only fields that are put as hidden 140 // fields in the message form. One could argue that 141 // these fields could be left out of the form 142 // completely, because the scripts will override this 143 // data with actual data from the database. 144 // false true false Totally read-only fields that are not put in 145 // hidden fields in the message form. The templates 146 // might still display the field data. 147 // true false true Fields for which the data is put signed in hidden 148 // fields. These fields can be used for safely 149 // maintaining state between requests, by putting the 150 // state data directly in the form. The signing prevents 151 // tampering with the data by the user. An example 152 // field for this setup is the "meta" field, which 153 // carries the message's meta data. The user cannot 154 // directly change this field's data, but Phorum and 155 // modules can. 156 // 157 $PHORUM["post_fields"] = array( 158 # field name data type hidden r/o signed default 159 #--------------------------------------------------------------- 160 "message_id" => array("integer", true, false, true, 0), 161 "user_id" => array("integer", true, true, false, 0), 162 "datestamp" => array("string", true, true, false, ''), 163 "status" => array("integer", false, true, false, 0), 164 "author" => array("string", false, true, false, ''), 165 "email" => array("string", false, true, false, ''), 166 "subject" => array("string", false, false, false, ''), 167 "body" => array("string", false, false, false, ''), 168 "forum_id" => array("integer", true, true, false, $PHORUM["forum_id"]), 169 "thread" => array("integer", true, true, false, 0), 170 "parent_id" => array("integer", true, true, false, 0), 171 "allow_reply" => array("boolean", false, true, false, 1), 172 "special" => array("string", false, true, false, ''), 173 "email_notify" => array("boolean", false, false, false, 0), 174 "show_signature" => array("boolean", false, false, false, 0), 175 "attachments" => array("array", true, false, true, array()), 176 "meta" => array("array", true, false, true, array()), 177 "thread_count" => array("integer", true, true, false, 0), 178 "mode" => array("string", true, true, false, ''), 179 ); 180 181 // Indices for referencing the fields in $post_fields. 182 define("pf_TYPE", 0); 183 define("pf_HIDDEN", 1); 184 define("pf_READONLY", 2); 185 define("pf_SIGNED", 3); 186 define("pf_INIT", 4); 187 188 // Definitions for a clear $apply_readonly parameter in 189 // the function phorum_posting_merge_db2form(). 190 define("ALLFIELDS", false); 191 define("READONLYFIELDS", true); 192 193 // ---------------------------------------------------------------------- 194 // Gather information about the editor state and start processing 195 // ---------------------------------------------------------------------- 196 197 // A hook, so mods can do early environment modifications 198 // (for example for changing the $PHORUM["post_field"] configuration). 199 phorum_hook("posting_init", ""); 200 201 // Is this an initial request? 202 $initial = ! isset($_POST["message_id"]); 203 204 // If templates use <input type="image" name="foo" ...>, then the name 205 // parameter will be sent as "foo_x" and "foo_y" by some browsers (to 206 // indicate where the image was clicked). Rewrite that kind of form 207 // field data. 208 foreach (array("finish", "cancel", "preview") as $field) { 209 if (!isset($_POST[$field]) && isset($_POST[$field.'_x'])) { 210 $_POST[$field] = $_POST[$field.'_x']; 211 } 212 } 213 214 // Is finish, cancel or preview clicked? 215 $finish = (! $initial && isset($_POST["finish"])); 216 $cancel = (! $initial && isset($_POST["cancel"])); 217 $preview = (! $initial && isset($_POST["preview"])); 218 219 // Do we already have postingargs or do we use the global args? 220 if (! isset($PHORUM["postingargs"])) { 221 $PHORUM["postingargs"] = $PHORUM["args"]; 222 } 223 224 // The template to load in the end. 225 $PHORUM["posting_template"] = "posting"; 226 227 // Find out what editing mode we're running in. 228 if ($initial) { 229 $mode = isset($PHORUM["postingargs"][1]) ? $PHORUM["postingargs"][1] : "post"; 230 231 // Quote may also be passed as a phorum parameter (quote=1). 232 if ($mode == "reply" && isset($PHORUM["postingargs"]["quote"]) && $PHORUM["postingargs"]["quote"]) { 233 $mode = "quote"; 234 } 235 236 } else { 237 if (! isset($_POST["mode"])) { 238 die("Missing parameter \"mode\" in request"); 239 } 240 $mode = $_POST["mode"]; 241 } 242 if (! in_array($mode, $valid_modes)) { 243 die("Illegal mode issued: " . htmlspecialchars($mode)); 244 } 245 246 // Find out if we are detaching an attachment. 247 // If we are, $do_detach will be set to the attachment's file_id. 248 $do_detach = false; 249 foreach ($_POST as $var => $val) { 250 if (substr($var, 0, 7) == "detach:") { 251 $do_detach = substr($var, 7); 252 } 253 } 254 255 // Check if the user uploads an attachment. We remove file uploads 256 // with no name set, because that simply means the user did not select 257 // a file to upload. Not an error condition in this case. 258 foreach ($_FILES as $key => $val) { 259 if (!isset($val["name"]) || $val["name"] == "") { 260 unset($_FILES[$key]); 261 } 262 } 263 $do_attach = count($_FILES) ? true : false; 264 265 // Set all our URL's 266 phorum_build_common_urls(); 267 $PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_POSTING_URL); 268 269 // Keep track of errors. 270 $error_flag = false; 271 $PHORUM["DATA"]["MESSAGE"] = null; 272 $PHORUM["DATA"]["ERROR"] = null; 273 274 // Do things that are specific for first time or followup requests. 275 if ($initial) { 276 include ("./include/posting/request_first.php"); 277 } else { 278 include ("./include/posting/request_followup.php"); 279 } 280 281 // Store the posting mode in the form parameters, so we can remember 282 // the mode throughout the editing cycle (for example to be able to 283 // create page titles which match the editing mode). 284 $PHORUM["DATA"]["MODE"] = $mode; 285 286 // ---------------------------------------------------------------------- 287 // Permission and ability handling 288 // ---------------------------------------------------------------------- 289 290 // Make a descision on what posting mode we're really handling, based on 291 // the data that we have. The posting modes "reply" and "quote" will 292 // both be called "reply" from here. Modes "edit" and "moderation" will 293 // be called "edit" from here. The exact editor behaviour for editing is 294 // based on the user's permissions, not on posting mode. 295 $mode = "post"; 296 if ($message["message_id"]) { 297 $mode = "edit"; 298 } elseif ($message["parent_id"]) { 299 $mode = "reply"; 300 } 301 302 // Do ban list checks. Only check the bans on entering and 303 // on finishing up. No checking is needed on intermediate requests. 304 if (! $error_flag && ($initial || $finish || $preview)) { 305 include ("./include/posting/check_banlist.php"); 306 } 307 308 // Determine the abilities that the current user has. 309 if (! $error_flag) 310 { 311 // Is the forum running in a moderated state? 312 $PHORUM["DATA"]["MODERATED"] = 313 $PHORUM["moderation"] == PHORUM_MODERATE_ON && 314 !phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES); 315 316 // Does the user have administrator permissions? 317 $PHORUM["DATA"]["ADMINISTRATOR"] = $PHORUM["user"]["admin"]; 318 319 // Does the user have moderator permissions? 320 $PHORUM["DATA"]["MODERATOR"] = 321 phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES); 322 323 // Ability: Do we allow attachments? 324 $PHORUM["DATA"]["ATTACHMENTS"] = $PHORUM["max_attachments"] > 0 && phorum_user_access_allowed(PHORUM_USER_ALLOW_ATTACH); 325 326 $PHORUM["DATA"]["EMAILNOTIFY"] = 327 (isset($PHORUM['allow_email_notify']) && !empty($PHORUM['allow_email_notify']))? 1 : 0; 328 329 // What options does this user have for a message? 330 $PHORUM["DATA"]["OPTION_ALLOWED"] = array( 331 "sticky" => false, // Sticky flag for message sorting 332 "announcement" => false, // Announcement flag for message sorting 333 "allow_reply" => false, // Wheter replies are allowed in the thread 334 ); 335 // For moderators and administrators. 336 if (($PHORUM["DATA"]["MODERATOR"] || $PHORUM["DATA"]["ADMINISTRATOR"]) && $message["parent_id"] == 0) { 337 $PHORUM["DATA"]["OPTION_ALLOWED"]["sticky"] = true; 338 $PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"] = true; 339 } 340 // For administrators only. 341 if ($PHORUM["DATA"]["ADMINISTRATOR"]) { 342 $PHORUM["DATA"]["OPTION_ALLOWED"]["announcement"] = true; 343 } 344 345 // Whether the user is allowed to change the author. This reflects the 346 // pre 5.1.20 template logic, which makes the 5.1.20 posting template 347 // easier by using the {OPTION_ALLOWED->edit_author) and backward 348 // compatible at the same time. The only change is that if the author 349 // field is made read/write, the edit_author option will be set to true. 350 // In that case, the field is handled much like the subject field. 351 $PHORUM["DATA"]["OPTION_ALLOWED"]["edit_author"] = false; 352 // Allowed if author was made a read/write field. 353 if (!$PHORUM["post_fields"]["author"][pf_READONLY]) { 354 $PHORUM["DATA"]["OPTION_ALLOWED"]["edit_author"] = true; 355 } else { 356 // Allowed if a moderator edits a message. 357 if ($mode == "edit") { 358 if ($PHORUM["DATA"]["MODERATOR"]) { 359 $PHORUM["DATA"]["OPTION_ALLOWED"]["edit_author"] = true; 360 } 361 // Allowed if an anonymous user posts a new message or a reply. 362 } else { 363 if (! $PHORUM["DATA"]["LOGGEDIN"]) { 364 $PHORUM["DATA"]["OPTION_ALLOWED"]["edit_author"] = true; 365 } 366 } 367 } 368 } 369 370 if (! $error_flag) 371 { 372 // A hook to allow modules to change the abilities from above. 373 phorum_hook("posting_permission"); 374 375 // Show special sort options in the editor? These only are 376 // honoured for the thread starter messages, so we check the 377 // parent_id for that. 378 $PHORUM["DATA"]["SHOW_SPECIALOPTIONS"] = 379 $message["parent_id"] == 0 && 380 ($PHORUM["DATA"]["OPTION_ALLOWED"]["announcement"] || 381 $PHORUM["DATA"]["OPTION_ALLOWED"]["sticky"]); 382 383 // Show special sort options or allow_reply in the editor? 384 $PHORUM["DATA"]["SHOW_THREADOPTIONS"] = 385 $PHORUM["DATA"]["SHOW_SPECIALOPTIONS"] || 386 $PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]; 387 } 388 389 // Set extra writeable fields, based on the user's abilities. 390 if (isset($PHORUM["DATA"]["ATTACHMENTS"]) && $PHORUM["DATA"]["ATTACHMENTS"]) { 391 // Keep it as a hidden field. 392 $PHORUM["post_fields"]["attachments"][pf_READONLY] = false; 393 } 394 if (isset($PHORUM["DATA"]["MODERATOR"]) && $PHORUM["DATA"]["MODERATOR"]) { 395 if (! $message["user_id"]) { 396 $PHORUM["post_fields"]["author"][pf_READONLY] = false; 397 $PHORUM["post_fields"]["email"][pf_READONLY] = false; 398 } 399 } 400 if (isset($PHORUM["DATA"]["SHOW_SPECIALOPTIONS"]) && $PHORUM["DATA"]["SHOW_SPECIALOPTIONS"]) { 401 $PHORUM["post_fields"]["special"][pf_READONLY] = false; 402 } 403 if (isset($PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]) && $PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]) { 404 $PHORUM["post_fields"]["allow_reply"][pf_READONLY] = false; 405 } 406 407 // Check permissions and apply read-only data. 408 // Only do this on entering and on finishing up. 409 // No checking is needed on intermediate requests. 410 if (! $error_flag && ($initial || $finish)) { 411 include ("./include/posting/check_permissions.php"); 412 } 413 414 // Do permission checks for attachment management. 415 if (! $error_flag && ($do_attach || $do_detach)) { 416 if (! $PHORUM["DATA"]["ATTACHMENTS"]) { 417 $PHORUM["DATA"]["MESSAGE"] = 418 $PHORUM["DATA"]["LANG"]["AttachNotAllowed"]; 419 $error_flag = true; 420 } 421 } 422 423 // ---------------------------------------------------------------------- 424 // Perform actions 425 // ---------------------------------------------------------------------- 426 427 // Give modules a chance to perform actions of their own. These actions 428 // can modify the message data if they like. This is the designated 429 // hook for modules that want to modify the meta data for the message. 430 $message = phorum_hook("posting_custom_action", $message); 431 432 // Only check the integrity of the data on finishing up. During the 433 // editing process, the user may produce garbage as much as he likes. 434 if (! $error_flag && $finish) { 435 include ("./include/posting/check_integrity.php"); 436 } 437 438 // Handle cancel request. 439 if (! $error_flag && $cancel) { 440 include ("./include/posting/action_cancel.php"); 441 } 442 443 // Count the number and total size of active attachments 444 // that we currently have. 445 $attach_count = 0; 446 $attach_totalsize = 0; 447 foreach ($message["attachments"] as $attachment) { 448 if ($attachment["keep"]) { 449 $attach_count ++; 450 $attach_totalsize += $attachment["size"]; 451 } 452 } 453 454 // Attachment management. This will update the 455 // $attach_count and $attach_totalsize variables. 456 if (! $error_flag && ($do_attach || $do_detach)) { 457 include ("./include/posting/action_attachments.php"); 458 } 459 460 // Handle finishing actions. 461 if (! $error_flag && $finish) 462 { 463 // Posting mode 464 if ($mode == "post" || $mode == "reply") { 465 include ("./include/posting/action_post.php"); 466 } 467 // Editing mode. 468 elseif ($mode == "edit") { 469 include ("./include/posting/action_edit.php"); 470 } 471 // A little safety net. 472 else { 473 die("Internal error: finish action for \"$mode\" not available"); 474 } 475 } 476 477 // ---------------------------------------------------------------------- 478 // Display the page 479 // ---------------------------------------------------------------------- 480 481 if ($PHORUM["posting_template"] == 'posting') 482 { 483 // Make up the text which must be used on the posting form's submit button. 484 $button_txtid = $mode == "edit" ? "SaveChanges" : "Post"; 485 $message["submitbutton_text"] = $PHORUM["DATA"]["LANG"][$button_txtid]; 486 487 // Attachment config 488 if($PHORUM["max_attachments"]){ 489 490 // Retrieve upload limits as imposed by the system. 491 require_once ('./include/upload_functions.php'); 492 $system_max_upload = phorum_get_system_max_upload(); 493 494 if($PHORUM["max_attachment_size"]==0) $PHORUM["max_attachment_size"]=$system_max_upload[0]/1024; 495 $PHORUM["max_attachment_size"] = min($PHORUM["max_attachment_size"],$system_max_upload[0]/1024); 496 if ($PHORUM["max_totalattachment_size"]) { 497 if ($PHORUM["max_totalattachment_size"] < $PHORUM["max_attachment_size"]) { 498 $PHORUM["max_attachment_size"] = $PHORUM["max_totalattachment_size"]; 499 } 500 } 501 502 // Data for attachment explanation. 503 if ($PHORUM["allow_attachment_types"]) { 504 $PHORUM["DATA"]["ATTACH_FILE_TYPES"] = str_replace(";", ", ", $PHORUM["allow_attachment_types"]); 505 $PHORUM["DATA"]["EXPLAIN_ATTACH_FILE_TYPES"] = str_replace("%types%", $PHORUM["DATA"]["ATTACH_FILE_TYPES"], $PHORUM["DATA"]["LANG"]["AttachFileTypes"]); 506 } 507 if ($PHORUM["max_attachment_size"]) { 508 $PHORUM["DATA"]["ATTACH_FILE_SIZE"] = $PHORUM["max_attachment_size"]; 509 $PHORUM["DATA"]["ATTACH_FORMATTED_FILE_SIZE"] = phorum_filesize($PHORUM["max_attachment_size"] * 1024); 510 $PHORUM["DATA"]["EXPLAIN_ATTACH_FILE_SIZE"] = str_replace("%size%", $PHORUM["DATA"]["ATTACH_FORMATTED_FILE_SIZE"], $PHORUM["DATA"]["LANG"]["AttachFileSize"]); 511 } 512 if ($PHORUM["max_totalattachment_size"] && $PHORUM["max_attachments"]>1) { 513 $PHORUM["DATA"]["ATTACH_TOTALFILE_SIZE"] = $PHORUM["max_totalattachment_size"]; 514 $PHORUM["DATA"]["ATTACH_FORMATTED_TOTALFILE_SIZE"] = phorum_filesize($PHORUM["max_totalattachment_size"] * 1024); 515 $PHORUM["DATA"]["EXPLAIN_ATTACH_TOTALFILE_SIZE"] = str_replace("%size%", $PHORUM["DATA"]["ATTACH_FORMATTED_TOTALFILE_SIZE"], $PHORUM["DATA"]["LANG"]["AttachTotalFileSize"]); 516 } 517 if ($PHORUM["max_attachments"] && $PHORUM["max_attachments"]>1) { 518 $PHORUM["DATA"]["ATTACH_MAX_ATTACHMENTS"] = $PHORUM["max_attachments"]; 519 $PHORUM["DATA"]["ATTACH_REMAINING_ATTACHMENTS"] = $PHORUM["max_attachments"] - $attach_count; 520 $PHORUM["DATA"]["EXPLAIN_ATTACH_MAX_ATTACHMENTS"] = str_replace("%count%", $PHORUM["DATA"]["ATTACH_REMAINING_ATTACHMENTS"], $PHORUM["DATA"]["LANG"]["AttachMaxAttachments"]); 521 } 522 523 // A flag for the template building to be able to see if the 524 // attachment storage space is full. 525 $PHORUM["DATA"]["ATTACHMENTS_FULL"] = 526 $attach_count >= $PHORUM["max_attachments"] || 527 ($PHORUM["max_totalattachment_size"] && 528 $attach_totalsize >= $PHORUM["max_totalattachment_size"]*1024); 529 } 530 531 // Let the templates know if we're running as an include. 532 $PHORUM["DATA"]["EDITOR_AS_INCLUDE"] = 533 isset($PHORUM["postingargs"]["as_include"]) && $PHORUM["postingargs"]["as_include"]; 534 535 // Process data for previewing. 536 if ($preview) { 537 include ("./include/posting/action_preview.php"); 538 } 539 540 // Always put the current mode in the message, so hook 541 // writers can use this for identifying what we're doing. 542 $message["mode"] = $mode; 543 544 // Create hidden form field code. Fields which are read-only are 545 // all added as a hidden form fields in the form. Also the fields 546 // for which the pf_HIDDEN flag is set will be added to the 547 // hidden fields. 548 $hidden = ""; 549 foreach ($PHORUM["post_fields"] as $var => $spec) 550 { 551 $signval = NULL; 552 if ($var == "mode") { 553 $val = $mode; 554 if ($spec[pf_SIGNED]) $signval = $mode; 555 } elseif ($spec[pf_TYPE] == "array") { 556 // base64_encode to convert newlines into data that can be 557 // tranferred safely back and forth to the browser, without 558 // getting converted (e.g. \r\n to \n). 559 $val = base64_encode(serialize($message[$var])); 560 if ($spec[pf_SIGNED]) $signval = $val; 561 } else { 562 $val = htmlentities($message[$var], ENT_COMPAT, $PHORUM["DATA"]["CHARSET"]); 563 if ($spec[pf_SIGNED]) $signval = $message[$var]; 564 } 565 566 if ($spec[pf_READONLY] || $spec[pf_HIDDEN]) { 567 $hidden .= '<input type="hidden" name="' . $var . '" ' . 568 'value="' . $val . "\" />\n"; 569 } 570 571 if ($signval !== NULL) { 572 $signature = phorum_generate_data_signature($signval); 573 $hidden .= '<input type="hidden" name="' . $var . ':signature" ' . 574 'value="' . htmlspecialchars($signature) . "\" />\n"; 575 } 576 } 577 $PHORUM["DATA"]["POST_VARS"] .= $hidden; 578 579 // Process data for XSS prevention. 580 foreach ($message as $var => $val) 581 { 582 // The meta information should not be used in templates, because 583 // nothing is escaped here. But we might want to use the data in 584 // mods which are run after this code. We continue here, so the 585 // data won't be stripped from the message data later on. 586 if ($var == "meta") continue; 587 588 if ($var == "attachments") { 589 if (is_array($val)) { 590 foreach ($val as $nr => $data) 591 { 592 // Do not show attachments which are not kept. 593 if (! $data["keep"]) { 594 unset($message["attachments"][$nr]); 595 continue; 596 } 597 598 $message[$var][$nr]["name"] = htmlspecialchars($data["name"]); 599 $message[$var][$nr]["size"] = phorum_filesize(round($data["size"])); 600 } 601 } 602 } else { 603 if (is_scalar($val)) { 604 $message[$var] = htmlspecialchars($val); 605 } else { 606 // Not used in the template, unless proven otherwise. 607 $message[$var] = '[removed from template data]'; 608 } 609 } 610 } 611 612 // A cancel button is not needed if the editor is included in a page. 613 // This can also be used by the before_editor hook to disable the 614 // cancel button in all pages. 615 $PHORUM["DATA"]["SHOW_CANCEL_BUTTON"] = (isset($PHORUM["postingargs"]["as_include"]) ? false : true); 616 617 // A hook to give modules a last chance to update the message data. 618 $message = phorum_hook("before_editor", $message); 619 620 // Make the message data available to the template engine. 621 $PHORUM["DATA"]["POST"] = $message; 622 623 // Set the field to focus. 624 $focus = "phorum_subject"; 625 if (!empty($message["subject"])) $focus = "phorum_textarea"; 626 $PHORUM["DATA"]["FOCUS_TO_ID"] = $focus; 627 } 628 629 // Load page header. 630 if (! isset($PHORUM["postingargs"]["as_include"])) { 631 include phorum_get_template("header"); 632 phorum_hook("after_header"); 633 } 634 635 include phorum_get_template($PHORUM["posting_template"]); 636 637 // Load page footer. 638 if (! isset($PHORUM["postingargs"]["as_include"])) { 639 phorum_hook("before_footer"); 640 include phorum_get_template("footer"); 641 } 642 643 // ---------------------------------------------------------------------- 644 // Functions 645 // ---------------------------------------------------------------------- 646 647 // Merge data from a database message record into the form fields 648 // that we use. If $apply_readonly is set to a true value, then 649 // only the fields which are flagged as read-only will be copied. 650 function phorum_posting_merge_db2form($form, $db, $apply_readonly = false) 651 { 652 $PHORUM = $GLOBALS['PHORUM']; 653 654 // If we have a user linked to the current message, then get the 655 // user data from the database, if it has to be applied as 656 // read-only data. We fetch the data here, so later on we 657 // can apply it to the message. 658 if (($PHORUM["post_fields"]["email"][pf_READONLY] || 659 $PHORUM["post_fields"]["author"][pf_READONLY]) && 660 !empty($db["user_id"])) { 661 $user_info = phorum_user_get($db["user_id"], false); 662 $user_info["author"] = $user_info["username"]; 663 } 664 665 foreach ($PHORUM["post_fields"] as $key => $info) 666 { 667 // Skip writeable fields if we only have to apply read-only ones. 668 if ($apply_readonly && ! $info[pf_READONLY]) continue; 669 670 switch ($key) { 671 case "show_signature": 672 $form[$key] = !empty($db["meta"]["show_signature"]); 673 break; 674 675 case "allow_reply": 676 $form[$key] = ! $db["closed"]; 677 break; 678 679 case "email_notify": 680 $form[$key] = phorum_db_get_if_subscribed( 681 $db["forum_id"], $db["thread"], $db["user_id"]); 682 break; 683 684 case "forum_id": 685 $form["forum_id"] = $db["forum_id"] ? $db["forum_id"] : $PHORUM["forum_id"]; 686 break; 687 688 case "attachments": 689 $form[$key] = array(); 690 if (isset($db["meta"]["attachments"])) { 691 foreach ($db["meta"]["attachments"] as $data) { 692 $data["keep"] = true; 693 $data["linked"] = true; 694 $form["attachments"][] = $data; 695 } 696 } 697 break; 698 699 case "author": 700 case "email": 701 if ($db["user_id"] && 702 $PHORUM["post_fields"][$key][pf_READONLY]) { 703 $form[$key] = $user_info[$key]; 704 } else { 705 $form[$key] = $db[$key]; 706 } 707 break; 708 709 case "special": 710 if ($db["sort"] == PHORUM_SORT_ANNOUNCEMENT) { 711 $form["special"] = "announcement"; 712 } elseif ($db["sort"] == PHORUM_SORT_STICKY) { 713 $form["special"] = "sticky"; 714 } else { 715 $form["special"] = ""; 716 } 717 break; 718 719 case "mode": 720 // NOOP 721 break; 722 723 default: 724 $form[$key] = $db[$key]; 725 } 726 } 727 return $form; 728 } 729 730 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 12:22:27 2007 | par Balluche grâce à PHPXref 0.7 |
|
|