archive/tyforum
2
0
Fork 0
forked from github/Quit.mwForum
Code Pull Requests Activity
Files
master
tyforum/script/post_edit.pl
Quit 78f09cc4fe Updated to 2.29.6
2015-01-03 11:43:36 +01:00

240 lines
7.8 KiB
Perl
Executable File
Raw Permalink Blame History

#!/usr/bin/perl
#------------------------------------------------------------------------------
# mwForum - Web-based discussion forum
# Copyright (c) 1999-2015 Markus Wichitill
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#------------------------------------------------------------------------------
use strict;
use warnings;
no warnings qw(uninitialized redefine);
# Imports
use MwfMain;
#------------------------------------------------------------------------------
# Init
my ($m, $cfg, $lng, $user, $userId) = MwfMain->new($_[0]);
# Get CGI parameters
my $postId = $m->paramInt('pid');
my $subject = $m->paramStr('subject');
my $body = $m->paramStr('body');
my $rawBody = $m->paramStr('raw', 0);
my $notify = $m->paramBool('notify');
my $edit = $m->paramBool('edit');
my $preview = $m->paramBool('preview');
my $reason = $m->paramStr('reason');
$postId or $m->error('errParamMiss');
# Get post
my $post = $m->fetchHash("
SELECT * FROM posts WHERE id = ?", $postId);
$post or $m->error('errPstNotFnd');
my $boardId = $post->{boardId};
my $topicId = $post->{topicId};
# Get board
my $board = $m->fetchHash("
SELECT * FROM boards WHERE id = ?", $boardId);
$board or $m->error('errBrdNotFnd');
# Get topic
my $topic = $m->fetchHash("
SELECT * FROM topics WHERE id = ?", $topicId);
$topic or $m->error('errTpcNotFnd');
# Check if user can see and write to board
my $boardAdmin = $user->{admin} || $m->boardAdmin($userId, $boardId)
|| $board->{topicAdmins} && $m->topicAdmin($userId, $topicId);
my $boardMember = $m->boardMember($userId, $boardId);
$boardAdmin || $boardMember || $m->boardVisible($board) or $m->error('errNoAccess');
$boardAdmin || $boardMember || $m->boardWritable($board, 1) or $m->error('errNoAccess');
# Check if user owns post or is moderator
$userId && $userId == $post->{userId} || $boardAdmin or $m->error('errNoAccess');
# Don't allow editing of approved posts in moderated boards
!$board->{approve} || !$post->{approved} || $boardAdmin || ($boardMember && $board->{private} != 1)
or $m->error('errEditAppr');
# Check editing time limitation
!$cfg->{postEditTime} || $m->{now} < $post->{postTime} + $cfg->{postEditTime}
|| $boardAdmin || $boardMember
or $m->error('errPstEdtTme');
# Check if topic or post is locked
!$topic->{locked} || $boardAdmin or $m->error('errTpcLocked');
!$post->{locked} || $boardAdmin or $m->error('errPstLocked');
# Check authorization
$m->checkAuthz($user, 'editPost');
# Process form
if ($edit) {
# Check request source authentication
$m->checkSourceAuth() or $m->formError('errSrcAuth');
# Check subject/body length
if ($postId == $topic->{basePostId}) {
length($subject) or $m->formError('errSubEmpty');
length($subject) <= $cfg->{maxSubjectLen} or $m->formError('errSubLen');
$subject =~ /\S/ or $m->formError('errSubNoText') if length($subject);
}
length($body) || $post->{userId} == -2 or $m->formError('errBdyEmpty');
length($body) <= $cfg->{maxBodyLen} or $m->formError('errBdyLen');
length($rawBody) <= $cfg->{maxBodyLen} or $m->formError('errBdyLen');
# If there's no error, finish action
if (!@{$m->{formErrors}}) {
# Process text
my $oldBody = $post->{body};
$post->{subject} = $subject;
$post->{body} = $body;
$post->{rawBody} = $rawBody;
$m->editToDb({}, $post);
# Only change editTime if there's some time between post and edit, and body changed
my $postEditStTime = defined($cfg->{postEditStTime}) ? $cfg->{postEditStTime} : 120;
my $editTime = ($m->{now} - $post->{postTime} > $postEditStTime) && ($oldBody ne $post->{body})
? $m->{now} : $post->{editTime};
# Update post
$m->dbDo("
UPDATE posts SET editTime = ?, body = ?, rawBody = ? WHERE id = ?",
$editTime, $post->{body}, $post->{rawBody}, $postId)
if $post->{userId} != -2;
# Update topic subject if first post
$m->dbDo("
UPDATE topics SET subject = ? WHERE id = ?", $post->{subject}, $topicId)
if $postId == $topic->{basePostId};
# Add notification message
if ($notify && $post->{userId} && $post->{userId} != $userId) {
my $url = "topic_show$m->{ext}?pid=$postId";
$m->addNote('pstEdt', $post->{userId}, 'notPstEdt', pstUrl => $url, reason => $reason);
}
# Log action and finish
$m->logAction(1, 'post', 'edit', $userId, $boardId, $topicId, $postId);
$m->redirect('topic_show', pid => $postId, msg => 'PstChange');
}
}
# Print form
if (!$edit || @{$m->{formErrors}}) {
# Print header
$m->printHeader(undef, { tagButtons => 1, lng_tbbInsSnip => $lng->{tbbInsSnip} });
# Print page bar
my @navLinks = ({ url => $m->url('topic_show', pid => $postId), txt => 'comUp', ico => 'up' });
$m->printPageBar(mainTitle => $lng->{eptTitle}, navLinks => \@navLinks);
# Print hints and form errors
$m->printFormErrors();
# Prepare subject and body
my ($subjectEsc, $bodyEsc, $rawBodyEsc);
if ($edit || $preview) {
$subjectEsc = $m->escHtml($subject);
$bodyEsc = $m->escHtml($body, 1);
$rawBodyEsc = $m->escHtml($rawBody, 1);
}
else {
$subjectEsc = $topic->{subject};
$m->dbToEdit({}, $post);
$bodyEsc = $post->{body};
$rawBodyEsc = $post->{rawBody};
}
# Prepare preview body
if ($preview) {
$preview = { body => $body, rawBody => $rawBody };
$m->editToDb({}, $preview);
$m->dbToDisplay($board, $preview);
}
# Print edit post form
print
"<form action='post_edit$m->{ext}' method='post'>\n",
"<div class='frm'>\n",
"<div class='hcl'><span class='htt'>$lng->{eptEditTtl}</span></div>\n",
"<div class='ccl'>\n";
# Print subject input
print
"<fieldset>\n",
"<label class='lbw'>$lng->{eptEditSbj}\n",
"<input type='text' class='fwi' name='subject' maxlength='$cfg->{maxSubjectLen}'",
" value='$subjectEsc' autofocus required></label>\n",
"</fieldset>\n"
if $postId == $topic->{basePostId};
# Print body textarea
print
"<fieldset>\n",
$m->tagButtons($board),
"<textarea class='tgi' name='body' rows='14' required>$bodyEsc</textarea>\n",
"</fieldset>\n"
if $post->{userId} != -2;
# Print raw body textarea
print
$rawBodyEsc ? "<fieldset>\n" :
"<div><a class='clk rvl' data-rvlid='#rawtxt' href='#'>$lng->{eptEditIRaw} &#187;"
. "</a></div>\n<fieldset id='rawtxt' style='display: none'>\n",
"<label class='lbw'>$lng->{eptEditRaw}\n",
"<textarea class='raw' name='raw' rows='14' spellcheck='false'>$rawBodyEsc",
"</textarea></label>\n",
"</fieldset>\n"
if $cfg->{rawBody};
# Print notification section
my $noteChk = $cfg->{noteDefMod} ? 'checked' : "";
print
"<fieldset>\n",
"<div><label><input type='checkbox' name='notify' $noteChk>$lng->{notNotify}</label></div>\n",
"<datalist id='reasons'>\n",
map("<option value='$_'>\n", @{$cfg->{modReasons}}),
"</datalist>\n",
"<input type='text' class='fwi' name='reason' list='reasons'>\n",
"</fieldset>\n"
if $post->{userId} > 0 && $post->{userId} != $userId;
# Print submit section
print
$m->submitButton('eptEditB', 'edit', 'edit'),
$m->submitButton('eptEditPrvB', 'preview', 'preview'),
"<input type='hidden' name='pid' value='$postId'>\n",
$m->stdFormFields(),
"</div>\n",
"</div>\n",
"</form>\n\n";
# Print preview
print
"<div class='frm'>\n",
"<div class='hcl'><span class='htt'>$lng->{eptPrvTtl}</span></div>\n",
"<div class='ccl'>\n",
$preview->{body}, "\n",
"</div>\n",
"</div>\n\n"
if $preview;
# Log action and finish
$m->logAction(3, 'post', 'edit', $userId, $boardId, $topicId, $postId);
$m->printFooter();
}
$m->finish();
View Git Blame Copy Permalink