diff options
Diffstat (limited to 'phpBB/includes/ucp/ucp_pm_compose.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 125 |
1 files changed, 62 insertions, 63 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index d365e8b489..06f76aa01a 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -44,14 +44,14 @@ function compose_pm($id, $mode, $action, $user_folders = array()) add_form_key('ucp_pm_compose'); // Grab only parameters needed here - $to_user_id = request_var('u', 0); - $to_group_id = request_var('g', 0); - $msg_id = request_var('p', 0); - $draft_id = request_var('d', 0); - $lastclick = request_var('lastclick', 0); + $to_user_id = $request->variable('u', 0); + $to_group_id = $request->variable('g', 0); + $msg_id = $request->variable('p', 0); + $draft_id = $request->variable('d', 0); + $lastclick = $request->variable('lastclick', 0); // Reply to all triggered (quote/reply) - $reply_to_all = request_var('reply_to_all', 0); + $reply_to_all = $request->variable('reply_to_all', 0); $address_list = $request->variable('address_list', array('' => array(0 => ''))); @@ -76,6 +76,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $error = array(); $current_time = time(); + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); + // Was cancel pressed? If so then redirect to the appropriate page if ($cancel || ($current_time - $lastclick < 2 && $submit)) { @@ -145,7 +148,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $group_options = ''; while ($row = $db->sql_fetchrow($result)) { - $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>'; } $db->sql_freeresult($result); } @@ -168,6 +171,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) case 'post': if (!$auth->acl_get('u_sendpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SEND_MESSAGE'); } break; @@ -183,6 +187,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (!$auth->acl_get('u_sendpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SEND_MESSAGE'); } @@ -223,6 +228,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) case 'delete': if (!$auth->acl_get('u_pm_delete')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_DELETE_MESSAGE'); } @@ -248,11 +254,13 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward'))) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_FORWARD_MESSAGE'); } if ($action == 'edit' && !$auth->acl_get('u_pm_edit')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_EDIT_MESSAGE'); } @@ -263,8 +271,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * * @event core.ucp_pm_compose_compose_pm_basic_info_query_before * @var string sql String with the query to be executed - * @var array forum_list List of forums that contain the posts - * @var int visibility_const Integer with one of the possible ITEM_* constant values * @var int msg_id topic_id in the page request * @var int to_user_id The id of whom the message is to * @var int to_group_id The id of the group whom the message is to @@ -273,14 +279,11 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies * @var bool delete Whether the user is deleting the PM * @var int reply_to_all Value of reply_to_all request variable. - * @var string limit_time_sql String with the SQL code to limit the time interval of the post (Note: May be empty string) - * @var string sort_order_sql String with the ORDER BY SQL code used in this query * @since 3.1.0-RC5 + * @changed 3.2.0-a1 Removed undefined variables */ $vars = array( 'sql', - 'forum_list', - 'visibility_const', 'msg_id', 'to_user_id', 'to_group_id', @@ -289,8 +292,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'action', 'delete', 'reply_to_all', - 'limit_time_sql', - 'sort_order_sql', ); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_before', compact($vars))); @@ -325,6 +326,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read'))) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } @@ -335,8 +337,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var string sql The original SQL used in the query * @var array post Associative array with the data of the quoted post * @var array msg_id The post_id that was searched to get the message for quoting - * @var int visibility_const Visibility of the quoted post (one of the possible ITEM_* constant values) - * @var int topic_id Topic ID of the quoted post * @var int to_user_id Users the message is sent to * @var int to_group_id Groups the message is sent to * @var bool submit Whether the user is sending the PM or not @@ -345,13 +345,12 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var bool delete If deleting message * @var int reply_to_all Value of reply_to_all request variable. * @since 3.1.0-RC5 + * @changed 3.2.0-a1 Removed undefined variables */ $vars = array( 'sql', 'post', 'msg_id', - 'visibility_const', - 'topic_id', 'to_user_id', 'to_group_id', 'submit', @@ -463,6 +462,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group'))) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_GROUP_MESSAGE'); } @@ -484,8 +484,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $icon_id = 0; } - $message_parser = new parse_message(); + /* @var $plupload \phpbb\plupload\plupload */ $plupload = $phpbb_container->get('plupload'); + $message_parser = new parse_message(); $message_parser->set_plupload($plupload); $message_parser->message = ($action == 'reply') ? '' : $message_text; @@ -498,7 +499,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($action == 'delete') { // Folder id has been determined by the SQL Statement - // $folder_id = request_var('f', PRIVMSGS_NO_BOX); + // $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); // Do we need to confirm ? if (confirm_box(true)) @@ -529,15 +530,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Get maximum number of allowed recipients - $sql = 'SELECT MAX(g.group_max_recipients) as max_recipients - FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug - WHERE ug.user_id = ' . $user->data['user_id'] . ' - AND ug.user_pending = 0 - AND ug.group_id = g.group_id'; - $result = $db->sql_query($sql); - $max_recipients = (int) $db->sql_fetchfield('max_recipients'); - $db->sql_freeresult($result); + $max_recipients = phpbb_get_max_setting_from_group($db, $user->data['user_id'], 'max_recipients'); + // If it is 0, there is no limit set and we use the maximum value within the config. $max_recipients = (!$max_recipients) ? $config['pm_max_recipients'] : $max_recipients; // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients @@ -610,7 +605,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $enable_urls = true; } - $enable_magic_url = $drafts = false; + $drafts = false; // User own some drafts? if ($auth->acl_get('u_savedrafts') && $action != 'delete') @@ -645,9 +640,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Save Draft if ($save && $auth->acl_get('u_savedrafts')) { - $subject = utf8_normalize_nfc(request_var('subject', '', true)); + $subject = $request->variable('subject', '', true); $subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject; - $message = utf8_normalize_nfc(request_var('message', '', true)); + $message = $request->variable('message', '', true); if ($subject && $message) { @@ -741,10 +736,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $error[] = $user->lang['FORM_INVALID']; } - $subject = utf8_normalize_nfc(request_var('subject', '', true)); - $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); + $subject = $request->variable('subject', '', true); + $message_parser->message = $request->variable('message', '', true); - $icon_id = request_var('icon', 0); + $icon_id = $request->variable('icon', 0); $enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; $enable_smilies = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; @@ -779,16 +774,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) ); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); - if ($submit) - { - $status_switch = (($enable_bbcode+1) << 8) + (($enable_smilies+1) << 4) + (($enable_urls+1) << 2) + (($enable_sig+1) << 1); - $status_switch = ($status_switch != $check_value); - } - else - { - $status_switch = 1; - } - // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); @@ -904,13 +889,8 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Signature if ($enable_sig && $config['allow_sig'] && $preview_signature) { - $parse_sig = new parse_message($preview_signature); - $parse_sig->bbcode_uid = $preview_signature_uid; - $parse_sig->bbcode_bitfield = $preview_signature_bitfield; - - $parse_sig->format_display($config['allow_sig_bbcode'], $config['allow_sig_links'], $config['allow_sig_smilies']); - $preview_signature = $parse_sig->message; - unset($parse_sig); + $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0); + $preview_signature = generate_text_for_display($preview_signature, $preview_signature_uid, $preview_signature_bitfield, $bbcode_flags); } else { @@ -960,7 +940,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if ($action == 'quotepost') { - $post_id = request_var('p', 0); + $post_id = $request->variable('p', 0); if ($config['allow_post_links']) { $message_link = "[url=" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}]{$user->lang['SUBJECT']}{$user->lang['COLON']} {$message_subject}[/url]\n\n"; @@ -974,7 +954,20 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $message_link = ''; } - $message_parser->message = $message_link . '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n"; + $quote_attributes = array( + 'author' => $quote_username, + 'time' => $post['message_time'], + 'user_id' => $post['author_id'], + ); + if ($action === 'quotepost') + { + $quote_attributes['post_id'] = $post['msg_id']; + } + $quote_text = $phpbb_container->get('text_formatter.utils')->generate_quote( + censor_text($message_parser->message), + $quote_attributes + ); + $message_parser->message = $message_link . $quote_text . "\n\n"; } if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) @@ -1002,7 +995,11 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text); $forward_text[] = sprintf($user->lang['FWD_TO'], implode($user->lang['COMMA_SEPARATOR'], $fwd_to_field['to'])); - $message_parser->message = implode("\n", $forward_text) . "\n\n[quote="{$quote_username}"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; + $quote_text = $phpbb_container->get('text_formatter.utils')->generate_quote( + censor_text($message_parser->message), + array('author' => $quote_username) + ); + $message_parser->message = implode("\n", $forward_text) . "\n\n" . $quote_text; $message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject); } @@ -1075,7 +1072,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if ($type == 'g') { - $row['name'] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['name']] : $row['name']; + $row['name'] = $group_helper->get_name($row['name']); } ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']); @@ -1085,7 +1082,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Now Build the address list - $plain_address_field = ''; foreach ($address_list as $type => $adr_ary) { foreach ($adr_ary as $id => $field) @@ -1173,6 +1169,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"'; + /** @var \phpbb\controller\helper $controller_helper */ + $controller_helper = $phpbb_container->get('controller.helper'); + // Start assigning vars for main posting page ... $template->assign_vars(array( 'L_POST_A' => $page_title, @@ -1181,7 +1180,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'SUBJECT' => (isset($message_subject)) ? $message_subject : '', 'MESSAGE' => $message_text, - 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), + 'BBCODE_STATUS' => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], @@ -1277,13 +1276,13 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } // Add Selected Groups - $group_list = request_var('group_list', array(0)); + $group_list = $request->variable('group_list', array(0)); // Build usernames to add - $usernames = request_var('username', '', true); + $usernames = $request->variable('username', '', true); $usernames = (empty($usernames)) ? array() : array($usernames); - $username_list = request_var('username_list', '', true); + $username_list = $request->variable('username_list', '', true); if ($username_list) { $usernames = array_merge($usernames, explode("\n", $username_list)); @@ -1300,7 +1299,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $submit = false; // Preview is only true if there was also a message entered - if (request_var('message', '')) + if ($request->variable('message', '')) { $preview = true; } @@ -1432,7 +1431,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } /** -* Build the hidden field for the recipients. Needed, as the variable is not read via request_var. +* Build the hidden field for the recipients. Needed, as the variable is not read via $request->variable(). */ function build_address_field($address_list) { |