diff options
| author | Maat <maat-pub@mageia.biz> | 2020-05-08 21:52:11 +0200 |
|---|---|---|
| committer | Maat <maat-pub@mageia.biz> | 2020-05-08 21:52:11 +0200 |
| commit | 8ea437e30605e0f66b5220bf904a61d7c1d11ddd (patch) | |
| tree | e0db2bb4a012d5b06a633160b19f62f4868ecd28 /phpBB/phpbb/report/report_handler_post.php | |
| parent | 36bc1870f21fac04736a1049c1d5b8e127d729f4 (diff) | |
| parent | 2fdd46b36431ae0f58bb2e78e42553168db9a0ff (diff) | |
| download | forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.gz forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.bz2 forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.xz forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.zip | |
Merge remote-tracking branch 'upstream/prep-release-3.2.9'
Diffstat (limited to 'phpBB/phpbb/report/report_handler_post.php')
| -rw-r--r-- | phpBB/phpbb/report/report_handler_post.php | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/phpBB/phpbb/report/report_handler_post.php b/phpBB/phpbb/report/report_handler_post.php new file mode 100644 index 0000000000..52f09683ce --- /dev/null +++ b/phpBB/phpbb/report/report_handler_post.php @@ -0,0 +1,175 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\report; + +use phpbb\report\exception\invalid_report_exception; +use phpbb\report\exception\empty_report_exception; +use phpbb\report\exception\already_reported_exception; +use phpbb\report\exception\entity_not_found_exception; +use phpbb\report\exception\report_permission_denied_exception; + +class report_handler_post extends report_handler +{ + /** + * @var array + */ + protected $forum_data; + + /** + * {@inheritdoc} + * @throws \phpbb\report\exception\report_permission_denied_exception when the user does not have permission to report the post + */ + public function add_report($id, $reason_id, $report_text, $user_notify) + { + // Cast the input variables + $id = (int) $id; + $reason_id = (int) $reason_id; + $report_text = (string) $report_text; + $user_notify = (int) $user_notify; + + $this->validate_report_request($id); + + $sql = 'SELECT * + FROM ' . REPORTS_REASONS_TABLE . " + WHERE reason_id = $reason_id"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if (!$row || (empty($report_text) && strtolower($row['reason_title']) === 'other')) + { + throw new empty_report_exception(); + } + + $report_data = array( + 'reason_id' => $reason_id, + 'post_id' => $id, + 'pm_id' => 0, + 'user_notify' => $user_notify, + 'report_text' => $report_text, + 'reported_post_text' => $this->report_data['post_text'], + 'reported_post_uid' => $this->report_data['bbcode_uid'], + 'reported_post_bitfield' => $this->report_data['bbcode_bitfield'], + 'reported_post_enable_bbcode' => $this->report_data['enable_bbcode'], + 'reported_post_enable_smilies' => $this->report_data['enable_smilies'], + 'reported_post_enable_magic_url' => $this->report_data['enable_magic_url'], + ); + + $this->create_report($report_data); + + $sql = 'UPDATE ' . POSTS_TABLE . ' + SET post_reported = 1 + WHERE post_id = ' . $id; + $this->db->sql_query($sql); + + if (!$this->report_data['topic_reported']) + { + $sql = 'UPDATE ' . TOPICS_TABLE . ' + SET topic_reported = 1 + WHERE topic_id = ' . $this->report_data['topic_id'] . ' + OR topic_moved_id = ' . $this->report_data['topic_id']; + $this->db->sql_query($sql); + } + + $this->notifications->add_notifications('notification.type.report_post', array_merge($this->report_data, $row, $this->forum_data, array( + 'report_text' => $report_text, + ))); + } + + /** + * {@inheritdoc} + * @throws \phpbb\report\exception\report_permission_denied_exception when the user does not have permission to report the post + */ + public function validate_report_request($id) + { + $id = (int) $id; + + // Check if id is valid + if ($id <= 0) + { + throw new entity_not_found_exception('NO_POST_SELECTED'); + } + + // Grab all relevant data + $sql = 'SELECT t.*, p.* + FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . " t + WHERE p.post_id = $id + AND p.topic_id = t.topic_id"; + $result = $this->db->sql_query($sql); + $report_data = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if (!$report_data) + { + throw new entity_not_found_exception('POST_NOT_EXIST'); + } + + $forum_id = (int) $report_data['forum_id']; + + $sql = 'SELECT * + FROM ' . FORUMS_TABLE . ' + WHERE forum_id = ' . $forum_id; + $result = $this->db->sql_query($sql); + $forum_data = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if (!$forum_data) + { + throw new invalid_report_exception('FORUM_NOT_EXIST'); + } + + $acl_check_ary = array( + 'f_list' => 'POST_NOT_EXIST', + 'f_read' => 'USER_CANNOT_READ', + 'f_report' => 'USER_CANNOT_REPORT' + ); + + /** + * This event allows you to do extra auth checks and verify if the user + * has the required permissions + * + * @event core.report_post_auth + * @var array forum_data All data available from the forums table on this post's forum + * @var array report_data All data available from the topics and the posts tables on this post (and its topic) + * @var array acl_check_ary An array with the ACL to be tested. The evaluation is made in the same order as the array is sorted + * The key is the ACL name and the value is the language key for the error message. + * @since 3.1.3-RC1 + */ + $vars = array( + 'forum_data', + 'report_data', + 'acl_check_ary', + ); + extract($this->dispatcher->trigger_event('core.report_post_auth', compact($vars))); + + $this->auth->acl($this->user->data); + + foreach ($acl_check_ary as $acl => $error) + { + if (!$this->auth->acl_get($acl, $forum_id)) + { + throw new report_permission_denied_exception($error); + } + } + unset($acl_check_ary); + + if ($report_data['post_reported']) + { + throw new already_reported_exception(); + } + + $this->report_data = $report_data; + $this->forum_data = $forum_data; + } +} |