diff options
| -rw-r--r-- | phpBB/adm/style/acp_ext_disable.html | 8 | ||||
| -rw-r--r-- | phpBB/adm/style/acp_ext_enable.html | 8 | ||||
| -rw-r--r-- | phpBB/adm/style/admin.css | 4 | ||||
| -rw-r--r-- | phpBB/config/cron_tasks.yml | 1 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 2 | ||||
| -rw-r--r-- | phpBB/language/en/posting.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/cron/task/core/prune_shadow_topics.php | 10 | ||||
| -rw-r--r-- | phpBB/posting.php | 49 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 70 | ||||
| -rw-r--r-- | tests/functional/extension_acp_test.php | 4 |
10 files changed, 118 insertions, 40 deletions
diff --git a/phpBB/adm/style/acp_ext_disable.html b/phpBB/adm/style/acp_ext_disable.html index d650544ff7..d2b5c46fe8 100644 --- a/phpBB/adm/style/acp_ext_disable.html +++ b/phpBB/adm/style/acp_ext_disable.html @@ -8,19 +8,19 @@ <p>{L_EXTENSION_DISABLE_EXPLAIN}</p> <!-- IF PRE --> - <div class="errorbox"> + <fieldset> + <h2>{L_CONFIRM}</h2> <p>{L_CONFIRM_MESSAGE}</p> - </div> + </fieldset> <form id="acp_extensions" method="post" action="{U_DISABLE}"> <fieldset class="submit-buttons"> - <legend>{L_EXTENSION_DISABLE}</legend> <input class="button1" type="submit" name="disable" value="{L_EXTENSION_DISABLE}" /> <input class="button2" type="submit" name="cancel" value="{L_CANCEL}" /> </fieldset> </form> <!-- ELSEIF S_NEXT_STEP --> - <div class="errorbox"> + <div class="successbox notice"> <p>{L_EXTENSION_DISABLE_IN_PROGRESS}</p> </div> <!-- ELSE --> diff --git a/phpBB/adm/style/acp_ext_enable.html b/phpBB/adm/style/acp_ext_enable.html index 42523f1f58..8a4a35359e 100644 --- a/phpBB/adm/style/acp_ext_enable.html +++ b/phpBB/adm/style/acp_ext_enable.html @@ -14,19 +14,19 @@ <p><a href="{U_RETURN}">{L_RETURN_TO_EXTENSION_LIST}</a></p> </div> <!-- ELSEIF PRE --> - <div class="errorbox"> + <fieldset> + <h2>{L_CONFIRM}</h2> <p>{L_CONFIRM_MESSAGE}</p> - </div> + </fieldset> <form id="acp_extensions" method="post" action="{U_ENABLE}"> <fieldset class="submit-buttons"> - <legend>{L_EXTENSION_ENABLE}</legend> <input class="button1" type="submit" name="enable" value="{L_EXTENSION_ENABLE}" /> <input class="button2" type="submit" name="cancel" value="{L_CANCEL}" /> </fieldset> </form> <!-- ELSEIF S_NEXT_STEP --> - <div class="errorbox"> + <div class="successbox notice"> <p>{L_EXTENSION_ENABLE_IN_PROGRESS}</p> </div> <!-- ELSE --> diff --git a/phpBB/adm/style/admin.css b/phpBB/adm/style/admin.css index 60a5cd9472..a61890bc75 100644 --- a/phpBB/adm/style/admin.css +++ b/phpBB/adm/style/admin.css @@ -1076,6 +1076,10 @@ fieldset { border-radius: 3px; } +fieldset h2 { + margin-top: 0; +} + .rtl fieldset { border-top: 1px solid #D7D7D7; border-right: 1px solid #D7D7D7; diff --git a/phpBB/config/cron_tasks.yml b/phpBB/config/cron_tasks.yml index 4fa5d1440e..acf9a48bf9 100644 --- a/phpBB/config/cron_tasks.yml +++ b/phpBB/config/cron_tasks.yml @@ -31,6 +31,7 @@ services: - @config - @dbal.conn - @log + - @user calls: - [set_name, [cron.task.core.prune_shadow_topics]] tags: diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 16b3ca8573..3a3343f199 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -492,7 +492,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') { // Do not change to SELECT * - $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename + $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize FROM ' . ATTACHMENTS_TABLE . " WHERE post_msg_id = $msg_id AND in_message = 1 diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php index 5068f60573..2b9b03101e 100644 --- a/phpBB/language/en/posting.php +++ b/phpBB/language/en/posting.php @@ -72,7 +72,7 @@ $lang = array_merge($lang, array( 'CHANGE_TOPIC_TO' => 'Change topic type to', 'CHARS_POST_CONTAINS' => array( 1 => 'Your message contains %1$d character.', - 2 => 'Your message contains %1$d characters.', + 2 => 'Your message contains %1$d characters.', ), 'CHARS_SIG_CONTAINS' => array( 1 => 'Your signature contains %1$d character.', diff --git a/phpBB/phpbb/cron/task/core/prune_shadow_topics.php b/phpBB/phpbb/cron/task/core/prune_shadow_topics.php index b30e665a87..aa600e9abe 100644 --- a/phpBB/phpbb/cron/task/core/prune_shadow_topics.php +++ b/phpBB/phpbb/cron/task/core/prune_shadow_topics.php @@ -25,6 +25,7 @@ class prune_shadow_topics extends \phpbb\cron\task\base implements \phpbb\cron\t protected $config; protected $db; protected $log; + protected $user; /** * If $forum_data is given, it is assumed to contain necessary information @@ -44,14 +45,16 @@ class prune_shadow_topics extends \phpbb\cron\task\base implements \phpbb\cron\t * @param \phpbb\config\config $config The config * @param \phpbb\db\driver\driver $db The db connection * @param \phpbb\log\log $log The phpBB log system + * @param \phpbb\user $user The phpBB user object */ - public function __construct($phpbb_root_path, $php_ext, \phpbb\config\config $config, \phpbb\db\driver\driver $db, \phpbb\log\log $log) + public function __construct($phpbb_root_path, $php_ext, \phpbb\config\config $config, \phpbb\db\driver\driver $db, \phpbb\log\log $log, \phpbb\user $user) { $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; $this->config = $config; $this->db = $db; $this->log = $log; + $this->user = $user; } /** @@ -183,7 +186,10 @@ class prune_shadow_topics extends \phpbb\cron\task\base implements \phpbb\cron\t WHERE forum_id = $forum_id"; $this->db->sql_query($sql); - $this->log->add('admin', 'LOG_PRUNE_SHADOW', $row['forum_name']); + $user_id = (empty($this->user->data)) ? ANONYMOUS : $this->user->data['user_id']; + $user_ip = (empty($this->user->ip)) ? '' : $this->user->ip; + + $this->log->add('admin', $user_id, $user_ip, 'LOG_PRUNE_SHADOW', false, array($row['forum_name'])); } return; diff --git a/phpBB/posting.php b/phpBB/posting.php index d48157dcd6..441de9f28c 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -381,19 +381,46 @@ if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_statu // else it depends on editing times, lock status and if we're the correct user if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id)) { - if ($user->data['user_id'] != $post_data['poster_id']) - { - trigger_error('USER_CANNOT_EDIT'); - } - - if (!($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) - { - trigger_error('CANNOT_EDIT_TIME'); - } + $force_edit_allowed = false; + + $s_cannot_edit = $user->data['user_id'] != $post_data['poster_id']; + $s_cannot_edit_time = $config['edit_time'] && $post_data['post_time'] <= time() - ($config['edit_time'] * 60); + $s_cannot_edit_locked = $post_data['post_edit_locked']; + + /** + * This event allows you to modify the conditions for the "cannot edit post" checks + * + * @event core.posting_modify_cannot_edit_conditions + * @var array post_data Array with post data + * @var bool force_edit_allowed Allow the user to edit the post (all permissions and conditions are ignored) + * @var bool s_cannot_edit User can not edit the post because it's not his + * @var bool s_cannot_edit_locked User can not edit the post because it's locked + * @var bool s_cannot_edit_time User can not edit the post because edit_time has passed + * @since 3.1.0-b4 + */ + $vars = array( + 'post_data', + 'force_edit_allowed', + 's_cannot_edit', + 's_cannot_edit_locked', + 's_cannot_edit_time', + ); + extract($phpbb_dispatcher->trigger_event('core.posting_modify_cannot_edit_conditions', compact($vars))); - if ($post_data['post_edit_locked']) + if (!$force_edit_allowed) { - trigger_error('CANNOT_EDIT_POST_LOCKED'); + if ($s_cannot_edit) + { + trigger_error('USER_CANNOT_EDIT'); + } + else if ($s_cannot_edit_time) + { + trigger_error('CANNOT_EDIT_TIME'); + } + else if ($s_cannot_edit_locked) + { + trigger_error('CANNOT_EDIT_POST_LOCKED'); + } } } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index a0cd590e58..95bee9789f 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1582,27 +1582,67 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) $s_first_unread = $first_unread = true; } - $edit_allowed = ($user->data['is_registered'] && ($auth->acl_get('m_edit', $forum_id) || ( - $user->data['user_id'] == $poster_id && - $auth->acl_get('f_edit', $forum_id) && - $topic_data['topic_status'] != ITEM_LOCKED && - !$row['post_edit_locked'] && - ($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time']) + $force_edit_allowed = $force_delete_allowed = false; + + $s_cannot_edit = !$auth->acl_get('f_edit', $forum_id) || $user->data['user_id'] != $poster_id; + $s_cannot_edit_time = $config['edit_time'] && $row['post_time'] <= time() - ($config['edit_time'] * 60); + $s_cannot_edit_locked = $topic_data['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']; + + $s_cannot_delete = $user->data['user_id'] != $poster_id || ( + !$auth->acl_get('f_delete', $forum_id) && + (!$auth->acl_get('f_softdelete', $forum_id) || $row['post_visibility'] == ITEM_DELETED) + ); + $s_cannot_delete_lastpost = $topic_data['topic_last_post_id'] != $row['post_id']; + $s_cannot_delete_time = $config['delete_time'] && $row['post_time'] <= time() - ($config['delete_time'] * 60); + // we do not want to allow removal of the last post if a moderator locked it! + $s_cannot_delete_locked = $topic_data['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']; + + /** + * This event allows you to modify the conditions for the "can edit post" and "can delete post" checks + * + * @event core.viewtopic_modify_post_action_conditions + * @var array row Array with post data + * @var array topic_data Array with topic data + * @var bool force_edit_allowed Allow the user to edit the post (all permissions and conditions are ignored) + * @var bool s_cannot_edit User can not edit the post because it's not his + * @var bool s_cannot_edit_locked User can not edit the post because it's locked + * @var bool s_cannot_edit_time User can not edit the post because edit_time has passed + * @var bool force_delete_allowed Allow the user to delete the post (all permissions and conditions are ignored) + * @var bool s_cannot_delete User can not delete the post because it's not his + * @var bool s_cannot_delete_lastpost User can not delete the post because it's not the last post of the topic + * @var bool s_cannot_delete_locked User can not delete the post because it's locked + * @var bool s_cannot_delete_time User can not delete the post because edit_time has passed + * @since 3.1.0-b4 + */ + $vars = array( + 'row', + 'topic_data', + 'force_edit_allowed', + 's_cannot_edit', + 's_cannot_edit_locked', + 's_cannot_edit_time', + 'force_delete_allowed', + 's_cannot_delete', + 's_cannot_delete_lastpost', + 's_cannot_delete_locked', + 's_cannot_delete_time', + ); + extract($phpbb_dispatcher->trigger_event('core.viewtopic_modify_post_action_conditions', compact($vars))); + + $edit_allowed = $force_edit_allowed || ($user->data['is_registered'] && ($auth->acl_get('m_edit', $forum_id) || ( + !$s_cannot_edit && + !$s_cannot_edit_time && + !$s_cannot_edit_locked ))); $quote_allowed = $auth->acl_get('m_edit', $forum_id) || ($topic_data['topic_status'] != ITEM_LOCKED && ($user->data['user_id'] == ANONYMOUS || $auth->acl_get('f_reply', $forum_id)) ); - $delete_allowed = ($user->data['is_registered'] && (($auth->acl_get('m_delete', $forum_id) || ($auth->acl_get('m_softdelete', $forum_id) && $row['post_visibility'] != ITEM_DELETED)) || ( - $user->data['user_id'] == $poster_id && - ($auth->acl_get('f_delete', $forum_id) || ($auth->acl_get('f_softdelete', $forum_id) && $row['post_visibility'] != ITEM_DELETED)) && - $topic_data['topic_status'] != ITEM_LOCKED && - $topic_data['topic_last_post_id'] == $row['post_id'] && - ($row['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time']) && - // we do not want to allow removal of the last post if a moderator locked it! - !$row['post_edit_locked'] - ))); + $delete_allowed = $force_delete_allowed || ($user->data['is_registered'] && ( + ($auth->acl_get('m_delete', $forum_id) || ($auth->acl_get('m_softdelete', $forum_id) && $row['post_visibility'] != ITEM_DELETED)) || + (!$s_cannot_delete && !$s_cannot_delete_lastpost && !$s_cannot_delete_time && !$s_cannot_delete_locked) + )); // Can this user receive a Private Message? $can_receive_pm = ( diff --git a/tests/functional/extension_acp_test.php b/tests/functional/extension_acp_test.php index 5f02158e20..8a724f2133 100644 --- a/tests/functional/extension_acp_test.php +++ b/tests/functional/extension_acp_test.php @@ -157,7 +157,7 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case $this->assertContainsLang('EXTENSION_ACTIONS', $crawler->filter('div.main thead')->text()); $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=enable_pre&ext_name=vendor%2Fmoo&sid=' . $this->sid); - $this->assertContains($this->lang('EXTENSION_ENABLE_CONFIRM', 'phpBB Moo Extension'), $crawler->filter('.errorbox')->text()); + $this->assertContains($this->lang('EXTENSION_ENABLE_CONFIRM', 'phpBB Moo Extension'), $crawler->filter('#main')->text()); } public function test_disable_pre() @@ -169,7 +169,7 @@ class phpbb_functional_extension_acp_test extends phpbb_functional_test_case $this->assertContainsLang('EXTENSION_ACTIONS', $crawler->filter('div.main thead')->text()); $crawler = self::request('GET', 'adm/index.php?i=acp_extensions&mode=main&action=disable_pre&ext_name=vendor2%2Ffoo&sid=' . $this->sid); - $this->assertContains($this->lang('EXTENSION_DISABLE_CONFIRM', 'phpBB Foo Extension'), $crawler->filter('.errorbox')->text()); + $this->assertContains($this->lang('EXTENSION_DISABLE_CONFIRM', 'phpBB Foo Extension'), $crawler->filter('#main')->text()); } public function test_delete_data_pre() |