diff options
-rw-r--r-- | phpBB/includes/constants.php | 1 | ||||
-rw-r--r-- | phpBB/report.php | 186 | ||||
-rw-r--r-- | phpBB/styles/prosilver/template/report_body.html | 4 | ||||
-rw-r--r-- | phpBB/styles/subsilver2/template/report_body.html | 8 | ||||
-rw-r--r-- | tests/functional/report_post_captcha.php | 61 |
5 files changed, 186 insertions, 74 deletions
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 8c27d3fd0c..96011f4ec5 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -156,6 +156,7 @@ define('PHYSICAL_LINK', 2); define('CONFIRM_REG', 1); define('CONFIRM_LOGIN', 2); define('CONFIRM_POST', 3); +define('CONFIRM_REPORT', 4); // Categories - Attachments define('ATTACHMENT_CATEGORY_NONE', 0); diff --git a/phpBB/report.php b/phpBB/report.php index ce9fae13ef..3f2e7a91ff 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -144,9 +144,25 @@ else $reported_post_enable_magic_url = $report_data['reported_post_enable_magic_url']; } +if ($config['enable_post_confirm'] && !$user->data['is_registered']) +{ + include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); + $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_REPORT); +} + +$error = array(); +$s_hidden_fields = ''; + // Submit report? if ($submit && $reason_id) { + $visual_confirmation_response = $captcha->validate(); + if ($visual_confirmation_response) + { + $error[] = $visual_confirmation_response; + } + $sql = 'SELECT * FROM ' . REPORTS_REASONS_TABLE . " WHERE reason_id = $reason_id"; @@ -156,96 +172,108 @@ if ($submit && $reason_id) if (!$row || (!$report_text && strtolower($row['reason_title']) == 'other')) { - trigger_error('EMPTY_REPORT'); + $error[] = $user->lang('EMPTY_REPORT'); } - $sql_ary = array( - 'reason_id' => (int) $reason_id, - 'post_id' => $post_id, - 'pm_id' => $pm_id, - 'user_id' => (int) $user->data['user_id'], - 'user_notify' => (int) $user_notify, - 'report_closed' => 0, - 'report_time' => (int) time(), - 'report_text' => (string) $report_text, - 'reported_post_text' => $reported_post_text, - 'reported_post_uid' => $reported_post_uid, - 'reported_post_bitfield' => $reported_post_bitfield, - 'reported_post_enable_bbcode' => $reported_post_enable_bbcode, - 'reported_post_enable_smilies' => $reported_post_enable_smilies, - 'reported_post_enable_magic_url' => $reported_post_enable_magic_url, - ); - - $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); - $db->sql_query($sql); - $report_id = $db->sql_nextid(); - - $phpbb_notifications = $phpbb_container->get('notification_manager'); - - if ($post_id) + if (!sizeof($error)) { - $sql = 'UPDATE ' . POSTS_TABLE . ' - SET post_reported = 1 - WHERE post_id = ' . $post_id; - $db->sql_query($sql); - - if (!$report_data['topic_reported']) + if (isset($captcha)) { - $sql = 'UPDATE ' . TOPICS_TABLE . ' - SET topic_reported = 1 - WHERE topic_id = ' . $report_data['topic_id'] . ' - OR topic_moved_id = ' . $report_data['topic_id']; - $db->sql_query($sql); + $captcha->reset(); } - $lang_return = $user->lang['RETURN_TOPIC']; - $lang_success = $user->lang['POST_REPORTED_SUCCESS']; - - $phpbb_notifications->add_notifications('report_post', array_merge($report_data, $row, $forum_data, array( - 'report_text' => $report_text, - ))); - } - else - { - $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' - SET message_reported = 1 - WHERE msg_id = ' . $pm_id; - $db->sql_query($sql); - $sql_ary = array( - 'msg_id' => $pm_id, - 'user_id' => ANONYMOUS, - 'author_id' => (int) $report_data['author_id'], - 'pm_deleted' => 0, - 'pm_new' => 0, - 'pm_unread' => 0, - 'pm_replied' => 0, - 'pm_marked' => 0, - 'pm_forwarded' => 0, - 'folder_id' => PRIVMSGS_INBOX, + 'reason_id' => (int) $reason_id, + 'post_id' => $post_id, + 'pm_id' => $pm_id, + 'user_id' => (int) $user->data['user_id'], + 'user_notify' => (int) $user_notify, + 'report_closed' => 0, + 'report_time' => (int) time(), + 'report_text' => (string) $report_text, + 'reported_post_text' => $reported_post_text, + 'reported_post_uid' => $reported_post_uid, + 'reported_post_bitfield' => $reported_post_bitfield, + 'reported_post_enable_bbcode' => $reported_post_enable_bbcode, + 'reported_post_enable_smilies' => $reported_post_enable_smilies, + 'reported_post_enable_magic_url' => $reported_post_enable_magic_url, ); - $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); + $report_id = $db->sql_nextid(); - $lang_return = $user->lang['RETURN_PM']; - $lang_success = $user->lang['PM_REPORTED_SUCCESS']; + $phpbb_notifications = $phpbb_container->get('notification_manager'); - $phpbb_notifications->add_notifications('report_pm', array_merge($report_data, $row, array( - 'report_text' => $report_text, - 'from_user_id' => $report_data['author_id'], - 'report_id' => $report_id, - ))); - } + if ($post_id) + { + $sql = 'UPDATE ' . POSTS_TABLE . ' + SET post_reported = 1 + WHERE post_id = ' . $post_id; + $db->sql_query($sql); - meta_refresh(3, $redirect_url); + if (!$report_data['topic_reported']) + { + $sql = 'UPDATE ' . TOPICS_TABLE . ' + SET topic_reported = 1 + WHERE topic_id = ' . $report_data['topic_id'] . ' + OR topic_moved_id = ' . $report_data['topic_id']; + $db->sql_query($sql); + } + + $lang_return = $user->lang['RETURN_TOPIC']; + $lang_success = $user->lang['POST_REPORTED_SUCCESS']; + + $phpbb_notifications->add_notifications('report_post', array_merge($report_data, $row, $forum_data, array( + 'report_text' => $report_text, + ))); + } + else + { + $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' + SET message_reported = 1 + WHERE msg_id = ' . $pm_id; + $db->sql_query($sql); + + $sql_ary = array( + 'msg_id' => $pm_id, + 'user_id' => ANONYMOUS, + 'author_id' => (int) $report_data['author_id'], + 'pm_deleted' => 0, + 'pm_new' => 0, + 'pm_unread' => 0, + 'pm_replied' => 0, + 'pm_marked' => 0, + 'pm_forwarded' => 0, + 'folder_id' => PRIVMSGS_INBOX, + ); + + $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); + $db->sql_query($sql); + + $lang_return = $user->lang['RETURN_PM']; + $lang_success = $user->lang['PM_REPORTED_SUCCESS']; + + $phpbb_notifications->add_notifications('report_pm', array_merge($report_data, $row, array( + 'report_text' => $report_text, + 'from_user_id' => $report_data['author_id'], + 'report_id' => $report_id, + ))); + } + + meta_refresh(3, $redirect_url); - $message = $lang_success . '<br /><br />' . sprintf($lang_return, '<a href="' . $redirect_url . '">', '</a>'); - if ($return_forum_url) + $message = $lang_success . '<br /><br />' . sprintf($lang_return, '<a href="' . $redirect_url . '">', '</a>'); + if ($return_forum_url) + { + $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $return_forum_url . '">', '</a>'); + } + trigger_error($message); + } + else if (isset($captcha) && $captcha->is_solved() !== false) { - $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $return_forum_url . '">', '</a>'); + $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); } - trigger_error($message); } // Generate the reasons @@ -253,10 +281,20 @@ display_reasons($reason_id); $page_title = ($pm_id) ? $user->lang['REPORT_MESSAGE'] : $user->lang['REPORT_POST']; +if (isset($captcha) && $captcha->is_solved() === false) +{ + $template->assign_vars(array( + 'S_CONFIRM_CODE' => true, + 'CAPTCHA_TEMPLATE' => $captcha->get_template(), + )); +} + $template->assign_vars(array( + 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', 'S_REPORT_POST' => ($pm_id) ? false : true, 'REPORT_TEXT' => $report_text, 'S_REPORT_ACTION' => append_sid("{$phpbb_root_path}report.$phpEx", 'f=' . $forum_id . '&p=' . $post_id . '&pm=' . $pm_id), + 'S_HIDDEN_FIELDS' => (sizeof($s_hidden_fields)) ? $s_hidden_fields : null, 'S_NOTIFY' => $user_notify, 'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false) diff --git a/phpBB/styles/prosilver/template/report_body.html b/phpBB/styles/prosilver/template/report_body.html index 4cb03dc51c..2a5e6c9d0e 100644 --- a/phpBB/styles/prosilver/template/report_body.html +++ b/phpBB/styles/prosilver/template/report_body.html @@ -10,6 +10,7 @@ <p><!-- IF S_REPORT_POST -->{L_REPORT_POST_EXPLAIN}<!-- ELSE -->{L_REPORT_MESSAGE_EXPLAIN}<!-- ENDIF --></p> <fieldset> + <!-- IF ERROR --><dl><dd class="error">{ERROR}</dd></dl><!-- ENDIF --> <dl class="fields2"> <dt><label for="reason_id">{L_REASON}{L_COLON}</label></dt> <dd><select name="reason_id" id="reason_id" class="full"><!-- BEGIN reason --><option value="{reason.ID}"<!-- IF reason.S_SELECTED --> selected="selected"<!-- ENDIF -->>{reason.DESCRIPTION}</option><!-- END reason --></select></dd> @@ -27,6 +28,9 @@ <dt><label for="report_text">{L_MORE_INFO}{L_COLON}</label><br /><span>{L_CAN_LEAVE_BLANK}</span></dt> <dd><textarea name="report_text" id="report_text" rows="10" cols="76" class="inputbox">{REPORT_TEXT}</textarea></dd> </dl> + <!-- IF CAPTCHA_TEMPLATE --> + <!-- INCLUDE {CAPTCHA_TEMPLATE} --> + <!-- ENDIF --> </fieldset> </div> diff --git a/phpBB/styles/subsilver2/template/report_body.html b/phpBB/styles/subsilver2/template/report_body.html index 9ed510bb9f..906a957ef4 100644 --- a/phpBB/styles/subsilver2/template/report_body.html +++ b/phpBB/styles/subsilver2/template/report_body.html @@ -6,6 +6,11 @@ <tr> <th colspan="2"><!-- IF S_REPORT_POST -->{L_REPORT_POST}<!-- ELSE -->{L_REPORT_MESSAGE}<!-- ENDIF --></th> </tr> +<!-- IF ERROR --> + <tr> + <td class="row3" colspan="2" align="center"><span class="genmed error">{ERROR}</span></td> + </tr> +<!-- ENDIF --> <tr> <td class="row3" colspan="2"><span class="gensmall"><!-- IF S_REPORT_POST -->{L_REPORT_POST_EXPLAIN}<!-- ELSE -->{L_REPORT_MESSAGE_EXPLAIN}<!-- ENDIF --></span></td> </tr> @@ -25,6 +30,9 @@ <td class="row1" valign="top"><span class="gen"><b>{L_MORE_INFO}{L_COLON}</b></span><br /><span class="gensmall">{L_CAN_LEAVE_BLANK}</span></td> <td class="row2"><textarea class="post" name="report_text" rows="10" cols="50">{REPORT_TEXT}</textarea></td> </tr> +<!-- IF CAPTCHA_TEMPLATE --> + <!-- INCLUDE {CAPTCHA_TEMPLATE} --> +<!-- ENDIF --> <tr> <td class="cat" colspan="2" align="center"><input type="submit" name="submit" class="btnmain" value="{L_SUBMIT}" /> <input type="submit" name="cancel" class="btnlite" value="{L_CANCEL}" /></td> </tr> diff --git a/tests/functional/report_post_captcha.php b/tests/functional/report_post_captcha.php new file mode 100644 index 0000000000..af713775c5 --- /dev/null +++ b/tests/functional/report_post_captcha.php @@ -0,0 +1,61 @@ +<?php +/** + * + * @package testing + * @copyright (c) 2013 phpBB Group + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * + */ + +/** + * @group functional + */ +class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_case +{ + public function test_user_report_post() + { + $this->login(); + $crawler = self::request('GET', 'report.php?f=2&p=1'); + $this->assertNotContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text()); + } + + public function test_guest_report_post() + { + $crawler = self::request('GET', 'report.php?f=2&p=1'); + $this->add_lang('mcp'); + $this->assertContains($this->lang('USER_CANNOT_REPORT'), $crawler->filter('html')->text()); + + $this->set_reporting_guest(1); + $crawler = self::request('GET', 'report.php?f=2&p=1'); + $this->assertContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text()); + $this->set_reporting_guest(-1); + } + + protected function set_reporting_guest($report_post_allowed) + { + $this->login(); + $this->admin_login(); + + $crawler = self::request('GET', 'adm/index.php?i=permissions&icat=12&mode=setting_group_local&sid=' . $this->sid); + $form = $crawler->selectButton('Submit')->form(); + $values = $form->getValues(); + $values["group_id[0]"] = 1; + $form->setValues($values); + $crawler = self::submit($form); + + $form = $crawler->selectButton('Submit')->form(); + $values = $form->getValues(); + $values["forum_id"] = 2; + $form->setValues($values); + $crawler = self::submit($form); + + $this->add_lang('acp/permissions'); + $form = $crawler->selectButton($this->lang('APPLY_ALL_PERMISSIONS'))->form(); + $values = $form->getValues(); + $values["setting[1][2][f_report]"] = $report_post_allowed; + $form->setValues($values); + $crawler = self::submit($form); + + $crawler = self::request('GET', 'ucp.php?mode=logout&sid=' . $this->sid); + } +} |