aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--phpBB/includes/constants.php1
-rw-r--r--phpBB/report.php186
-rw-r--r--phpBB/styles/prosilver/template/report_body.html4
-rw-r--r--phpBB/styles/subsilver2/template/report_body.html8
-rw-r--r--tests/functional/report_post_captcha.php61
5 files changed, 186 insertions, 74 deletions
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 8c27d3fd0c..96011f4ec5 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -156,6 +156,7 @@ define('PHYSICAL_LINK', 2);
define('CONFIRM_REG', 1);
define('CONFIRM_LOGIN', 2);
define('CONFIRM_POST', 3);
+define('CONFIRM_REPORT', 4);
// Categories - Attachments
define('ATTACHMENT_CATEGORY_NONE', 0);
diff --git a/phpBB/report.php b/phpBB/report.php
index ce9fae13ef..3f2e7a91ff 100644
--- a/phpBB/report.php
+++ b/phpBB/report.php
@@ -144,9 +144,25 @@ else
$reported_post_enable_magic_url = $report_data['reported_post_enable_magic_url'];
}
+if ($config['enable_post_confirm'] && !$user->data['is_registered'])
+{
+ include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
+ $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
+ $captcha->init(CONFIRM_REPORT);
+}
+
+$error = array();
+$s_hidden_fields = '';
+
// Submit report?
if ($submit && $reason_id)
{
+ $visual_confirmation_response = $captcha->validate();
+ if ($visual_confirmation_response)
+ {
+ $error[] = $visual_confirmation_response;
+ }
+
$sql = 'SELECT *
FROM ' . REPORTS_REASONS_TABLE . "
WHERE reason_id = $reason_id";
@@ -156,96 +172,108 @@ if ($submit && $reason_id)
if (!$row || (!$report_text && strtolower($row['reason_title']) == 'other'))
{
- trigger_error('EMPTY_REPORT');
+ $error[] = $user->lang('EMPTY_REPORT');
}
- $sql_ary = array(
- 'reason_id' => (int) $reason_id,
- 'post_id' => $post_id,
- 'pm_id' => $pm_id,
- 'user_id' => (int) $user->data['user_id'],
- 'user_notify' => (int) $user_notify,
- 'report_closed' => 0,
- 'report_time' => (int) time(),
- 'report_text' => (string) $report_text,
- 'reported_post_text' => $reported_post_text,
- 'reported_post_uid' => $reported_post_uid,
- 'reported_post_bitfield' => $reported_post_bitfield,
- 'reported_post_enable_bbcode' => $reported_post_enable_bbcode,
- 'reported_post_enable_smilies' => $reported_post_enable_smilies,
- 'reported_post_enable_magic_url' => $reported_post_enable_magic_url,
- );
-
- $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
- $db->sql_query($sql);
- $report_id = $db->sql_nextid();
-
- $phpbb_notifications = $phpbb_container->get('notification_manager');
-
- if ($post_id)
+ if (!sizeof($error))
{
- $sql = 'UPDATE ' . POSTS_TABLE . '
- SET post_reported = 1
- WHERE post_id = ' . $post_id;
- $db->sql_query($sql);
-
- if (!$report_data['topic_reported'])
+ if (isset($captcha))
{
- $sql = 'UPDATE ' . TOPICS_TABLE . '
- SET topic_reported = 1
- WHERE topic_id = ' . $report_data['topic_id'] . '
- OR topic_moved_id = ' . $report_data['topic_id'];
- $db->sql_query($sql);
+ $captcha->reset();
}
- $lang_return = $user->lang['RETURN_TOPIC'];
- $lang_success = $user->lang['POST_REPORTED_SUCCESS'];
-
- $phpbb_notifications->add_notifications('report_post', array_merge($report_data, $row, $forum_data, array(
- 'report_text' => $report_text,
- )));
- }
- else
- {
- $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
- SET message_reported = 1
- WHERE msg_id = ' . $pm_id;
- $db->sql_query($sql);
-
$sql_ary = array(
- 'msg_id' => $pm_id,
- 'user_id' => ANONYMOUS,
- 'author_id' => (int) $report_data['author_id'],
- 'pm_deleted' => 0,
- 'pm_new' => 0,
- 'pm_unread' => 0,
- 'pm_replied' => 0,
- 'pm_marked' => 0,
- 'pm_forwarded' => 0,
- 'folder_id' => PRIVMSGS_INBOX,
+ 'reason_id' => (int) $reason_id,
+ 'post_id' => $post_id,
+ 'pm_id' => $pm_id,
+ 'user_id' => (int) $user->data['user_id'],
+ 'user_notify' => (int) $user_notify,
+ 'report_closed' => 0,
+ 'report_time' => (int) time(),
+ 'report_text' => (string) $report_text,
+ 'reported_post_text' => $reported_post_text,
+ 'reported_post_uid' => $reported_post_uid,
+ 'reported_post_bitfield' => $reported_post_bitfield,
+ 'reported_post_enable_bbcode' => $reported_post_enable_bbcode,
+ 'reported_post_enable_smilies' => $reported_post_enable_smilies,
+ 'reported_post_enable_magic_url' => $reported_post_enable_magic_url,
);
- $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
+ $sql = 'INSERT INTO ' . REPORTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
+ $report_id = $db->sql_nextid();
- $lang_return = $user->lang['RETURN_PM'];
- $lang_success = $user->lang['PM_REPORTED_SUCCESS'];
+ $phpbb_notifications = $phpbb_container->get('notification_manager');
- $phpbb_notifications->add_notifications('report_pm', array_merge($report_data, $row, array(
- 'report_text' => $report_text,
- 'from_user_id' => $report_data['author_id'],
- 'report_id' => $report_id,
- )));
- }
+ if ($post_id)
+ {
+ $sql = 'UPDATE ' . POSTS_TABLE . '
+ SET post_reported = 1
+ WHERE post_id = ' . $post_id;
+ $db->sql_query($sql);
- meta_refresh(3, $redirect_url);
+ if (!$report_data['topic_reported'])
+ {
+ $sql = 'UPDATE ' . TOPICS_TABLE . '
+ SET topic_reported = 1
+ WHERE topic_id = ' . $report_data['topic_id'] . '
+ OR topic_moved_id = ' . $report_data['topic_id'];
+ $db->sql_query($sql);
+ }
+
+ $lang_return = $user->lang['RETURN_TOPIC'];
+ $lang_success = $user->lang['POST_REPORTED_SUCCESS'];
+
+ $phpbb_notifications->add_notifications('report_post', array_merge($report_data, $row, $forum_data, array(
+ 'report_text' => $report_text,
+ )));
+ }
+ else
+ {
+ $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
+ SET message_reported = 1
+ WHERE msg_id = ' . $pm_id;
+ $db->sql_query($sql);
+
+ $sql_ary = array(
+ 'msg_id' => $pm_id,
+ 'user_id' => ANONYMOUS,
+ 'author_id' => (int) $report_data['author_id'],
+ 'pm_deleted' => 0,
+ 'pm_new' => 0,
+ 'pm_unread' => 0,
+ 'pm_replied' => 0,
+ 'pm_marked' => 0,
+ 'pm_forwarded' => 0,
+ 'folder_id' => PRIVMSGS_INBOX,
+ );
+
+ $sql = 'INSERT INTO ' . PRIVMSGS_TO_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
+ $db->sql_query($sql);
+
+ $lang_return = $user->lang['RETURN_PM'];
+ $lang_success = $user->lang['PM_REPORTED_SUCCESS'];
+
+ $phpbb_notifications->add_notifications('report_pm', array_merge($report_data, $row, array(
+ 'report_text' => $report_text,
+ 'from_user_id' => $report_data['author_id'],
+ 'report_id' => $report_id,
+ )));
+ }
+
+ meta_refresh(3, $redirect_url);
- $message = $lang_success . '<br /><br />' . sprintf($lang_return, '<a href="' . $redirect_url . '">', '</a>');
- if ($return_forum_url)
+ $message = $lang_success . '<br /><br />' . sprintf($lang_return, '<a href="' . $redirect_url . '">', '</a>');
+ if ($return_forum_url)
+ {
+ $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $return_forum_url . '">', '</a>');
+ }
+ trigger_error($message);
+ }
+ else if (isset($captcha) && $captcha->is_solved() !== false)
{
- $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $return_forum_url . '">', '</a>');
+ $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
}
- trigger_error($message);
}
// Generate the reasons
@@ -253,10 +281,20 @@ display_reasons($reason_id);
$page_title = ($pm_id) ? $user->lang['REPORT_MESSAGE'] : $user->lang['REPORT_POST'];
+if (isset($captcha) && $captcha->is_solved() === false)
+{
+ $template->assign_vars(array(
+ 'S_CONFIRM_CODE' => true,
+ 'CAPTCHA_TEMPLATE' => $captcha->get_template(),
+ ));
+}
+
$template->assign_vars(array(
+ 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'S_REPORT_POST' => ($pm_id) ? false : true,
'REPORT_TEXT' => $report_text,
'S_REPORT_ACTION' => append_sid("{$phpbb_root_path}report.$phpEx", 'f=' . $forum_id . '&amp;p=' . $post_id . '&amp;pm=' . $pm_id),
+ 'S_HIDDEN_FIELDS' => (sizeof($s_hidden_fields)) ? $s_hidden_fields : null,
'S_NOTIFY' => $user_notify,
'S_CAN_NOTIFY' => ($user->data['is_registered']) ? true : false)
diff --git a/phpBB/styles/prosilver/template/report_body.html b/phpBB/styles/prosilver/template/report_body.html
index 4cb03dc51c..2a5e6c9d0e 100644
--- a/phpBB/styles/prosilver/template/report_body.html
+++ b/phpBB/styles/prosilver/template/report_body.html
@@ -10,6 +10,7 @@
<p><!-- IF S_REPORT_POST -->{L_REPORT_POST_EXPLAIN}<!-- ELSE -->{L_REPORT_MESSAGE_EXPLAIN}<!-- ENDIF --></p>
<fieldset>
+ <!-- IF ERROR --><dl><dd class="error">{ERROR}</dd></dl><!-- ENDIF -->
<dl class="fields2">
<dt><label for="reason_id">{L_REASON}{L_COLON}</label></dt>
<dd><select name="reason_id" id="reason_id" class="full"><!-- BEGIN reason --><option value="{reason.ID}"<!-- IF reason.S_SELECTED --> selected="selected"<!-- ENDIF -->>{reason.DESCRIPTION}</option><!-- END reason --></select></dd>
@@ -27,6 +28,9 @@
<dt><label for="report_text">{L_MORE_INFO}{L_COLON}</label><br /><span>{L_CAN_LEAVE_BLANK}</span></dt>
<dd><textarea name="report_text" id="report_text" rows="10" cols="76" class="inputbox">{REPORT_TEXT}</textarea></dd>
</dl>
+ <!-- IF CAPTCHA_TEMPLATE -->
+ <!-- INCLUDE {CAPTCHA_TEMPLATE} -->
+ <!-- ENDIF -->
</fieldset>
</div>
diff --git a/phpBB/styles/subsilver2/template/report_body.html b/phpBB/styles/subsilver2/template/report_body.html
index 9ed510bb9f..906a957ef4 100644
--- a/phpBB/styles/subsilver2/template/report_body.html
+++ b/phpBB/styles/subsilver2/template/report_body.html
@@ -6,6 +6,11 @@
<tr>
<th colspan="2"><!-- IF S_REPORT_POST -->{L_REPORT_POST}<!-- ELSE -->{L_REPORT_MESSAGE}<!-- ENDIF --></th>
</tr>
+<!-- IF ERROR -->
+ <tr>
+ <td class="row3" colspan="2" align="center"><span class="genmed error">{ERROR}</span></td>
+ </tr>
+<!-- ENDIF -->
<tr>
<td class="row3" colspan="2"><span class="gensmall"><!-- IF S_REPORT_POST -->{L_REPORT_POST_EXPLAIN}<!-- ELSE -->{L_REPORT_MESSAGE_EXPLAIN}<!-- ENDIF --></span></td>
</tr>
@@ -25,6 +30,9 @@
<td class="row1" valign="top"><span class="gen"><b>{L_MORE_INFO}{L_COLON}</b></span><br /><span class="gensmall">{L_CAN_LEAVE_BLANK}</span></td>
<td class="row2"><textarea class="post" name="report_text" rows="10" cols="50">{REPORT_TEXT}</textarea></td>
</tr>
+<!-- IF CAPTCHA_TEMPLATE -->
+ <!-- INCLUDE {CAPTCHA_TEMPLATE} -->
+<!-- ENDIF -->
<tr>
<td class="cat" colspan="2" align="center"><input type="submit" name="submit" class="btnmain" value="{L_SUBMIT}" />&nbsp;<input type="submit" name="cancel" class="btnlite" value="{L_CANCEL}" /></td>
</tr>
diff --git a/tests/functional/report_post_captcha.php b/tests/functional/report_post_captcha.php
new file mode 100644
index 0000000000..af713775c5
--- /dev/null
+++ b/tests/functional/report_post_captcha.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2013 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+/**
+ * @group functional
+ */
+class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_case
+{
+ public function test_user_report_post()
+ {
+ $this->login();
+ $crawler = self::request('GET', 'report.php?f=2&p=1');
+ $this->assertNotContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text());
+ }
+
+ public function test_guest_report_post()
+ {
+ $crawler = self::request('GET', 'report.php?f=2&p=1');
+ $this->add_lang('mcp');
+ $this->assertContains($this->lang('USER_CANNOT_REPORT'), $crawler->filter('html')->text());
+
+ $this->set_reporting_guest(1);
+ $crawler = self::request('GET', 'report.php?f=2&p=1');
+ $this->assertContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text());
+ $this->set_reporting_guest(-1);
+ }
+
+ protected function set_reporting_guest($report_post_allowed)
+ {
+ $this->login();
+ $this->admin_login();
+
+ $crawler = self::request('GET', 'adm/index.php?i=permissions&icat=12&mode=setting_group_local&sid=' . $this->sid);
+ $form = $crawler->selectButton('Submit')->form();
+ $values = $form->getValues();
+ $values["group_id[0]"] = 1;
+ $form->setValues($values);
+ $crawler = self::submit($form);
+
+ $form = $crawler->selectButton('Submit')->form();
+ $values = $form->getValues();
+ $values["forum_id"] = 2;
+ $form->setValues($values);
+ $crawler = self::submit($form);
+
+ $this->add_lang('acp/permissions');
+ $form = $crawler->selectButton($this->lang('APPLY_ALL_PERMISSIONS'))->form();
+ $values = $form->getValues();
+ $values["setting[1][2][f_report]"] = $report_post_allowed;
+ $form->setValues($values);
+ $crawler = self::submit($form);
+
+ $crawler = self::request('GET', 'ucp.php?mode=logout&sid=' . $this->sid);
+ }
+}
generated by cgit v1.2.1 (git 2.21.0) at 2024-09-23 03:00:36 +0000