diff options
Diffstat (limited to 'phpBB/includes/ucp/ucp_pm_compose.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 288 |
1 files changed, 217 insertions, 71 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 87dfdf902b..e707c251fe 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1,9 +1,13 @@ <?php /** * -* @package ucp -* @copyright (c) 2005 phpBB Group -* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -23,8 +27,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user, $cache; global $phpbb_root_path, $phpEx, $config; - global $request; - global $phpbb_container; + global $request, $phpbb_dispatcher, $phpbb_container; // Damn php and globals - i know, this is horrible // Needed for handle_message_list_actions() @@ -41,18 +44,17 @@ function compose_pm($id, $mode, $action, $user_folders = array()) add_form_key('ucp_pm_compose'); // Grab only parameters needed here - $to_user_id = request_var('u', 0); - $to_group_id = request_var('g', 0); - $msg_id = request_var('p', 0); - $draft_id = request_var('d', 0); - $lastclick = request_var('lastclick', 0); + $to_user_id = $request->variable('u', 0); + $to_group_id = $request->variable('g', 0); + $msg_id = $request->variable('p', 0); + $draft_id = $request->variable('d', 0); + $lastclick = $request->variable('lastclick', 0); // Reply to all triggered (quote/reply) - $reply_to_all = request_var('reply_to_all', 0); + $reply_to_all = $request->variable('reply_to_all', 0); $address_list = $request->variable('address_list', array('' => array(0 => ''))); - $submit = (isset($_POST['post'])) ? true : false; $preview = (isset($_POST['preview'])) ? true : false; $save = (isset($_POST['save'])) ? true : false; $load = (isset($_POST['load'])) ? true : false; @@ -66,6 +68,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load || $remove_u || $remove_g || $add_to || $add_bcc; + $submit = $request->is_set_post('post') && !$refresh && !$preview; $action = ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action; $select_single = ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? false : true; @@ -73,6 +76,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $error = array(); $current_time = time(); + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); + // Was cancel pressed? If so then redirect to the appropriate page if ($cancel || ($current_time - $lastclick < 2 && $submit)) { @@ -87,6 +93,32 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // we include the language file here $user->add_lang('viewtopic'); + /** + * Modify the default vars before composing a PM + * + * @event core.ucp_pm_compose_modify_data + * @var int msg_id post_id in the page request + * @var int to_user_id The id of whom the message is to + * @var int to_group_id The id of the group the message is to + * @var bool submit Whether the form has been submitted + * @var bool preview Whether the user is previewing the PM or not + * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies + * @var bool delete Whether the user is deleting the PM + * @var int reply_to_all Value of reply_to_all request variable. + * @since 3.1.4-RC1 + */ + $vars = array( + 'msg_id', + 'to_user_id', + 'to_group_id', + 'submit', + 'preview', + 'action', + 'delete', + 'reply_to_all', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_data', compact($vars))); + // Output PM_TO box if message composing if ($action != 'edit') { @@ -116,7 +148,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $group_options = ''; while ($row = $db->sql_fetchrow($result)) { - $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>'; } $db->sql_freeresult($result); } @@ -229,6 +261,35 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($sql) { + /** + * Alter sql query to get message for user to write the PM + * + * @event core.ucp_pm_compose_compose_pm_basic_info_query_before + * @var string sql String with the query to be executed + * @var int msg_id topic_id in the page request + * @var int to_user_id The id of whom the message is to + * @var int to_group_id The id of the group whom the message is to + * @var bool submit Whether the user is sending the PM or not + * @var bool preview Whether the user is previewing the PM or not + * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies + * @var bool delete Whether the user is deleting the PM + * @var int reply_to_all Value of reply_to_all request variable. + * @since 3.1.0-RC5 + * @change 3.2.0-a1 Removed undefined variables + */ + $vars = array( + 'sql', + 'msg_id', + 'to_user_id', + 'to_group_id', + 'submit', + 'preview', + 'action', + 'delete', + 'reply_to_all', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_before', compact($vars))); + $result = $db->sql_query($sql); $post = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -263,6 +324,37 @@ function compose_pm($id, $mode, $action, $user_folders = array()) trigger_error('NOT_AUTHORISED'); } + /** + * Get the result of querying for the post to be quoted in the pm message + * + * @event core.ucp_pm_compose_quotepost_query_after + * @var string sql The original SQL used in the query + * @var array post Associative array with the data of the quoted post + * @var array msg_id The post_id that was searched to get the message for quoting + * @var int to_user_id Users the message is sent to + * @var int to_group_id Groups the message is sent to + * @var bool submit Whether the user is sending the PM or not + * @var bool preview Whether the user is previewing the PM or not + * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies + * @var bool delete If deleting message + * @var int reply_to_all Value of reply_to_all request variable. + * @since 3.1.0-RC5 + * @change 3.2.0-a1 Removed undefined variables + */ + $vars = array( + 'sql', + 'post', + 'msg_id', + 'to_user_id', + 'to_group_id', + 'submit', + 'preview', + 'action', + 'delete', + 'reply_to_all', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_quotepost_query_after', compact($vars))); + // Passworded forum? if ($post['forum_id']) { @@ -385,8 +477,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $icon_id = 0; } - $message_parser = new parse_message(); + /* @var $plupload \phpbb\plupload\plupload */ $plupload = $phpbb_container->get('plupload'); + $message_parser = new parse_message(); $message_parser->set_plupload($plupload); $message_parser->message = ($action == 'reply') ? '' : $message_text; @@ -399,7 +492,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($action == 'delete') { // Folder id has been determined by the SQL Statement - // $folder_id = request_var('f', PRIVMSGS_NO_BOX); + // $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); // Do we need to confirm ? if (confirm_box(true)) @@ -430,15 +523,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Get maximum number of allowed recipients - $sql = 'SELECT MAX(g.group_max_recipients) as max_recipients - FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug - WHERE ug.user_id = ' . $user->data['user_id'] . ' - AND ug.user_pending = 0 - AND ug.group_id = g.group_id'; - $result = $db->sql_query($sql); - $max_recipients = (int) $db->sql_fetchfield('max_recipients'); - $db->sql_freeresult($result); + $max_recipients = phpbb_get_max_setting_from_group($db, $user->data['user_id'], 'max_recipients'); + // If it is 0, there is no limit set and we use the maximum value within the config. $max_recipients = (!$max_recipients) ? $config['pm_max_recipients'] : $max_recipients; // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients @@ -492,7 +579,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') { // Do not change to SELECT * - $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename + $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize FROM ' . ATTACHMENTS_TABLE . " WHERE post_msg_id = $msg_id AND in_message = 1 @@ -511,7 +598,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $enable_urls = true; } - $enable_magic_url = $drafts = false; + $drafts = false; // User own some drafts? if ($auth->acl_get('u_savedrafts') && $action != 'delete') @@ -546,9 +633,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Save Draft if ($save && $auth->acl_get('u_savedrafts')) { - $subject = utf8_normalize_nfc(request_var('subject', '', true)); + $subject = $request->variable('subject', '', true); $subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject; - $message = utf8_normalize_nfc(request_var('message', '', true)); + $message = $request->variable('message', '', true); if ($subject && $message) { @@ -586,7 +673,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) ); $s_hidden_fields .= build_address_field($address_list); - confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields); } } @@ -643,26 +729,16 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $error[] = $user->lang['FORM_INVALID']; } - $subject = utf8_normalize_nfc(request_var('subject', '', true)); - $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); + $subject = $request->variable('subject', '', true); + $message_parser->message = $request->variable('message', '', true); - $icon_id = request_var('icon', 0); + $icon_id = $request->variable('icon', 0); $enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; $enable_smilies = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; $enable_urls = (isset($_POST['disable_magic_url'])) ? 0 : 1; $enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : ((isset($_POST['attach_sig'])) ? true : false); - if ($submit) - { - $status_switch = (($enable_bbcode+1) << 8) + (($enable_smilies+1) << 4) + (($enable_urls+1) << 2) + (($enable_sig+1) << 1); - $status_switch = ($status_switch != $check_value); - } - else - { - $status_switch = 1; - } - // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); @@ -748,7 +824,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $return_box_url = ($action === 'post' || $action === 'edit') ? $outbox_folder_url : $inbox_folder_url; $return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX'; - $save_message = ($action === 'edit') ? $user->lang['MESSAGE_EDITED'] : $user->lang['MESSAGE_STORED']; $message = $save_message . '<br /><br />' . $user->lang('VIEW_PRIVATE_MESSAGE', '<a href="' . $return_message_url . '">', '</a>'); @@ -835,7 +910,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if ($action == 'quotepost') { - $post_id = request_var('p', 0); + $post_id = $request->variable('p', 0); if ($config['allow_post_links']) { $message_link = "[url=" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}]{$user->lang['SUBJECT']}{$user->lang['COLON']} {$message_subject}[/url]\n\n"; @@ -849,7 +924,20 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $message_link = ''; } - $message_parser->message = $message_link . '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n"; + $quote_attributes = array( + 'author' => $quote_username, + 'time' => $post['message_time'], + 'user_id' => $post['author_id'], + ); + if ($action === 'quotepost') + { + $quote_attributes['post_id'] = $post['msg_id']; + } + $quote_text = $phpbb_container->get('text_formatter.utils')->generate_quote( + censor_text($message_parser->message), + $quote_attributes + ); + $message_parser->message = $message_link . $quote_text . "\n\n"; } if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) @@ -877,7 +965,11 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text); $forward_text[] = sprintf($user->lang['FWD_TO'], implode($user->lang['COMMA_SEPARATOR'], $fwd_to_field['to'])); - $message_parser->message = implode("\n", $forward_text) . "\n\n[quote="{$quote_username}"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; + $quote_text = $phpbb_container->get('text_formatter.utils')->generate_quote( + censor_text($message_parser->message), + array('author' => $quote_username) + ); + $message_parser->message = implode("\n", $forward_text) . "\n\n" . $quote_text; $message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject); } @@ -950,7 +1042,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if ($type == 'g') { - $row['name'] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['name']] : $row['name']; + $row['name'] = $group_helper->get_name($row['name']); } ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']); @@ -960,7 +1052,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Now Build the address list - $plain_address_field = ''; foreach ($address_list as $type => $adr_ary) { foreach ($adr_ary as $id => $field) @@ -1006,7 +1097,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Build hidden address list $s_hidden_address_field = build_address_field($address_list); - $bbcode_checked = (isset($enable_bbcode)) ? !$enable_bbcode : (($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode')) ? !$user->optionget('bbcode') : 1); $smilies_checked = (isset($enable_smilies)) ? !$enable_smilies : (($config['allow_smilies'] && $auth->acl_get('u_pm_smilies')) ? !$user->optionget('smilies') : 1); $urls_checked = (isset($enable_urls)) ? !$enable_urls : 0; @@ -1049,6 +1139,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"'; + /** @var \phpbb\controller\helper $controller_helper */ + $controller_helper = $phpbb_container->get('controller.helper'); + // Start assigning vars for main posting page ... $template->assign_vars(array( 'L_POST_A' => $page_title, @@ -1057,7 +1150,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'SUBJECT' => (isset($message_subject)) ? $message_subject : '', 'MESSAGE' => $message_text, - 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), + 'BBCODE_STATUS' => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], @@ -1081,6 +1174,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'S_SAVE_ALLOWED' => ($auth->acl_get('u_savedrafts') && $action != 'edit') ? true : false, 'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $drafts), 'S_FORM_ENCTYPE' => $form_enctype, + 'S_ATTACH_DATA' => json_encode($message_parser->attachment_data), 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_FLASH' => $flash_status, @@ -1104,7 +1198,8 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($allowed) { - $plupload->configure($cache, $template, $s_action, false); + $max_files = ($auth->acl_gets('a_', 'm_')) ? 0 : (int) $config['max_attachments_pm']; + $plupload->configure($cache, $template, $s_action, false, $max_files); } // Attachment entry @@ -1151,13 +1246,13 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } // Add Selected Groups - $group_list = request_var('group_list', array(0)); + $group_list = $request->variable('group_list', array(0)); // Build usernames to add - $usernames = request_var('username', '', true); + $usernames = $request->variable('username', '', true); $usernames = (empty($usernames)) ? array() : array($usernames); - $username_list = request_var('username_list', '', true); + $username_list = $request->variable('username_list', '', true); if ($username_list) { $usernames = array_merge($usernames, explode("\n", $username_list)); @@ -1174,7 +1269,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $submit = false; // Preview is only true if there was also a message entered - if (request_var('message', '')) + if ($request->variable('message', '')) { $preview = true; } @@ -1227,35 +1322,86 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove // Check for disallowed recipients if (!empty($address_list['u'])) { - // We need to check their PM status (do they want to receive PM's?) - // Only check if not a moderator or admin, since they are allowed to override this user setting - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + $can_ignore_allow_pm = $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'); + + // Administrator deactivated users check and we need to check their + // PM status (do they want to receive PM's?) + // Only check PM status if not a moderator or admin, since they + // are allowed to override this user setting + $sql = 'SELECT user_id, user_allow_pm + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' + AND ( + (user_type = ' . USER_INACTIVE . ' + AND user_inactive_reason = ' . INACTIVE_MANUAL . ') + ' . ($can_ignore_allow_pm ? '' : ' OR user_allow_pm = 0') . ' + )'; + + $result = $db->sql_query($sql); + + $removed_no_pm = $removed_no_permission = false; + while ($row = $db->sql_fetchrow($result)) { - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' - AND user_allow_pm = 0'; - $result = $db->sql_query($sql); + if (!$can_ignore_allow_pm && !$row['user_allow_pm']) + { + $removed_no_pm = true; + } + else + { + $removed_no_permission = true; + } - $removed = false; - while ($row = $db->sql_fetchrow($result)) + unset($address_list['u'][$row['user_id']]); + } + $db->sql_freeresult($result); + + // print a notice about users not being added who do not want to receive pms + if ($removed_no_pm) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; + } + + // print a notice about users not being added who do not have permission to receive PMs + if ($removed_no_permission) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + + if (!sizeof(array_keys($address_list['u']))) + { + return; + } + + // Check if users have permission to read PMs + $can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm'); + $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; + $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); + if (!empty($cannot_read_list)) + { + foreach ($cannot_read_list as $cannot_read) { - $removed = true; - unset($address_list['u'][$row['user_id']]); + unset($address_list['u'][$cannot_read]); } - $db->sql_freeresult($result); - // print a notice about users not being added who do not want to receive pms - if ($removed) + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + + // Check if users are banned + $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); + if (!empty($banned_user_list)) + { + foreach ($banned_user_list as $banned_user) { - $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; + unset($address_list['u'][$banned_user]); } + + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } } } /** -* Build the hidden field for the recipients. Needed, as the variable is not read via request_var. +* Build the hidden field for the recipients. Needed, as the variable is not read via $request->variable(). */ function build_address_field($address_list) { |