Issues in PostModeration.php (development) - Issues in development - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1686)

sources/ElkArte/Controller/PostModeration.php (2 issues)

Labels

Severity

Major 2

<?php

/**
 * Handles Post Moderation approvals and un-approvals
 *
 * @package   ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
 *
 * This file contains code covered by:
 * copyright: 2011 Simple Machines (http://www.simplemachines.org)
 *
 * @version 2.0 dev
 *
 */

namespace ElkArte\Controller;

use ElkArte\AbstractController;
use ElkArte\Action;
use ElkArte\Cache\Cache;
use ElkArte\Helper\Util;
use ElkArte\Languages\Txt;

/**
 * Handles post moderation actions. (approvals, unapproved)
 */
class PostModeration extends AbstractController
{
	/** @var array|null Holds any passed brd values, used for filtering and the like */
	private $_brd;

	/**
	 * This is the entry point for all things post moderation.
	 *
	 * @uses ModerationCenter.template
	 * @uses ModerationCenter language file
	 * @see AbstractController::action_index
	 */
	public function action_index()
	{
		// @todo We'll shift these later bud.
		Txt::load('ModerationCenter');

		theme()->getTemplates()->load('ModerationCenter');

		// Allowed sub-actions, you know the drill by now!
		$subActions = array(
			'approve' => array($this, 'action_approve'),
			'attachments' => array($this, 'action_unapproved_attachments'),
			'replies' => array($this, 'action_unapproved'),
			'topics' => array($this, 'action_unapproved'),
		);

		// Pick something valid...
		$action = new Action('post_moderation');
		$subAction = $action->initialize($subActions, 'replies');
		$action->dispatch($subAction);
	}

	/**
	 * View all unapproved posts or topics
	 */
	public function action_unapproved()
	{
		global $txt, $context;

		$context['current_view'] = $this->_req->getQuery('sa', 'trim', '') === 'topics' ? 'topics' : 'replies';
		$context['page_title'] = $txt['mc_unapproved_posts'];
		$context['header_title'] = $txt['mc_' . ($context['current_view'] === 'topics' ? 'topics' : 'posts')];

		// Work out what boards we can work in!
		$approve_boards = empty($this->user->mod_cache['ap']) ? boardsAllowedTo('approve_posts') : $this->user->mod_cache['ap'];


		$this->_brd = $this->_req->getPost('brd', 'intval', $this->_req->getQuery('brd', 'intval', null));

		// If we filtered by board remove ones outside of this board.
		// @todo Put a message saying we're filtered?
		if ($this->_brd !== null)
		{
			$filter_board = array($this->_brd);
			$approve_boards = $approve_boards == array(0) ? $filter_board : array_intersect($approve_boards, $filter_board);
		}

		if ($approve_boards == array(0))
		{
			$approve_query = '';
		}
		elseif (!empty($approve_boards))
		{
			$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
		}
		// Nada, zip, etc...
		else
		{
			$approve_query = ' AND 1=0';
		}

		// We also need to know where we can delete topics and/or replies to.
		if ($context['current_view'] === 'topics')
		{
			$delete_own_boards = boardsAllowedTo('remove_own');
			$delete_any_boards = boardsAllowedTo('remove_any');
			$delete_own_replies = array();
		}
		else
		{
			$delete_own_boards = boardsAllowedTo('delete_own');
			$delete_any_boards = boardsAllowedTo('delete_any');
			$delete_own_replies = boardsAllowedTo('delete_own_replies');
		}

		// No action yet
		$toAction = array();

		// Check if we have something to do?
		if (isset($this->_req->query->approve))
		{
			$toAction[] = (int) $this->_req->query->approve;
		}
		// Just a deletion?
		elseif (isset($this->_req->query->delete))
		{
			$toAction[] = (int) $this->_req->query->delete;
		}
		// Lots of approvals?
		elseif (isset($this->_req->post->item))
		{
			$toAction = array_map('intval', $this->_req->post->item);
		}

		// What are we actually doing.
		if (isset($this->_req->query->approve) || (isset($this->_req->post->do) && $this->_req->post->do === 'approve'))
		{
			$curAction = 'approve';
		}
		elseif (isset($this->_req->query->delete) || (isset($this->_req->post->do) && $this->_req->post->do === 'delete'))
		{
			$curAction = 'delete';
		}

		// Right, so we have something to do?
		if (!empty($toAction) && isset($curAction))
		{
			checkSession('request');

			require_once(SUBSDIR . '/Topic.subs.php');
			require_once(SUBSDIR . '/Messages.subs.php');

			// Handy shortcut.
			$any_array = $curAction === 'approve' ? $approve_boards : $delete_any_boards;

			// Now for each message work out whether it's actually a topic, and what board it's on.
			$request = loadMessageDetails(
				array('m.id_board', 't.id_topic', 't.id_first_msg', 't.id_member_started'),
				array(
					'INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)',
					'LEFT JOIN {db_prefix}boards AS b ON (t.id_board = b.id_board)'
				),
				array(
					'message_list' => $toAction,
					'not_approved' => 0,
				),
				array(
					'additional_conditions' => '
					AND m.approved = {int:not_approved}
					AND {query_see_board}'
				)
			);
			$toAction = array();
			$details = array();
			foreach ($request as $row)
			{
				// If it's not within what our view is ignore it...
				if (($row['id_msg'] == $row['id_first_msg'] && $context['current_view'] !== 'topics') || ($row['id_msg'] != $row['id_first_msg'] && $context['current_view'] !== 'replies'))
				{
					continue;
				}

				$can_add = false;

				// If we're approving this is simple.
				if ($curAction === 'approve' && ($any_array == array(0) || in_array($row['id_board'], $any_array)))
				{
					$can_add = true;
				}
				// Delete requires more permission checks...
				elseif ($curAction === 'delete')
				{
					// Own post is easy!
					if ($row['id_member'] == $this->user->id && ($delete_own_boards == array(0) || in_array($row['id_board'], $delete_own_boards)))
					{
						$can_add = true;
					}
					// Is it a reply to their own topic?
					elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == array(0) || in_array($row['id_board'], $delete_own_replies)))
					{
						$can_add = true;
					}
					// Someone else's?
					elseif ($row['id_member'] != $this->user->id && ($delete_any_boards == array(0) || in_array($row['id_board'], $delete_any_boards)))
					{
						$can_add = true;
					}
				}

				if ($can_add)
				{
					$anItem = $context['current_view'] === 'topics' ? $row['id_topic'] : $row['id_msg'];
					$toAction[] = $anItem;

					// All clear. What have we got now, what, what?
					$details[$anItem] = array();
					$details[$anItem]['subject'] = $row['subject'];
					$details[$anItem]['topic'] = $row['id_topic'];
					$details[$anItem]['member'] = ($context['current_view'] === 'topics') ? $row['id_member_started'] : $row['id_member'];
					$details[$anItem]['board'] = $row['id_board'];
				}
			}

			// If we have anything left we can actually do the approving (etc).
			if (!empty($toAction))
			{
				if ($curAction === 'approve')
				{
					approveMessages($toAction, $details, $context['current_view']);
				}
				else
				{
					removeMessages($toAction, $details, $context['current_view']);
				}

				Cache::instance()->remove('num_menu_errors');
			}
		}

		// Get the moderation values for the board level
		require_once(SUBSDIR . '/Moderation.subs.php');
		$mod_count = loadModeratorMenuCounts($this->_brd);

		$context['total_unapproved_topics'] = $mod_count['topics'];
		$context['total_unapproved_posts'] = $mod_count['posts'];
		$context['page_index'] = constructPageIndex('{scripturl}?action=moderate;area=postmod;sa=' . $context['current_view'] . ($this->_brd !== null ? ';brd=' . $this->_brd : ''), $this->_req->query->start, $context['current_view'] === 'topics' ? $context['total_unapproved_topics'] : $context['total_unapproved_posts'], 10);
		$context['start'] = $this->_req->query->start;

		// We have enough to make some pretty tabs!
		$context[$context['moderation_menu_name']]['object']->prepareTabData([
			'title' => $txt['mc_unapproved_posts'],
			'help' => 'postmod',
			'description' => $txt['mc_unapproved_posts_desc'],
		]);

		// Update the tabs with the correct number of actions to account for brd filtering
		$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] = $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] . ' [' . $context['total_unapproved_posts'] . ']';
		$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] = $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] . ' [' . $context['total_unapproved_topics'] . ']';

		// If we are filtering some boards out then make sure to send that along with the links.
		if ($this->_brd !== null)
		{
			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['add_params'] = ';brd=' . $this->_brd;
			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['add_params'] = ';brd=' . $this->_brd;
		}

		// Get all unapproved posts.
		$context['unapproved_items'] = getUnapprovedPosts($approve_query, $context['current_view'], array(
			'delete_own_boards' => $delete_own_boards,
			'delete_any_boards' => $delete_any_boards,
			'delete_own_replies' => $delete_own_replies,
		), $context['start'], 10);

		foreach ($context['unapproved_items'] as $key => $item)
		{
			$context['unapproved_items'][$key]['buttons'] = [
				'quickmod_check' => [
					'class' => 'inline_mod_check',
					'checkbox' => 'always',
					'name' => 'item',
					'value' => $item['id'],
				],
				'approve' => [
					'url' => getUrl('action', ['action' => 'moderate', 'area' => 'postmod', 'sa' => $context['current_view'], 'start' => $context['start'], '{session_data}', 'approve' => $item['id']]),
					'text' => 'approve',
				],
				'unapprove' => [
					'url' => getUrl('action', ['action' => 'moderate', 'area' => 'postmod', 'sa' => $context['current_view'], 'start' => $context['start'], '{session_data}', 'delete' => $item['id']]),
					'text' => 'remove',
					'enabled' => $item['can_delete'],
				],
			];
		}

		$context['sub_template'] = 'unapproved_posts';
	}

	/**
	 * View all unapproved attachments.
	 */
	public function action_unapproved_attachments()
	{
		global $txt, $context, $modSettings;

		$context['page_title'] = $txt['mc_unapproved_attachments'];

		// Once again, permissions are king!
		$approve_boards = empty($this->user->mod_cache['ap']) ? boardsAllowedTo('approve_posts') : $this->user->mod_cache['ap'];


		if ($approve_boards == array(0))
		{
			$approve_query = '';
		}
		elseif (!empty($approve_boards))
		{
			$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
		}
		else
		{
			$approve_query = ' AND 0';
		}

		// Get together the array of things to act on, if any.
		$attachments = array();
		if (isset($this->_req->query->approve))
		{
			$attachments[] = (int) $this->_req->query->approve;
		}
		elseif (isset($this->_req->query->delete))
		{
			$attachments[] = (int) $this->_req->query->delete;
		}
		elseif (isset($this->_req->post->item))
		{
			foreach ($this->_req->post->item as $item)
			{
				$attachments[] = (int) $item;
			}
		}

		// Are we approving or deleting?
		if (isset($this->_req->query->approve) || (isset($this->_req->post->do) && $this->_req->post->do === 'approve'))
		{
			$curAction = 'approve';
		}
		elseif (isset($this->_req->query->delete) || (isset($this->_req->post->do) && $this->_req->post->do === 'delete'))
		{
			$curAction = 'delete';
		}

		// Something to do, let's do it!
		if (!empty($attachments) && isset($curAction))
		{
			checkSession('request');

			// This will be handy.
			require_once(SUBSDIR . '/ManageAttachments.subs.php');

			// Confirm the attachments are eligible for changing!
			$attachments = validateAttachments($attachments, $approve_query);

			// Assuming it wasn't all like, proper illegal, we can do the approving.
			if (!empty($attachments))
			{
				if ($curAction === 'approve')
				{
					approveAttachments($attachments);
				}
				else
				{
					removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
				}

				Cache::instance()->remove('num_menu_errors');
			}
		}

		require_once(SUBSDIR . '/ManageAttachments.subs.php');

		$listOptions = array(
			'id' => 'mc_unapproved_attach',
			'width' => '100%',
			'items_per_page' => $modSettings['defaultMaxMessages'],
			'no_items_label' => $txt['mc_unapproved_attachments_none_found'],
			'base_href' => getUrl('action', ['action' => 'moderate', 'area' => 'attachmod', 'sa' => 'attachments']),
			'default_sort_col' => 'attach_name',
			'get_items' => array(
				'function' => 'list_getUnapprovedAttachments',
				'params' => array(
					$approve_query,
				),
			),
			'get_count' => array(
				'function' => 'list_getNumUnapprovedAttachments',
				'params' => array(
					$approve_query,
				),
			),
			'columns' => array(
				'attach_name' => array(
					'header' => array(
						'value' => $txt['mc_unapproved_attach_name'],
					),
					'data' => array(
						'db' => 'filename',
					),
					'sort' => array(
						'default' => 'a.filename',
						'reverse' => 'a.filename DESC',
					),
				),
				'attach_size' => array(
					'header' => array(
						'value' => $txt['mc_unapproved_attach_size'],
					),
					'data' => array(
						'db' => 'size',
					),
					'sort' => array(
						'default' => 'a.size',
						'reverse' => 'a.size DESC',
					),
				),
				'attach_poster' => array(
					'header' => array(
						'value' => $txt['mc_unapproved_attach_poster'],
					),
					'data' => array(
						'function' => static fn($data) => $data['poster']['link'],
					),
					'sort' => array(
						'default' => 'm.id_member',
						'reverse' => 'm.id_member DESC',
					),
				),
				'date' => array(
					'header' => array(
						'value' => $txt['date'],
						'style' => 'width: 18%;',
					),
					'data' => array(
						'db' => 'time',
						'class' => 'smalltext',
						'style' => 'white-space:nowrap;',
					),
					'sort' => array(
						'default' => 'm.poster_time',
						'reverse' => 'm.poster_time DESC',
					),
				),
				'message' => array(
					'header' => array(
						'value' => $txt['post'],
					),
					'data' => array(
						'function' => static function ($data) {
							global $modSettings;
							return '<a href="' . $data['message']['href'] . '">' . Util::shorten_text($data['message']['subject'], empty($modSettings['subject_length']) ? 32 : $modSettings['subject_length']) . '</a>';
						},
						'class' => 'smalltext',
						'style' => 'width:15em;',
					),
					'sort' => array(
						'default' => 'm.subject',
						'reverse' => 'm.subject DESC',
					),
				),
				'action' => array(
					'header' => array(
						'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />',
						'style' => 'width: 4%',
					),
					'data' => array(
						'sprintf' => array(
							'format' => '<input type="checkbox" name="item[]" value="%1$d" class="input_check" />',
							'params' => array(
								'id' => false,
							),
						),
					),
				),
			),
			'form' => array(
				'href' => getUrl('action', ['action' => 'moderate', 'area' => 'attachmod', 'sa' => 'attachments']),
				'include_sort' => true,
				'include_start' => true,
				'hidden_fields' => array(
					$context['session_var'] => $context['session_id'],
				),
				'token' => 'mod-ap',
			),
			'additional_rows' => array(
				array(
					'position' => 'bottom_of_list',
					'value' => '
						<select name="do" onchange="if (this.value != 0 &amp;&amp; confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();">
							<option value="0">' . $txt['with_selected'] . ':</option>
							<option value="0" disabled="disabled">' . str_repeat('&#8212;', strlen($txt['approve'])) . '</option>
							<option value="approve">&#10148;&nbsp;' . $txt['approve'] . '</option>
							<option value="delete">&#10148;&nbsp;' . $txt['delete'] . '</option>
						</select>
						<noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="right_submit" /></noscript>',
					'class' => 'floatright',
				),
			),
		);

		// Create the request list.
		createToken('mod-ap');
		createList($listOptions);

		$context['sub_template'] = 'show_list';
		$context['default_list'] = 'mc_unapproved_attach';
		$context[$context['moderation_menu_name']]['object']->prepareTabData([
			'title' => $txt['mc_unapproved_attachments'],
			'description' => $txt['mc_unapproved_attachments_desc']
		]);
	}

	/**
	 * Approve or un-approve a post just the one or a topic if its the first post
	 */
	public function action_approve()
	{
		global $topic, $board;

		checkSession('get');

		$current_msg = $this->_req->getQuery('msg', 'intval', 0);

		// Needy baby, Greedy baby
		require_once(SUBSDIR . '/Topic.subs.php');
		require_once(SUBSDIR . '/Post.subs.php');
		require_once(SUBSDIR . '/Messages.subs.php');

		isAllowedTo('approve_posts');

		$message_info = basicMessageInfo($current_msg, false, true);

		// If it's the first in a topic then the whole topic gets approved!
		if ($message_info['id_first_msg'] == $current_msg)
		{
			approveTopics($topic, !$message_info['approved'], $message_info['id_member_started'] != $this->user->id);
		}
		else
		{
			approvePosts($current_msg, !$message_info['approved']);

			if ($message_info['id_member'] != $this->user->id)
			{
				logAction(($message_info['approved'] ? 'un' : '') . 'approve', array('topic' => $topic, 'subject' => $message_info['subject'], 'member' => $message_info['id_member'], 'board' => $board));
			}
		}

		Cache::instance()->remove('num_menu_errors');

		redirectexit('topic=' . $topic . '.msg' . $current_msg . '#msg' . $current_msg);
	}
}


1			<?php
2
3			/**
4			* Handles Post Moderation approvals and un-approvals
5			*
6			* @package ElkArte Forum
7			* @copyright ElkArte Forum contributors
8			* @license BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
9			*
10			* This file contains code covered by:
11			* copyright: 2011 Simple Machines (http://www.simplemachines.org)
12			*
13			* @version 2.0 dev
14			*
15			*/
16
17			namespace ElkArte\Controller;
18
19			use ElkArte\AbstractController;
20			use ElkArte\Action;
21			use ElkArte\Cache\Cache;
22			use ElkArte\Helper\Util;
23			use ElkArte\Languages\Txt;
24
25			/**
26			* Handles post moderation actions. (approvals, unapproved)
27			*/
28			class PostModeration extends AbstractController
29			{
30			/** @var array\|null Holds any passed brd values, used for filtering and the like */
31			private $_brd;
32
33			/**
34			* This is the entry point for all things post moderation.
35			*
36			* @uses ModerationCenter.template
37			* @uses ModerationCenter language file
38			* @see AbstractController::action_index
39			*/
40			public function action_index()
41			{
42			// @todo We'll shift these later bud.
43			Txt::load('ModerationCenter');
44
45			theme()->getTemplates()->load('ModerationCenter');
46
47			// Allowed sub-actions, you know the drill by now!
48			$subActions = array(
49			'approve' => array($this, 'action_approve'),
50			'attachments' => array($this, 'action_unapproved_attachments'),
51			'replies' => array($this, 'action_unapproved'),
52			'topics' => array($this, 'action_unapproved'),
53			);
54
55			// Pick something valid...
56			$action = new Action('post_moderation');
57			$subAction = $action->initialize($subActions, 'replies');
58			$action->dispatch($subAction);
59			}
60
61			/**
62			* View all unapproved posts or topics
63			*/
64			public function action_unapproved()
65			{
66			global $txt, $context;
67
68			$context['current_view'] = $this->_req->getQuery('sa', 'trim', '') === 'topics' ? 'topics' : 'replies';
69			$context['page_title'] = $txt['mc_unapproved_posts'];
70			$context['header_title'] = $txt['mc_' . ($context['current_view'] === 'topics' ? 'topics' : 'posts')];
71
72			// Work out what boards we can work in!
73			$approve_boards = empty($this->user->mod_cache['ap']) ? boardsAllowedTo('approve_posts') : $this->user->mod_cache['ap'];
			0 ignored issues – show Bug Best Practice introduced 2024-03-01 00:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `mod_cache` does not exist on `ElkArte\Helper\ValuesContainer`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
74
75			$this->_brd = $this->_req->getPost('brd', 'intval', $this->_req->getQuery('brd', 'intval', null));
76
77			// If we filtered by board remove ones outside of this board.
78			// @todo Put a message saying we're filtered?
79			if ($this->_brd !== null)
80			{
81			$filter_board = array($this->_brd);
82			$approve_boards = $approve_boards == array(0) ? $filter_board : array_intersect($approve_boards, $filter_board);
83			}
84
85			if ($approve_boards == array(0))
86			{
87			$approve_query = '';
88			}
89			elseif (!empty($approve_boards))
90			{
91			$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
92			}
93			// Nada, zip, etc...
94			else
95			{
96			$approve_query = ' AND 1=0';
97			}
98
99			// We also need to know where we can delete topics and/or replies to.
100			if ($context['current_view'] === 'topics')
101			{
102			$delete_own_boards = boardsAllowedTo('remove_own');
103			$delete_any_boards = boardsAllowedTo('remove_any');
104			$delete_own_replies = array();
105			}
106			else
107			{
108			$delete_own_boards = boardsAllowedTo('delete_own');
109			$delete_any_boards = boardsAllowedTo('delete_any');
110			$delete_own_replies = boardsAllowedTo('delete_own_replies');
111			}
112
113			// No action yet
114			$toAction = array();
115
116			// Check if we have something to do?
117			if (isset($this->_req->query->approve))
118			{
119			$toAction[] = (int) $this->_req->query->approve;
120			}
121			// Just a deletion?
122			elseif (isset($this->_req->query->delete))
123			{
124			$toAction[] = (int) $this->_req->query->delete;
125			}
126			// Lots of approvals?
127			elseif (isset($this->_req->post->item))
128			{
129			$toAction = array_map('intval', $this->_req->post->item);
130			}
131
132			// What are we actually doing.
133			if (isset($this->_req->query->approve) \|\| (isset($this->_req->post->do) && $this->_req->post->do === 'approve'))
134			{
135			$curAction = 'approve';
136			}
137			elseif (isset($this->_req->query->delete) \|\| (isset($this->_req->post->do) && $this->_req->post->do === 'delete'))
138			{
139			$curAction = 'delete';
140			}
141
142			// Right, so we have something to do?
143			if (!empty($toAction) && isset($curAction))
144			{
145			checkSession('request');
146
147			require_once(SUBSDIR . '/Topic.subs.php');
148			require_once(SUBSDIR . '/Messages.subs.php');
149
150			// Handy shortcut.
151			$any_array = $curAction === 'approve' ? $approve_boards : $delete_any_boards;
152
153			// Now for each message work out whether it's actually a topic, and what board it's on.
154			$request = loadMessageDetails(
155			array('m.id_board', 't.id_topic', 't.id_first_msg', 't.id_member_started'),
156			array(
157			'INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)',
158			'LEFT JOIN {db_prefix}boards AS b ON (t.id_board = b.id_board)'
159			),
160			array(
161			'message_list' => $toAction,
162			'not_approved' => 0,
163			),
164			array(
165			'additional_conditions' => '
166			AND m.approved = {int:not_approved}
167			AND {query_see_board}'
168			)
169			);
170			$toAction = array();
171			$details = array();
172			foreach ($request as $row)
173			{
174			// If it's not within what our view is ignore it...
175			if (($row['id_msg'] == $row['id_first_msg'] && $context['current_view'] !== 'topics') \|\| ($row['id_msg'] != $row['id_first_msg'] && $context['current_view'] !== 'replies'))
176			{
177			continue;
178			}
179
180			$can_add = false;
181
182			// If we're approving this is simple.
183			if ($curAction === 'approve' && ($any_array == array(0) \|\| in_array($row['id_board'], $any_array)))
184			{
185			$can_add = true;
186			}
187			// Delete requires more permission checks...
188			elseif ($curAction === 'delete')
189			{
190			// Own post is easy!
191			if ($row['id_member'] == $this->user->id && ($delete_own_boards == array(0) \|\| in_array($row['id_board'], $delete_own_boards)))
192			{
193			$can_add = true;
194			}
195			// Is it a reply to their own topic?
196			elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == array(0) \|\| in_array($row['id_board'], $delete_own_replies)))
197			{
198			$can_add = true;
199			}
200			// Someone else's?
201			elseif ($row['id_member'] != $this->user->id && ($delete_any_boards == array(0) \|\| in_array($row['id_board'], $delete_any_boards)))
202			{
203			$can_add = true;
204			}
205			}
206
207			if ($can_add)
208			{
209			$anItem = $context['current_view'] === 'topics' ? $row['id_topic'] : $row['id_msg'];
210			$toAction[] = $anItem;
211
212			// All clear. What have we got now, what, what?
213			$details[$anItem] = array();
214			$details[$anItem]['subject'] = $row['subject'];
215			$details[$anItem]['topic'] = $row['id_topic'];
216			$details[$anItem]['member'] = ($context['current_view'] === 'topics') ? $row['id_member_started'] : $row['id_member'];
217			$details[$anItem]['board'] = $row['id_board'];
218			}
219			}
220
221			// If we have anything left we can actually do the approving (etc).
222			if (!empty($toAction))
223			{
224			if ($curAction === 'approve')
225			{
226			approveMessages($toAction, $details, $context['current_view']);
227			}
228			else
229			{
230			removeMessages($toAction, $details, $context['current_view']);
231			}
232
233			Cache::instance()->remove('num_menu_errors');
234			}
235			}
236
237			// Get the moderation values for the board level
238			require_once(SUBSDIR . '/Moderation.subs.php');
239			$mod_count = loadModeratorMenuCounts($this->_brd);
240
241			$context['total_unapproved_topics'] = $mod_count['topics'];
242			$context['total_unapproved_posts'] = $mod_count['posts'];
243			$context['page_index'] = constructPageIndex('{scripturl}?action=moderate;area=postmod;sa=' . $context['current_view'] . ($this->_brd !== null ? ';brd=' . $this->_brd : ''), $this->_req->query->start, $context['current_view'] === 'topics' ? $context['total_unapproved_topics'] : $context['total_unapproved_posts'], 10);
244			$context['start'] = $this->_req->query->start;
245
246			// We have enough to make some pretty tabs!
247			$context[$context['moderation_menu_name']]['object']->prepareTabData([
248			'title' => $txt['mc_unapproved_posts'],
249			'help' => 'postmod',
250			'description' => $txt['mc_unapproved_posts_desc'],
251			]);
252
253			// Update the tabs with the correct number of actions to account for brd filtering
254			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] = $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] . ' [' . $context['total_unapproved_posts'] . ']';
255			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] = $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] . ' [' . $context['total_unapproved_topics'] . ']';
256
257			// If we are filtering some boards out then make sure to send that along with the links.
258			if ($this->_brd !== null)
259			{
260			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['add_params'] = ';brd=' . $this->_brd;
261			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['add_params'] = ';brd=' . $this->_brd;
262			}
263
264			// Get all unapproved posts.
265			$context['unapproved_items'] = getUnapprovedPosts($approve_query, $context['current_view'], array(
266			'delete_own_boards' => $delete_own_boards,
267			'delete_any_boards' => $delete_any_boards,
268			'delete_own_replies' => $delete_own_replies,
269			), $context['start'], 10);
270
271			foreach ($context['unapproved_items'] as $key => $item)
272			{
273			$context['unapproved_items'][$key]['buttons'] = [
274			'quickmod_check' => [
275			'class' => 'inline_mod_check',
276			'checkbox' => 'always',
277			'name' => 'item',
278			'value' => $item['id'],
279			],
280			'approve' => [
281			'url' => getUrl('action', ['action' => 'moderate', 'area' => 'postmod', 'sa' => $context['current_view'], 'start' => $context['start'], '{session_data}', 'approve' => $item['id']]),
282			'text' => 'approve',
283			],
284			'unapprove' => [
285			'url' => getUrl('action', ['action' => 'moderate', 'area' => 'postmod', 'sa' => $context['current_view'], 'start' => $context['start'], '{session_data}', 'delete' => $item['id']]),
286			'text' => 'remove',
287			'enabled' => $item['can_delete'],
288			],
289			];
290			}
291
292			$context['sub_template'] = 'unapproved_posts';
293			}
294
295			/**
296			* View all unapproved attachments.
297			*/
298			public function action_unapproved_attachments()
299			{
300			global $txt, $context, $modSettings;
301
302			$context['page_title'] = $txt['mc_unapproved_attachments'];
303
304			// Once again, permissions are king!
305			$approve_boards = empty($this->user->mod_cache['ap']) ? boardsAllowedTo('approve_posts') : $this->user->mod_cache['ap'];
			0 ignored issues – show Bug Best Practice introduced 2024-03-01 00:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `mod_cache` does not exist on `ElkArte\Helper\ValuesContainer`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
306
307			if ($approve_boards == array(0))
308			{
309			$approve_query = '';
310			}
311			elseif (!empty($approve_boards))
312			{
313			$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
314			}
315			else
316			{
317			$approve_query = ' AND 0';
318			}
319
320			// Get together the array of things to act on, if any.
321			$attachments = array();
322			if (isset($this->_req->query->approve))
323			{
324			$attachments[] = (int) $this->_req->query->approve;
325			}
326			elseif (isset($this->_req->query->delete))
327			{
328			$attachments[] = (int) $this->_req->query->delete;
329			}
330			elseif (isset($this->_req->post->item))
331			{
332			foreach ($this->_req->post->item as $item)
333			{
334			$attachments[] = (int) $item;
335			}
336			}
337
338			// Are we approving or deleting?
339			if (isset($this->_req->query->approve) \|\| (isset($this->_req->post->do) && $this->_req->post->do === 'approve'))
340			{
341			$curAction = 'approve';
342			}
343			elseif (isset($this->_req->query->delete) \|\| (isset($this->_req->post->do) && $this->_req->post->do === 'delete'))
344			{
345			$curAction = 'delete';
346			}
347
348			// Something to do, let's do it!
349			if (!empty($attachments) && isset($curAction))
350			{
351			checkSession('request');
352
353			// This will be handy.
354			require_once(SUBSDIR . '/ManageAttachments.subs.php');
355
356			// Confirm the attachments are eligible for changing!
357			$attachments = validateAttachments($attachments, $approve_query);
358
359			// Assuming it wasn't all like, proper illegal, we can do the approving.
360			if (!empty($attachments))
361			{
362			if ($curAction === 'approve')
363			{
364			approveAttachments($attachments);
365			}
366			else
367			{
368			removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
369			}
370
371			Cache::instance()->remove('num_menu_errors');
372			}
373			}
374
375			require_once(SUBSDIR . '/ManageAttachments.subs.php');
376
377			$listOptions = array(
378			'id' => 'mc_unapproved_attach',
379			'width' => '100%',
380			'items_per_page' => $modSettings['defaultMaxMessages'],
381			'no_items_label' => $txt['mc_unapproved_attachments_none_found'],
382			'base_href' => getUrl('action', ['action' => 'moderate', 'area' => 'attachmod', 'sa' => 'attachments']),
383			'default_sort_col' => 'attach_name',
384			'get_items' => array(
385			'function' => 'list_getUnapprovedAttachments',
386			'params' => array(
387			$approve_query,
388			),
389			),
390			'get_count' => array(
391			'function' => 'list_getNumUnapprovedAttachments',
392			'params' => array(
393			$approve_query,
394			),
395			),
396			'columns' => array(
397			'attach_name' => array(
398			'header' => array(
399			'value' => $txt['mc_unapproved_attach_name'],
400			),
401			'data' => array(
402			'db' => 'filename',
403			),
404			'sort' => array(
405			'default' => 'a.filename',
406			'reverse' => 'a.filename DESC',
407			),
408			),
409			'attach_size' => array(
410			'header' => array(
411			'value' => $txt['mc_unapproved_attach_size'],
412			),
413			'data' => array(
414			'db' => 'size',
415			),
416			'sort' => array(
417			'default' => 'a.size',
418			'reverse' => 'a.size DESC',
419			),
420			),
421			'attach_poster' => array(
422			'header' => array(
423			'value' => $txt['mc_unapproved_attach_poster'],
424			),
425			'data' => array(
426			'function' => static fn($data) => $data['poster']['link'],
427			),
428			'sort' => array(
429			'default' => 'm.id_member',
430			'reverse' => 'm.id_member DESC',
431			),
432			),
433			'date' => array(
434			'header' => array(
435			'value' => $txt['date'],
436			'style' => 'width: 18%;',
437			),
438			'data' => array(
439			'db' => 'time',
440			'class' => 'smalltext',
441			'style' => 'white-space:nowrap;',
442			),
443			'sort' => array(
444			'default' => 'm.poster_time',
445			'reverse' => 'm.poster_time DESC',
446			),
447			),
448			'message' => array(
449			'header' => array(
450			'value' => $txt['post'],
451			),
452			'data' => array(
453			'function' => static function ($data) {
454			global $modSettings;
455			return '<a href="' . $data['message']['href'] . '">' . Util::shorten_text($data['message']['subject'], empty($modSettings['subject_length']) ? 32 : $modSettings['subject_length']) . '</a>';
456			},
457			'class' => 'smalltext',
458			'style' => 'width:15em;',
459			),
460			'sort' => array(
461			'default' => 'm.subject',
462			'reverse' => 'm.subject DESC',
463			),
464			),
465			'action' => array(
466			'header' => array(
467			'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />',
468			'style' => 'width: 4%',
469			),
470			'data' => array(
471			'sprintf' => array(
472			'format' => '<input type="checkbox" name="item[]" value="%1$d" class="input_check" />',
473			'params' => array(
474			'id' => false,
475			),
476			),
477			),
478			),
479			),
480			'form' => array(
481			'href' => getUrl('action', ['action' => 'moderate', 'area' => 'attachmod', 'sa' => 'attachments']),
482			'include_sort' => true,
483			'include_start' => true,
484			'hidden_fields' => array(
485			$context['session_var'] => $context['session_id'],
486			),
487			'token' => 'mod-ap',
488			),
489			'additional_rows' => array(
490			array(
491			'position' => 'bottom_of_list',
492			'value' => '
493			<select name="do" onchange="if (this.value != 0 && confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();">
494			<option value="0">' . $txt['with_selected'] . ':</option>
495			<option value="0" disabled="disabled">' . str_repeat('—', strlen($txt['approve'])) . '</option>
496			<option value="approve">➤ ' . $txt['approve'] . '</option>
497			<option value="delete">➤ ' . $txt['delete'] . '</option>
498			</select>
499			<noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="right_submit" /></noscript>',
500			'class' => 'floatright',
501			),
502			),
503			);
504
505			// Create the request list.
506			createToken('mod-ap');
507			createList($listOptions);
508
509			$context['sub_template'] = 'show_list';
510			$context['default_list'] = 'mc_unapproved_attach';
511			$context[$context['moderation_menu_name']]['object']->prepareTabData([
512			'title' => $txt['mc_unapproved_attachments'],
513			'description' => $txt['mc_unapproved_attachments_desc']
514			]);
515			}
516
517			/**
518			* Approve or un-approve a post just the one or a topic if its the first post
519			*/
520			public function action_approve()
521			{
522			global $topic, $board;
523
524			checkSession('get');
525
526			$current_msg = $this->_req->getQuery('msg', 'intval', 0);
527
528			// Needy baby, Greedy baby
529			require_once(SUBSDIR . '/Topic.subs.php');
530			require_once(SUBSDIR . '/Post.subs.php');
531			require_once(SUBSDIR . '/Messages.subs.php');
532
533			isAllowedTo('approve_posts');
534
535			$message_info = basicMessageInfo($current_msg, false, true);
536
537			// If it's the first in a topic then the whole topic gets approved!
538			if ($message_info['id_first_msg'] == $current_msg)
539			{
540			approveTopics($topic, !$message_info['approved'], $message_info['id_member_started'] != $this->user->id);
541			}
542			else
543			{
544			approvePosts($current_msg, !$message_info['approved']);
545
546			if ($message_info['id_member'] != $this->user->id)
547			{
548			logAction(($message_info['approved'] ? 'un' : '') . 'approve', array('topic' => $topic, 'subject' => $message_info['subject'], 'member' => $message_info['id_member'], 'board' => $board));
549			}
550			}
551
552			Cache::instance()->remove('num_menu_errors');
553
554			redirectexit('topic=' . $topic . '.msg' . $current_msg . '#msg' . $current_msg);
555			}
556			}
557

elkarte / Elkarte

Issues (1686)

sources/ElkArte/Controller/PostModeration.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like