Issues in PostModeration.php (development) - Issues in development - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1693)

sources/ElkArte/Controller/PostModeration.php (2 issues)

Labels

Severity

Major 2

<?php

/**
 * Handles Post Moderation approvals and un-approvals
 *
 * @package   ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
 *
 * This file contains code covered by:
 * copyright: 2011 Simple Machines (http://www.simplemachines.org)
 *
 * @version 2.0 dev
 *
 */

namespace ElkArte\Controller;

use ElkArte\AbstractController;
use ElkArte\Action;
use ElkArte\Cache\Cache;
use ElkArte\Helper\Util;
use ElkArte\Languages\Txt;

/**
 * Handles post moderation actions. (approvals, unapproved)
 */
class PostModeration extends AbstractController
{

	/**
	 * This is the entry point for all things post moderation.
	 *
	 * @uses ModerationCenter.template
	 * @uses ModerationCenter language file
	 * @see AbstractController::action_index
	 */
	public function action_index()
	{
		// @todo We'll shift these later bud.
		Txt::load('ModerationCenter');

		theme()->getTemplates()->load('ModerationCenter');

		// Allowed sub-actions, you know the drill by now!
		$subActions = [
			'approve' => [$this, 'action_approve'],
			'attachments' => [$this, 'action_unapproved_attachments'],
			'replies' => [$this, 'action_unapproved'],
			'topics' => [$this, 'action_unapproved'],
		];

		// Pick something valid...
		$action = new Action('post_moderation');
		$subAction = $action->initialize($subActions, 'replies');
		$action->dispatch($subAction);
	}

	/**
	 * View all unapproved posts or topics
	 */
	public function action_unapproved(): void
	{
		global $txt, $context;

		$context['current_view'] = $this->_req->getQuery('sa', 'trim', '') === 'topics' ? 'topics' : 'replies';
		$context['page_title'] = $txt['mc_unapproved_posts'];
		$context['header_title'] = $txt['mc_' . ($context['current_view'] === 'topics' ? 'topics' : 'posts')];

		// Work out what boards we can work in!
		$approve_boards = empty($this->user->mod_cache['ap']) ? boardsAllowedTo('approve_posts') : $this->user->mod_cache['ap'];


		$_brd = $this->_req->getPost('brd', 'intval', $this->_req->getQuery('brd', 'intval', null));

		// If we filtered by board remove ones outside of this board.
		// @todo Put a message saying we're filtered?
		if ($_brd !== null)
		{
			$filter_board = [$_brd];
			$approve_boards = $approve_boards == [0] ? $filter_board : array_intersect($approve_boards, $filter_board);
		}

		if ($approve_boards == [0])
		{
			$approve_query = '';
		}
		elseif (!empty($approve_boards))
		{
			$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
		}
		// Nada, zip, etc...
		else
		{
			$approve_query = ' AND 1=0';
		}

		// We also need to know where we can delete topics and/or replies to.
		if ($context['current_view'] === 'topics')
		{
			$delete_own_boards = boardsAllowedTo('remove_own');
			$delete_any_boards = boardsAllowedTo('remove_any');
			$delete_own_replies = [];
		}
		else
		{
			$delete_own_boards = boardsAllowedTo('delete_own');
			$delete_any_boards = boardsAllowedTo('delete_any');
			$delete_own_replies = boardsAllowedTo('delete_own_replies');
		}

		// No action yet
		$toAction = [];

		// Check if we have something to do?
		if (isset($this->_req->query->approve))
		{
			$toAction[] = (int) $this->_req->query->approve;
		}
		// Just a deletion?
		elseif (isset($this->_req->query->delete))
		{
			$toAction[] = (int) $this->_req->query->delete;
		}
		// Lots of approvals?
		elseif (isset($this->_req->post->item))
		{
			$toAction = array_map('intval', $this->_req->post->item);
		}

		// What are we actually doing.
		if (isset($this->_req->query->approve) || (isset($this->_req->post->do) && $this->_req->post->do === 'approve'))
		{
			$curAction = 'approve';
		}
		elseif (isset($this->_req->query->delete) || (isset($this->_req->post->do) && $this->_req->post->do === 'delete'))
		{
			$curAction = 'delete';
		}

		// Right, so we have something to do?
		if (!empty($toAction) && isset($curAction))
		{
			checkSession('request');

			require_once(SUBSDIR . '/Topic.subs.php');
			require_once(SUBSDIR . '/Messages.subs.php');

			// Handy shortcut.
			$any_array = $curAction === 'approve' ? $approve_boards : $delete_any_boards;

			// Now for each message work out whether it's actually a topic, and what board it's on.
			$request = loadMessageDetails(
				['m.id_board', 't.id_topic', 't.id_first_msg', 't.id_member_started'],
				[
					'INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)',
					'LEFT JOIN {db_prefix}boards AS b ON (t.id_board = b.id_board)'
				],
				[
					'message_list' => $toAction,
					'not_approved' => 0,
				],
				[
					'additional_conditions' => '
					AND m.approved = {int:not_approved}
					AND {query_see_board}'
				]
			);
			$toAction = [];
			$details = [];
			foreach ($request as $row)
			{
				// If it's not within what our view is ignore it...
				if (($row['id_msg'] == $row['id_first_msg'] && $context['current_view'] !== 'topics') || ($row['id_msg'] != $row['id_first_msg'] && $context['current_view'] !== 'replies'))
				{
					continue;
				}

				$can_add = false;

				// If we're approving this is simple.
				if ($curAction === 'approve' && ($any_array == [0] || in_array($row['id_board'], $any_array)))
				{
					$can_add = true;
				}
				// Delete requires more permission checks...
				elseif ($curAction === 'delete')
				{
					// Own post is easy!
					if ($row['id_member'] == $this->user->id && ($delete_own_boards == [0] || in_array($row['id_board'], $delete_own_boards)))
					{
						$can_add = true;
					}
					// Is it a reply to their own topic?
					elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == [0] || in_array($row['id_board'], $delete_own_replies)))
					{
						$can_add = true;
					}
					// Someone else's?
					elseif ($row['id_member'] != $this->user->id && ($delete_any_boards == [0] || in_array($row['id_board'], $delete_any_boards)))
					{
						$can_add = true;
					}
				}

				if ($can_add)
				{
					$anItem = $context['current_view'] === 'topics' ? $row['id_topic'] : $row['id_msg'];
					$toAction[] = $anItem;

					// All clear. What have we got now, what, what?
					$details[$anItem] = [];
					$details[$anItem]['subject'] = $row['subject'];
					$details[$anItem]['topic'] = $row['id_topic'];
					$details[$anItem]['member'] = ($context['current_view'] === 'topics') ? $row['id_member_started'] : $row['id_member'];
					$details[$anItem]['board'] = $row['id_board'];
				}
			}

			// If we have anything left we can actually do the approving (etc).
			if (!empty($toAction))
			{
				if ($curAction === 'approve')
				{
					approveMessages($toAction, $details, $context['current_view']);
				}
				else
				{
					removeMessages($toAction, $details, $context['current_view']);
				}

				Cache::instance()->remove('num_menu_errors');
			}
		}

		// Get the moderation values for the board level
		require_once(SUBSDIR . '/Moderation.subs.php');
		$mod_count = loadModeratorMenuCounts($_brd);

		$context['total_unapproved_topics'] = $mod_count['topics'];
		$context['total_unapproved_posts'] = $mod_count['posts'];
		$context['page_index'] = constructPageIndex('{scripturl}?action=moderate;area=postmod;sa=' . $context['current_view'] . ($_brd !== null ? ';brd=' . $_brd : ''), $this->_req->query->start, $context['current_view'] === 'topics' ? $context['total_unapproved_topics'] : $context['total_unapproved_posts'], 10);
		$context['start'] = $this->_req->query->start;

		// We have enough to make some pretty tabs!
		$context[$context['moderation_menu_name']]['object']->prepareTabData([
			'title' => $txt['mc_unapproved_posts'],
			'help' => 'postmod',
			'description' => $txt['mc_unapproved_posts_desc'],
		]);

		// Update the tabs with the correct number of actions to account for brd filtering
		$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] = $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] . ' [' . $context['total_unapproved_posts'] . ']';
		$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] = $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] . ' [' . $context['total_unapproved_topics'] . ']';

		// If we are filtering some boards out then make sure to send that along with the links.
		if ($_brd !== null)
		{
			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['add_params'] = ';brd=' . $_brd;
			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['add_params'] = ';brd=' . $_brd;
		}

		// Get all unapproved posts.
		$context['unapproved_items'] = getUnapprovedPosts($approve_query, $context['current_view'], [
			'delete_own_boards' => $delete_own_boards,
			'delete_any_boards' => $delete_any_boards,
			'delete_own_replies' => $delete_own_replies,
		], $context['start'], 10);

		foreach ($context['unapproved_items'] as $key => $item)
		{
			$context['unapproved_items'][$key]['buttons'] = [
				'quickmod_check' => [
					'class' => 'inline_mod_check',
					'checkbox' => 'always',
					'name' => 'item',
					'value' => $item['id'],
				],
				'approve' => [
					'url' => getUrl('action', ['action' => 'moderate', 'area' => 'postmod', 'sa' => $context['current_view'], 'start' => $context['start'], '{session_data}', 'approve' => $item['id']]),
					'text' => 'approve',
				],
				'unapprove' => [
					'url' => getUrl('action', ['action' => 'moderate', 'area' => 'postmod', 'sa' => $context['current_view'], 'start' => $context['start'], '{session_data}', 'delete' => $item['id']]),
					'text' => 'remove',
					'enabled' => $item['can_delete'],
				],
			];
		}

		$context['sub_template'] = 'unapproved_posts';
	}

	/**
	 * View all unapproved attachments.
	 */
	public function action_unapproved_attachments(): void
	{
		global $txt, $context, $modSettings;

		$context['page_title'] = $txt['mc_unapproved_attachments'];

		// Once again, permissions are king!
		$approve_boards = empty($this->user->mod_cache['ap']) ? boardsAllowedTo('approve_posts') : $this->user->mod_cache['ap'];


		if ($approve_boards == [0])
		{
			$approve_query = '';
		}
		elseif (!empty($approve_boards))
		{
			$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
		}
		else
		{
			$approve_query = ' AND 0';
		}

		// Get together the array of things to act on, if any.
		$attachments = [];
		if (isset($this->_req->query->approve))
		{
			$attachments[] = (int) $this->_req->query->approve;
		}
		elseif (isset($this->_req->query->delete))
		{
			$attachments[] = (int) $this->_req->query->delete;
		}
		elseif (isset($this->_req->post->item))
		{
			foreach ($this->_req->post->item as $item)
			{
				$attachments[] = (int) $item;
			}
		}

		// Are we approving or deleting?
		if (isset($this->_req->query->approve) || (isset($this->_req->post->do) && $this->_req->post->do === 'approve'))
		{
			$curAction = 'approve';
		}
		elseif (isset($this->_req->query->delete) || (isset($this->_req->post->do) && $this->_req->post->do === 'delete'))
		{
			$curAction = 'delete';
		}

		// Something to do, let's do it!
		if (!empty($attachments) && isset($curAction))
		{
			checkSession('request');

			// This will be handy.
			require_once(SUBSDIR . '/ManageAttachments.subs.php');

			// Confirm the attachments are eligible for changing!
			$attachments = validateAttachments($attachments, $approve_query);

			// Assuming it wasn't all like, proper illegal, we can do the approving.
			if (!empty($attachments))
			{
				if ($curAction === 'approve')
				{
					approveAttachments($attachments);
				}
				else
				{
					removeAttachments(['id_attach' => $attachments, 'do_logging' => true]);
				}

				Cache::instance()->remove('num_menu_errors');
			}
		}

		require_once(SUBSDIR . '/ManageAttachments.subs.php');

		$listOptions = [
			'id' => 'mc_unapproved_attach',
			'width' => '100%',
			'items_per_page' => $modSettings['defaultMaxMessages'],
			'no_items_label' => $txt['mc_unapproved_attachments_none_found'],
			'base_href' => getUrl('action', ['action' => 'moderate', 'area' => 'attachmod', 'sa' => 'attachments']),
			'default_sort_col' => 'attach_name',
			'get_items' => [
				'function' => 'list_getUnapprovedAttachments',
				'params' => [
					$approve_query,
				],
			],
			'get_count' => [
				'function' => 'list_getNumUnapprovedAttachments',
				'params' => [
					$approve_query,
				],
			],
			'columns' => [
				'attach_name' => [
					'header' => [
						'value' => $txt['mc_unapproved_attach_name'],
					],
					'data' => [
						'db' => 'filename',
					],
					'sort' => [
						'default' => 'a.filename',
						'reverse' => 'a.filename DESC',
					],
				],
				'attach_size' => [
					'header' => [
						'value' => $txt['mc_unapproved_attach_size'],
					],
					'data' => [
						'db' => 'size',
					],
					'sort' => [
						'default' => 'a.size',
						'reverse' => 'a.size DESC',
					],
				],
				'attach_poster' => [
					'header' => [
						'value' => $txt['mc_unapproved_attach_poster'],
					],
					'data' => [
						'function' => static fn($data) => $data['poster']['link'],
					],
					'sort' => [
						'default' => 'm.id_member',
						'reverse' => 'm.id_member DESC',
					],
				],
				'date' => [
					'header' => [
						'value' => $txt['date'],
						'style' => 'width: 18%;',
					],
					'data' => [
						'db' => 'time',
						'class' => 'smalltext',
						'style' => 'white-space:nowrap;',
					],
					'sort' => [
						'default' => 'm.poster_time',
						'reverse' => 'm.poster_time DESC',
					],
				],
				'message' => [
					'header' => [
						'value' => $txt['post'],
					],
					'data' => [
						'function' => static function ($data) {
							global $modSettings;
							return '<a href="' . $data['message']['href'] . '">' . Util::shorten_text($data['message']['subject'], empty($modSettings['subject_length']) ? 32 : $modSettings['subject_length']) . '</a>';
						},
						'class' => 'smalltext',
						'style' => 'width:15em;',
					],
					'sort' => [
						'default' => 'm.subject',
						'reverse' => 'm.subject DESC',
					],
				],
				'action' => [
					'header' => [
						'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />',
						'style' => 'width: 4%',
					],
					'data' => [
						'sprintf' => [
							'format' => '<input type="checkbox" name="item[]" value="%1$d" class="input_check" />',
							'params' => [
								'id' => false,
							],
						],
					],
				],
			],
			'form' => [
				'href' => getUrl('action', ['action' => 'moderate', 'area' => 'attachmod', 'sa' => 'attachments']),
				'include_sort' => true,
				'include_start' => true,
				'hidden_fields' => [
					$context['session_var'] => $context['session_id'],
				],
				'token' => 'mod-ap',
			],
			'additional_rows' => [
				[
					'position' => 'bottom_of_list',
					'value' => '
						<select name="do" onchange="if (this.value != 0 &amp;&amp; confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();">
							<option value="0">' . $txt['with_selected'] . ':</option>
							<option value="0" disabled="disabled">' . str_repeat('&#8212;', strlen($txt['approve'])) . '</option>
							<option value="approve">&#10148;&nbsp;' . $txt['approve'] . '</option>
							<option value="delete">&#10148;&nbsp;' . $txt['delete'] . '</option>
						</select>
						<noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="right_submit" /></noscript>',
					'class' => 'floatright',
				],
			],
		];

		// Create the request list.
		createToken('mod-ap');
		createList($listOptions);

		$context['sub_template'] = 'show_list';
		$context['default_list'] = 'mc_unapproved_attach';
		$context[$context['moderation_menu_name']]['object']->prepareTabData([
			'title' => $txt['mc_unapproved_attachments'],
			'description' => $txt['mc_unapproved_attachments_desc']
		]);
	}

	/**
	 * Approve or un-approve a post just the one or a topic if its the first post
	 */
	public function action_approve(): void
	{
		global $topic, $board;

		checkSession('get');

		$current_msg = $this->_req->getQuery('msg', 'intval', 0);

		// Needy baby, Greedy baby
		require_once(SUBSDIR . '/Topic.subs.php');
		require_once(SUBSDIR . '/Post.subs.php');
		require_once(SUBSDIR . '/Messages.subs.php');

		isAllowedTo('approve_posts');

		$message_info = basicMessageInfo($current_msg, false, true);

		// If it's the first in a topic then the whole topic gets approved!
		if ($message_info['id_first_msg'] == $current_msg)
		{
			approveTopics($topic, !$message_info['approved'], $message_info['id_member_started'] != $this->user->id);
		}
		else
		{
			approvePosts($current_msg, !$message_info['approved']);

			if ($message_info['id_member'] != $this->user->id)
			{
				logAction(($message_info['approved'] ? 'un' : '') . 'approve', ['topic' => $topic, 'subject' => $message_info['subject'], 'member' => $message_info['id_member'], 'board' => $board]);
			}
		}

		Cache::instance()->remove('num_menu_errors');

		redirectexit('topic=' . $topic . '.msg' . $current_msg . '#msg' . $current_msg);
	}
}


1			<?php
2
3			/**
4			* Handles Post Moderation approvals and un-approvals
5			*
6			* @package ElkArte Forum
7			* @copyright ElkArte Forum contributors
8			* @license BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
9			*
10			* This file contains code covered by:
11			* copyright: 2011 Simple Machines (http://www.simplemachines.org)
12			*
13			* @version 2.0 dev
14			*
15			*/
16
17			namespace ElkArte\Controller;
18
19			use ElkArte\AbstractController;
20			use ElkArte\Action;
21			use ElkArte\Cache\Cache;
22			use ElkArte\Helper\Util;
23			use ElkArte\Languages\Txt;
24
25			/**
26			* Handles post moderation actions. (approvals, unapproved)
27			*/
28			class PostModeration extends AbstractController
29			{
30
31			/**
32			* This is the entry point for all things post moderation.
33			*
34			* @uses ModerationCenter.template
35			* @uses ModerationCenter language file
36			* @see AbstractController::action_index
37			*/
38			public function action_index()
39			{
40			// @todo We'll shift these later bud.
41			Txt::load('ModerationCenter');
42
43			theme()->getTemplates()->load('ModerationCenter');
44
45			// Allowed sub-actions, you know the drill by now!
46			$subActions = [
47			'approve' => [$this, 'action_approve'],
48			'attachments' => [$this, 'action_unapproved_attachments'],
49			'replies' => [$this, 'action_unapproved'],
50			'topics' => [$this, 'action_unapproved'],
51			];
52
53			// Pick something valid...
54			$action = new Action('post_moderation');
55			$subAction = $action->initialize($subActions, 'replies');
56			$action->dispatch($subAction);
57			}
58
59			/**
60			* View all unapproved posts or topics
61			*/
62			public function action_unapproved(): void
63			{
64			global $txt, $context;
65
66			$context['current_view'] = $this->_req->getQuery('sa', 'trim', '') === 'topics' ? 'topics' : 'replies';
67			$context['page_title'] = $txt['mc_unapproved_posts'];
68			$context['header_title'] = $txt['mc_' . ($context['current_view'] === 'topics' ? 'topics' : 'posts')];
69
70			// Work out what boards we can work in!
71			$approve_boards = empty($this->user->mod_cache['ap']) ? boardsAllowedTo('approve_posts') : $this->user->mod_cache['ap'];
			0 ignored issues – show Bug Best Practice introduced 2024-03-01 00:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `mod_cache` does not exist on `ElkArte\Helper\ValuesContainer`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
72
73			$_brd = $this->_req->getPost('brd', 'intval', $this->_req->getQuery('brd', 'intval', null));
74
75			// If we filtered by board remove ones outside of this board.
76			// @todo Put a message saying we're filtered?
77			if ($_brd !== null)
78			{
79			$filter_board = [$_brd];
80			$approve_boards = $approve_boards == [0] ? $filter_board : array_intersect($approve_boards, $filter_board);
81			}
82
83			if ($approve_boards == [0])
84			{
85			$approve_query = '';
86			}
87			elseif (!empty($approve_boards))
88			{
89			$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
90			}
91			// Nada, zip, etc...
92			else
93			{
94			$approve_query = ' AND 1=0';
95			}
96
97			// We also need to know where we can delete topics and/or replies to.
98			if ($context['current_view'] === 'topics')
99			{
100			$delete_own_boards = boardsAllowedTo('remove_own');
101			$delete_any_boards = boardsAllowedTo('remove_any');
102			$delete_own_replies = [];
103			}
104			else
105			{
106			$delete_own_boards = boardsAllowedTo('delete_own');
107			$delete_any_boards = boardsAllowedTo('delete_any');
108			$delete_own_replies = boardsAllowedTo('delete_own_replies');
109			}
110
111			// No action yet
112			$toAction = [];
113
114			// Check if we have something to do?
115			if (isset($this->_req->query->approve))
116			{
117			$toAction[] = (int) $this->_req->query->approve;
118			}
119			// Just a deletion?
120			elseif (isset($this->_req->query->delete))
121			{
122			$toAction[] = (int) $this->_req->query->delete;
123			}
124			// Lots of approvals?
125			elseif (isset($this->_req->post->item))
126			{
127			$toAction = array_map('intval', $this->_req->post->item);
128			}
129
130			// What are we actually doing.
131			if (isset($this->_req->query->approve) \|\| (isset($this->_req->post->do) && $this->_req->post->do === 'approve'))
132			{
133			$curAction = 'approve';
134			}
135			elseif (isset($this->_req->query->delete) \|\| (isset($this->_req->post->do) && $this->_req->post->do === 'delete'))
136			{
137			$curAction = 'delete';
138			}
139
140			// Right, so we have something to do?
141			if (!empty($toAction) && isset($curAction))
142			{
143			checkSession('request');
144
145			require_once(SUBSDIR . '/Topic.subs.php');
146			require_once(SUBSDIR . '/Messages.subs.php');
147
148			// Handy shortcut.
149			$any_array = $curAction === 'approve' ? $approve_boards : $delete_any_boards;
150
151			// Now for each message work out whether it's actually a topic, and what board it's on.
152			$request = loadMessageDetails(
153			['m.id_board', 't.id_topic', 't.id_first_msg', 't.id_member_started'],
154			[
155			'INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)',
156			'LEFT JOIN {db_prefix}boards AS b ON (t.id_board = b.id_board)'
157			],
158			[
159			'message_list' => $toAction,
160			'not_approved' => 0,
161			],
162			[
163			'additional_conditions' => '
164			AND m.approved = {int:not_approved}
165			AND {query_see_board}'
166			]
167			);
168			$toAction = [];
169			$details = [];
170			foreach ($request as $row)
171			{
172			// If it's not within what our view is ignore it...
173			if (($row['id_msg'] == $row['id_first_msg'] && $context['current_view'] !== 'topics') \|\| ($row['id_msg'] != $row['id_first_msg'] && $context['current_view'] !== 'replies'))
174			{
175			continue;
176			}
177
178			$can_add = false;
179
180			// If we're approving this is simple.
181			if ($curAction === 'approve' && ($any_array == [0] \|\| in_array($row['id_board'], $any_array)))
182			{
183			$can_add = true;
184			}
185			// Delete requires more permission checks...
186			elseif ($curAction === 'delete')
187			{
188			// Own post is easy!
189			if ($row['id_member'] == $this->user->id && ($delete_own_boards == [0] \|\| in_array($row['id_board'], $delete_own_boards)))
190			{
191			$can_add = true;
192			}
193			// Is it a reply to their own topic?
194			elseif ($row['id_member'] == $row['id_member_started'] && $row['id_msg'] != $row['id_first_msg'] && ($delete_own_replies == [0] \|\| in_array($row['id_board'], $delete_own_replies)))
195			{
196			$can_add = true;
197			}
198			// Someone else's?
199			elseif ($row['id_member'] != $this->user->id && ($delete_any_boards == [0] \|\| in_array($row['id_board'], $delete_any_boards)))
200			{
201			$can_add = true;
202			}
203			}
204
205			if ($can_add)
206			{
207			$anItem = $context['current_view'] === 'topics' ? $row['id_topic'] : $row['id_msg'];
208			$toAction[] = $anItem;
209
210			// All clear. What have we got now, what, what?
211			$details[$anItem] = [];
212			$details[$anItem]['subject'] = $row['subject'];
213			$details[$anItem]['topic'] = $row['id_topic'];
214			$details[$anItem]['member'] = ($context['current_view'] === 'topics') ? $row['id_member_started'] : $row['id_member'];
215			$details[$anItem]['board'] = $row['id_board'];
216			}
217			}
218
219			// If we have anything left we can actually do the approving (etc).
220			if (!empty($toAction))
221			{
222			if ($curAction === 'approve')
223			{
224			approveMessages($toAction, $details, $context['current_view']);
225			}
226			else
227			{
228			removeMessages($toAction, $details, $context['current_view']);
229			}
230
231			Cache::instance()->remove('num_menu_errors');
232			}
233			}
234
235			// Get the moderation values for the board level
236			require_once(SUBSDIR . '/Moderation.subs.php');
237			$mod_count = loadModeratorMenuCounts($_brd);
238
239			$context['total_unapproved_topics'] = $mod_count['topics'];
240			$context['total_unapproved_posts'] = $mod_count['posts'];
241			$context['page_index'] = constructPageIndex('{scripturl}?action=moderate;area=postmod;sa=' . $context['current_view'] . ($_brd !== null ? ';brd=' . $_brd : ''), $this->_req->query->start, $context['current_view'] === 'topics' ? $context['total_unapproved_topics'] : $context['total_unapproved_posts'], 10);
242			$context['start'] = $this->_req->query->start;
243
244			// We have enough to make some pretty tabs!
245			$context[$context['moderation_menu_name']]['object']->prepareTabData([
246			'title' => $txt['mc_unapproved_posts'],
247			'help' => 'postmod',
248			'description' => $txt['mc_unapproved_posts_desc'],
249			]);
250
251			// Update the tabs with the correct number of actions to account for brd filtering
252			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] = $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['label'] . ' [' . $context['total_unapproved_posts'] . ']';
253			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] = $context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['label'] . ' [' . $context['total_unapproved_topics'] . ']';
254
255			// If we are filtering some boards out then make sure to send that along with the links.
256			if ($_brd !== null)
257			{
258			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['posts']['add_params'] = ';brd=' . $_brd;
259			$context['menu_data_' . $context['moderation_menu_id']]['sections']['posts']['areas']['postmod']['subsections']['topics']['add_params'] = ';brd=' . $_brd;
260			}
261
262			// Get all unapproved posts.
263			$context['unapproved_items'] = getUnapprovedPosts($approve_query, $context['current_view'], [
264			'delete_own_boards' => $delete_own_boards,
265			'delete_any_boards' => $delete_any_boards,
266			'delete_own_replies' => $delete_own_replies,
267			], $context['start'], 10);
268
269			foreach ($context['unapproved_items'] as $key => $item)
270			{
271			$context['unapproved_items'][$key]['buttons'] = [
272			'quickmod_check' => [
273			'class' => 'inline_mod_check',
274			'checkbox' => 'always',
275			'name' => 'item',
276			'value' => $item['id'],
277			],
278			'approve' => [
279			'url' => getUrl('action', ['action' => 'moderate', 'area' => 'postmod', 'sa' => $context['current_view'], 'start' => $context['start'], '{session_data}', 'approve' => $item['id']]),
280			'text' => 'approve',
281			],
282			'unapprove' => [
283			'url' => getUrl('action', ['action' => 'moderate', 'area' => 'postmod', 'sa' => $context['current_view'], 'start' => $context['start'], '{session_data}', 'delete' => $item['id']]),
284			'text' => 'remove',
285			'enabled' => $item['can_delete'],
286			],
287			];
288			}
289
290			$context['sub_template'] = 'unapproved_posts';
291			}
292
293			/**
294			* View all unapproved attachments.
295			*/
296			public function action_unapproved_attachments(): void
297			{
298			global $txt, $context, $modSettings;
299
300			$context['page_title'] = $txt['mc_unapproved_attachments'];
301
302			// Once again, permissions are king!
303			$approve_boards = empty($this->user->mod_cache['ap']) ? boardsAllowedTo('approve_posts') : $this->user->mod_cache['ap'];
			0 ignored issues – show Bug Best Practice introduced 2024-03-01 00:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `mod_cache` does not exist on `ElkArte\Helper\ValuesContainer`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
304
305			if ($approve_boards == [0])
306			{
307			$approve_query = '';
308			}
309			elseif (!empty($approve_boards))
310			{
311			$approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
312			}
313			else
314			{
315			$approve_query = ' AND 0';
316			}
317
318			// Get together the array of things to act on, if any.
319			$attachments = [];
320			if (isset($this->_req->query->approve))
321			{
322			$attachments[] = (int) $this->_req->query->approve;
323			}
324			elseif (isset($this->_req->query->delete))
325			{
326			$attachments[] = (int) $this->_req->query->delete;
327			}
328			elseif (isset($this->_req->post->item))
329			{
330			foreach ($this->_req->post->item as $item)
331			{
332			$attachments[] = (int) $item;
333			}
334			}
335
336			// Are we approving or deleting?
337			if (isset($this->_req->query->approve) \|\| (isset($this->_req->post->do) && $this->_req->post->do === 'approve'))
338			{
339			$curAction = 'approve';
340			}
341			elseif (isset($this->_req->query->delete) \|\| (isset($this->_req->post->do) && $this->_req->post->do === 'delete'))
342			{
343			$curAction = 'delete';
344			}
345
346			// Something to do, let's do it!
347			if (!empty($attachments) && isset($curAction))
348			{
349			checkSession('request');
350
351			// This will be handy.
352			require_once(SUBSDIR . '/ManageAttachments.subs.php');
353
354			// Confirm the attachments are eligible for changing!
355			$attachments = validateAttachments($attachments, $approve_query);
356
357			// Assuming it wasn't all like, proper illegal, we can do the approving.
358			if (!empty($attachments))
359			{
360			if ($curAction === 'approve')
361			{
362			approveAttachments($attachments);
363			}
364			else
365			{
366			removeAttachments(['id_attach' => $attachments, 'do_logging' => true]);
367			}
368
369			Cache::instance()->remove('num_menu_errors');
370			}
371			}
372
373			require_once(SUBSDIR . '/ManageAttachments.subs.php');
374
375			$listOptions = [
376			'id' => 'mc_unapproved_attach',
377			'width' => '100%',
378			'items_per_page' => $modSettings['defaultMaxMessages'],
379			'no_items_label' => $txt['mc_unapproved_attachments_none_found'],
380			'base_href' => getUrl('action', ['action' => 'moderate', 'area' => 'attachmod', 'sa' => 'attachments']),
381			'default_sort_col' => 'attach_name',
382			'get_items' => [
383			'function' => 'list_getUnapprovedAttachments',
384			'params' => [
385			$approve_query,
386			],
387			],
388			'get_count' => [
389			'function' => 'list_getNumUnapprovedAttachments',
390			'params' => [
391			$approve_query,
392			],
393			],
394			'columns' => [
395			'attach_name' => [
396			'header' => [
397			'value' => $txt['mc_unapproved_attach_name'],
398			],
399			'data' => [
400			'db' => 'filename',
401			],
402			'sort' => [
403			'default' => 'a.filename',
404			'reverse' => 'a.filename DESC',
405			],
406			],
407			'attach_size' => [
408			'header' => [
409			'value' => $txt['mc_unapproved_attach_size'],
410			],
411			'data' => [
412			'db' => 'size',
413			],
414			'sort' => [
415			'default' => 'a.size',
416			'reverse' => 'a.size DESC',
417			],
418			],
419			'attach_poster' => [
420			'header' => [
421			'value' => $txt['mc_unapproved_attach_poster'],
422			],
423			'data' => [
424			'function' => static fn($data) => $data['poster']['link'],
425			],
426			'sort' => [
427			'default' => 'm.id_member',
428			'reverse' => 'm.id_member DESC',
429			],
430			],
431			'date' => [
432			'header' => [
433			'value' => $txt['date'],
434			'style' => 'width: 18%;',
435			],
436			'data' => [
437			'db' => 'time',
438			'class' => 'smalltext',
439			'style' => 'white-space:nowrap;',
440			],
441			'sort' => [
442			'default' => 'm.poster_time',
443			'reverse' => 'm.poster_time DESC',
444			],
445			],
446			'message' => [
447			'header' => [
448			'value' => $txt['post'],
449			],
450			'data' => [
451			'function' => static function ($data) {
452			global $modSettings;
453			return '<a href="' . $data['message']['href'] . '">' . Util::shorten_text($data['message']['subject'], empty($modSettings['subject_length']) ? 32 : $modSettings['subject_length']) . '</a>';
454			},
455			'class' => 'smalltext',
456			'style' => 'width:15em;',
457			],
458			'sort' => [
459			'default' => 'm.subject',
460			'reverse' => 'm.subject DESC',
461			],
462			],
463			'action' => [
464			'header' => [
465			'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />',
466			'style' => 'width: 4%',
467			],
468			'data' => [
469			'sprintf' => [
470			'format' => '<input type="checkbox" name="item[]" value="%1$d" class="input_check" />',
471			'params' => [
472			'id' => false,
473			],
474			],
475			],
476			],
477			],
478			'form' => [
479			'href' => getUrl('action', ['action' => 'moderate', 'area' => 'attachmod', 'sa' => 'attachments']),
480			'include_sort' => true,
481			'include_start' => true,
482			'hidden_fields' => [
483			$context['session_var'] => $context['session_id'],
484			],
485			'token' => 'mod-ap',
486			],
487			'additional_rows' => [
488			[
489			'position' => 'bottom_of_list',
490			'value' => '
491			<select name="do" onchange="if (this.value != 0 && confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();">
492			<option value="0">' . $txt['with_selected'] . ':</option>
493			<option value="0" disabled="disabled">' . str_repeat('—', strlen($txt['approve'])) . '</option>
494			<option value="approve">➤ ' . $txt['approve'] . '</option>
495			<option value="delete">➤ ' . $txt['delete'] . '</option>
496			</select>
497			<noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="right_submit" /></noscript>',
498			'class' => 'floatright',
499			],
500			],
501			];
502
503			// Create the request list.
504			createToken('mod-ap');
505			createList($listOptions);
506
507			$context['sub_template'] = 'show_list';
508			$context['default_list'] = 'mc_unapproved_attach';
509			$context[$context['moderation_menu_name']]['object']->prepareTabData([
510			'title' => $txt['mc_unapproved_attachments'],
511			'description' => $txt['mc_unapproved_attachments_desc']
512			]);
513			}
514
515			/**
516			* Approve or un-approve a post just the one or a topic if its the first post
517			*/
518			public function action_approve(): void
519			{
520			global $topic, $board;
521
522			checkSession('get');
523
524			$current_msg = $this->_req->getQuery('msg', 'intval', 0);
525
526			// Needy baby, Greedy baby
527			require_once(SUBSDIR . '/Topic.subs.php');
528			require_once(SUBSDIR . '/Post.subs.php');
529			require_once(SUBSDIR . '/Messages.subs.php');
530
531			isAllowedTo('approve_posts');
532
533			$message_info = basicMessageInfo($current_msg, false, true);
534
535			// If it's the first in a topic then the whole topic gets approved!
536			if ($message_info['id_first_msg'] == $current_msg)
537			{
538			approveTopics($topic, !$message_info['approved'], $message_info['id_member_started'] != $this->user->id);
539			}
540			else
541			{
542			approvePosts($current_msg, !$message_info['approved']);
543
544			if ($message_info['id_member'] != $this->user->id)
545			{
546			logAction(($message_info['approved'] ? 'un' : '') . 'approve', ['topic' => $topic, 'subject' => $message_info['subject'], 'member' => $message_info['id_member'], 'board' => $board]);
547			}
548			}
549
550			Cache::instance()->remove('num_menu_errors');
551
552			redirectexit('topic=' . $topic . '.msg' . $current_msg . '#msg' . $current_msg);
553			}
554			}
555

elkarte / Elkarte

Issues (1693)

sources/ElkArte/Controller/PostModeration.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like