This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | namespace XoopsModules\Newbb; |
||
4 | |||
5 | // |
||
6 | // ------------------------------------------------------------------------ // |
||
7 | // XOOPS - PHP Content Management System // |
||
8 | // Copyright (c) 2000-2020 XOOPS.org // |
||
9 | // <https://xoops.org> // |
||
10 | // ------------------------------------------------------------------------ // |
||
11 | // This program is free software; you can redistribute it and/or modify // |
||
12 | // it under the terms of the GNU General Public License as published by // |
||
13 | // the Free Software Foundation; either version 2 of the License, or // |
||
14 | // (at your option) any later version. // |
||
15 | // // |
||
16 | // You may not change or alter any portion of this comment or credits // |
||
17 | // of supporting developers from this source code or any supporting // |
||
18 | // source code which is considered copyrighted (c) material of the // |
||
19 | // original comment or credit authors. // |
||
20 | // // |
||
21 | // This program is distributed in the hope that it will be useful, // |
||
22 | // but WITHOUT ANY WARRANTY; without even the implied warranty of // |
||
23 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // |
||
24 | // GNU General Public License for more details. // |
||
25 | // // |
||
26 | // You should have received a copy of the GNU General Public License // |
||
27 | // along with this program; if not, write to the Free Software // |
||
28 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // |
||
29 | // ------------------------------------------------------------------------ // |
||
30 | // Author: phppp (D.J., [email protected]) // |
||
31 | // URL: https://xoops.org // |
||
32 | // Project: Article Project // |
||
33 | // ------------------------------------------------------------------------ // |
||
34 | |||
35 | use Xmf\Highlighter; |
||
36 | use Xmf\Request; |
||
37 | use XoopsModules\Newbb; |
||
38 | |||
39 | |||
40 | |||
41 | \defined('NEWBB_FUNCTIONS_INI') || require $GLOBALS['xoops']->path('modules/newbb/include/functions.ini.php'); |
||
42 | |||
43 | /** |
||
44 | * Class Post |
||
45 | */ |
||
46 | class Post extends \XoopsObject |
||
47 | { |
||
48 | //class Post extends \XoopsObject { |
||
49 | private $attachmentArray = []; |
||
50 | |||
51 | public function __construct() |
||
52 | { |
||
53 | parent::__construct(); |
||
54 | |||
55 | $this->initVar('post_id', \XOBJ_DTYPE_INT); |
||
56 | $this->initVar('topic_id', \XOBJ_DTYPE_INT, 0, true); |
||
57 | $this->initVar('forum_id', \XOBJ_DTYPE_INT, 0, true); |
||
58 | $this->initVar('post_time', \XOBJ_DTYPE_INT, 0, true); |
||
59 | // $this->initVar('poster_ip', XOBJ_DTYPE_INT, 0); |
||
60 | $this->initVar('poster_ip', \XOBJ_DTYPE_TXTBOX, ''); |
||
61 | $this->initVar('poster_name', \XOBJ_DTYPE_TXTBOX, ''); |
||
62 | $this->initVar('subject', \XOBJ_DTYPE_TXTBOX, '', true); |
||
63 | $this->initVar('pid', \XOBJ_DTYPE_INT, 0); |
||
64 | $this->initVar('dohtml', \XOBJ_DTYPE_INT, 0); |
||
65 | $this->initVar('dosmiley', \XOBJ_DTYPE_INT, 1); |
||
66 | $this->initVar('doxcode', \XOBJ_DTYPE_INT, 1); |
||
67 | $this->initVar('doimage', \XOBJ_DTYPE_INT, 1); |
||
68 | $this->initVar('dobr', \XOBJ_DTYPE_INT, 1); |
||
69 | $this->initVar('uid', \XOBJ_DTYPE_INT, 1); |
||
70 | $this->initVar('icon', \XOBJ_DTYPE_TXTBOX, ''); |
||
71 | $this->initVar('attachsig', \XOBJ_DTYPE_INT, 0); |
||
72 | $this->initVar('approved', \XOBJ_DTYPE_INT, 1); |
||
73 | $this->initVar('post_karma', \XOBJ_DTYPE_INT, 0); |
||
74 | $this->initVar('require_reply', \XOBJ_DTYPE_INT, 0); |
||
75 | $this->initVar('attachment', \XOBJ_DTYPE_TXTAREA, ''); |
||
76 | $this->initVar('post_text', \XOBJ_DTYPE_TXTAREA, ''); |
||
77 | $this->initVar('post_edit', \XOBJ_DTYPE_TXTAREA, ''); |
||
78 | } |
||
79 | |||
80 | // //////////////////////////////////////////////////////////////////////////////////// |
||
81 | // attachment functions TODO: there should be a file/attachment management class |
||
82 | |||
83 | /** |
||
84 | * @return array|mixed|null |
||
85 | */ |
||
86 | public function getAttachment() |
||
87 | { |
||
88 | if (\count($this->attachmentArray)) { |
||
89 | return $this->attachmentArray; |
||
90 | } |
||
91 | $attachment = $this->getVar('attachment'); |
||
92 | if (empty($attachment)) { |
||
93 | $this->attachmentArray = []; |
||
94 | } else { |
||
95 | $this->attachmentArray = @\unserialize(\base64_decode($attachment, true)); |
||
96 | } |
||
97 | |||
98 | return $this->attachmentArray; |
||
99 | } |
||
100 | |||
101 | /** |
||
102 | * @param $attachKey |
||
103 | * @return bool |
||
104 | */ |
||
105 | public function incrementDownload($attachKey) |
||
106 | { |
||
107 | if (!$attachKey) { |
||
108 | return false; |
||
109 | } |
||
110 | $this->attachmentArray[(string)$attachKey]['numDownload']++; |
||
111 | |||
112 | return $this->attachmentArray[(string)$attachKey]['numDownload']; |
||
113 | } |
||
114 | |||
115 | /** |
||
116 | * @return bool |
||
117 | */ |
||
118 | public function saveAttachment() |
||
119 | { |
||
120 | $attachmentSave = ''; |
||
121 | if ($this->attachmentArray && \is_array($this->attachmentArray)) { |
||
122 | $attachmentSave = \base64_encode(\serialize($this->attachmentArray)); |
||
123 | } |
||
124 | $this->setVar('attachment', $attachmentSave); |
||
125 | $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('newbb_posts') . ' SET attachment=' . $GLOBALS['xoopsDB']->quoteString($attachmentSave) . ' WHERE post_id = ' . $this->getVar('post_id'); |
||
126 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
127 | //xoops_error($GLOBALS['xoopsDB']->error()); |
||
128 | return false; |
||
129 | } |
||
130 | |||
131 | return true; |
||
132 | } |
||
133 | |||
134 | /** |
||
135 | * @param array|null $attachArray |
||
136 | * @return bool |
||
137 | */ |
||
138 | public function deleteAttachment($attachArray = null) |
||
139 | { |
||
140 | $attachOld = $this->getAttachment(); |
||
141 | if (!\is_array($attachOld) || \count($attachOld) < 1) { |
||
142 | return true; |
||
143 | } |
||
144 | $this->attachmentArray = []; |
||
145 | |||
146 | if (null === $attachArray) { |
||
147 | $attachArray = \array_keys($attachOld); |
||
148 | } // to delete all! |
||
149 | if (!\is_array($attachArray)) { |
||
150 | $attachArray = [$attachArray]; |
||
151 | } |
||
152 | |||
153 | foreach ($attachOld as $key => $attach) { |
||
154 | if (\in_array($key, $attachArray)) { |
||
155 | $file = $GLOBALS['xoops']->path($GLOBALS['xoopsModuleConfig']['dir_attachments'] . '/' . $attach['name_saved']); |
||
156 | @\unlink($file); |
||
0 ignored issues
–
show
|
|||
157 | $file = $GLOBALS['xoops']->path($GLOBALS['xoopsModuleConfig']['dir_attachments'] . '/thumbs/' . $attach['name_saved']); // delete thumbnails |
||
158 | @\unlink($file); |
||
159 | continue; |
||
160 | } |
||
161 | $this->attachmentArray[$key] = $attach; |
||
162 | } |
||
163 | $attachmentSave = ''; |
||
164 | if ($this->attachmentArray && \is_array($this->attachmentArray)) { |
||
165 | $attachmentSave = \base64_encode(\serialize($this->attachmentArray)); |
||
166 | } |
||
167 | $this->setVar('attachment', $attachmentSave); |
||
168 | |||
169 | return true; |
||
170 | } |
||
171 | |||
172 | /** |
||
173 | * @param string $name_saved |
||
174 | * @param string $nameDisplay |
||
175 | * @param string $mimetype |
||
176 | * @param int $numDownload |
||
177 | * @return bool |
||
178 | */ |
||
179 | public function setAttachment($name_saved = '', $nameDisplay = '', $mimetype = '', $numDownload = 0) |
||
180 | { |
||
181 | static $counter = 0; |
||
182 | $this->attachmentArray = $this->getAttachment(); |
||
183 | if ($name_saved) { |
||
184 | $key = (string)(\time() + $counter++); |
||
185 | $this->attachmentArray[$key] = [ |
||
186 | 'name_saved' => $name_saved, |
||
187 | 'nameDisplay' => empty($nameDisplay) ? $nameDisplay : $name_saved, |
||
188 | 'mimetype' => $mimetype, |
||
189 | 'numDownload' => empty($numDownload) ? (int)$numDownload : 0, |
||
190 | ]; |
||
191 | } |
||
192 | $attachmentSave = null; |
||
193 | if (\is_array($this->attachmentArray)) { |
||
194 | $attachmentSave = \base64_encode(\serialize($this->attachmentArray)); |
||
195 | } |
||
196 | $this->setVar('attachment', $attachmentSave); |
||
197 | |||
198 | return true; |
||
199 | } |
||
200 | |||
201 | /** |
||
202 | * TODO: refactor |
||
203 | * @param bool $asSource |
||
204 | * @return string |
||
205 | */ |
||
206 | public function displayAttachment($asSource = false) |
||
207 | { |
||
208 | global $xoopsModule; |
||
209 | |||
210 | $post_attachment = ''; |
||
211 | $attachments = $this->getAttachment(); |
||
212 | if ($attachments && \is_array($attachments)) { |
||
213 | $iconHandler = \newbbGetIconHandler(); |
||
214 | $mime_path = $iconHandler->getPath('mime'); |
||
215 | require_once \dirname(__DIR__) . '/include/functions.image.php'; |
||
216 | $image_extensions = ['jpg', 'jpeg', 'gif', 'png', 'bmp']; // need improve !!! |
||
217 | $post_attachment .= '<br><strong>' . \_MD_NEWBB_ATTACHMENT . '</strong>:'; |
||
218 | $post_attachment .= '<br><hr size="1" noshade="noshade" ><br>'; |
||
219 | foreach ($attachments as $key => $att) { |
||
220 | $file_extension = \ltrim(mb_strrchr($att['name_saved'], '.'), '.'); |
||
221 | $filetype = $file_extension; |
||
222 | if (\file_exists($GLOBALS['xoops']->path($mime_path . '/' . $filetype . '.gif'))) { |
||
223 | $icon_filetype = XOOPS_URL . '/' . $mime_path . '/' . $filetype . '.gif'; |
||
224 | } else { |
||
225 | $icon_filetype = XOOPS_URL . '/' . $mime_path . '/unknown.gif'; |
||
226 | } |
||
227 | $file_size = @\filesize($GLOBALS['xoops']->path($GLOBALS['xoopsModuleConfig']['dir_attachments'] . '/' . $att['name_saved'])); |
||
228 | $file_size = \number_format($file_size / 1024, 2) . ' KB'; |
||
229 | if (\in_array(mb_strtolower($file_extension), $image_extensions) |
||
230 | && $GLOBALS['xoopsModuleConfig']['media_allowed']) { |
||
231 | $post_attachment .= '<br><img src="' . $icon_filetype . '" alt="' . $filetype . '" ><strong> ' . $att['nameDisplay'] . '</strong> <small>(' . $file_size . ')</small>'; |
||
232 | $post_attachment .= '<br>' . \newbbAttachmentImage($att['name_saved']); |
||
233 | $isDisplayed = true; |
||
234 | } else { |
||
235 | if (empty($GLOBALS['xoopsModuleConfig']['show_userattach'])) { |
||
236 | $post_attachment .= '<a href="' |
||
237 | . XOOPS_URL |
||
238 | . '/modules/' |
||
239 | . $xoopsModule->getVar('dirname', 'n') |
||
240 | . '/dl_attachment.php?attachid=' |
||
241 | . $key |
||
242 | . '&post_id=' |
||
243 | . $this->getVar('post_id') |
||
244 | . '"> <img src="' |
||
245 | . $icon_filetype |
||
246 | . '" alt="' |
||
247 | . $filetype |
||
248 | . '" > ' |
||
249 | . $att['nameDisplay'] |
||
250 | . '</a> ' |
||
251 | . \_MD_NEWBB_FILESIZE |
||
252 | . ': ' |
||
253 | . $file_size |
||
254 | . '; ' |
||
255 | . \_MD_NEWBB_HITS |
||
256 | . ': ' |
||
257 | . $att['numDownload']; |
||
258 | } elseif ($GLOBALS['xoopsUser'] && $GLOBALS['xoopsUser']->uid() > 0 |
||
259 | && $GLOBALS['xoopsUser']->isactive()) { |
||
260 | $post_attachment .= '<a href="' |
||
261 | . XOOPS_URL |
||
262 | . '/modules/' |
||
263 | . $xoopsModule->getVar('dirname', 'n') |
||
264 | . '/dl_attachment.php?attachid=' |
||
265 | . $key |
||
266 | . '&post_id=' |
||
267 | . $this->getVar('post_id') |
||
268 | . '"> <img src="' |
||
269 | . $icon_filetype |
||
270 | . '" alt="' |
||
271 | . $filetype |
||
272 | . '" > ' |
||
273 | . $att['nameDisplay'] |
||
274 | . '</a> ' |
||
275 | . \_MD_NEWBB_FILESIZE |
||
276 | . ': ' |
||
277 | . $file_size |
||
278 | . '; ' |
||
279 | . \_MD_NEWBB_HITS |
||
280 | . ': ' |
||
281 | . $att['numDownload']; |
||
282 | } else { |
||
283 | $post_attachment .= _MD_NEWBB_SEENOTGUEST; |
||
284 | } |
||
285 | } |
||
286 | $post_attachment .= '<br>'; |
||
287 | } |
||
288 | } |
||
289 | |||
290 | return $post_attachment; |
||
291 | } |
||
292 | |||
293 | // attachment functions |
||
294 | // //////////////////////////////////////////////////////////////////////////////////// |
||
295 | |||
296 | /** |
||
297 | * @param string $poster_name |
||
298 | * @param string $post_editmsg |
||
299 | * @return bool |
||
300 | */ |
||
301 | public function setPostEdit($poster_name = '', $post_editmsg = '') |
||
302 | { |
||
303 | $edit_user = ''; |
||
304 | if (empty($GLOBALS['xoopsModuleConfig']['recordedit_timelimit']) |
||
305 | || (\time() - $this->getVar('post_time')) < $GLOBALS['xoopsModuleConfig']['recordedit_timelimit'] * 60 |
||
306 | || $this->getVar('approved') < 1) { |
||
307 | return true; |
||
308 | } |
||
309 | if (\is_object($GLOBALS['xoopsUser']) && $GLOBALS['xoopsUser']->isActive()) { |
||
310 | if ($GLOBALS['xoopsModuleConfig']['show_realname'] && $GLOBALS['xoopsUser']->getVar('name')) { |
||
311 | $edit_user = $GLOBALS['xoopsUser']->getVar('name'); |
||
312 | } else { |
||
313 | $edit_user = $GLOBALS['xoopsUser']->getVar('uname'); |
||
314 | } |
||
315 | } |
||
316 | $post_edit = []; |
||
317 | $post_edit['edit_user'] = $edit_user; // (?) The proper way is to store uid instead of name. |
||
318 | // However, to save queries when displaying, the current way is ok. |
||
319 | $post_edit['edit_time'] = \time(); |
||
320 | $post_edit['edit_msg'] = $post_editmsg; |
||
321 | |||
322 | $post_edits = $this->getVar('post_edit'); |
||
323 | if (!empty($post_edits)) { |
||
324 | $post_edits = \unserialize(\base64_decode($post_edits, true)); |
||
325 | } |
||
326 | if (!\is_array($post_edits)) { |
||
327 | $post_edits = []; |
||
328 | } |
||
329 | $post_edits[] = $post_edit; |
||
330 | $post_edit = \base64_encode(\serialize($post_edits)); |
||
331 | unset($post_edits); |
||
332 | $this->setVar('post_edit', $post_edit); |
||
333 | |||
334 | return true; |
||
335 | } |
||
336 | |||
337 | /** |
||
338 | * @return bool|string |
||
339 | */ |
||
340 | public function displayPostEdit() |
||
341 | { |
||
342 | global $myts; |
||
343 | |||
344 | if (empty($GLOBALS['xoopsModuleConfig']['recordedit_timelimit'])) { |
||
345 | return false; |
||
346 | } |
||
347 | |||
348 | $post_edit = ''; |
||
349 | $post_edits = $this->getVar('post_edit'); |
||
350 | if (!empty($post_edits)) { |
||
351 | $post_edits = \unserialize(\base64_decode($post_edits, true)); |
||
352 | } |
||
353 | if (!isset($post_edits) || !\is_array($post_edits)) { |
||
354 | $post_edits = []; |
||
355 | } |
||
356 | if ($post_edits && \is_array($post_edits)) { |
||
357 | foreach ($post_edits as $postedit) { |
||
358 | $edit_time = (int)$postedit['edit_time']; |
||
359 | $edit_user = $postedit['edit_user']; |
||
360 | $edit_msg = !empty($postedit['edit_msg']) ? $postedit['edit_msg'] : ''; |
||
361 | // Start irmtfan add option to do only the latest edit when do_latestedit=0 (Alfred) |
||
362 | if (empty($GLOBALS['xoopsModuleConfig']['do_latestedit'])) { |
||
363 | $post_edit = ''; |
||
364 | } |
||
365 | // End irmtfan add option to do only the latest edit when do_latestedit=0 (Alfred) |
||
366 | // START hacked by irmtfan |
||
367 | // display/save all edit records. |
||
368 | $post_edit .= \_MD_NEWBB_EDITEDBY . ' ' . $edit_user . ' ' . \_MD_NEWBB_ON . ' ' . \formatTimestamp($edit_time) . '<br>'; |
||
369 | // if reason is not empty |
||
370 | if ('' !== $edit_msg) { |
||
371 | $post_edit .= \_MD_NEWBB_EDITEDMSG . ' ' . $edit_msg . '<br>'; |
||
372 | } |
||
373 | // START hacked by irmtfan |
||
374 | } |
||
375 | } |
||
376 | |||
377 | return $post_edit; |
||
378 | } |
||
379 | |||
380 | /** |
||
381 | * @return array |
||
382 | */ |
||
383 | public function &getPostBody() |
||
384 | { |
||
385 | global $viewtopic_users; |
||
386 | $newbbConfig = \newbbLoadConfig(); |
||
387 | require_once \dirname(__DIR__) . '/include/functions.user.php'; |
||
388 | require_once \dirname(__DIR__) . '/include/functions.render.php'; |
||
389 | |||
390 | $uid = \is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getVar('uid') : 0; |
||
391 | /** @var KarmaHandler $karmaHandler */ |
||
392 | $karmaHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Karma'); |
||
393 | $user_karma = $karmaHandler->getUserKarma(); |
||
394 | |||
395 | $post = []; |
||
396 | $post['attachment'] = false; |
||
397 | $post_text = \newbbDisplayTarea($this->vars['post_text']['value'], $this->getVar('dohtml'), $this->getVar('dosmiley'), $this->getVar('doxcode'), $this->getVar('doimage'), $this->getVar('dobr')); |
||
398 | if (\newbbIsAdmin($this->getVar('forum_id')) || $this->checkIdentity()) { |
||
399 | $post['text'] = $post_text . '<br>' . $this->displayAttachment(); |
||
400 | } elseif ($newbbConfig['enable_karma'] && $this->getVar('post_karma') > $user_karma) { |
||
401 | $post['text'] = \sprintf(\_MD_NEWBB_KARMA_REQUIREMENT, $user_karma, $this->getVar('post_karma')); |
||
402 | } elseif ($newbbConfig['allow_require_reply'] && $this->getVar('require_reply') |
||
403 | && (!$uid || !isset($viewtopic_users[$uid]))) { |
||
404 | $post['text'] = \_MD_NEWBB_REPLY_REQUIREMENT; |
||
405 | } else { |
||
406 | $post['text'] = $post_text . '<br>' . $this->displayAttachment(); |
||
407 | } |
||
408 | /** @var \XoopsMemberHandler $memberHandler */ |
||
409 | $memberHandler = \xoops_getHandler('member'); |
||
410 | $eachposter = $memberHandler->getUser($this->getVar('uid')); |
||
411 | if (\is_object($eachposter) && $eachposter->isActive()) { |
||
412 | if ($newbbConfig['show_realname'] && $eachposter->getVar('name')) { |
||
413 | $post['author'] = $eachposter->getVar('name'); |
||
414 | } else { |
||
415 | $post['author'] = $eachposter->getVar('uname'); |
||
416 | } |
||
417 | unset($eachposter); |
||
418 | } else { |
||
419 | $post['author'] = $this->getVar('poster_name') ?: $GLOBALS['xoopsConfig']['anonymous']; |
||
420 | } |
||
421 | |||
422 | $post['subject'] = \newbbHtmlspecialchars($this->vars['subject']['value']); |
||
423 | |||
424 | $post['date'] = $this->getVar('post_time'); |
||
425 | |||
426 | return $post; |
||
427 | } |
||
428 | |||
429 | /** |
||
430 | * @return bool |
||
431 | */ |
||
432 | public function isTopic() |
||
433 | { |
||
434 | return !$this->getVar('pid'); |
||
435 | } |
||
436 | |||
437 | /** |
||
438 | * @param string $action_tag |
||
439 | * @return bool |
||
440 | */ |
||
441 | public function checkTimelimit($action_tag = 'edit_timelimit') |
||
442 | { |
||
443 | $newbbConfig = \newbbLoadConfig(); |
||
444 | if (empty($newbbConfig['edit_timelimit'])) { |
||
445 | return true; |
||
446 | } |
||
447 | |||
448 | return ($this->getVar('post_time') > \time() - $newbbConfig[$action_tag] * 60); |
||
449 | } |
||
450 | |||
451 | /** |
||
452 | * @param int $uid |
||
453 | * @return bool |
||
454 | */ |
||
455 | public function checkIdentity($uid = -1) |
||
456 | { |
||
457 | $uid = ($uid > -1) ? $uid : (\is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getVar('uid') : 0); |
||
458 | if ($this->getVar('uid') > 0) { |
||
459 | $user_ok = ($uid == $this->getVar('uid')); |
||
460 | } else { |
||
461 | static $user_ip; |
||
462 | if (!isset($user_ip)) { |
||
463 | $user_ip = \Xmf\IPAddress::fromRequest()->asReadable(); |
||
464 | } |
||
465 | $user_ok = ($user_ip == $this->getVar('poster_ip')); |
||
466 | } |
||
467 | |||
468 | return $user_ok; |
||
469 | } |
||
470 | |||
471 | // TODO: cleaning up and merge with post hanldings in viewpost.php |
||
472 | |||
473 | /** |
||
474 | * @param $isAdmin |
||
475 | * @return array |
||
476 | */ |
||
477 | public function showPost($isAdmin) |
||
478 | { |
||
479 | global $xoopsModule, $myts; |
||
480 | global $forumUrl, $forumImage, $forumObject, $online, $viewmode; |
||
481 | global $viewtopic_users, $viewtopic_posters, $topicObject, $user_karma; |
||
482 | global $order, $start, $total_posts, $topic_status; |
||
483 | static $post_NO = 0; |
||
484 | static $name_anonymous; |
||
485 | /** @var TopicHandler $topicHandler */ |
||
486 | $topicHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Topic'); |
||
487 | if (null === $name_anonymous) { |
||
488 | $name_anonymous = $myts->htmlSpecialChars($GLOBALS['xoopsConfig']['anonymous']); |
||
489 | } |
||
490 | |||
491 | require_once \dirname(__DIR__) . '/include/functions.time.php'; |
||
492 | require_once \dirname(__DIR__) . '/include/functions.render.php'; |
||
493 | |||
494 | $post_id = $this->getVar('post_id'); |
||
495 | $topic_id = $this->getVar('topic_id'); |
||
496 | $forum_id = $this->getVar('forum_id'); |
||
497 | |||
498 | $query_vars = ['status', 'order', 'start', 'mode', 'viewmode']; |
||
499 | $query_array = []; |
||
500 | $query_array['topic_id'] = "topic_id={$topic_id}"; |
||
501 | foreach ($query_vars as $var) { |
||
502 | if (Request::getString($var, '', 'GET')) { |
||
503 | $query_array[$var] = "{$var}=" . Request::getString($var, '', 'GET'); |
||
504 | } |
||
505 | } |
||
506 | $page_query = \htmlspecialchars(\implode('&', \array_values($query_array)), \ENT_QUOTES | \ENT_HTML5); |
||
507 | |||
508 | $uid = \is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getVar('uid') : 0; |
||
509 | |||
510 | ++$post_NO; |
||
511 | if ('desc' === mb_strtolower($order)) { |
||
512 | $post_no = $total_posts - ($start + $post_NO) + 1; |
||
513 | } else { |
||
514 | $post_no = $start + $post_NO; |
||
515 | } |
||
516 | |||
517 | if ($isAdmin || $this->checkIdentity()) { |
||
518 | $post_text = $this->getVar('post_text'); |
||
519 | $post_attachment = $this->displayAttachment(); |
||
520 | } elseif ($GLOBALS['xoopsModuleConfig']['enable_karma'] && $this->getVar('post_karma') > $user_karma) { |
||
521 | $post_text = "<div class='karma'>" . \sprintf(\_MD_NEWBB_KARMA_REQUIREMENT, $user_karma, $this->getVar('post_karma')) . '</div>'; |
||
522 | $post_attachment = ''; |
||
523 | } elseif ($GLOBALS['xoopsModuleConfig']['allow_require_reply'] && $this->getVar('require_reply') |
||
524 | && (!$uid || !\in_array($uid, $viewtopic_posters))) { |
||
525 | $post_text = "<div class='karma'>" . \_MD_NEWBB_REPLY_REQUIREMENT . '</div>'; |
||
526 | $post_attachment = ''; |
||
527 | } else { |
||
528 | $post_text = $this->getVar('post_text'); |
||
529 | $post_attachment = $this->displayAttachment(); |
||
530 | } |
||
531 | |||
532 | // Hightlight search words |
||
533 | $post_title = $this->getVar('subject'); |
||
534 | $keywords = Request::getString('keywords', '', 'GET'); |
||
535 | if ($keywords) { |
||
536 | //$keywords = $myts->htmlSpecialChars(trim(urldecode(Request::getString('keywords', '', 'GET')))); |
||
537 | $post_text = Highlighter::apply($keywords, $post_text, '<mark>', '</mark>'); |
||
538 | $post_title = Highlighter::apply($keywords, $post_title, '<mark>', '</mark>'); |
||
539 | } |
||
540 | |||
541 | if (isset($viewtopic_users[$this->getVar('uid')])) { |
||
542 | $poster = $viewtopic_users[$this->getVar('uid')]; |
||
543 | } else { |
||
544 | $name = ($post_name = $this->getVar('poster_name')) ? $post_name : $name_anonymous; |
||
545 | $poster = [ |
||
546 | 'poster_uid' => 0, |
||
547 | 'name' => $name, |
||
548 | 'link' => $name, |
||
549 | ]; |
||
550 | } |
||
551 | |||
552 | $posticon = $this->getVar('icon'); |
||
553 | if ($posticon) { |
||
554 | $post_image = '<a name="' . $post_id . '"><img src="' . XOOPS_URL . '/images/subject/' . $posticon . '" alt="" ></a>'; |
||
555 | } else { |
||
556 | $post_image = '<a name="' . $post_id . '"><img src="' . XOOPS_URL . '/images/icons/posticon.gif" alt="" ></a>'; |
||
557 | } |
||
558 | |||
559 | $thread_buttons = []; |
||
560 | $mod_buttons = []; |
||
561 | |||
562 | if ($isAdmin && ($GLOBALS['xoopsUser'] && $GLOBALS['xoopsUser']->getVar('uid') !== $this->getVar('uid')) |
||
563 | && $this->getVar('uid') > 0) { |
||
564 | $mod_buttons['bann']['image'] = \newbbDisplayImage('p_bann', \_MD_NEWBB_SUSPEND_MANAGEMENT); |
||
565 | $mod_buttons['bann']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/moderate.php?forum=' . $forum_id . '&uid=' . $this->getVar('uid'); |
||
566 | $mod_buttons['bann']['name'] = \_MD_NEWBB_SUSPEND_MANAGEMENT; |
||
567 | $thread_buttons['bann']['image'] = \newbbDisplayImage('p_bann', \_MD_NEWBB_SUSPEND_MANAGEMENT); |
||
568 | $thread_buttons['bann']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/moderate.php?forum=' . $forum_id . '&uid=' . $this->getVar('uid'); |
||
569 | $thread_buttons['bann']['name'] = \_MD_NEWBB_SUSPEND_MANAGEMENT; |
||
570 | } |
||
571 | |||
572 | if ($GLOBALS['xoopsModuleConfig']['enable_permcheck']) { |
||
573 | // /** @var TopicHandler $topicHandler */ |
||
574 | // $topicHandler = Newbb\Helper::getInstance()->getHandler('Topic'); |
||
575 | $topic_status = $topicObject->getVar('topic_status'); |
||
576 | if ($topicHandler->getPermission($forum_id, $topic_status, 'edit')) { |
||
577 | $edit_ok = ($isAdmin || ($this->checkIdentity() && $this->checkTimelimit('edit_timelimit'))); |
||
578 | |||
579 | if ($edit_ok) { |
||
580 | $thread_buttons['edit']['image'] = \newbbDisplayImage('p_edit', _EDIT); |
||
581 | $thread_buttons['edit']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/edit.php?{$page_query}"; |
||
582 | $thread_buttons['edit']['name'] = _EDIT; |
||
583 | $mod_buttons['edit']['image'] = \newbbDisplayImage('p_edit', _EDIT); |
||
584 | $mod_buttons['edit']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/edit.php?{$page_query}"; |
||
585 | $mod_buttons['edit']['name'] = _EDIT; |
||
586 | } |
||
587 | } |
||
588 | |||
589 | if ($topicHandler->getPermission($forum_id, $topic_status, 'delete')) { |
||
590 | $delete_ok = ($isAdmin || ($this->checkIdentity() && $this->checkTimelimit('delete_timelimit'))); |
||
591 | |||
592 | if ($delete_ok) { |
||
593 | $thread_buttons['delete']['image'] = \newbbDisplayImage('p_delete', _DELETE); |
||
594 | $thread_buttons['delete']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/delete.php?{$page_query}"; |
||
595 | $thread_buttons['delete']['name'] = _DELETE; |
||
596 | $mod_buttons['delete']['image'] = \newbbDisplayImage('p_delete', _DELETE); |
||
597 | $mod_buttons['delete']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/delete.php?{$page_query}"; |
||
598 | $mod_buttons['delete']['name'] = _DELETE; |
||
599 | } |
||
600 | } |
||
601 | if ($topicHandler->getPermission($forum_id, $topic_status, 'reply')) { |
||
602 | $thread_buttons['reply']['image'] = \newbbDisplayImage('p_reply', \_MD_NEWBB_REPLY); |
||
603 | $thread_buttons['reply']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/reply.php?{$page_query}"; |
||
604 | $thread_buttons['reply']['name'] = \_MD_NEWBB_REPLY; |
||
605 | |||
606 | $thread_buttons['quote']['image'] = \newbbDisplayImage('p_quote', \_MD_NEWBB_QUOTE); |
||
607 | $thread_buttons['quote']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/reply.php?{$page_query}&quotedac=1"; |
||
608 | $thread_buttons['quote']['name'] = \_MD_NEWBB_QUOTE; |
||
609 | } |
||
610 | } else { |
||
611 | $mod_buttons['edit']['image'] = \newbbDisplayImage('p_edit', _EDIT); |
||
612 | $mod_buttons['edit']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/edit.php?{$page_query}"; |
||
613 | $mod_buttons['edit']['name'] = _EDIT; |
||
614 | |||
615 | $mod_buttons['delete']['image'] = \newbbDisplayImage('p_delete', _DELETE); |
||
616 | $mod_buttons['delete']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/delete.php?{$page_query}"; |
||
617 | $mod_buttons['delete']['name'] = _DELETE; |
||
618 | |||
619 | $thread_buttons['reply']['image'] = \newbbDisplayImage('p_reply', \_MD_NEWBB_REPLY); |
||
620 | $thread_buttons['reply']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/reply.php?{$page_query}"; |
||
621 | $thread_buttons['reply']['name'] = \_MD_NEWBB_REPLY; |
||
622 | } |
||
623 | |||
624 | if (!$isAdmin && $GLOBALS['xoopsModuleConfig']['reportmod_enabled']) { |
||
625 | $thread_buttons['report']['image'] = \newbbDisplayImage('p_report', \_MD_NEWBB_REPORT); |
||
626 | $thread_buttons['report']['link'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/report.php?{$page_query}"; |
||
627 | $thread_buttons['report']['name'] = \_MD_NEWBB_REPORT; |
||
628 | } |
||
629 | |||
630 | $thread_action = []; |
||
631 | // irmtfan add pdf permission |
||
632 | if (\file_exists(XOOPS_ROOT_PATH . '/class/libraries/vendor/tecnickcom/tcpdf/tcpdf.php') |
||
633 | && $topicHandler->getPermission($forum_id, $topic_status, 'pdf')) { |
||
634 | $thread_action['pdf']['image'] = \newbbDisplayImage('pdf', \_MD_NEWBB_PDF); |
||
635 | $thread_action['pdf']['link'] = XOOPS_URL . '/modules/newbb/makepdf.php?type=post&pageid=0'; |
||
636 | $thread_action['pdf']['name'] = \_MD_NEWBB_PDF; |
||
637 | $thread_action['pdf']['target'] = '_blank'; |
||
638 | } |
||
639 | // irmtfan add print permission |
||
640 | if ($topicHandler->getPermission($forum_id, $topic_status, 'print')) { |
||
641 | $thread_action['print']['image'] = \newbbDisplayImage('printer', \_MD_NEWBB_PRINT); |
||
642 | $thread_action['print']['link'] = XOOPS_URL . '/modules/newbb/print.php?form=2&forum=' . $forum_id . '&topic_id=' . $topic_id; |
||
643 | $thread_action['print']['name'] = \_MD_NEWBB_PRINT; |
||
644 | $thread_action['print']['target'] = '_blank'; |
||
645 | } |
||
646 | |||
647 | if ($GLOBALS['xoopsModuleConfig']['show_sociallinks']) { |
||
648 | $full_title = $this->getVar('subject'); |
||
649 | $clean_title = \preg_replace('/[^A-Za-z0-9-]+/', '+', $this->getVar('subject')); |
||
650 | $full_link = XOOPS_URL . '/modules/newbb/viewtopic.php?post_id=' . $post_id; |
||
651 | |||
652 | $thread_action['social_twitter']['image'] = \newbbDisplayImage('twitter', \_MD_NEWBB_SHARE_TWITTER); |
||
653 | $thread_action['social_twitter']['link'] = 'http://twitter.com/share?text=' . $clean_title . '&url=' . $full_link; |
||
654 | $thread_action['social_twitter']['name'] = \_MD_NEWBB_SHARE_TWITTER; |
||
655 | $thread_action['social_twitter']['target'] = '_blank'; |
||
656 | |||
657 | $thread_action['social_facebook']['image'] = \newbbDisplayImage('facebook', \_MD_NEWBB_SHARE_FACEBOOK); |
||
658 | $thread_action['social_facebook']['link'] = 'http://www.facebook.com/sharer.php?u=' . $full_link; |
||
659 | $thread_action['social_facebook']['name'] = \_MD_NEWBB_SHARE_FACEBOOK; |
||
660 | $thread_action['social_facebook']['target'] = '_blank'; |
||
661 | |||
662 | $thread_action['social_gplus']['image'] = \newbbDisplayImage('googleplus', \_MD_NEWBB_SHARE_GOOGLEPLUS); |
||
663 | $thread_action['social_gplus']['link'] = 'https://plusone.google.com/_/+1/confirm?hl=en&url=' . $full_link; |
||
664 | $thread_action['social_gplus']['name'] = \_MD_NEWBB_SHARE_GOOGLEPLUS; |
||
665 | $thread_action['social_gplus']['target'] = '_blank'; |
||
666 | |||
667 | $thread_action['social_linkedin']['image'] = \newbbDisplayImage('linkedin', \_MD_NEWBB_SHARE_LINKEDIN); |
||
668 | $thread_action['social_linkedin']['link'] = 'http://www.linkedin.com/shareArticle?mini=true&title=' . $full_title . '&url=' . $full_link; |
||
669 | $thread_action['social_linkedin']['name'] = \_MD_NEWBB_SHARE_LINKEDIN; |
||
670 | $thread_action['social_linkedin']['target'] = '_blank'; |
||
671 | |||
672 | $thread_action['social_delicious']['image'] = \newbbDisplayImage('delicious', \_MD_NEWBB_SHARE_DELICIOUS); |
||
673 | $thread_action['social_delicious']['link'] = 'http://del.icio.us/post?title=' . $full_title . '&url=' . $full_link; |
||
674 | $thread_action['social_delicious']['name'] = \_MD_NEWBB_SHARE_DELICIOUS; |
||
675 | $thread_action['social_delicious']['target'] = '_blank'; |
||
676 | |||
677 | $thread_action['social_digg']['image'] = \newbbDisplayImage('digg', \_MD_NEWBB_SHARE_DIGG); |
||
678 | $thread_action['social_digg']['link'] = 'http://digg.com/submit?phase=2&title=' . $full_title . '&url=' . $full_link; |
||
679 | $thread_action['social_digg']['name'] = \_MD_NEWBB_SHARE_DIGG; |
||
680 | $thread_action['social_digg']['target'] = '_blank'; |
||
681 | |||
682 | $thread_action['social_reddit']['image'] = \newbbDisplayImage('reddit', \_MD_NEWBB_SHARE_REDDIT); |
||
683 | $thread_action['social_reddit']['link'] = 'http://reddit.com/submit?title=' . $full_title . '&url=' . $full_link; |
||
684 | $thread_action['social_reddit']['name'] = \_MD_NEWBB_SHARE_REDDIT; |
||
685 | $thread_action['social_reddit']['target'] = '_blank'; |
||
686 | |||
687 | $thread_action['social_wong']['image'] = \newbbDisplayImage('wong', \_MD_NEWBB_SHARE_MRWONG); |
||
688 | $thread_action['social_wong']['link'] = 'http://www.mister-wong.de/index.php?action=addurl&bm_url=' . $full_link; |
||
689 | $thread_action['social_wong']['name'] = \_MD_NEWBB_SHARE_MRWONG; |
||
690 | $thread_action['social_wong']['target'] = '_blank'; |
||
691 | } |
||
692 | |||
693 | $post = [ |
||
694 | 'post_id' => $post_id, |
||
695 | 'post_parent_id' => $this->getVar('pid'), |
||
696 | 'post_date' => \newbbFormatTimestamp($this->getVar('post_time')), |
||
697 | 'post_image' => $post_image, |
||
698 | 'post_title' => $post_title, |
||
699 | // irmtfan $post_title to add highlight keywords |
||
700 | 'post_text' => $post_text, |
||
701 | 'post_attachment' => $post_attachment, |
||
702 | 'post_edit' => $this->displayPostEdit(), |
||
703 | 'post_no' => $post_no, |
||
704 | 'post_signature' => $this->getVar('attachsig') ? @$poster['signature'] : '', |
||
705 | // 'poster_ip' => ($isAdmin && $GLOBALS['xoopsModuleConfig']['show_ip']) ? long2ip($this->getVar('poster_ip')) : '', |
||
706 | 'poster_ip' => ($isAdmin |
||
707 | && $GLOBALS['xoopsModuleConfig']['show_ip']) ? $this->getVar('poster_ip') : '', |
||
708 | 'thread_action' => $thread_action, |
||
709 | 'thread_buttons' => $thread_buttons, |
||
710 | 'mod_buttons' => $mod_buttons, |
||
711 | 'poster' => $poster, |
||
712 | 'post_permalink' => '<a href="' . XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/viewtopic.php?post_id=' . $post_id . '"></a>', |
||
713 | ]; |
||
714 | |||
715 | unset($thread_buttons, $mod_buttons, $eachposter); |
||
716 | |||
717 | return $post; |
||
718 | } |
||
719 | } |
||
720 |
If you suppress an error, we recommend checking for the error condition explicitly: