"Fossies" - the Fresh Open Source Software Archive

Member "Upload/editpost.php" (8 Jun 2019, 28909 Bytes) of package /linux/www/mybb_1821.zip:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "editpost.php" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1820_vs_1821.

    1 <?php
    2 /**
    3  * MyBB 1.8
    4  * Copyright 2014 MyBB Group, All Rights Reserved
    5  *
    6  * Website: http://www.mybb.com
    7  * License: http://www.mybb.com/about/license
    8  *
    9  */
   10 
   11 define("IN_MYBB", 1);
   12 define('THIS_SCRIPT', 'editpost.php');
   13 
   14 $templatelist = "editpost,previewpost,changeuserbox,codebuttons,post_attachments_attachment_postinsert,post_attachments_attachment_mod_unapprove,postbit_attachments_thumbnails,postbit_profilefield_multiselect_value";
   15 $templatelist .= ",editpost_delete,forumdisplay_password_wrongpass,forumdisplay_password,editpost_reason,post_attachments_attachment_remove,post_attachments_update,post_subscription_method,postbit_profilefield_multiselect";
   16 $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,posticons";
   17 $templatelist .= ",postbit_signature,postbit_classic,postbit,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
   18 $templatelist .= ",posticons_icon,post_prefixselect_prefix,post_prefixselect_single,newthread_postpoll,editpost_disablesmilies,post_attachments_attachment_mod_approve,post_attachments_attachment_unapproved";
   19 $templatelist .= ",postbit_warninglevel_formatted,postbit_reputation_formatted_link,editpost_signature,attachment_icon,post_attachments_attachment,post_attachments_add,post_attachments,editpost_postoptions";
   20 $templatelist .= ",postbit_attachments_images,global_moderation_notice,post_attachments_new,postbit_attachments,postbit_online,postbit_away,postbit_offline,postbit_gotopost,postbit_userstar,postbit_icon";
   21 
   22 require_once "./global.php";
   23 require_once MYBB_ROOT."inc/functions_post.php";
   24 require_once MYBB_ROOT."inc/functions_upload.php";
   25 require_once MYBB_ROOT."inc/class_parser.php";
   26 $parser = new postParser;
   27 
   28 // Load global language phrases
   29 $lang->load("editpost");
   30 
   31 $plugins->run_hooks("editpost_start");
   32 
   33 // No permission for guests
   34 if(!$mybb->user['uid'])
   35 {
   36     error_no_permission();
   37 }
   38 
   39 // Get post info
   40 $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
   41 
   42 // if we already have the post information...
   43 if(isset($style) && $style['pid'] == $pid && $style['type'] != 'f')
   44 {
   45     $post = &$style;
   46 }
   47 else
   48 {
   49     $post = get_post($pid);
   50 }
   51 
   52 if(!$post || ($post['visible'] == -1 && $mybb->input['action'] != "restorepost"))
   53 {
   54     error($lang->error_invalidpost);
   55 }
   56 
   57 // Get thread info
   58 $tid = $post['tid'];
   59 $thread = get_thread($tid);
   60 
   61 if(!$thread)
   62 {
   63     error($lang->error_invalidthread);
   64 }
   65 
   66 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
   67 
   68 // Get forum info
   69 $fid = $post['fid'];
   70 $forum = get_forum($fid);
   71 
   72 if($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove") || $thread['visible'] == -1 && !is_moderator($fid, "canviewdeleted") || ($thread['visible'] < -1 && $thread['uid'] != $mybb->user['uid']))
   73 {
   74     if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid']))
   75     {
   76         error($lang->error_invalidthread);
   77     }
   78 }
   79 if(!$forum || $forum['type'] != "f")
   80 {
   81     error($lang->error_closedinvalidforum);
   82 }
   83 if(($forum['open'] == 0 && !is_moderator($fid, "caneditposts")) || $mybb->user['suspendposting'] == 1)
   84 {
   85     error_no_permission();
   86 }
   87 
   88 // Add prefix to breadcrumb
   89 $breadcrumbprefix = '';
   90 if($thread['prefix'])
   91 {
   92     $threadprefixes = build_prefixes();
   93     if(!empty($threadprefixes[$thread['prefix']]))
   94     {
   95         $breadcrumbprefix = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
   96     }
   97 }
   98 
   99 // Make navigation
  100 build_forum_breadcrumb($fid);
  101 add_breadcrumb($breadcrumbprefix.$thread['subject'], get_thread_link($thread['tid']));
  102 add_breadcrumb($lang->nav_editpost);
  103 
  104 $forumpermissions = forum_permissions($fid);
  105 
  106 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
  107 {
  108     $codebuttons = build_mycode_inserter("message", $mybb->settings['smilieinserter']);
  109 }
  110 if($mybb->settings['smilieinserter'] != 0)
  111 {
  112     $smilieinserter = build_clickable_smilies();
  113 }
  114 
  115 $mybb->input['action'] = $mybb->get_input('action');
  116 if(!$mybb->input['action'] || isset($mybb->input['previewpost']))
  117 {
  118     $mybb->input['action'] = "editpost";
  119 }
  120 
  121 if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post")
  122 {
  123     if(!is_moderator($fid, "candeleteposts") && !is_moderator($fid, "cansoftdeleteposts") && $pid != $thread['firstpost'] || !is_moderator($fid, "candeletethreads") && !is_moderator($fid, "cansoftdeletethreads") && $pid == $thread['firstpost'])
  124     {
  125         if($thread['closed'] == 1)
  126         {
  127             error($lang->redirect_threadclosed);
  128         }
  129         if($forumpermissions['candeleteposts'] == 0 && $pid != $thread['firstpost'] || $forumpermissions['candeletethreads'] == 0 && $pid == $thread['firstpost'])
  130         {
  131             error_no_permission();
  132         }
  133         if($mybb->user['uid'] != $post['uid'])
  134         {
  135             error_no_permission();
  136         }
  137         // User can't delete unapproved post unless allowed for own
  138         if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid']))
  139         {
  140             error_no_permission();
  141         }
  142     }
  143     if($post['visible'] == -1 && $mybb->settings['soft_delete'] == 1)
  144     {
  145         error($lang->error_already_deleted);
  146     }
  147 }
  148 elseif($mybb->input['action'] == "restorepost" && $mybb->request_method == "post")
  149 {
  150     if(!is_moderator($fid, "canrestoreposts") && $pid != $thread['firstpost'] || !is_moderator($fid, "canrestorethreads") && $pid == $thread['firstpost'] || $post['visible'] != -1)
  151     {
  152         error_no_permission();
  153     }
  154 }
  155 else
  156 {
  157     if(!is_moderator($fid, "caneditposts"))
  158     {
  159         if($thread['closed'] == 1)
  160         {
  161             error($lang->redirect_threadclosed);
  162         }
  163         if($forumpermissions['caneditposts'] == 0)
  164         {
  165             error_no_permission();
  166         }
  167         if($mybb->user['uid'] != $post['uid'])
  168         {
  169             error_no_permission();
  170         }
  171         // Edit time limit
  172         $time = TIME_NOW;
  173         if($mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] < ($time-($mybb->usergroup['edittimelimit']*60)))
  174         {
  175             $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->usergroup['edittimelimit']);
  176             error($lang->edit_time_limit);
  177         }
  178         // User can't edit unapproved post
  179         if(($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid'])) || $post['visible'] == -1)
  180         {
  181             error_no_permission();
  182         }
  183     }
  184 }
  185 
  186 // Check if this forum is password protected and we have a valid password
  187 check_forum_password($forum['fid']);
  188 
  189 if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == '1')
  190 {
  191     error($lang->error_empty_post_input);
  192 }
  193 
  194 $attacherror = '';
  195 if($mybb->settings['enableattachments'] == 1 && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ($mybb->input['action'] == "do_editpost" && isset($mybb->input['submit']) && $_FILES['attachment'])))
  196 {
  197     // Verify incoming POST request
  198     verify_post_check($mybb->get_input('my_post_key'));
  199 
  200     if($pid)
  201     {
  202         $attachwhere = "pid='{$pid}'";
  203     }
  204     else
  205     {
  206         $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
  207     }
  208 
  209     $ret = add_attachments($pid, $forumpermissions, $attachwhere, "editpost");
  210 
  211     if(!empty($ret['errors']))
  212     {
  213         $errors = $ret['errors'];
  214     }
  215 
  216     // Do we have attachment errors?
  217     if(!empty($errors))
  218     {
  219         $attacherror = inline_error($errors);
  220     }
  221 
  222     // If we were dealing with an attachment but didn't click 'Update Post', force the post edit page again.
  223     if(!isset($mybb->input['submit']))
  224     {
  225         $mybb->input['action'] = "editpost";
  226     }
  227 }
  228 
  229 if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && isset($mybb->input['attachmentact']) && $mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") // Lets remove/approve/unapprove the attachment
  230 {
  231     // Verify incoming POST request
  232     verify_post_check($mybb->get_input('my_post_key'));
  233 
  234     $mybb->input['attachmentaid'] = $mybb->get_input('attachmentaid', MyBB::INPUT_INT);
  235     if($mybb->input['attachmentact'] == "remove")
  236     {
  237         remove_attachment($pid, "", $mybb->input['attachmentaid']);
  238     }
  239     elseif($mybb->get_input('attachmentact') == "approve" && is_moderator($fid, 'canapproveunapproveattachs'))
  240     {
  241         $update_sql = array("visible" => 1);
  242         $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'");
  243         update_thread_counters($post['tid'], array('attachmentcount' => "+1"));
  244     }
  245     elseif($mybb->get_input('attachmentact') == "unapprove" && is_moderator($fid, 'canapproveunapproveattachs'))
  246     {
  247         $update_sql = array("visible" => 0);
  248         $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'");
  249         update_thread_counters($post['tid'], array('attachmentcount' => "-1"));
  250     }
  251 
  252     if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
  253     {
  254         header("Content-type: application/json; charset={$lang->settings['charset']}");
  255         echo json_encode(array("success" => true));
  256         exit();
  257     }
  258 
  259     if(!isset($mybb->input['submit']))
  260     {
  261         $mybb->input['action'] = "editpost";
  262     }
  263 }
  264 
  265 if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post")
  266 {
  267     // Verify incoming POST request
  268     verify_post_check($mybb->get_input('my_post_key'));
  269 
  270     $plugins->run_hooks("editpost_deletepost");
  271 
  272     if($mybb->get_input('delete', MyBB::INPUT_INT) == 1)
  273     {
  274         $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
  275         $firstcheck = $db->fetch_array($query);
  276         if($firstcheck['pid'] == $pid)
  277         {
  278             $firstpost = 1;
  279         }
  280         else
  281         {
  282             $firstpost = 0;
  283         }
  284 
  285         $modlogdata['fid'] = $fid;
  286         $modlogdata['tid'] = $tid;
  287         if($firstpost)
  288         {
  289             if($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads") || is_moderator($fid, "cansoftdeletethreads"))
  290             {
  291                 require_once MYBB_ROOT."inc/class_moderation.php";
  292                 $moderation = new Moderation;
  293 
  294                 if($mybb->settings['soft_delete'] == 1 || is_moderator($fid, "cansoftdeletethreads"))
  295                 {
  296                     $modlogdata['pid'] = $pid;
  297 
  298                     $moderation->soft_delete_threads(array($tid));
  299                     log_moderator_action($modlogdata, $lang->thread_soft_deleted);
  300                 }
  301                 else
  302                 {
  303                     $moderation->delete_thread($tid);
  304                     mark_reports($tid, "thread");
  305                     log_moderator_action($modlogdata, $lang->thread_deleted);
  306                 }
  307 
  308                 if($mybb->input['ajax'] == 1)
  309                 {
  310                     header("Content-type: application/json; charset={$lang->settings['charset']}");
  311                     if(is_moderator($fid, "canviewdeleted"))
  312                     {
  313                         echo json_encode(array("data" => '1', "first" => '1'));
  314                     }
  315                     else
  316                     {
  317                         echo json_encode(array("data" => '3', "url" => get_forum_link($fid)));
  318                     }
  319                 }
  320                 else
  321                 {
  322                     redirect(get_forum_link($fid), $lang->redirect_threaddeleted);
  323                 }
  324             }
  325             else
  326             {
  327                 error_no_permission();
  328             }
  329         }
  330         else
  331         {
  332             if($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts") || is_moderator($fid, "cansoftdeleteposts"))
  333             {
  334                 // Select the first post before this
  335                 require_once MYBB_ROOT."inc/class_moderation.php";
  336                 $moderation = new Moderation;
  337 
  338                 if($mybb->settings['soft_delete'] == 1 || is_moderator($fid, "cansoftdeleteposts"))
  339                 {
  340                     $modlogdata['pid'] = $pid;
  341 
  342                     $moderation->soft_delete_posts(array($pid));
  343                     log_moderator_action($modlogdata, $lang->post_soft_deleted);
  344                 }
  345                 else
  346                 {
  347                     $moderation->delete_post($pid);
  348                     mark_reports($pid, "post");
  349                     log_moderator_action($modlogdata, $lang->post_deleted);
  350                 }
  351 
  352                 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline <= '{$post['dateline']}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "desc"));
  353                 $next_post = $db->fetch_array($query);
  354                 if($next_post['pid'])
  355                 {
  356                     $redirect = get_post_link($next_post['pid'], $tid)."#pid{$next_post['pid']}";
  357                 }
  358                 else
  359                 {
  360                     $redirect = get_thread_link($tid);
  361                 }
  362 
  363                 if($mybb->input['ajax'] == 1)
  364                 {
  365                     header("Content-type: application/json; charset={$lang->settings['charset']}");
  366                     if(is_moderator($fid, "canviewdeleted"))
  367                     {
  368                         echo json_encode(array("data" => '1', "first" => '0'));
  369                     }
  370                     else
  371                     {
  372                         echo json_encode(array("data" => '2'));
  373                     }
  374                 }
  375                 else
  376                 {
  377                     redirect($redirect, $lang->redirect_postdeleted);
  378                 }
  379             }
  380             else
  381             {
  382                 error_no_permission();
  383             }
  384         }
  385     }
  386     else
  387     {
  388         error($lang->redirect_nodelete);
  389     }
  390 }
  391 
  392 if($mybb->input['action'] == "restorepost" && $mybb->request_method == "post")
  393 {
  394     // Verify incoming POST request
  395     verify_post_check($mybb->get_input('my_post_key'));
  396 
  397     $plugins->run_hooks("editpost_restorepost");
  398 
  399     if($mybb->get_input('restore', MyBB::INPUT_INT) == 1)
  400     {
  401         $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
  402         $firstcheck = $db->fetch_array($query);
  403         if($firstcheck['pid'] == $pid)
  404         {
  405             $firstpost = 1;
  406         }
  407         else
  408         {
  409             $firstpost = 0;
  410         }
  411 
  412         $modlogdata['fid'] = $fid;
  413         $modlogdata['tid'] = $tid;
  414         $modlogdata['pid'] = $pid;
  415         if($firstpost)
  416         {
  417             if(is_moderator($fid, "canrestorethreads"))
  418             {
  419                 require_once MYBB_ROOT."inc/class_moderation.php";
  420                 $moderation = new Moderation;
  421                 $moderation->restore_threads(array($tid));
  422                 log_moderator_action($modlogdata, $lang->thread_restored);
  423                 if($mybb->input['ajax'] == 1)
  424                 {
  425                     header("Content-type: application/json; charset={$lang->settings['charset']}");
  426                     echo json_encode(array("data" => '1', "first" => '1'));
  427                 }
  428                 else
  429                 {
  430                     redirect(get_forum_link($fid), $lang->redirect_threadrestored);
  431                 }
  432             }
  433             else
  434             {
  435                 error_no_permission();
  436             }
  437         }
  438         else
  439         {
  440             if(is_moderator($fid, "canrestoreposts"))
  441             {
  442                 // Select the first post before this
  443                 require_once MYBB_ROOT."inc/class_moderation.php";
  444                 $moderation = new Moderation;
  445                 $moderation->restore_posts(array($pid));
  446                 log_moderator_action($modlogdata, $lang->post_restored);
  447                 $redirect = get_post_link($pid, $tid)."#pid{$pid}";
  448 
  449                 if($mybb->input['ajax'] == 1)
  450                 {
  451                     header("Content-type: application/json; charset={$lang->settings['charset']}");
  452                     echo json_encode(array("data" => '1', "first" => '0'));
  453                 }
  454                 else
  455                 {
  456                     redirect($redirect, $lang->redirect_postrestored);
  457                 }
  458             }
  459             else
  460             {
  461                 error_no_permission();
  462             }
  463         }
  464     }
  465     else
  466     {
  467         error($lang->redirect_norestore);
  468     }
  469 }
  470 
  471 if($mybb->input['action'] == "do_editpost" && $mybb->request_method == "post")
  472 {
  473     // Verify incoming POST request
  474     verify_post_check($mybb->get_input('my_post_key'));
  475 
  476     $plugins->run_hooks("editpost_do_editpost_start");
  477 
  478     // Set up posthandler.
  479     require_once MYBB_ROOT."inc/datahandlers/post.php";
  480     $posthandler = new PostDataHandler("update");
  481     $posthandler->action = "post";
  482 
  483     // Set the post data that came from the input to the $post array.
  484     $post = array(
  485         "pid" => $mybb->input['pid'],
  486         "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
  487         "subject" => $mybb->get_input('subject'),
  488         "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
  489         "uid" => $post['uid'],
  490         "username" => $post['username'],
  491         "edit_uid" => $mybb->user['uid'],
  492         "message" => $mybb->get_input('message'),
  493         "editreason" => $mybb->get_input('editreason'),
  494     );
  495 
  496     $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
  497     if(!isset($postoptions['signature']))
  498     {
  499         $postoptions['signature'] = 0;
  500     }
  501     if(!isset($postoptions['subscriptionmethod']))
  502     {
  503         $postoptions['subscriptionmethod'] = 0;
  504     }
  505     if(!isset($postoptions['disablesmilies']))
  506     {
  507         $postoptions['disablesmilies'] = 0;
  508     }
  509 
  510     // Set up the post options from the input.
  511     $post['options'] = array(
  512         "signature" => $postoptions['signature'],
  513         "subscriptionmethod" => $postoptions['subscriptionmethod'],
  514         "disablesmilies" => $postoptions['disablesmilies']
  515     );
  516 
  517     $posthandler->set_data($post);
  518 
  519     // Now let the post handler do all the hard work.
  520     if(!$posthandler->validate_post())
  521     {
  522         $post_errors = $posthandler->get_friendly_errors();
  523         $post_errors = inline_error($post_errors);
  524         $mybb->input['action'] = "editpost";
  525     }
  526     // No errors were found, we can call the update method.
  527     else
  528     {
  529         $postinfo = $posthandler->update_post();
  530         $visible = $postinfo['visible'];
  531         $first_post = $postinfo['first_post'];
  532 
  533         // Help keep our attachments table clean.
  534         $db->delete_query("attachments", "filename='' OR filesize<1");
  535 
  536         // Did the user choose to post a poll? Redirect them to the poll posting page.
  537         if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
  538         {
  539             $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
  540             $lang->redirect_postedited = $lang->redirect_postedited_poll;
  541         }
  542         else if($visible == 0 && $first_post && !is_moderator($fid, "canviewunapprove", $mybb->user['uid']))
  543         {
  544             // Moderated post
  545             $lang->redirect_postedited .= $lang->redirect_thread_moderation;
  546             $url = get_forum_link($fid);
  547         }
  548         else if($visible == 0 && !is_moderator($fid, "canviewunapprove", $mybb->user['uid']))
  549         {
  550             $lang->redirect_postedited .= $lang->redirect_post_moderation;
  551             $url = get_thread_link($tid);
  552         }
  553         // Otherwise, send them back to their post
  554         else
  555         {
  556             $lang->redirect_postedited .= $lang->redirect_postedited_redirect;
  557             $url = get_post_link($pid, $tid)."#pid{$pid}";
  558         }
  559         $plugins->run_hooks("editpost_do_editpost_end");
  560 
  561         redirect($url, $lang->redirect_postedited);
  562     }
  563 }
  564 
  565 if(!$mybb->input['action'] || $mybb->input['action'] == "editpost")
  566 {
  567     $plugins->run_hooks("editpost_action_start");
  568 
  569     if(!isset($mybb->input['previewpost']))
  570     {
  571         $icon = $post['icon'];
  572     }
  573 
  574     if($forum['allowpicons'] != 0)
  575     {
  576         $posticons = get_post_icons();
  577     }
  578 
  579     $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
  580     eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
  581 
  582     $deletebox = '';
  583     // Can we delete posts?
  584     if($post['visible'] != -1 && (is_moderator($fid, "candeleteposts") || $forumpermissions['candeleteposts'] == 1 && $mybb->user['uid'] == $post['uid']))
  585     {
  586         eval("\$deletebox = \"".$templates->get("editpost_delete")."\";");
  587     }
  588 
  589     $bgcolor = "trow1";
  590     if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
  591     { // Get a listing of the current attachments, if there are any
  592         $attachcount = 0;
  593         $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
  594         $attachments = '';
  595         while($attachment = $db->fetch_array($query))
  596         {
  597             $attachment['size'] = get_friendly_size($attachment['filesize']);
  598             $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
  599             $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
  600 
  601             if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
  602             {
  603                 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
  604             }
  605             // Moderating options
  606             $attach_mod_options = '';
  607             if(is_moderator($fid))
  608             {
  609                 if($attachment['visible'] == 1)
  610                 {
  611                     eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_unapprove")."\";");
  612                 }
  613                 else
  614                 {
  615                     eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_approve")."\";");
  616                 }
  617             }
  618 
  619             // Remove Attachment
  620             eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
  621 
  622             if($attachment['visible'] != 1)
  623             {
  624                 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
  625             }
  626             else
  627             {
  628                 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
  629             }
  630             $attachcount++;
  631         }
  632         $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
  633         $usage = $db->fetch_array($query);
  634         if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
  635         {
  636             $noshowattach = 1;
  637         }
  638         else
  639         {
  640             $noshowattach = 0;
  641         }
  642         if($mybb->usergroup['attachquota'] == 0)
  643         {
  644             $friendlyquota = $lang->unlimited;
  645         }
  646         else
  647         {
  648             $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
  649         }
  650         $friendlyusage = get_friendly_size($usage['ausage']);
  651         $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota);
  652         if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
  653         {
  654             eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
  655         }
  656 
  657         if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
  658         {
  659             eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
  660         }
  661 
  662         if($attach_add_options || $attach_update_options)
  663         {
  664             eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
  665         }
  666         eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
  667     }
  668     if(!$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment') && !isset($mybb->input['previewpost']))
  669     {
  670         $message = $post['message'];
  671         $subject = $post['subject'];
  672         $reason = htmlspecialchars_uni($post['editreason']);
  673     }
  674     else
  675     {
  676         $message = $mybb->get_input('message');
  677         $subject = $mybb->get_input('subject');
  678         $reason = htmlspecialchars_uni($mybb->get_input('editreason'));
  679     }
  680 
  681     $previewmessage = $message;
  682     $previewsubject = $subject;
  683     $message = htmlspecialchars_uni($message);
  684     $subject = htmlspecialchars_uni($subject);
  685 
  686     if(!isset($post_errors))
  687     {
  688         $post_errors = '';
  689     }
  690 
  691     $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
  692     $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
  693 
  694     if(!empty($mybb->input['previewpost']) || $post_errors)
  695     {
  696         // Set up posthandler.
  697         require_once MYBB_ROOT."inc/datahandlers/post.php";
  698         $posthandler = new PostDataHandler("update");
  699         $posthandler->action = "post";
  700 
  701         // Set the post data that came from the input to the $post array.
  702         $post = array(
  703             "pid" => $mybb->input['pid'],
  704             "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
  705             "subject" => $mybb->get_input('subject'),
  706             "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
  707             "uid" => $post['uid'],
  708             "username" => $post['username'],
  709             "edit_uid" => $mybb->user['uid'],
  710             "message" => $mybb->get_input('message'),
  711         );
  712 
  713         $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
  714         if(!isset($postoptions['signature']))
  715         {
  716             $postoptions['signature'] = 0;
  717         }
  718         if(!isset($postoptions['emailnotify']))
  719         {
  720             $postoptions['emailnotify'] = 0;
  721         }
  722         if(!isset($postoptions['disablesmilies']))
  723         {
  724             $postoptions['disablesmilies'] = 0;
  725         }
  726 
  727         // Set up the post options from the input.
  728         $post['options'] = array(
  729             "signature" => $postoptions['signature'],
  730             "emailnotify" => $postoptions['emailnotify'],
  731             "disablesmilies" => $postoptions['disablesmilies']
  732         );
  733 
  734         $posthandler->set_data($post);
  735 
  736         // Now let the post handler do all the hard work.
  737         if(!$posthandler->validate_post())
  738         {
  739             $post_errors = $posthandler->get_friendly_errors();
  740             $post_errors = inline_error($post_errors);
  741             $mybb->input['action'] = "editpost";
  742             $mybb->input['previewpost'] = 0;
  743         }
  744         else
  745         {
  746 
  747             $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
  748 
  749             if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
  750             {
  751                 $postoptionschecked['signature'] = " checked=\"checked\"";
  752             }
  753 
  754             if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
  755             {
  756                 $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
  757             }
  758             
  759             $subscription_method = get_subscription_method($tid, $postoptions);
  760             ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
  761         }
  762     }
  763 
  764     if(!empty($mybb->input['previewpost']))
  765     {
  766         if(!$post['uid'])
  767         {
  768             $query = $db->simple_select('posts', 'username, dateline', "pid='{$pid}'");
  769             $postinfo = $db->fetch_array($query);
  770         }
  771         else
  772         {
  773             // Figure out the poster's other information.
  774             $query = $db->query("
  775                 SELECT u.*, f.*, p.dateline
  776                 FROM ".TABLE_PREFIX."users u
  777                 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
  778                 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.uid=u.uid)
  779                 WHERE u.uid='{$post['uid']}' AND p.pid='{$pid}'
  780                 LIMIT 1
  781             ");
  782             $postinfo = $db->fetch_array($query);
  783             $postinfo['userusername'] = $postinfo['username'];
  784         }
  785 
  786         $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
  787         while($attachment = $db->fetch_array($query))
  788         {
  789             $attachcache[0][$attachment['aid']] = $attachment;
  790         }
  791 
  792         if(!isset($postoptions['disablesmilies']))
  793         {
  794             $postoptions['disablesmilies'] = 0;
  795         }
  796 
  797         // Set the values of the post info array.
  798         $postinfo['message'] = $previewmessage;
  799         $postinfo['subject'] = $previewsubject;
  800         $postinfo['icon'] = $icon;
  801         $postinfo['smilieoff'] = $postoptions['disablesmilies'];
  802 
  803         $postbit = build_postbit($postinfo, 1);
  804         eval("\$preview = \"".$templates->get("previewpost")."\";");
  805     }
  806     else if(!$post_errors)
  807     {
  808         $preview = '';
  809 
  810         if($post['includesig'] != 0)
  811         {
  812             $postoptionschecked['signature'] = " checked=\"checked\"";
  813         }
  814 
  815         if($post['smilieoff'] == 1)
  816         {
  817             $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
  818         }
  819 
  820         $subscription_method = get_subscription_method($tid, $postoptions);
  821         ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
  822     }
  823 
  824     // Generate thread prefix selector if this is the first post of the thread
  825     if($thread['firstpost'] == $pid)
  826     {
  827         if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
  828         {
  829             $mybb->input['threadprefix'] = $thread['prefix'];
  830         }
  831 
  832         $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT), 0, $thread['prefix']);
  833     }
  834     else
  835     {
  836         $prefixselect = "";
  837     }
  838 
  839     $editreason = '';
  840     if($mybb->settings['alloweditreason'] == 1)
  841     {
  842         eval("\$editreason = \"".$templates->get("editpost_reason")."\";");
  843         $bgcolor = "trow2";
  844         $bgcolor2 = "trow1";
  845     }
  846     else
  847     {
  848         $bgcolor = "trow1";
  849         $bgcolor2 = "trow2";
  850     }
  851 
  852     // Fetch subscription select box
  853     eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
  854 
  855     $query = $db->simple_select("posts", "*", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
  856     $firstcheck = $db->fetch_array($query);
  857 
  858     $time = TIME_NOW;
  859     if($firstcheck['pid'] == $pid && $forumpermissions['canpostpolls'] != 0 && $thread['poll'] < 1 && (is_moderator($fid, "canmanagepolls") || $thread['dateline'] > ($time-($mybb->settings['polltimelimit']*60*60)) || $mybb->settings['polltimelimit'] == 0))
  860     {
  861         $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
  862         $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
  863         $postpollchecked = '';
  864         
  865         if($numpolloptions < 1)
  866         {
  867             $numpolloptions = 2;
  868         }
  869         
  870         if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
  871         {
  872             $postpollchecked = 'checked="checked"';
  873         }
  874         
  875         eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
  876     }
  877     else
  878     {
  879         $pollbox = '';
  880     }
  881 
  882     // Hide signature option if no permission
  883     $signature = '';
  884     if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
  885     {
  886         eval("\$signature = \"".$templates->get('editpost_signature')."\";");
  887     }
  888 
  889     // Can we disable smilies or are they disabled already?
  890     $disablesmilies = '';
  891     if($forum['allowsmilies'] != 0)
  892     {
  893         eval("\$disablesmilies = \"".$templates->get("editpost_disablesmilies")."\";");
  894     }
  895 
  896     $postoptions = '';
  897     if(!empty($signature) || !empty($disablesmilies))
  898     {
  899         eval("\$postoptions = \"".$templates->get("editpost_postoptions")."\";");
  900     }
  901 
  902     $moderation_notice = '';
  903     if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
  904     {
  905         if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
  906         {
  907             $moderation_text = $lang->moderation_forum_attachments;
  908             eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
  909         }
  910     }
  911 
  912     if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
  913     {
  914         if($forumpermissions['mod_edit_posts'] == 1)
  915         {
  916             $moderation_text = $lang->moderation_forum_edits;
  917             eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
  918         }
  919     }
  920 
  921     $php_max_upload_filesize = return_bytes(ini_get('max_upload_filesize'));
  922     $php_post_max_size = return_bytes(ini_get('post_max_size'));
  923 
  924     if ($php_max_upload_filesize != 0 && $php_post_max_size != 0)
  925     {
  926         $php_max_upload_size = min($php_max_upload_filesize, $php_post_max_size);
  927     }
  928     else
  929     {
  930         $php_max_upload_size = max($php_max_upload_filesize, $php_post_max_size);
  931     }
  932 
  933     $php_max_file_uploads = (int)ini_get('max_file_uploads');
  934     eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
  935 
  936     $plugins->run_hooks("editpost_end");
  937 
  938     $forum['name'] = strip_tags($forum['name']);
  939 
  940     eval("\$editpost = \"".$templates->get("editpost")."\";");
  941     output_page($editpost);
  942 }