From 77b6b7e00b16d6885dcd83ac53f5e7957c69a38f Mon Sep 17 00:00:00 2001 From: Trevor Slocum Date: Sun, 6 Jun 2021 19:42:09 -0700 Subject: [PATCH] Allow creating staff posts without using raw HTML Resolves #224. --- imgboard.php | 48 +++++++++++++++++++++++--------------------- inc/functions.php | 8 ++++---- inc/html.php | 51 +++++++++++++++++++++++++++-------------------- 3 files changed, 58 insertions(+), 49 deletions(-) diff --git a/imgboard.php b/imgboard.php index 57ff69e..5148429 100644 --- a/imgboard.php +++ b/imgboard.php @@ -274,9 +274,9 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) checkFlood(); } - $rawpost = isRawPost(); - $rawposttext = ''; - if (!$rawpost) { + $staffpost = isStaffPost(); + $capcode = ''; + if (!$staffpost) { checkMessageSize(); } @@ -310,30 +310,32 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) $spoiler = TINYIB_SPOILERIMAGE && isset($_POST['spoiler']); - if ($rawpost || !in_array('name', $hide_fields)) { + if ($staffpost || !in_array('name', $hide_fields)) { list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']); $post['name'] = cleanString(substr($post['name'], 0, 75)); - if (!$rawpost && TINYIB_MAXNAME > 0) { + if (!$staffpost && TINYIB_MAXNAME > 0) { $post['name'] = substr($post['name'], 0, TINYIB_MAXNAME); } } - if ($rawpost || !in_array('email', $hide_fields)) { + if ($staffpost || !in_array('email', $hide_fields)) { $post['email'] = cleanString(str_replace('"', '"', substr($_POST['email'], 0, 75))); - if (!$rawpost && TINYIB_MAXEMAIL > 0) { + if (!$staffpost && TINYIB_MAXEMAIL > 0) { $post['email'] = substr($post['email'], 0, TINYIB_MAXEMAIL); } } - if ($rawpost || !in_array('subject', $hide_fields)) { + if ($staffpost) { + $capcode = ($isadmin) ? ' ## ' . $tinyib_capcodes[0][0] . '' : ' ## ' . $tinyib_capcodes[1][0] . ''; + } + if ($staffpost || !in_array('subject', $hide_fields)) { $post['subject'] = cleanString(substr($_POST['subject'], 0, 75)); - if (!$rawpost && TINYIB_MAXSUBJECT > 0) { + if (!$staffpost && TINYIB_MAXSUBJECT > 0) { $post['subject'] = substr($post['subject'], 0, TINYIB_MAXSUBJECT); } } - if ($rawpost || !in_array('message', $hide_fields)) { + if ($staffpost || !in_array('message', $hide_fields)) { $post['message'] = $_POST['message']; - if ($rawpost) { + if ($staffpost && isset($_POST['raw'])) { // Treat message as raw HTML - $rawposttext = ($isadmin) ? ' ## ' . $tinyib_capcodes[0][0] . '' : ' ## ' . $tinyib_capcodes[1][0] . ''; } else { if (TINYIB_WORDBREAK > 0) { $post['message'] = preg_replace('/([^\s]{' . TINYIB_WORDBREAK . '})(?=[^\s])/', '$1' . TINYIB_WORDBREAK_IDENTIFIER, $post['message']); @@ -351,7 +353,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) } } } - if ($rawpost || !in_array('password', $hide_fields)) { + if ($staffpost || !in_array('password', $hide_fields)) { $post['password'] = ($_POST['password'] != '') ? hashData($_POST['password']) : ''; } @@ -409,9 +411,9 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) break; } - $post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $rawposttext); + $post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $capcode); - if (isset($_POST['embed']) && trim($_POST['embed']) != '' && ($rawpost || !in_array('embed', $hide_fields))) { + if (isset($_POST['embed']) && trim($_POST['embed']) != '' && ($staffpost || !in_array('embed', $hide_fields))) { if (isset($_FILES['file']) && $_FILES['file']['name'] != "") { fancyDie(__('Embedding a URL and uploading a file at the same time is not supported.')); } @@ -480,15 +482,15 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) $post['file_original'] = cleanString($embed['title']); $post['file'] = str_ireplace(array('src="https://', 'src="http://'), 'src="//', $embed['html']); } - } else if (isset($_FILES['file']) && $_FILES['file']['name'] != "" && ($rawpost || !in_array('file', $hide_fields))) { + } else if (isset($_FILES['file']) && $_FILES['file']['name'] != "" && ($staffpost || !in_array('file', $hide_fields))) { validateFileUpload(); $post = attachFile($post, $_FILES['file']['tmp_name'], $_FILES['file']['name'], true, $spoiler); } if ($post['file'] == '') { // No file uploaded - $file_ok = !empty($tinyib_uploads) && ($rawpost || !in_array('file', $hide_fields)); - $embed_ok = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($rawpost || !in_array('embed', $hide_fields)); + $file_ok = !empty($tinyib_uploads) && ($staffpost || !in_array('file', $hide_fields)); + $embed_ok = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($staffpost || !in_array('embed', $hide_fields)); $allowed = ''; if ($file_ok && $embed_ok) { $allowed = __('upload a file or embed a URL'); @@ -500,7 +502,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) if ($post['parent'] == TINYIB_NEWTHREAD && $allowed != "" && !TINYIB_NOFILEOK) { fancyDie(sprintf(__('Please %s to start a new thread.'), $allowed)); } - if (!$rawpost && str_replace('
', '', $post['message']) == "") { + if (!$staffpost && str_replace('
', '', $post['message']) == "") { $message_ok = !in_array('message', $hide_fields); if ($message_ok) { if ($allowed != '') { @@ -554,8 +556,8 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) rebuildIndexes(); } - if ($rawpost) { - manageLogAction(__('Created raw post') . ' ' . postLink('>>' . $post['id'])); + if ($staffpost) { + manageLogAction(__('Created staff post') . ' ' . postLink('>>' . $post['id'])); } // Check if the request is to preview a post } elseif (isset($_GET['preview']) && !isset($_GET['manage'])) { @@ -1150,8 +1152,8 @@ EOF; fancyDie(__("Sorry, there doesn't appear to be a post with that ID.")); } } - } elseif (isset($_GET["rawpost"])) { - $onload = manageOnLoad("rawpost"); + } elseif (isset($_GET["staffpost"])) { + $onload = manageOnLoad("staffpost"); $text .= buildPostForm(0, true); } elseif (isset($_GET['changepassword'])) { if ($account['username'] == 'admin' && TINYIB_ADMINPASS != '') { diff --git a/inc/functions.php b/inc/functions.php index 7a70031..d76ff2c 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -132,7 +132,7 @@ function nameAndTripcode($name) { return array($name, ""); } -function nameBlock($name, $tripcode, $email, $timestamp, $rawposttext) { +function nameBlock($name, $tripcode, $email, $timestamp, $capcode) { global $tinyib_anonymous; $anonymous = $tinyib_anonymous[array_rand($tinyib_anonymous)]; @@ -149,7 +149,7 @@ function nameBlock($name, $tripcode, $email, $timestamp, $rawposttext) { $output = '' . $output . ''; } - return $output . $rawposttext . ' ' . strftime(TINYIB_DATEFMT, $timestamp); + return $output . $capcode . ' ' . strftime(TINYIB_DATEFMT, $timestamp); } function writePage($filename, $contents) { @@ -448,8 +448,8 @@ function getParent($post) { return $post['parent']; } -function isRawPost() { - if (isset($_POST['rawpost'])) { +function isStaffPost() { + if (isset($_POST['staffpost'])) { list($loggedin, $isadmin) = manageCheckLogIn(false); return $loggedin; } diff --git a/inc/html.php b/inc/html.php index 058c449..d98393c 100644 --- a/inc/html.php +++ b/inc/html.php @@ -108,13 +108,13 @@ function makeLinksClickable($text) { return $text; } -function buildPostForm($parent, $raw_post = false) { +function buildPostForm($parent, $staff_post = false) { global $tinyib_hidefieldsop, $tinyib_hidefields, $tinyib_uploads, $tinyib_embeds; $hide_fields = $parent == TINYIB_NEWTHREAD ? $tinyib_hidefieldsop : $tinyib_hidefields; $postform_extra = array('name' => '', 'email' => '', 'subject' => '', 'footer' => ''); $input_submit = ''; - if ($raw_post || !in_array('subject', $hide_fields)) { + if ($staff_post || !in_array('subject', $hide_fields)) { $postform_extra['subject'] = $input_submit; } else if (!in_array('email', $hide_fields)) { $postform_extra['email'] = $input_submit; @@ -147,15 +147,28 @@ function buildPostForm($parent, $raw_post = false) { if (TINYIB_MAXMESSAGE > 0) { $maxlen_message = TINYIB_MAXMESSAGE; } - if ($raw_post) { + if ($staff_post) { + $txt_options = __('Options'); + $txt_raw_html = __('Raw HTML'); + $txt_raw_html_info_1 = __('Text entered in the Message field will be posted as is with no formatting applied.'); + $txt_raw_html_info_2 = __('Line-breaks must be specified with "<br>".'); + $txt_reply_to = __('Reply to'); $txt_new_thread = __('0 to start a new thread'); - $txt_info_1 = __('Text entered in the Message field will be posted as is with no formatting applied.'); - $txt_info_2 = __('Line-breaks must be specified with "<br>".'); $form_action = '?'; - $form_extra = ''; + $form_extra = ''; $input_extra = << + + $txt_options + + +
+   $txt_raw_html_info_1
+   $txt_raw_html_info_2 + + $txt_reply_to @@ -165,12 +178,6 @@ function buildPostForm($parent, $raw_post = false) { EOF; - $rules_extra = << -
  • $txt_info_1
    • -
  • $txt_info_2
    • -
    -EOF; $maxlen_name = -1; $maxlen_email = -1; @@ -187,7 +194,7 @@ EOF; $unique_posts_html = ''; $captcha_html = ''; - if (TINYIB_CAPTCHA && !$raw_post) { + if (TINYIB_CAPTCHA && !$staff_post) { if (TINYIB_CAPTCHA === 'hcaptcha') { $captcha_inner_html = '
    @@ -229,7 +236,7 @@ EOF; EOF; } - if (!empty($tinyib_uploads) && ($raw_post || !in_array('file', $hide_fields))) { + if (!empty($tinyib_uploads) && ($staff_post || !in_array('file', $hide_fields))) { if (TINYIB_MAXKB > 0) { $max_file_size_input_html = ''; $max_file_size_rules_html = '
  • ' . sprintf(__('Maximum file size allowed is %s.'), TINYIB_MAXKBDESC) . '
    • '; @@ -255,7 +262,7 @@ EOF; EOF; } - $embeds_enabled = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($raw_post || !in_array('embed', $hide_fields)); + $embeds_enabled = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($staff_post || !in_array('embed', $hide_fields)); if ($embeds_enabled) { $txt_embed = __('Embed'); $txt_embed_help = ''; @@ -304,7 +311,7 @@ EOF; $input_extra EOF; - if ($raw_post || !in_array('name', $hide_fields)) { + if ($staff_post || !in_array('name', $hide_fields)) { $txt_name = __('Name'); $output .= << @@ -318,7 +325,7 @@ EOF; EOF; } - if ($raw_post || !in_array('email', $hide_fields)) { + if ($staff_post || !in_array('email', $hide_fields)) { $txt_email = __('E-mail'); $output .= << @@ -332,7 +339,7 @@ EOF; EOF; } - if ($raw_post || !in_array('subject', $hide_fields)) { + if ($staff_post || !in_array('subject', $hide_fields)) { $txt_subject = __('Subject'); $output .= << @@ -346,7 +353,7 @@ EOF; EOF; } - if ($raw_post || !in_array('message', $hide_fields)) { + if ($staff_post || !in_array('message', $hide_fields)) { $txt_message = __('Message'); $output .= << @@ -365,7 +372,7 @@ EOF; $file_input_html $embed_input_html EOF; - if ($raw_post || !in_array('password', $hide_fields)) { + if ($staff_post || !in_array('password', $hide_fields)) { $txt_password = __('Password'); $txt_password_help = __('(for post and file deletion)'); $output .= <<] ['; } - $output .= '' . __('Raw Post') . '] ['; + $output .= '' . __('Staff Post') . '] ['; if ($isadmin) { $output .= '' . __('Rebuild All') . '] ['; $output .= '' . __('Reports') . '] ['; @@ -916,7 +923,7 @@ function manageOnLoad($page) { return ' onload="document.tinyib.text.focus();"'; case 'moderate': return ' onload="document.tinyib.moderate.focus();"'; - case 'rawpost': + case 'staffpost': return ' onload="document.tinyib.message.focus();"'; } }