Allow creating staff posts without using raw HTML

Resolves #224.
This commit is contained in:
Trevor Slocum 2021-06-06 19:42:09 -07:00
parent febb5af681
commit 77b6b7e00b
3 changed files with 58 additions and 49 deletions

View File

@ -274,9 +274,9 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
checkFlood();
}
$rawpost = isRawPost();
$rawposttext = '';
if (!$rawpost) {
$staffpost = isStaffPost();
$capcode = '';
if (!$staffpost) {
checkMessageSize();
}
@ -310,30 +310,32 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$spoiler = TINYIB_SPOILERIMAGE && isset($_POST['spoiler']);
if ($rawpost || !in_array('name', $hide_fields)) {
if ($staffpost || !in_array('name', $hide_fields)) {
list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']);
$post['name'] = cleanString(substr($post['name'], 0, 75));
if (!$rawpost && TINYIB_MAXNAME > 0) {
if (!$staffpost && TINYIB_MAXNAME > 0) {
$post['name'] = substr($post['name'], 0, TINYIB_MAXNAME);
}
}
if ($rawpost || !in_array('email', $hide_fields)) {
if ($staffpost || !in_array('email', $hide_fields)) {
$post['email'] = cleanString(str_replace('"', '"', substr($_POST['email'], 0, 75)));
if (!$rawpost && TINYIB_MAXEMAIL > 0) {
if (!$staffpost && TINYIB_MAXEMAIL > 0) {
$post['email'] = substr($post['email'], 0, TINYIB_MAXEMAIL);
}
}
if ($rawpost || !in_array('subject', $hide_fields)) {
if ($staffpost) {
$capcode = ($isadmin) ? ' <span style="color: ' . $tinyib_capcodes[0][1] . ' ;">## ' . $tinyib_capcodes[0][0] . '</span>' : ' <span style="color: ' . $tinyib_capcodes[1][1] . ';">## ' . $tinyib_capcodes[1][0] . '</span>';
}
if ($staffpost || !in_array('subject', $hide_fields)) {
$post['subject'] = cleanString(substr($_POST['subject'], 0, 75));
if (!$rawpost && TINYIB_MAXSUBJECT > 0) {
if (!$staffpost && TINYIB_MAXSUBJECT > 0) {
$post['subject'] = substr($post['subject'], 0, TINYIB_MAXSUBJECT);
}
}
if ($rawpost || !in_array('message', $hide_fields)) {
if ($staffpost || !in_array('message', $hide_fields)) {
$post['message'] = $_POST['message'];
if ($rawpost) {
if ($staffpost && isset($_POST['raw'])) {
// Treat message as raw HTML
$rawposttext = ($isadmin) ? ' <span style="color: ' . $tinyib_capcodes[0][1] . ' ;">## ' . $tinyib_capcodes[0][0] . '</span>' : ' <span style="color: ' . $tinyib_capcodes[1][1] . ';">## ' . $tinyib_capcodes[1][0] . '</span>';
} else {
if (TINYIB_WORDBREAK > 0) {
$post['message'] = preg_replace('/([^\s]{' . TINYIB_WORDBREAK . '})(?=[^\s])/', '$1' . TINYIB_WORDBREAK_IDENTIFIER, $post['message']);
@ -351,7 +353,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
}
}
}
if ($rawpost || !in_array('password', $hide_fields)) {
if ($staffpost || !in_array('password', $hide_fields)) {
$post['password'] = ($_POST['password'] != '') ? hashData($_POST['password']) : '';
}
@ -409,9 +411,9 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
break;
}
$post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $rawposttext);
$post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $capcode);
if (isset($_POST['embed']) && trim($_POST['embed']) != '' && ($rawpost || !in_array('embed', $hide_fields))) {
if (isset($_POST['embed']) && trim($_POST['embed']) != '' && ($staffpost || !in_array('embed', $hide_fields))) {
if (isset($_FILES['file']) && $_FILES['file']['name'] != "") {
fancyDie(__('Embedding a URL and uploading a file at the same time is not supported.'));
}
@ -480,15 +482,15 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$post['file_original'] = cleanString($embed['title']);
$post['file'] = str_ireplace(array('src="https://', 'src="http://'), 'src="//', $embed['html']);
}
} else if (isset($_FILES['file']) && $_FILES['file']['name'] != "" && ($rawpost || !in_array('file', $hide_fields))) {
} else if (isset($_FILES['file']) && $_FILES['file']['name'] != "" && ($staffpost || !in_array('file', $hide_fields))) {
validateFileUpload();
$post = attachFile($post, $_FILES['file']['tmp_name'], $_FILES['file']['name'], true, $spoiler);
}
if ($post['file'] == '') { // No file uploaded
$file_ok = !empty($tinyib_uploads) && ($rawpost || !in_array('file', $hide_fields));
$embed_ok = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($rawpost || !in_array('embed', $hide_fields));
$file_ok = !empty($tinyib_uploads) && ($staffpost || !in_array('file', $hide_fields));
$embed_ok = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($staffpost || !in_array('embed', $hide_fields));
$allowed = '';
if ($file_ok && $embed_ok) {
$allowed = __('upload a file or embed a URL');
@ -500,7 +502,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
if ($post['parent'] == TINYIB_NEWTHREAD && $allowed != "" && !TINYIB_NOFILEOK) {
fancyDie(sprintf(__('Please %s to start a new thread.'), $allowed));
}
if (!$rawpost && str_replace('<br>', '', $post['message']) == "") {
if (!$staffpost && str_replace('<br>', '', $post['message']) == "") {
$message_ok = !in_array('message', $hide_fields);
if ($message_ok) {
if ($allowed != '') {
@ -554,8 +556,8 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
rebuildIndexes();
}
if ($rawpost) {
manageLogAction(__('Created raw post') . ' ' . postLink('&gt;&gt;' . $post['id']));
if ($staffpost) {
manageLogAction(__('Created staff post') . ' ' . postLink('&gt;&gt;' . $post['id']));
}
// Check if the request is to preview a post
} elseif (isset($_GET['preview']) && !isset($_GET['manage'])) {
@ -1150,8 +1152,8 @@ EOF;
fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
}
}
} elseif (isset($_GET["rawpost"])) {
$onload = manageOnLoad("rawpost");
} elseif (isset($_GET["staffpost"])) {
$onload = manageOnLoad("staffpost");
$text .= buildPostForm(0, true);
} elseif (isset($_GET['changepassword'])) {
if ($account['username'] == 'admin' && TINYIB_ADMINPASS != '') {

View File

@ -132,7 +132,7 @@ function nameAndTripcode($name) {
return array($name, "");
}
function nameBlock($name, $tripcode, $email, $timestamp, $rawposttext) {
function nameBlock($name, $tripcode, $email, $timestamp, $capcode) {
global $tinyib_anonymous;
$anonymous = $tinyib_anonymous[array_rand($tinyib_anonymous)];
@ -149,7 +149,7 @@ function nameBlock($name, $tripcode, $email, $timestamp, $rawposttext) {
$output = '<a href="mailto:' . $email . '">' . $output . '</a>';
}
return $output . $rawposttext . ' ' . strftime(TINYIB_DATEFMT, $timestamp);
return $output . $capcode . ' ' . strftime(TINYIB_DATEFMT, $timestamp);
}
function writePage($filename, $contents) {
@ -448,8 +448,8 @@ function getParent($post) {
return $post['parent'];
}
function isRawPost() {
if (isset($_POST['rawpost'])) {
function isStaffPost() {
if (isset($_POST['staffpost'])) {
list($loggedin, $isadmin) = manageCheckLogIn(false);
return $loggedin;
}

View File

@ -108,13 +108,13 @@ function makeLinksClickable($text) {
return $text;
}
function buildPostForm($parent, $raw_post = false) {
function buildPostForm($parent, $staff_post = false) {
global $tinyib_hidefieldsop, $tinyib_hidefields, $tinyib_uploads, $tinyib_embeds;
$hide_fields = $parent == TINYIB_NEWTHREAD ? $tinyib_hidefieldsop : $tinyib_hidefields;
$postform_extra = array('name' => '', 'email' => '', 'subject' => '', 'footer' => '');
$input_submit = '<input type="submit" value="' . __('Submit') . '" accesskey="z">';
if ($raw_post || !in_array('subject', $hide_fields)) {
if ($staff_post || !in_array('subject', $hide_fields)) {
$postform_extra['subject'] = $input_submit;
} else if (!in_array('email', $hide_fields)) {
$postform_extra['email'] = $input_submit;
@ -147,15 +147,28 @@ function buildPostForm($parent, $raw_post = false) {
if (TINYIB_MAXMESSAGE > 0) {
$maxlen_message = TINYIB_MAXMESSAGE;
}
if ($raw_post) {
if ($staff_post) {
$txt_options = __('Options');
$txt_raw_html = __('Raw HTML');
$txt_raw_html_info_1 = __('Text entered in the Message field will be posted as is with no formatting applied.');
$txt_raw_html_info_2 = __('Line-breaks must be specified with "&lt;br&gt;".');
$txt_reply_to = __('Reply to');
$txt_new_thread = __('0 to start a new thread');
$txt_info_1 = __('Text entered in the Message field will be posted as is with no formatting applied.');
$txt_info_2 = __('Line-breaks must be specified with "&lt;br&gt;".');
$form_action = '?';
$form_extra = '<input type="hidden" name="rawpost" value="1">';
$form_extra = '<input type="hidden" name="staffpost" value="1">';
$input_extra = <<<EOF
<tr>
<td class="postblock">
$txt_options
</td>
<td>
<label><input type="checkbox" name="raw" value="1" accesskey="r">&nbsp;$txt_raw_html</label><br>
&nbsp; <small>$txt_raw_html_info_1</small><br>
&nbsp; <small>$txt_raw_html_info_2</small>
</td>
</tr>
<tr>
<td class="postblock">
$txt_reply_to
@ -165,12 +178,6 @@ function buildPostForm($parent, $raw_post = false) {
</td>
</tr>
EOF;
$rules_extra = <<<EOF
<ul>
<li>$txt_info_1</li>
<li>$txt_info_2</li>
</ul><br>
EOF;
$maxlen_name = -1;
$maxlen_email = -1;
@ -187,7 +194,7 @@ EOF;
$unique_posts_html = '';
$captcha_html = '';
if (TINYIB_CAPTCHA && !$raw_post) {
if (TINYIB_CAPTCHA && !$staff_post) {
if (TINYIB_CAPTCHA === 'hcaptcha') {
$captcha_inner_html = '
<div style="min-height: 82px;">
@ -229,7 +236,7 @@ EOF;
EOF;
}
if (!empty($tinyib_uploads) && ($raw_post || !in_array('file', $hide_fields))) {
if (!empty($tinyib_uploads) && ($staff_post || !in_array('file', $hide_fields))) {
if (TINYIB_MAXKB > 0) {
$max_file_size_input_html = '<input type="hidden" name="MAX_FILE_SIZE" value="' . strval(TINYIB_MAXKB * 1024) . '">';
$max_file_size_rules_html = '<li>' . sprintf(__('Maximum file size allowed is %s.'), TINYIB_MAXKBDESC) . '</li>';
@ -255,7 +262,7 @@ EOF;
EOF;
}
$embeds_enabled = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($raw_post || !in_array('embed', $hide_fields));
$embeds_enabled = (!empty($tinyib_embeds) || TINYIB_UPLOADVIAURL) && ($staff_post || !in_array('embed', $hide_fields));
if ($embeds_enabled) {
$txt_embed = __('Embed');
$txt_embed_help = '';
@ -304,7 +311,7 @@ EOF;
<tbody>
$input_extra
EOF;
if ($raw_post || !in_array('name', $hide_fields)) {
if ($staff_post || !in_array('name', $hide_fields)) {
$txt_name = __('Name');
$output .= <<<EOF
<tr>
@ -318,7 +325,7 @@ EOF;
</tr>
EOF;
}
if ($raw_post || !in_array('email', $hide_fields)) {
if ($staff_post || !in_array('email', $hide_fields)) {
$txt_email = __('E-mail');
$output .= <<<EOF
<tr>
@ -332,7 +339,7 @@ EOF;
</tr>
EOF;
}
if ($raw_post || !in_array('subject', $hide_fields)) {
if ($staff_post || !in_array('subject', $hide_fields)) {
$txt_subject = __('Subject');
$output .= <<<EOF
<tr>
@ -346,7 +353,7 @@ EOF;
</tr>
EOF;
}
if ($raw_post || !in_array('message', $hide_fields)) {
if ($staff_post || !in_array('message', $hide_fields)) {
$txt_message = __('Message');
$output .= <<<EOF
<tr>
@ -365,7 +372,7 @@ EOF;
$file_input_html
$embed_input_html
EOF;
if ($raw_post || !in_array('password', $hide_fields)) {
if ($staff_post || !in_array('password', $hide_fields)) {
$txt_password = __('Password');
$txt_password_help = __('(for post and file deletion)');
$output .= <<<EOF
@ -869,7 +876,7 @@ function adminBar() {
if ($isadmin) {
$output .= '<a href="?manage&modlog">' . __('Moderation Log') . '</a>] [';
}
$output .= '<a href="?manage&rawpost">' . __('Raw Post') . '</a>] [';
$output .= '<a href="?manage&staffpost">' . __('Staff Post') . '</a>] [';
if ($isadmin) {
$output .= '<a href="?manage&rebuildall">' . __('Rebuild All') . '</a>] [';
$output .= '<a href="?manage&reports">' . __('Reports') . '</a>] [';
@ -916,7 +923,7 @@ function manageOnLoad($page) {
return ' onload="document.tinyib.text.focus();"';
case 'moderate':
return ' onload="document.tinyib.moderate.focus();"';
case 'rawpost':
case 'staffpost':
return ' onload="document.tinyib.message.focus();"';
}
}