allow mods to bypass forced anonymity (and other disabled fields). also fixed some small per-board permission bugs
This commit is contained in:
parent
3f1c279ce3
commit
56821eb375
@ -832,6 +832,8 @@
|
|||||||
$config['mod']['editpost'] = DISABLED;
|
$config['mod']['editpost'] = DISABLED;
|
||||||
// "Move" a thread to another board (EXPERIMENTAL; has some known bugs)
|
// "Move" a thread to another board (EXPERIMENTAL; has some known bugs)
|
||||||
$config['mod']['move'] = DISABLED;
|
$config['mod']['move'] = DISABLED;
|
||||||
|
// Bypass "field_disable_*" (forced anonymity, etc.)
|
||||||
|
$config['mod']['bypass_field_disable'] = MOD;
|
||||||
// Post bypass unoriginal content check on robot-enabled boards
|
// Post bypass unoriginal content check on robot-enabled boards
|
||||||
$config['mod']['postunoriginal'] = ADMIN;
|
$config['mod']['postunoriginal'] = ADMIN;
|
||||||
// Bypass flood check
|
// Bypass flood check
|
||||||
|
75
post.php
75
post.php
@ -142,15 +142,6 @@
|
|||||||
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
|
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
|
||||||
} elseif(isset($_POST['post'])) {
|
} elseif(isset($_POST['post'])) {
|
||||||
|
|
||||||
if($config['field_disable_name'])
|
|
||||||
$_POST['name'] = $config['anonymous']; // "forced anonymous"
|
|
||||||
|
|
||||||
if($config['field_disable_email'])
|
|
||||||
$_POST['email'] = '';
|
|
||||||
|
|
||||||
if($config['field_disable_password'])
|
|
||||||
$_POST['password'] = '';
|
|
||||||
|
|
||||||
if( !isset($_POST['subject']) ||
|
if( !isset($_POST['subject']) ||
|
||||||
!isset($_POST['body']) ||
|
!isset($_POST['body']) ||
|
||||||
!isset($_POST['board'])
|
!isset($_POST['board'])
|
||||||
@ -250,31 +241,7 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check for a file
|
if($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
|
||||||
if($OP && !isset($post['no_longer_require_an_image_for_op'])) {
|
|
||||||
if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name']) && $config['force_image_op'])
|
|
||||||
error($config['error']['noimage']);
|
|
||||||
}
|
|
||||||
|
|
||||||
$post['name'] = !empty($_POST['name']) ? $_POST['name'] : $config['anonymous'];
|
|
||||||
$post['subject'] = $_POST['subject'];
|
|
||||||
$post['email'] = utf8tohtml($_POST['email']);
|
|
||||||
$post['body'] = $_POST['body'];
|
|
||||||
$post['password'] = $_POST['password'];
|
|
||||||
$post['has_file'] = !isset($post['embed']) && (($OP && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])));
|
|
||||||
|
|
||||||
$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
|
|
||||||
if($post['has_file'])
|
|
||||||
$post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']);
|
|
||||||
|
|
||||||
if(!($post['has_file'] || isset($post['embed'])) || (($OP && $config['force_body_op']) || (!$OP && $config['force_body']))) {
|
|
||||||
$stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']);
|
|
||||||
if(empty($stripped_whitespace )) {
|
|
||||||
error($config['error']['tooshort_body']);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if($post['mod']) {
|
|
||||||
require 'inc/mod.php';
|
require 'inc/mod.php';
|
||||||
if(!$mod) {
|
if(!$mod) {
|
||||||
// Liar. You're not a mod.
|
// Liar. You're not a mod.
|
||||||
@ -293,9 +260,43 @@
|
|||||||
error($config['error']['noaccess']);
|
error($config['error']['noaccess']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) {
|
||||||
|
if($config['field_disable_name'])
|
||||||
|
$_POST['name'] = $config['anonymous']; // "forced anonymous"
|
||||||
|
|
||||||
|
if($config['field_disable_email'])
|
||||||
|
$_POST['email'] = '';
|
||||||
|
|
||||||
|
if($config['field_disable_password'])
|
||||||
|
$_POST['password'] = '';
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check for a file
|
||||||
|
if($OP && !isset($post['no_longer_require_an_image_for_op'])) {
|
||||||
|
if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name']) && $config['force_image_op'])
|
||||||
|
error($config['error']['noimage']);
|
||||||
|
}
|
||||||
|
|
||||||
|
$post['name'] = !empty($_POST['name']) ? $_POST['name'] : $config['anonymous'];
|
||||||
|
$post['subject'] = $_POST['subject'];
|
||||||
|
$post['email'] = utf8tohtml($_POST['email']);
|
||||||
|
$post['body'] = $_POST['body'];
|
||||||
|
$post['password'] = $_POST['password'];
|
||||||
|
$post['has_file'] = !isset($post['embed']) && (($OP && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])));
|
||||||
|
|
||||||
|
if($post['has_file'])
|
||||||
|
$post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']);
|
||||||
|
|
||||||
|
if(!($post['has_file'] || isset($post['embed'])) || (($OP && $config['force_body_op']) || (!$OP && $config['force_body']))) {
|
||||||
|
$stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']);
|
||||||
|
if(empty($stripped_whitespace )) {
|
||||||
|
error($config['error']['tooshort_body']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Check if thread is locked
|
// Check if thread is locked
|
||||||
// but allow mods to post
|
// but allow mods to post
|
||||||
if(!$OP && (!$mod || $mod['type'] < $config['mod']['postinlocked'])) {
|
if(!$OP && !hasPermission($config['mod']['postinlocked'], $board['uri'])) {
|
||||||
if($thread['locked'])
|
if($thread['locked'])
|
||||||
error($config['error']['locked']);
|
error($config['error']['locked']);
|
||||||
}
|
}
|
||||||
@ -358,7 +359,7 @@
|
|||||||
$post['tracked_cites'] = markup($post['body'], true);
|
$post['tracked_cites'] = markup($post['body'], true);
|
||||||
|
|
||||||
// Check for a flood
|
// Check for a flood
|
||||||
if(!($mod && $mod['type'] >= $config['mod']['flood']) && checkFlood($post)) {
|
if(!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {
|
||||||
error($config['error']['flood']);
|
error($config['error']['flood']);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -560,7 +561,7 @@
|
|||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!($mod && $mod['type'] >= $config['mod']['postunoriginal']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) {
|
if(!hasPermission($config['mod']['postunoriginal'], $board['uri']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) {
|
||||||
undoImage($post);
|
undoImage($post);
|
||||||
if($config['robot_mute']) {
|
if($config['robot_mute']) {
|
||||||
error(sprintf($config['error']['muted'], mute()));
|
error(sprintf($config['error']['muted'], mute()));
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
<input type="hidden" name="board" value="{{ board.uri }}" />
|
<input type="hidden" name="board" value="{{ board.uri }}" />
|
||||||
{% if mod %}<input type="hidden" name="mod" value="1" />{% endif %}
|
{% if mod %}<input type="hidden" name="mod" value="1" />{% endif %}
|
||||||
<table>
|
<table>
|
||||||
{% if not config.field_disable_name %}<tr>
|
{% if not config.field_disable_name or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
|
||||||
<th>
|
<th>
|
||||||
{% trans %}Name{% endtrans %}
|
{% trans %}Name{% endtrans %}
|
||||||
</th>
|
</th>
|
||||||
@ -12,7 +12,7 @@
|
|||||||
<input type="text" name="name" size="25" maxlength="50" autocomplete="off" />
|
<input type="text" name="name" size="25" maxlength="50" autocomplete="off" />
|
||||||
</td>
|
</td>
|
||||||
</tr>{% endif %}
|
</tr>{% endif %}
|
||||||
{% if not config.field_disable_email %}<tr>
|
{% if not config.field_disable_email or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
|
||||||
<th>
|
<th>
|
||||||
{% trans %}Email{% endtrans %}
|
{% trans %}Email{% endtrans %}
|
||||||
</th>
|
</th>
|
||||||
@ -86,7 +86,7 @@
|
|||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if not config.field_disable_password %}<tr>
|
{% if not config.field_disable_password or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
|
||||||
<th>
|
<th>
|
||||||
{% trans %}Password{% endtrans %}
|
{% trans %}Password{% endtrans %}
|
||||||
</th>
|
</th>
|
||||||
|
Loading…
Reference in New Issue
Block a user