allow mods to bypass forced anonymity (and other disabled fields). also fixed some small per-board permission bugs

This commit is contained in:
Michael Save 2012-02-16 23:07:25 +11:00
parent 3f1c279ce3
commit 56821eb375
3 changed files with 43 additions and 40 deletions

View File

@ -832,6 +832,8 @@
$config['mod']['editpost'] = DISABLED;
// "Move" a thread to another board (EXPERIMENTAL; has some known bugs)
$config['mod']['move'] = DISABLED;
// Bypass "field_disable_*" (forced anonymity, etc.)
$config['mod']['bypass_field_disable'] = MOD;
// Post bypass unoriginal content check on robot-enabled boards
$config['mod']['postunoriginal'] = ADMIN;
// Bypass flood check

View File

@ -142,15 +142,6 @@
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
} elseif(isset($_POST['post'])) {
if($config['field_disable_name'])
$_POST['name'] = $config['anonymous']; // "forced anonymous"
if($config['field_disable_email'])
$_POST['email'] = '';
if($config['field_disable_password'])
$_POST['password'] = '';
if( !isset($_POST['subject']) ||
!isset($_POST['body']) ||
!isset($_POST['board'])
@ -250,31 +241,7 @@
}
}
// Check for a file
if($OP && !isset($post['no_longer_require_an_image_for_op'])) {
if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name']) && $config['force_image_op'])
error($config['error']['noimage']);
}
$post['name'] = !empty($_POST['name']) ? $_POST['name'] : $config['anonymous'];
$post['subject'] = $_POST['subject'];
$post['email'] = utf8tohtml($_POST['email']);
$post['body'] = $_POST['body'];
$post['password'] = $_POST['password'];
$post['has_file'] = !isset($post['embed']) && (($OP && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])));
$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
if($post['has_file'])
$post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']);
if(!($post['has_file'] || isset($post['embed'])) || (($OP && $config['force_body_op']) || (!$OP && $config['force_body']))) {
$stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']);
if(empty($stripped_whitespace )) {
error($config['error']['tooshort_body']);
}
}
if($post['mod']) {
if($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
require 'inc/mod.php';
if(!$mod) {
// Liar. You're not a mod.
@ -293,9 +260,43 @@
error($config['error']['noaccess']);
}
if(!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) {
if($config['field_disable_name'])
$_POST['name'] = $config['anonymous']; // "forced anonymous"
if($config['field_disable_email'])
$_POST['email'] = '';
if($config['field_disable_password'])
$_POST['password'] = '';
}
// Check for a file
if($OP && !isset($post['no_longer_require_an_image_for_op'])) {
if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name']) && $config['force_image_op'])
error($config['error']['noimage']);
}
$post['name'] = !empty($_POST['name']) ? $_POST['name'] : $config['anonymous'];
$post['subject'] = $_POST['subject'];
$post['email'] = utf8tohtml($_POST['email']);
$post['body'] = $_POST['body'];
$post['password'] = $_POST['password'];
$post['has_file'] = !isset($post['embed']) && (($OP && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])));
if($post['has_file'])
$post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']);
if(!($post['has_file'] || isset($post['embed'])) || (($OP && $config['force_body_op']) || (!$OP && $config['force_body']))) {
$stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']);
if(empty($stripped_whitespace )) {
error($config['error']['tooshort_body']);
}
}
// Check if thread is locked
// but allow mods to post
if(!$OP && (!$mod || $mod['type'] < $config['mod']['postinlocked'])) {
if(!$OP && !hasPermission($config['mod']['postinlocked'], $board['uri'])) {
if($thread['locked'])
error($config['error']['locked']);
}
@ -358,7 +359,7 @@
$post['tracked_cites'] = markup($post['body'], true);
// Check for a flood
if(!($mod && $mod['type'] >= $config['mod']['flood']) && checkFlood($post)) {
if(!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {
error($config['error']['flood']);
}
@ -560,7 +561,7 @@
));
}
if(!($mod && $mod['type'] >= $config['mod']['postunoriginal']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) {
if(!hasPermission($config['mod']['postunoriginal'], $board['uri']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) {
undoImage($post);
if($config['robot_mute']) {
error(sprintf($config['error']['muted'], mute()));

View File

@ -4,7 +4,7 @@
<input type="hidden" name="board" value="{{ board.uri }}" />
{% if mod %}<input type="hidden" name="mod" value="1" />{% endif %}
<table>
{% if not config.field_disable_name %}<tr>
{% if not config.field_disable_name or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
<th>
{% trans %}Name{% endtrans %}
</th>
@ -12,7 +12,7 @@
<input type="text" name="name" size="25" maxlength="50" autocomplete="off" />
</td>
</tr>{% endif %}
{% if not config.field_disable_email %}<tr>
{% if not config.field_disable_email or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
<th>
{% trans %}Email{% endtrans %}
</th>
@ -86,7 +86,7 @@
</td>
</tr>
{% endif %}
{% if not config.field_disable_password %}<tr>
{% if not config.field_disable_password or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
<th>
{% trans %}Password{% endtrans %}
</th>