@@ -920,8 +920,8 @@ | |||
$config['mod']['bumplock'] = MOD; | |||
// View whether a thread has been bumplocked ("-1" to allow non-mods to see too) | |||
$config['mod']['view_bumplock'] = MOD; | |||
// Edit posts (EXPERIMENTAL) | |||
$config['mod']['editpost'] = MOD; | |||
// Edit posts | |||
$config['mod']['editpost'] = ADMIN; | |||
// "Move" a thread to another board (EXPERIMENTAL; has some known bugs) | |||
$config['mod']['move'] = DISABLED; | |||
// Bypass "field_disable_*" (forced anonymity, etc.) | |||
@@ -986,7 +986,7 @@ function mod_ban_post($board, $delete, $post, $token = false) { | |||
mod_page(_('New ban'), 'mod/ban_form.html', $args); | |||
} | |||
function mod_edit_post($board, $post) { | |||
function mod_edit_post($board, $postID) { | |||
global $config, $mod; | |||
if (!openBoard($board)) | |||
@@ -995,37 +995,33 @@ function mod_edit_post($board, $post) { | |||
if (!hasPermission($config['mod']['editpost'], $board)) | |||
error($config['error']['noaccess']); | |||
$security_token = make_secure_link_token($board . '/ban/' . $post); | |||
$security_token = make_secure_link_token($board . '/edit/' . $postID); | |||
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id', $board)); | |||
$query->bindValue(':id', $post); | |||
$query->bindValue(':id', $postID); | |||
$query->execute() or error(db_error($query)); | |||
if (!$_post = $query->fetch(PDO::FETCH_ASSOC)) | |||
if (!$post = $query->fetch(PDO::FETCH_ASSOC)) | |||
error($config['error']['404']); | |||
if(isset($_POST['mode']) && $_POST['mode'] == "edit") | |||
{ | |||
$query = prepare(sprintf("UPDATE `posts_%s` SET `name` = :name,`email` = :email,`subject` = :subject,`body` = :body WHERE `id` = :id",$board)); | |||
$query->bindValue(':id', $post); | |||
if (isset($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['body'])) { | |||
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board)); | |||
$query->bindValue(':id', $postID); | |||
$query->bindValue('name', $_POST['name']); | |||
$query->bindValue(':email', $_POST['email']); | |||
$query->bindValue(':subject', $_POST['subject']); | |||
$query->bindValue(':body', $_POST['body']); | |||
$query->execute() or error(db_error($query)); | |||
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']); | |||
rebuildPost($postID); | |||
buildIndex(); | |||
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $postID) . '#' . $postID, true, $config['redirect_http']); | |||
} else { | |||
$args = array( | |||
'token' => $security_token, | |||
'name' => $_post['name'], | |||
'email' => $_post['email'], | |||
'subject' => $_post['subject'], | |||
'body' => $_post['body'], | |||
'mode' => "edit" | |||
); | |||
mod_page(_('Edit post'), 'mod/edit_post_form.html', $args); | |||
if ($config['minify_html']) | |||
$post['body_nomarkup'] = str_replace("\n", '
', $post['body_nomarkup']); | |||
mod_page(_('Edit post'), 'mod/edit_post_form.html', array('token' => $security_token, 'post' => $post)); | |||
} | |||
} | |||
@@ -61,11 +61,11 @@ $pages = array( | |||
'/ban' => 'secure_POST ban', // new ban | |||
'/(\w+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster | |||
'/(\w+)/move/(\d+)' => 'secure_POST move', // move thread | |||
'/(\w+)/edit/(\d+)' => 'secure_POST edit_post', // edit post | |||
'/(\w+)/delete/(\d+)' => 'secure delete', // delete post | |||
'/(\w+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post | |||
'/(\w+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address | |||
'/(\w+)/(un)?lock/(\d+)' => 'secure lock', // lock thread | |||
'/(\w+)/edit/(\d+)' => 'secure edit_post', // edit post | |||
'/(\w+)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread | |||
'/(\w+)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread | |||
@@ -1,11 +1,13 @@ | |||
<form name="post" enctype="multipart/form-data" action="{{ action }}" method="post"> | |||
<form action="" method="post"> | |||
<input type="hidden" name="token" value="{{ token }}"> | |||
<table> | |||
<tr> | |||
<th> | |||
{% trans %}Name{% endtrans %} | |||
</th> | |||
<td> | |||
<input type="text" name="name" size="25" maxlength="35" autocomplete="off" value="{{ name }}"> | |||
<input type="text" name="name" size="25" maxlength="35" autocomplete="off" value="{{ post.name }}"> | |||
</td> | |||
</tr> | |||
<tr> | |||
@@ -13,7 +15,7 @@ | |||
{% trans %}Email{% endtrans %} | |||
</th> | |||
<td> | |||
<input type="text" name="email" size="25" maxlength="40" autocomplete="off" value="{{ email }}"> | |||
<input type="text" name="email" size="25" maxlength="40" autocomplete="off" value="{{ post.email }}"> | |||
</td> | |||
</tr> | |||
<tr> | |||
@@ -21,7 +23,8 @@ | |||
{% trans %}Subject{% endtrans %} | |||
</th> | |||
<td> | |||
<input style="float:left;" type="text" name="subject" size="25" maxlength="100" autocomplete="off" value="{{ subject }}"> | |||
<input style="float:left;" type="text" name="subject" size="25" maxlength="100" autocomplete="off" value="{{ post.subject }}"> | |||
<input accesskey="s" style="margin-left:2px;" type="submit" name="post" value="{% trans %}Update{% endtrans %}"> | |||
</td> | |||
</tr> | |||
<tr> | |||
@@ -29,12 +32,8 @@ | |||
{% trans %}Comment{% endtrans %} | |||
</th> | |||
<td> | |||
<textarea name="body" id="body" rows="5" cols="35">{{ body }}</textarea> | |||
<textarea name="body" id="body" rows="5" cols="35">{{ post.body_nomarkup }}</textarea> | |||
</td> | |||
</tr> | |||
<tr> | |||
<th><input type="hidden" name="mode" value="{{ mode }}"></th> | |||
<td><input name="sub" type="submit" value="{% trans 'Submit' %}"></td> | |||
</tr> | |||
</table> | |||
</form> |