Browse Source

allow mods to bypass forced anonymity (and other disabled fields). also fixed some small per-board permission bugs

pull/40/head
Michael Save 11 years ago
parent
commit
56821eb375
  1. 2
      inc/config.php
  2. 65
      post.php
  3. 6
      templates/post_form.html

2
inc/config.php

@ -832,6 +832,8 @@
$config['mod']['editpost'] = DISABLED;
// "Move" a thread to another board (EXPERIMENTAL; has some known bugs)
$config['mod']['move'] = DISABLED;
// Bypass "field_disable_*" (forced anonymity, etc.)
$config['mod']['bypass_field_disable'] = MOD;
// Post bypass unoriginal content check on robot-enabled boards
$config['mod']['postunoriginal'] = ADMIN;
// Bypass flood check

65
post.php

@ -142,15 +142,6 @@
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
} elseif(isset($_POST['post'])) {
if($config['field_disable_name'])
$_POST['name'] = $config['anonymous']; // "forced anonymous"
if($config['field_disable_email'])
$_POST['email'] = '';
if($config['field_disable_password'])
$_POST['password'] = '';
if( !isset($_POST['subject']) ||
!isset($_POST['body']) ||
!isset($_POST['board'])
@ -250,6 +241,36 @@
}
}
if($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
require 'inc/mod.php';
if(!$mod) {
// Liar. You're not a mod.
error($config['error']['notamod']);
}
$post['sticky'] = $OP && isset($_POST['sticky']);
$post['locked'] = $OP && isset($_POST['lock']);
$post['raw'] = isset($_POST['raw']);
if($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri']))
error($config['error']['noaccess']);
if($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri']))
error($config['error']['noaccess']);
if($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri']))
error($config['error']['noaccess']);
}
if(!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) {
if($config['field_disable_name'])
$_POST['name'] = $config['anonymous']; // "forced anonymous"
if($config['field_disable_email'])
$_POST['email'] = '';
if($config['field_disable_password'])
$_POST['password'] = '';
}
// Check for a file
if($OP && !isset($post['no_longer_require_an_image_for_op'])) {
if(!isset($_FILES['file']['tmp_name']) || empty($_FILES['file']['tmp_name']) && $config['force_image_op'])
@ -263,7 +284,6 @@
$post['password'] = $_POST['password'];
$post['has_file'] = !isset($post['embed']) && (($OP && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])));
$post['mod'] = isset($_POST['mod']) && $_POST['mod'];
if($post['has_file'])
$post['filename'] = utf8tohtml(get_magic_quotes_gpc() ? stripslashes($_FILES['file']['name']) : $_FILES['file']['name']);
@ -274,28 +294,9 @@
}
}
if($post['mod']) {
require 'inc/mod.php';
if(!$mod) {
// Liar. You're not a mod.
error($config['error']['notamod']);
}
$post['sticky'] = $OP && isset($_POST['sticky']);
$post['locked'] = $OP && isset($_POST['lock']);
$post['raw'] = isset($_POST['raw']);
if($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri']))
error($config['error']['noaccess']);
if($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri']))
error($config['error']['noaccess']);
if($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri']))
error($config['error']['noaccess']);
}
// Check if thread is locked
// but allow mods to post
if(!$OP && (!$mod || $mod['type'] < $config['mod']['postinlocked'])) {
if(!$OP && !hasPermission($config['mod']['postinlocked'], $board['uri'])) {
if($thread['locked'])
error($config['error']['locked']);
}
@ -358,7 +359,7 @@
$post['tracked_cites'] = markup($post['body'], true);
// Check for a flood
if(!($mod && $mod['type'] >= $config['mod']['flood']) && checkFlood($post)) {
if(!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {
error($config['error']['flood']);
}
@ -560,7 +561,7 @@
));
}
if(!($mod && $mod['type'] >= $config['mod']['postunoriginal']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) {
if(!hasPermission($config['mod']['postunoriginal'], $board['uri']) && $config['robot_enable'] && checkRobot($post['body_nomarkup'])) {
undoImage($post);
if($config['robot_mute']) {
error(sprintf($config['error']['muted'], mute()));

6
templates/post_form.html

@ -4,7 +4,7 @@
<input type="hidden" name="board" value="{{ board.uri }}" />
{% if mod %}<input type="hidden" name="mod" value="1" />{% endif %}
<table>
{% if not config.field_disable_name %}<tr>
{% if not config.field_disable_name or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
<th>
{% trans %}Name{% endtrans %}
</th>
@ -12,7 +12,7 @@
<input type="text" name="name" size="25" maxlength="50" autocomplete="off" />
</td>
</tr>{% endif %}
{% if not config.field_disable_email %}<tr>
{% if not config.field_disable_email or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
<th>
{% trans %}Email{% endtrans %}
</th>
@ -86,7 +86,7 @@
</td>
</tr>
{% endif %}
{% if not config.field_disable_password %}<tr>
{% if not config.field_disable_password or post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) %}<tr>
<th>
{% trans %}Password{% endtrans %}
</th>

Loading…
Cancel
Save