@ -396,20 +396,13 @@ function handle_report(){
}
print_err("Hello Top Level");
function handle_post(){
global $config,$dropped_post,$board, $mod,$pdo;
print_err("Hello Debugging");
if (!isset($_POST['body'], $_POST['board']) & & !$dropped_post) {
print_err("We are a bot 1");
error($config['error']['bot']);
}
print_err("Not a bot 1");
$post = array('board' => $_POST['board'], 'files' => array());
// Check if board exists
@ -445,8 +438,6 @@ function handle_post(){
if (!$dropped_post) {
print_err("not a dropped post");
// Check for CAPTCHA right after opening the board so the "return" link is in there
if ($config['recaptcha']) {
if (!isset($_POST['g-recaptcha-response']))
@ -462,8 +453,6 @@ function handle_post(){
}
}
print_err("pass captcha block");
if(isset($config['securimage']) & & $config['secureimage']){
if(!isset($_POST['captcha'])){
error($config['error']['securimage']['missing']);
@ -481,36 +470,24 @@ function handle_post(){
}
}
print_err("pass securimage block");
if (!(($post['op'] & & $_POST['post'] == $config['button_newtopic']) ||
(!$post['op'] & & $_POST['post'] == $config['button_reply']))) {
print_err("we are a bot 2");
error($config['error']['bot']);
}
print_err("we are not a bot 2");
// Check the referrer
if ($config['referer_match'] !== false & &
(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) {
print_err("Missing REFERRER");
print_err($config['referer_match']);
error($config['error']['referer']);
}
print_err("ReferrerOK");
checkDNSBL();
// Check if banned
checkBan($board['uri']);
print_err("Not banned");
if ($post['mod'] = isset($_POST['mod']) & & $_POST['mod']) {
check_login(false);
if (!$mod) {
@ -530,8 +507,6 @@ function handle_post(){
error($config['error']['noaccess']);
}
print_err("Mod block 1 pass");
if (!$post['mod'] & & $config['spam']['enabled'] == true) {
$post['antispam_hash'] = checkSpam(
array($board['uri'],
@ -540,7 +515,6 @@ function handle_post(){
//$post['antispam_hash'] = checkSpam();
if ($post['antispam_hash'] === true) {
print_err("Anti spam triggered");
error($config['error']['spam']);
}
}
@ -548,15 +522,11 @@ function handle_post(){
if ($config['robot_enable'] & & $config['robot_mute']) {
checkMute();
}
print_err("Mod block 2 pass");
}
else {
$mod = $post['mod'] = false;
}
print_err("not dropped block pass");
//Check if thread exists
if (!$post['op']) {
$query = prepare(sprintf("SELECT `sticky`,`locked`,`cycle`,`sage`,`slug` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
@ -572,8 +542,6 @@ function handle_post(){
$thread = false;
}
print_err("check OP ok");
// Check for an embed field
if ($config['enable_embedding'] & & isset($_POST['embed']) & & !empty($_POST['embed'])) {
@ -593,8 +561,6 @@ function handle_post(){
}
}
print_err("embed field block pass");
if (!hasPermission($config['mod']['bypass_field_disable'], $board['uri'])) {
if ($config['field_disable_name'])
$_POST['name'] = $config['anonymous']; // "forced anonymous"
@ -609,8 +575,6 @@ function handle_post(){
$_POST['subject'] = '';
}
print_err("mod bypass block ok");
if ($config['allow_upload_by_url'] & & isset($_POST['file_url1']) & & !empty($_POST['file_url1'])) {
function unlink_tmp_file($file) {
@unlink($file);
@ -678,8 +642,6 @@ function handle_post(){
}
print_err("allow upload by url block ok");
$post['name'] = $_POST['name'] != '' ? $_POST['name'] : $config['anonymous'];
$post['subject'] = $_POST['subject'];
$post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));
@ -687,52 +649,10 @@ function handle_post(){
$post['password'] = $_POST['password'];
$post['has_file'] = (!isset($post['embed']) & & (($post['op'] & & !isset($post['no_longer_require_an_image_for_op']) & & $config['force_image_op']) || count($_FILES) > 0));
print_err("post vars set");
if (!$dropped_post) {
print_err("not dropped post");
if (!($post['has_file'] || isset($post['embed'])) || (($post['op'] & & $config['force_body_op']) || (!$post['op'] & & $config['force_body']))) {
if (!$post['has_file']) {
print_err("post has no file");
} else {
print_err("post has file");
}
if (!isset($post['embed'])) {
print_err("post has no embed");
} else {
print_err("post has embed");
}
if (!$post['op']) {
print_err("post is not op");
} else {
print_err("post is op");
}
if (!$config['force_body_op']) {
print_err("force body op is off");
} else {
print_err("force body op is on");
}
if (!$config['force_body']) {
print_err("force body is off");
} else {
print_err("force body is on");
}
print_err("post body:\n" . $post['body']);
$stripped_whitespace = preg_replace('/[\s]/u', '', $post['body']);
print_err(print_r(preg_last_error(), true));
if (preg_last_error() == PREG_BAD_UTF8_ERROR) {
print_err("Bad unicode preg error");
}
if ($stripped_whitespace == '') {
print_err("error: body too short!");
error($config['error']['tooshort_body']);
}
}
@ -741,7 +661,6 @@ function handle_post(){
// Check if thread is locked
// but allow mods to post
if ($thread['locked'] & & !hasPermission($config['mod']['postinlocked'], $board['uri'])) {
print_err("error thread locked");
error($config['error']['locked']);
}
@ -751,25 +670,20 @@ function handle_post(){
$imagethreshold = isset($thread['cycle']) & & $thread['cycle'] ? $numposts['images'] - 1 : $numposts['images'];
if ($config['reply_hard_limit'] != 0 & & $config['reply_hard_limit'] < = $replythreshold) {
print_err("reply hard limit");
error($config['error']['reply_hard_limit']);
}
if ($post['has_file'] & & $config['image_hard_limit'] != 0 & & $config['image_hard_limit'] < = $imagethreshold) {
print_err("image hard limit");
error($config['error']['image_hard_limit']);
}
}
}
else {
print_err("dropped post active");
if (!$post['op']) {
$numposts = numPosts($post['thread']);
$numposts = numPosts($post['thread']);
}
}
print_err("Not dropped post block 2 OK");
if ($post['has_file']) {
// Determine size sanity
$size = 0;
@ -805,8 +719,6 @@ function handle_post(){
$post['filesize'] = $size;
}
print_err("has File block OK");
$post['capcode'] = false;
if ($mod & & preg_match('/^((.+) )?## (.+)$/', $post['name'], $matches)) {
@ -872,22 +784,18 @@ function handle_post(){
}
}
print_err("has File block 2 OK");
if (empty($post['files'])) $post['has_file'] = false;
if (!$dropped_post) {
// Check for a file
if ($post['op'] & & !isset($post['no_longer_require_an_image_for_op'])) {
if (!$post['has_file'] & & $config['force_image_op']) {
print_err("error No Image");
error($config['error']['noimage']);
}
}
// Check for too many files
if (sizeof($post['files']) > $config['max_images']) {
print_err("Too many images");
error($config['error']['toomanyimages']);
}
}
@ -899,46 +807,32 @@ function handle_post(){
$post['body'] = strip_combining_chars($post['body']);
}
print_err("post fields strip");
if (!$dropped_post) {
// Check string lengths
if (mb_strlen($post['name']) > 35) {
print_err("name too long");
error(sprintf($config['error']['toolong'], 'name'));
}
if (mb_strlen($post['email']) > 40) {
print_err("email too long");
error(sprintf($config['error']['toolong'], 'email'));
}
if (mb_strlen($post['subject']) > 100) {
print_err("subject too long");
error(sprintf($config['error']['toolong'], 'subject'));
}
if (!$mod & & mb_strlen($post['body']) > $config['max_body']) {
print_err("body too long");
error($config['error']['toolong_body']);
}
if (!$mod & & mb_strlen($post['body']) > 0 & & (mb_strlen($post['body']) < $config['min_body'])) {
print_err("body too short");
error($config['error']['tooshort_body']);
}
if (mb_strlen($post['password']) > 20) {
print_err("password too long");
error(sprintf($config['error']['toolong'], 'password'));
}
}
print_err("wordfilters");
wordfilters($post['body']);
print_err("Process post body");
$post['body'] = escape_markup_modifiers($post['body']);
print_err("body escaped");
if ($mod & & isset($post['raw']) & & $post['raw']) {
$post['body'] .= "\n< tinyboard raw html > 1< / tinyboard > ";
}
@ -967,8 +861,6 @@ function handle_post(){
}
}
print_err("flag stuff block OK");
if ($config['user_flag'] & & isset($_POST['user_flag']))
if (!empty($_POST['user_flag']) ){
@ -983,22 +875,16 @@ function handle_post(){
"\n< tinyboard flag alt > " . $flag_alt . "< / tinyboard > ";
}
print_err("user flag block ok");
if ($config['allowed_tags'] & & $post['op'] & & isset($_POST['tag']) & & isset($config['allowed_tags'][$_POST['tag']])) {
$post['body'] .= "\n< tinyboard tag > " . $_POST['tag'] . "< / tinyboard > ";
}
print_err("allowed tags block ok");
if (!$dropped_post)
if ($config['proxy_save'] & & isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$proxy = preg_replace("/[^0-9a-fA-F.,: ]/", '', $_SERVER['HTTP_X_FORWARDED_FOR']);
$post['body'] .= "\n< tinyboard proxy > ".$proxy."< / tinyboard > ";
}
print_err("proxy save block ok");
if (mysql_version() >= 50503) {
$post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset
} else {
@ -1016,13 +902,8 @@ function handle_post(){
}
}
print_err("body nomarkup block OK");
$post['tracked_cites'] = markup($post['body'], true);
print_err("Process post tags flags and other stuff");
if ($post['has_file']) {
$md5cmd = false;
if ($config['bsd_md5']) $md5cmd = '/sbin/md5 -r';
@ -1033,11 +914,9 @@ function handle_post(){
foreach ($post['files'] as $key => & $file) {
if ($post['op'] & & $config['allowed_ext_op']) {
if (!in_array($file['extension'], $config['allowed_ext_op'])) {
print_err("Unknown extension (1)!");
error($config['error']['unknownext']);
}
} elseif (!in_array($file['extension'], $config['allowed_ext']) & & !in_array($file['extension'], $config['allowed_ext_files'])) {
print_err("Unknown extension (2)!");
error($config['error']['unknownext']);
}
@ -1072,29 +951,20 @@ function handle_post(){
}
}
print_err("has file block 2 OK");
if (!hasPermission($config['mod']['bypass_filters'], $board['uri']) & & !$dropped_post) {
require_once 'inc/filters.php';
print_err("doing filters");
do_filters($post);
print_err("filters OK");
}
print_err("filters block OK");
if ($post['has_file']) {
print_err("files block 3 start!");
foreach ($post['files'] as $key => & $file) {
if ($file['is_an_image']) {
print_err("file is an image");
if ($config['ie_mime_type_detection'] !== false) {
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($upload, null, null, null, 255);
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
print_err("error mime exploit");
error($config['error']['mime_exploit']);
}
}
@ -1103,20 +973,15 @@ function handle_post(){
// find dimensions of an image using GD
if (!$size = @getimagesize($file['tmp_name'])) {
print_err("error invalid image");
error($config['error']['invalidimg']);
}
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
print_err("error invalid image2");
error($config['error']['invalidimg']);
}
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
print_err("error invalid maxsize");
error($config['error']['maxsize']);
}
print_err("initial image checks OK");
if ($config['convert_auto_orient'] & & ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
// The following code corrects the image orientation.
// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
@ -1147,7 +1012,6 @@ function handle_post(){
escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($upload));
}
if ($error) {
print_err("Could not auto-orient image!");
error(_('Could not auto-orient image!'), null, $error);
}
$size = @getimagesize($file['tmp_name']);
@ -1158,26 +1022,18 @@ function handle_post(){
}
}
print_err("convert auto orient block OK");
// create image object
$image = new Image($file['tmp_name'], $file['extension'], $size);
if ($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
$image->delete();
print_err("image too large");
error($config['error']['maxsize']);
}
print_err("create image object ok");
$file['width'] = $image->size->width;
$file['height'] = $image->size->height;
print_err("image size width and height");
if ($config['spoiler_images'] & & isset($_POST['spoiler'])) {
print_err("spoiler set");
$file['thumb'] = 'spoiler';
$size = @getimagesize($config['spoiler_image']);
@ -1188,33 +1044,26 @@ function handle_post(){
$image->size->height < = $config['thumb_height'] & &
$file['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $file['extension'])) {
print_err("minimum copy resize");
// Copy, because there's nothing to resize
copy($file['tmp_name'], $file['thumb']);
$file['thumbwidth'] = $image->size->width;
$file['thumbheight'] = $image->size->height;
} else {
print_err("thumbnail resize");
$thumb = $image->resize(
$config['thumb_ext'] ? $config['thumb_ext'] : $file['extension'],
$post['op'] ? $config['thumb_op_width'] : $config['thumb_width'],
$post['op'] ? $config['thumb_op_height'] : $config['thumb_height']
);
print_err("thumbnail resize ok");
$thumb->to($file['thumb']);
print_err("thumbnail save ok");
$file['thumbwidth'] = $thumb->width;
$file['thumbheight'] = $thumb->height;
$thumb->_destroy();
}
print_err("something to do with thumbnails block OK");
if ($config['redraw_image'] || (!@$file['exif_stripped'] & & $config['strip_exif'] & & ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg'))) {
if (!$config['redraw_image'] & & $config['use_exiftool']) {
if($error = shell_exec_error('exiftool -overwrite_original -ignoreMinorErrors -q -q -all= ' .
@ -1329,8 +1178,6 @@ function handle_post(){
}
}
print_err("is an image block OK");
if ($config['tesseract_ocr'] & & $file['thumb'] != 'file') { // Let's OCR it!
$fname = $file['tmp_name'];
@ -1359,8 +1206,6 @@ function handle_post(){
}
}
print_err("OCR block pass");
if (!isset($dont_copy_file) || !$dont_copy_file) {
if (isset($file['file_tmp'])) {
if (!@rename($file['tmp_name'], $file['file']))
@ -1371,12 +1216,9 @@ function handle_post(){
}
}
print_err("image reject repost begin");
if ($config['image_reject_repost']) {
if ($p = getPostByHash($post['filehash'])) {
undoImage($post);
print_err("file exists!");
error(sprintf($config['error']['fileexists'],
($post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']) .
($board['dir'] . $config['dir']['res'] .
@ -1390,7 +1232,6 @@ function handle_post(){
} else if (!$post['op'] & & $config['image_reject_repost_in_thread']) {
if ($p = getPostByHashInThread($post['filehash'], $post['thread'])) {
undoImage($post);
print_err("file exists ITT!");
error(sprintf($config['error']['fileexistsinthread'],
($post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root']) .
($board['dir'] . $config['dir']['res'] .
@ -1403,24 +1244,18 @@ function handle_post(){
}
}
print_err("End of has file block 3");
}
print_err("has file block 3 OK");
// Do filters again if OCRing
if ($config['tesseract_ocr'] & & !hasPermission($config['mod']['bypass_filters'], $board['uri']) & & !$dropped_post) {
do_filters($post);
}
if (!hasPermission($config['mod']['postunoriginal'], $board['uri']) & & $config['robot_enable'] & & checkRobot($post['body_nomarkup']) & & !$dropped_post) {
print_err("muted or unoriginal");
undoImage($post);
if ($config['robot_mute']) {
print_err("muted");
error(sprintf($config['error']['muted'], mute()));
} else {
print_err("unoriginal");
error($config['error']['unoriginal']);
}
}
@ -1436,41 +1271,28 @@ function handle_post(){
}
}
print_err("has file block 5 OK");
$post = (object)$post;
$post->files = array_map(function($a) { return (object)$a; }, $post->files);
$error = event('post', $post);
$post->files = array_map(function($a) { return (array)$a; }, $post->files);
print_err("post set files map");
if ($error) {
print_err("Error " . $error);
undoImage((array)$post);
error($error);
}
print_err("no error yet");
$post = (array)$post;
if ($post['files']) {
$post['files'] = $post['files'];
}
print_err("no error yet2");
$post['num_files'] = sizeof($post['files']);
print_err("no error yet3");
$post['id'] = $id = post($post);
print_err("no error yet 4");
$post['slug'] = slugify($post);
print_err("Set post props OK");
if ($dropped_post & & $dropped_post['from_nntp']) {
$query = prepare("INSERT INTO ``nntp_references`` (`board`, `id`, `message_id`, `message_id_digest`, `own`, `headers`) VALUES ".
"(:board , :id , :message_id , :message_id_digest , false, :headers)");
@ -1506,7 +1328,6 @@ function handle_post(){
nntp_publish($message, $msgid);
}
print_err("insert flood post");
insertFloodPost($post);
// Handle cyclical threads
@ -1518,7 +1339,6 @@ function handle_post(){
$query->execute() or error(db_error($query));
}
print_err("increment antispam");
if (isset($post['antispam_hash'])) {
incrementSpamHash($post['antispam_hash']);
}
@ -1533,14 +1353,10 @@ function handle_post(){
query('INSERT INTO ``cites`` VALUES ' . implode(', ', $insert_rows)) or error(db_error());
}
print_err("tracked cites block ok");
if (!$post['op'] & & strtolower($post['email']) != 'sage' & & !$thread['sage'] & & ($config['reply_limit'] == 0 || $numposts['replies']+1 < $config['reply_limit'])) {
bumpThread($post['thread']);
}
print_err("thread bumped");
if (isset($_SERVER['HTTP_REFERER'])) {
// Tell Javascript that we posted successfully
if (isset($_COOKIE[$config['cookies']['js']]))
@ -1578,12 +1394,8 @@ function handle_post(){
}
print_err("Redirect or noko block OK");
buildThread($post['op'] ? $id : $post['thread']);
print_err("build thread OK");
if ($config['syslog'])
_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] .
link_for($post) . (!$post['op'] ? '#' . $id : ''));
@ -1621,9 +1433,6 @@ function handle_post(){
} else {
rebuildThemes('post', $board['uri']);
}
print_err("handle post DONE");
}
function handle_appeal(){
towards-a-new-leftypol
3 years ago