leftypol
/
leftypol
4
5
Fork 2
Code Issues 60 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Merge branch 'master' of https://github.com/savetheinternet/Tinyboard 

Conflicts:
	mod.php
pull/40/head
Marcin Łabanowski 11 years ago
parent
9b7b1c996f db1b50cfc3
commit
e6b9bad788
8 changed files with 279 additions and 44 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      inc/config.php
  2. 4
      inc/display.php
  3. 142
      inc/mod/pages.php
  4. 4
      mod.php
  5. 42
      templates/mod/debug/antispam.html
  6. 89
      templates/mod/debug/recent_posts.html
  7. 26
      templates/mod/debug/sql.html
  8. 10
      templates/mod/edit_post_form.html

6
inc/config.php
View File

@ -903,6 +903,9 @@
// PM snippet (for ?/inbox) length in characters
$config['mod']['snippet_length'] = 75;
// Edit raw HTML in posts by default
$config['mod']['raw_html_default'] = false;
// Probably best not to change these:
if (!defined('JANITOR')) {
define('JANITOR', 0, true);
@ -1049,6 +1052,9 @@
// Edit the current configuration (via web interface)
$config['mod']['edit_config'] = ADMIN;
// Execute un-filtered SQL queries on the database (?/debug/sql)
$config['mod']['debug_sql'] = DISABLED;
/*
* ====================
* Events (PHP 5.3.0+)

4
inc/display.php
View File

@ -297,7 +297,7 @@ class Post {
// Edit post
if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
$built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
$built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit' . ($config['mod']['raw_html_default'] ? '_raw' : '') . '/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
if (!empty($built))
$built = '<span class="controls">' . $built . '</span>';
@ -418,7 +418,7 @@ class Thread {
// Edit post
if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
$built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
$built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit' . ($config['mod']['raw_html_default'] ? '_raw' : '') . '/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
if (!empty($built))
$built = '<span class="controls op">' . $built . '</span>';

142
inc/mod/pages.php
View File

@ -986,7 +986,7 @@ function mod_ban_post($board, $delete, $post, $token = false) {
mod_page(_('New ban'), 'mod/ban_form.html', $args);
}
function mod_edit_post($board, $postID) {
function mod_edit_post($board, $edit_raw_html, $postID) {
global $config, $mod;
if (!openBoard($board))
@ -994,8 +994,11 @@ function mod_edit_post($board, $postID) {
if (!hasPermission($config['mod']['editpost'], $board))
error($config['error']['noaccess']);
if ($edit_raw_html && !hasPermission($config['mod']['rawhtml'], $board))
error($config['error']['noaccess']);
$security_token = make_secure_link_token($board . '/edit/' . $postID);
$security_token = make_secure_link_token($board . '/edit' . ($edit_raw_html ? '_raw' : '') . '/' . $postID);
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id', $board));
$query->bindValue(':id', $postID);
@ -1005,7 +1008,10 @@ function mod_edit_post($board, $postID) {
error($config['error']['404']);
if (isset($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['body'])) {
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board));
if ($edit_raw_html)
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body` = :body WHERE `id` = :id', $board));
else
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board));
$query->bindValue(':id', $postID);
$query->bindValue('name', $_POST['name']);
$query->bindValue(':email', $_POST['email']);
@ -1013,15 +1019,19 @@ function mod_edit_post($board, $postID) {
$query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query));
rebuildPost($postID);
if (!$edit_raw_html)
rebuildPost($postID);
buildIndex();
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $postID) . '#' . $postID, true, $config['redirect_http']);
} else {
if ($config['minify_html'])
if ($config['minify_html']) {
$post['body_nomarkup'] = str_replace("\n", '&#010;', $post['body_nomarkup']);
$post['body'] = str_replace("\n", '&#010;', $post['body']);
}
mod_page(_('Edit post'), 'mod/edit_post_form.html', array('token' => $security_token, 'post' => $post));
mod_page(_('Edit post'), 'mod/edit_post_form.html', array('token' => $security_token, 'board' => $board, 'raw' => $edit_raw_html, 'post' => $post));
}
}
@ -1723,40 +1733,6 @@ function mod_config() {
mod_page(_('Config editor'), 'mod/config-editor.html', array('conf' => $conf));
}
function mod_debug_antispam() {
global $pdo, $config;
$args = array();
if (isset($_POST['board'], $_POST['thread'])) {
$where = '`board` = ' . $pdo->quote($_POST['board']);
if ($_POST['thread'] != '')
$where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']);
if (isset($_POST['purge'])) {
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error());
}
$args['board'] = $_POST['board'];
$args['thread'] = $_POST['thread'];
} else {
$where = '';
}
$query = query('SELECT COUNT(*) FROM `antispam`' . ($where ? " WHERE $where" : '')) or error(db_error());
$args['total'] = number_format($query->fetchColumn(0));
$query = query('SELECT COUNT(*) FROM `antispam` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error());
$args['expiring'] = number_format($query->fetchColumn(0));
$query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error());
$args['top'] = $query->fetchAll(PDO::FETCH_ASSOC);
mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args);
}
function mod_themes_list() {
global $config;
@ -1884,3 +1860,89 @@ function mod_theme_rebuild($theme_name) {
'theme_name' => $theme_name,
));
}
function mod_debug_antispam() {
global $pdo, $config;
$args = array();
if (isset($_POST['board'], $_POST['thread'])) {
$where = '`board` = ' . $pdo->quote($_POST['board']);
if ($_POST['thread'] != '')
$where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']);
if (isset($_POST['purge'])) {
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error());
}
$args['board'] = $_POST['board'];
$args['thread'] = $_POST['thread'];
} else {
$where = '';
}
$query = query('SELECT COUNT(*) FROM `antispam`' . ($where ? " WHERE $where" : '')) or error(db_error());
$args['total'] = number_format($query->fetchColumn(0));
$query = query('SELECT COUNT(*) FROM `antispam` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error());
$args['expiring'] = number_format($query->fetchColumn(0));
$query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error());
$args['top'] = $query->fetchAll(PDO::FETCH_ASSOC);
$query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error());
$args['recent'] = $query->fetchAll(PDO::FETCH_ASSOC);
mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args);
}
function mod_debug_recent_posts() {
global $pdo, $config;
$limit = 500;
$boards = listBoards();
// Manually build an SQL query
$query = 'SELECT * FROM (';
foreach ($boards as $board) {
$query .= sprintf('SELECT *, %s AS `board` FROM `posts_%s` UNION ALL ', $pdo->quote($board['uri']), $board['uri']);
}
// Remove the last "UNION ALL" seperator and complete the query
$query = preg_replace('/UNION ALL $/', ') AS `all_posts` ORDER BY `time` DESC LIMIT ' . $limit, $query);
$query = query($query) or error(db_error());
$posts = $query->fetchAll(PDO::FETCH_ASSOC);
foreach ($posts as &$post) {
$post['snippet'] = pm_snippet($post['body']);
}
mod_page(_('Debug: Recent posts'), 'mod/debug/recent_posts.html', array('posts' => $posts));
}
function mod_debug_sql() {
global $config;
if (!hasPermission($config['mod']['debug_sql']))
error($config['error']['noaccess']);
$args['security_token'] = make_secure_link_token('debug/sql');
if (isset($_POST['query'])) {
$args['query'] = $_POST['query'];
if ($query = query($_POST['query'])) {
$args['result'] = $query->fetchAll(PDO::FETCH_ASSOC);
if (!empty($args['result']))
$args['keys'] = array_keys($args['result'][0]);
else
$args['result'] = 'empty';
} else {
$args['error'] = db_error();
}
}
mod_page(_('Debug: SQL'), 'mod/debug/sql.html', $args);
}

4
mod.php
View File

@ -61,7 +61,7 @@ $pages = array(
'/ban' => 'secure_POST ban', // new ban
'/([\w+.]+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster
'/([\w+.]+)/move/(\d+)' => 'secure_POST move', // move thread
'/([\w+.]+)/edit/(\d+)' => 'secure_POST edit_post', // edit post
'/([\w+.])/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post
'/([\w+.]+)/delete/(\d+)' => 'secure delete', // delete post
'/([\w+.]+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post
'/([\w+.]+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address
@ -78,6 +78,8 @@ $pages = array(
// these pages aren't listed in the dashboard without $config['debug']
'/debug/antispam' => 'debug_antispam',
'/debug/recent' => 'debug_recent_posts',
'/debug/sql' => 'secure_POST debug_sql',
// This should always be at the end:
'/([\w+.]+)/' => 'view_board',

42
templates/mod/debug/antispam.html
View File

@ -1,3 +1,44 @@
<p style="text-align:center">
Most recent:
</p>
<table class="modlog" style="width:700px;margin:auto">
<tr>
<th>Board</th>
<th>Thread</th>
<th>Hash (SHA1)</th>
<th>Created</th>
<th>Expires</th>
<th>Passed</th>
</tr>
{% for hash in recent %}
<tr>
<td>{{ config.board_abbreviation|sprintf(hash.board) }}</td>
<td>
{% if hash.thread %}
{{ hash.thread }}
{% else %}
-
{% endif %}</td>
<td>
<small><code>{{ hash.hash }}</code></small>
</td>
<td>
<span title="{{ hash.created|date(config.post_date) }}">{{ hash.created|ago }} ago</span>
</td>
<td>
{% if hash.expires %}
<span title="{{ hash.expires|date(config.post_date) }}">
{{ hash.expires|until }}
</span>
{% else %}
-
{% endif %}
</td>
<td>{{ hash.passed }}</td>
</tr>
{% endfor %}
</table>
<p style="text-align:center">
Most used (in active):
</p>
@ -38,6 +79,7 @@
</tr>
{% endfor %}
</table>
<p style="text-align:center">
Total: <strong>{{ total }}</strong> (<strong>{{ expiring }}</strong> set to expire)
</p>

89
templates/mod/debug/recent_posts.html
View File

@ -0,0 +1,89 @@
<table class="modlog">
<tr>
<th>Time</th>
<th>Board</th>
<th>ID</th>
<th>Thread</th>
<th>IP</th>
<th>Name</th>
<th>Subject</th>
<th>File</th>
<th>Body (snippet)</th>
</tr>
{% for post in posts %}
<tr>
<td class="minimal">
<small>{{ post.time | ago }} ago</small>
</td>
<td class="minimal">
<a href="?/{{ config.board_path|sprintf(post.board) }}{{ config.file_index }}">{{ config.board_abbreviation|sprintf(post.board) }}</a>
</td>
<td class="minimal" >
{% if post.thread %}
{% set thread = post.thread %}
{% else %}
{% set thread = post.id %}
{% endif %}
<a href="{{ config.root ~ post.board ~ '/' ~ config.dir.res}}{{ config.file_page|sprintf(thread) }}#{{ post.id }}">
{{ post.id }}
</a>
</td>
<td class="minimal">
<small>
{% if post.thread %}
{{ post.thread }}
{% else %}
(OP)
{% endif %}
</small>
</td>
<td class="minimal">
{% if mod|hasPermission(config.mod.show_ip, post.board) %}
<a href="?/IP/{{ post.ip }}">
{{ post.ip }}
</a>
{% else %}
<em>hidden</em>
{% endif %}
</td>
<td class="minimal" >
<small>
{% if post.email|length > 0 %}
{# start email #}
<a class="email" href="mailto:{{ post.email }}">
{% endif %}
{% set capcode = post.capcode|capcode %}
<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name }}</span>
{% if post.trip|length > 0 %}
<span {% if capcode.trip %}style="{{ capcode.trip }}" {% endif %}class="trip">{{ post.trip }}</span>
{% endif %}
{% if post.email|length > 0 %}
{# end email #}
</a>
{% endif %}
{% if capcode %}
{{ capcode.cap }}
{% endif %}
</small>
</td>
<td class="minimal" >
{% if post.subject %}
<small>{{ post.subject }}</small>
{% else %}
&ndash;
{% endif %}
</td>
<td class="minimal">
{% if post.file %}
<small>{{ post.file }} ({{ post.filesize | filesize }})</small>
{% else %}
&ndash;
{% endif %}
</td>
<td>
<small><em>{{ post.snippet }}</em></small>
</td>
</tr>
{% endfor %}
</table>

26
templates/mod/debug/sql.html
View File

@ -0,0 +1,26 @@
<form action="" method="post">
<input type="hidden" name="token" value="{{ security_token }}">
<textarea style="display:block;margin:5px auto;width:90%;max-width:600px" rows="3" name="query">{{ query | e }}</textarea>
<input style="display:block;margin:5px auto" type="submit" value="Query">
</form>
{% if result == 'empty' %}
<p style="text-align:center">Query successful (no result).</p>
{% elseif result %}
<table class="modlog">
<tr>
{% for key in keys %}
<th>{{ key | e }}</th>
{% endfor %}
</tr>
{% for row in result %}
<tr>
{% for col in row %}
<td>{{ col | e }}</td>
{% endfor %}
</tr>
{% endfor %}
</table>
{% elseif error %}
<p style="text-align:center;color:#d00">{{ error | e }}</p>
{% endif %}

10
templates/mod/edit_post_form.html
View File

@ -32,8 +32,16 @@
{% trans %}Comment{% endtrans %}
</th>
<td>
<textarea name="body" id="body" rows="5" cols="35">{{ post.body_nomarkup }}</textarea>
<textarea name="body" id="body" rows="8" cols="35">{% if raw %}{{ post.body | e }}{% else %}{{ post.body_nomarkup }}{% endif %}</textarea>
</td>
</tr>
</table>
<p style="text-align:center">
{% if raw %}
{% trans %}Currently editing raw HTML.{% endtrans %}
<a href="?/{{ board }}/edit/{{ post.id }}">{% trans %}Edit markup instead?{% endtrans %}</a>
{% else %}
<a href="?/{{ board }}/edit_raw/{{ post.id }}">{% trans %}Edit raw HTML instead?{% endtrans %}</a>
{% endif %}
</p>
</form>

Write Preview
Loading…
Cancel
Save