From 85710249b705c455b2243f450765e458c14cdba6 Mon Sep 17 00:00:00 2001 From: Michael Save Date: Thu, 24 Jan 2013 19:16:25 +1100 Subject: [PATCH 1/7] Raw HTML editing --- inc/config.php | 3 +++ inc/display.php | 4 ++-- inc/mod/pages.php | 22 ++++++++++++++++------ mod.php | 2 +- templates/mod/edit_post_form.html | 10 +++++++++- 5 files changed, 31 insertions(+), 10 deletions(-) diff --git a/inc/config.php b/inc/config.php index 15deaeae..e7ca79e3 100644 --- a/inc/config.php +++ b/inc/config.php @@ -861,6 +861,9 @@ // PM snippet (for ?/inbox) length in characters $config['mod']['snippet_length'] = 75; + // Edit raw HTML in posts by default + $config['mod']['raw_html_default'] = false; + // Probably best not to change these: if (!defined('JANITOR')) { define('JANITOR', 0, true); diff --git a/inc/display.php b/inc/display.php index 3dd57726..57110224 100644 --- a/inc/display.php +++ b/inc/display.php @@ -297,7 +297,7 @@ class Post { // Edit post if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_editpost'] . ''; + $built .= ' ' . $config['mod']['link_editpost'] . ''; if (!empty($built)) $built = '' . $built . ''; @@ -418,7 +418,7 @@ class Thread { // Edit post if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod)) - $built .= ' ' . $config['mod']['link_editpost'] . ''; + $built .= ' ' . $config['mod']['link_editpost'] . ''; if (!empty($built)) $built = '' . $built . ''; diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 1a55ec7d..70f2e964 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -986,7 +986,7 @@ function mod_ban_post($board, $delete, $post, $token = false) { mod_page(_('New ban'), 'mod/ban_form.html', $args); } -function mod_edit_post($board, $postID) { +function mod_edit_post($board, $edit_raw_html, $postID) { global $config, $mod; if (!openBoard($board)) @@ -994,8 +994,11 @@ function mod_edit_post($board, $postID) { if (!hasPermission($config['mod']['editpost'], $board)) error($config['error']['noaccess']); + + if ($edit_raw_html && !hasPermission($config['mod']['rawhtml'], $board)) + error($config['error']['noaccess']); - $security_token = make_secure_link_token($board . '/edit/' . $postID); + $security_token = make_secure_link_token($board . '/edit' . ($edit_raw_html ? '_raw' : '') . '/' . $postID); $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id', $board)); $query->bindValue(':id', $postID); @@ -1005,7 +1008,10 @@ function mod_edit_post($board, $postID) { error($config['error']['404']); if (isset($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['body'])) { - $query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board)); + if ($edit_raw_html) + $query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body` = :body WHERE `id` = :id', $board)); + else + $query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board)); $query->bindValue(':id', $postID); $query->bindValue('name', $_POST['name']); $query->bindValue(':email', $_POST['email']); @@ -1013,15 +1019,19 @@ function mod_edit_post($board, $postID) { $query->bindValue(':body', $_POST['body']); $query->execute() or error(db_error($query)); - rebuildPost($postID); + if (!$edit_raw_html) + rebuildPost($postID); + buildIndex(); header('Location: ?/' . sprintf($config['board_path'], $board) . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $postID) . '#' . $postID, true, $config['redirect_http']); } else { - if ($config['minify_html']) + if ($config['minify_html']) { $post['body_nomarkup'] = str_replace("\n", ' ', $post['body_nomarkup']); + $post['body'] = str_replace("\n", ' ', $post['body']); + } - mod_page(_('Edit post'), 'mod/edit_post_form.html', array('token' => $security_token, 'post' => $post)); + mod_page(_('Edit post'), 'mod/edit_post_form.html', array('token' => $security_token, 'board' => $board, 'raw' => $edit_raw_html, 'post' => $post)); } } diff --git a/mod.php b/mod.php index 7017dd05..1e39fdf1 100644 --- a/mod.php +++ b/mod.php @@ -61,7 +61,7 @@ $pages = array( '/ban' => 'secure_POST ban', // new ban '/(\w+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster '/(\w+)/move/(\d+)' => 'secure_POST move', // move thread - '/(\w+)/edit/(\d+)' => 'secure_POST edit_post', // edit post + '/(\w+)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post '/(\w+)/delete/(\d+)' => 'secure delete', // delete post '/(\w+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post '/(\w+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address diff --git a/templates/mod/edit_post_form.html b/templates/mod/edit_post_form.html index 22fa40cb..146e725b 100644 --- a/templates/mod/edit_post_form.html +++ b/templates/mod/edit_post_form.html @@ -32,8 +32,16 @@ {% trans %}Comment{% endtrans %} - + +

+ {% if raw %} + {% trans %}Currently editing raw HTML.{% endtrans %} + {% trans %}Edit markup instead?{% endtrans %} + {% else %} + {% trans %}Edit raw HTML instead?{% endtrans %} + {% endif %} +

From 060be53797af37c0dbe05b8f0fa8393f44a32cfc Mon Sep 17 00:00:00 2001 From: Michael Save Date: Thu, 24 Jan 2013 19:25:07 +1100 Subject: [PATCH 2/7] Show "most recent" in anti-spam debug page --- inc/mod/pages.php | 3 +++ templates/mod/debug/antispam.html | 42 +++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 70f2e964..19502f60 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1764,6 +1764,9 @@ function mod_debug_antispam() { $query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error()); $args['top'] = $query->fetchAll(PDO::FETCH_ASSOC); + $query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error()); + $args['recent'] = $query->fetchAll(PDO::FETCH_ASSOC); + mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args); } diff --git a/templates/mod/debug/antispam.html b/templates/mod/debug/antispam.html index a846bc17..95aa61a6 100644 --- a/templates/mod/debug/antispam.html +++ b/templates/mod/debug/antispam.html @@ -1,3 +1,44 @@ +

+ Most recent: +

+ + + + + + + + + + {% for hash in recent %} + + + + + + + + + {% endfor %} +
BoardThreadHash (SHA1)CreatedExpiresPassed
{{ config.board_abbreviation|sprintf(hash.board) }} + {% if hash.thread %} + {{ hash.thread }} + {% else %} + - + {% endif %} + {{ hash.hash }} + + {{ hash.created|ago }} ago + + {% if hash.expires %} + + {{ hash.expires|until }} + + {% else %} + - + {% endif %} + {{ hash.passed }}
+

Most used (in active):

@@ -38,6 +79,7 @@ {% endfor %} +

Total: {{ total }} ({{ expiring }} set to expire)

From d5a994537b4ea1f9780868eb53c79d9f97a75f86 Mon Sep 17 00:00:00 2001 From: Michael Save Date: Fri, 25 Jan 2013 22:18:03 +1100 Subject: [PATCH 3/7] New debug mod page: ?/debug/recent (recent posts across all boards) --- inc/mod/pages.php | 99 +++++++++++++++++---------- mod.php | 1 + templates/mod/debug/recent_posts.html | 81 ++++++++++++++++++++++ 3 files changed, 144 insertions(+), 37 deletions(-) create mode 100644 templates/mod/debug/recent_posts.html diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 19502f60..ce643cb5 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1733,43 +1733,6 @@ function mod_config() { mod_page(_('Config editor'), 'mod/config-editor.html', array('conf' => $conf)); } -function mod_debug_antispam() { - global $pdo, $config; - - $args = array(); - - if (isset($_POST['board'], $_POST['thread'])) { - $where = '`board` = ' . $pdo->quote($_POST['board']); - if ($_POST['thread'] != '') - $where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']); - - if (isset($_POST['purge'])) { - $query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where); - $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']); - $query->execute() or error(db_error()); - } - - $args['board'] = $_POST['board']; - $args['thread'] = $_POST['thread']; - } else { - $where = ''; - } - - $query = query('SELECT COUNT(*) FROM `antispam`' . ($where ? " WHERE $where" : '')) or error(db_error()); - $args['total'] = number_format($query->fetchColumn(0)); - - $query = query('SELECT COUNT(*) FROM `antispam` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error()); - $args['expiring'] = number_format($query->fetchColumn(0)); - - $query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error()); - $args['top'] = $query->fetchAll(PDO::FETCH_ASSOC); - - $query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error()); - $args['recent'] = $query->fetchAll(PDO::FETCH_ASSOC); - - mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args); -} - function mod_themes_list() { global $config; @@ -1897,3 +1860,65 @@ function mod_theme_rebuild($theme_name) { 'theme_name' => $theme_name, )); } + +function mod_debug_antispam() { + global $pdo, $config; + + $args = array(); + + if (isset($_POST['board'], $_POST['thread'])) { + $where = '`board` = ' . $pdo->quote($_POST['board']); + if ($_POST['thread'] != '') + $where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']); + + if (isset($_POST['purge'])) { + $query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where); + $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']); + $query->execute() or error(db_error()); + } + + $args['board'] = $_POST['board']; + $args['thread'] = $_POST['thread']; + } else { + $where = ''; + } + + $query = query('SELECT COUNT(*) FROM `antispam`' . ($where ? " WHERE $where" : '')) or error(db_error()); + $args['total'] = number_format($query->fetchColumn(0)); + + $query = query('SELECT COUNT(*) FROM `antispam` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error()); + $args['expiring'] = number_format($query->fetchColumn(0)); + + $query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error()); + $args['top'] = $query->fetchAll(PDO::FETCH_ASSOC); + + $query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error()); + $args['recent'] = $query->fetchAll(PDO::FETCH_ASSOC); + + mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args); +} + +function mod_debug_recent_posts() { + global $pdo, $config; + + $limit = 150; + + $boards = listBoards(); + + // Manually build an SQL query + $query = 'SELECT * FROM ('; + foreach ($boards as $board) { + $query .= sprintf('SELECT *, %s AS `board` FROM `posts_%s` UNION ALL ', $pdo->quote($board['uri']), $board['uri']); + } + // Remove the last "UNION ALL" seperator and complete the query + $query = preg_replace('/UNION ALL $/', ') AS `all_posts` ORDER BY `time` DESC LIMIT ' . $limit, $query); + $query = query($query) or error(db_error()); + $posts = $query->fetchAll(PDO::FETCH_ASSOC); + + foreach ($posts as &$post) { + $post['snippet'] = pm_snippet($post['body']); + } + + mod_page(_('Debug: Recent posts'), 'mod/debug/recent_posts.html', array('posts' => $posts)); +} + diff --git a/mod.php b/mod.php index 1e39fdf1..c3b81e37 100644 --- a/mod.php +++ b/mod.php @@ -78,6 +78,7 @@ $pages = array( // these pages aren't listed in the dashboard without $config['debug'] '/debug/antispam' => 'debug_antispam', + '/debug/recent' => 'debug_recent_posts', // This should always be at the end: '/(\w+)/' => 'view_board', diff --git a/templates/mod/debug/recent_posts.html b/templates/mod/debug/recent_posts.html new file mode 100644 index 00000000..9da5c0d2 --- /dev/null +++ b/templates/mod/debug/recent_posts.html @@ -0,0 +1,81 @@ + + + + + + + + + + + + + {% for post in posts %} + + + + + + + + + + + + {% endfor %} +
TimeBoardIDThreadIPNameSubjectFileBody (snippet)
+ {{ post.time | ago }} ago + + {{ config.board_abbreviation|sprintf(post.board) }} + + {% if post.thread %} + {% set thread = post.thread %} + {% else %} + {% set thread = post.id %} + {% endif %} + + {{ post.id }} + + + {% if post.thread %} + {{ post.thread }} + {% else %} + (OP) + {% endif %} + + + {{ post.ip }} + + + {% if post.email|length > 0 %} + {# start email #} + + {% endif %} + {% if capcode %} + {{ capcode.cap }} + {% endif %} + + {% if post.subject %} + {{ post.subject }} + {% else %} + – + {% endif %} + + {% if post.file %} + {{ post.file }} ({{ post.filesize | filesize }}) + {% else %} + – + {% endif %} + + {{ post.snippet }} +
+ From 764d718f8426da1c1161ddf82a5dd8a82fd4b935 Mon Sep 17 00:00:00 2001 From: Michael Save Date: Fri, 25 Jan 2013 22:23:26 +1100 Subject: [PATCH 4/7] ?/debug/recent --- inc/mod/pages.php | 2 +- templates/mod/debug/recent_posts.html | 64 +++++++++++++++------------ 2 files changed, 37 insertions(+), 29 deletions(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index ce643cb5..8feac374 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1901,7 +1901,7 @@ function mod_debug_antispam() { function mod_debug_recent_posts() { global $pdo, $config; - $limit = 150; + $limit = 500; $boards = listBoards(); diff --git a/templates/mod/debug/recent_posts.html b/templates/mod/debug/recent_posts.html index 9da5c0d2..740ed21e 100644 --- a/templates/mod/debug/recent_posts.html +++ b/templates/mod/debug/recent_posts.html @@ -13,7 +13,7 @@ {% for post in posts %} - {{ post.time | ago }} ago + {{ post.time | ago }} ago {{ config.board_abbreviation|sprintf(post.board) }} @@ -29,51 +29,59 @@ - {% if post.thread %} - {{ post.thread }} - {% else %} - (OP) - {% endif %} + + {% if post.thread %} + {{ post.thread }} + {% else %} + (OP) + {% endif %} + - - {{ post.ip }} - - - - {% if post.email|length > 0 %} - {# start email #} - + {{ post.ip }} + {% else %} + hidden {% endif %} - {% if capcode %} - {{ capcode.cap }} - {% endif %} + + + + {% if post.email|length > 0 %} + {# start email #} + + {% endif %} + {% if capcode %} + {{ capcode.cap }} + {% endif %} + {% if post.subject %} - {{ post.subject }} + {{ post.subject }} {% else %} – {% endif %} {% if post.file %} - {{ post.file }} ({{ post.filesize | filesize }}) + {{ post.file }} ({{ post.filesize | filesize }}) {% else %} – {% endif %} - {{ post.snippet }} + {{ post.snippet }} {% endfor %} From 9a2c33736aeee1016e45ef655d8c58690555152c Mon Sep 17 00:00:00 2001 From: Michael Save Date: Fri, 25 Jan 2013 23:56:55 +1100 Subject: [PATCH 5/7] New debug page: ?/debug/sql --- inc/config.php | 3 +++ inc/mod/pages.php | 24 ++++++++++++++++++++++++ templates/mod/debug/sql.html | 26 ++++++++++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 templates/mod/debug/sql.html diff --git a/inc/config.php b/inc/config.php index e7ca79e3..8bd6d357 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1010,6 +1010,9 @@ // Edit the current configuration (via web interface) $config['mod']['edit_config'] = ADMIN; + // Execute un-filtered SQL queries on the database (?/debug/sql) + $config['mod']['debug_sql'] = DISABLED; + /* * ==================== * Events (PHP 5.3.0+) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 8feac374..592ac5b1 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1922,3 +1922,27 @@ function mod_debug_recent_posts() { mod_page(_('Debug: Recent posts'), 'mod/debug/recent_posts.html', array('posts' => $posts)); } +function mod_debug_sql() { + global $config; + + if (!hasPermission($config['mod']['debug_sql'])) + error($config['error']['noaccess']); + + $args['security_token'] = make_secure_link_token('debug/sql'); + + if (isset($_POST['query'])) { + $args['query'] = $_POST['query']; + if ($query = query($_POST['query'])) { + $args['result'] = $query->fetchAll(PDO::FETCH_ASSOC); + if (!empty($args['result'])) + $args['keys'] = array_keys($args['result'][0]); + else + $args['result'] = 'empty'; + } else { + $args['error'] = db_error(); + } + } + + mod_page(_('Debug: SQL'), 'mod/debug/sql.html', $args); +} + diff --git a/templates/mod/debug/sql.html b/templates/mod/debug/sql.html new file mode 100644 index 00000000..63ba22f8 --- /dev/null +++ b/templates/mod/debug/sql.html @@ -0,0 +1,26 @@ +
+ + + +
+ +{% if result == 'empty' %} +

Query successful (no result).

+{% elseif result %} + + + {% for key in keys %} + + {% endfor %} + + {% for row in result %} + + {% for col in row %} + + {% endfor %} + + {% endfor %} +
{{ key }}
{{ col }}
+{% elseif error %} +

{{ error }}

+{% endif %} From cadf2768913bcd1941dfdc96f4a5565e02d6386d Mon Sep 17 00:00:00 2001 From: Michael Save Date: Fri, 25 Jan 2013 23:57:51 +1100 Subject: [PATCH 6/7] New debug page: ?/debug/sql --- mod.php | 1 + 1 file changed, 1 insertion(+) diff --git a/mod.php b/mod.php index c3b81e37..9de2c15b 100644 --- a/mod.php +++ b/mod.php @@ -79,6 +79,7 @@ $pages = array( // these pages aren't listed in the dashboard without $config['debug'] '/debug/antispam' => 'debug_antispam', '/debug/recent' => 'debug_recent_posts', + '/debug/sql' => 'secure_POST debug_sql', // This should always be at the end: '/(\w+)/' => 'view_board', From db1b50cfc3a7f3b45891b0ff69db4892b0e6929e Mon Sep 17 00:00:00 2001 From: Michael Save Date: Sat, 26 Jan 2013 00:00:39 +1100 Subject: [PATCH 7/7] Escape result in ?/debug/sql --- templates/mod/debug/sql.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/mod/debug/sql.html b/templates/mod/debug/sql.html index 63ba22f8..755995f9 100644 --- a/templates/mod/debug/sql.html +++ b/templates/mod/debug/sql.html @@ -10,17 +10,17 @@ {% for key in keys %} - + {% endfor %} {% for row in result %} {% for col in row %} - + {% endfor %} {% endfor %}
{{ key }}{{ key | e }}
{{ col }}{{ col | e }}
{% elseif error %} -

{{ error }}

+

{{ error | e }}

{% endif %}