Deprecate postControls(), per-file deletion and spoilering

This commit is contained in:
Fredrick Brennan 2014-04-30 17:18:35 -04:00
parent 400df0975f
commit 042e7b9c59
10 changed files with 123 additions and 155 deletions

View File

@ -373,61 +373,11 @@ class Post {
return $this->root . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $this->thread) . '#' . $pre . $this->id;
}
public function postControls() {
global $board, $config;
$built = '';
if ($this->mod) {
// Mod controls (on posts)
// Delete
if (hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
$built .= ' ' . secure_link_confirm($config['mod']['link_delete'], 'Delete', 'Are you sure you want to delete this?', $board['dir'] . 'delete/' . $this->id);
// Delete all posts by IP
if (hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
$built .= ' ' . secure_link_confirm($config['mod']['link_deletebyip'], 'Delete all posts by IP', 'Are you sure you want to delete all posts by this IP address?', $board['dir'] . 'deletebyip/' . $this->id);
// Delete all posts by IP (global)
if (hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod))
$built .= ' ' . secure_link_confirm($config['mod']['link_deletebyip_global'], 'Delete all posts by IP across all boards', 'Are you sure you want to delete all posts by this IP address, across all boards?', $board['dir'] . 'deletebyip/' . $this->id . '/global');
// Ban
if (hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
$built .= ' <a title="'._('Ban').'" href="?/' . $board['dir'] . 'ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
// Ban & Delete
if (hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
$built .= ' <a title="'._('Ban & Delete').'" href="?/' . $board['dir'] . 'ban&amp;delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
// Delete file (keep post)
if (!empty($this->files) && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
$built .= ' ' . secure_link_confirm($config['mod']['link_deletefile'], _('Delete file'), _('Are you sure you want to delete this file?'), $board['dir'] . 'deletefile/' . $this->id);
// Spoiler file (keep post)
if (!empty($this->file) && $this->file != "deleted" && $this->file != null && $this->thumb != 'spoiler' && hasPermission($config['mod']['spoilerimage'], $board['uri'], $this->mod) && $config['spoiler_images'])
$built .= ' ' . secure_link_confirm($config['mod']['link_spoilerimage'], _('Spoiler File'), _('Are you sure you want to spoiler this file?'), $board['uri'] . '/spoiler/' . $this->id);
// Move post
if (hasPermission($config['mod']['move'], $board['uri'], $this->mod) && $config['move_replies'])
$built .= ' <a title="'._('Move reply to another board').'" href="?/' . $board['uri'] . '/move_reply/' . $this->id . '">' . $config['mod']['link_move'] . '</a>';
// Edit post
if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
$built .= ' <a title="'._('Edit post').'" href="?/' . $board['dir'] . 'edit' . ($config['mod']['raw_html_default'] ? '_raw' : '') . '/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
if (!empty($built))
$built = '<span class="controls">' . $built . '</span>';
}
return $built;
}
public function build($index=false) {
global $board, $config;
return Element('post_reply.html', array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index));
return Element('post_reply.html', array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'mod' => $this->mod));
}
};
@ -484,73 +434,6 @@ class Thread {
public function postCount() {
return count($this->posts) + $this->omitted;
}
public function postControls() {
global $board, $config;
$built = '';
if ($this->mod) {
// Mod controls (on posts)
// Delete
if (hasPermission($config['mod']['delete'], $board['uri'], $this->mod))
$built .= ' ' . secure_link_confirm($config['mod']['link_delete'], _('Delete'), _('Are you sure you want to delete this?'), $board['dir'] . 'delete/' . $this->id);
// Delete all posts by IP
if (hasPermission($config['mod']['deletebyip'], $board['uri'], $this->mod))
$built .= ' ' . secure_link_confirm($config['mod']['link_deletebyip'], _('Delete all posts by IP'), _('Are you sure you want to delete all posts by this IP address?'), $board['dir'] . 'deletebyip/' . $this->id);
// Delete all posts by IP (global)
if (hasPermission($config['mod']['deletebyip_global'], $board['uri'], $this->mod))
$built .= ' ' . secure_link_confirm($config['mod']['link_deletebyip_global'], _('Delete all posts by IP across all boards'), _('Are you sure you want to delete all posts by this IP address, across all boards?'), $board['dir'] . 'deletebyip/' . $this->id . '/global');
// Ban
if (hasPermission($config['mod']['ban'], $board['uri'], $this->mod))
$built .= ' <a title="'._('Ban').'" href="?/' . $board['dir'] . 'ban/' . $this->id . '">' . $config['mod']['link_ban'] . '</a>';
// Ban & Delete
if (hasPermission($config['mod']['bandelete'], $board['uri'], $this->mod))
$built .= ' <a title="'._('Ban & Delete').'" href="?/' . $board['dir'] . 'ban&amp;delete/' . $this->id . '">' . $config['mod']['link_bandelete'] . '</a>';
// Delete file (keep post)
if (!empty($this->files) && $this->files[0]->file != 'deleted' && hasPermission($config['mod']['deletefile'], $board['uri'], $this->mod))
$built .= ' ' . secure_link_confirm($config['mod']['link_deletefile'], _('Delete file'), _('Are you sure you want to delete this file?'), $board['dir'] . 'deletefile/' . $this->id);
// Spoiler file (keep post)
if (!empty($this->file) && $this->file != "deleted" && $this->file != null && $this->thumb != 'spoiler' && hasPermission($config['mod']['spoilerimage'], $board['uri'], $this->mod) && $config['spoiler_images'])
$built .= ' ' . secure_link_confirm($config['mod']['link_spoilerimage'], _('Spoiler File'), _('Are you sure you want to spoiler this file?'), $board['uri'] . '/spoiler/' . $this->id);
// Sticky
if (hasPermission($config['mod']['sticky'], $board['uri'], $this->mod))
if ($this->sticky)
$built .= ' <a title="'._('Make thread not sticky').'" href="?/' . secure_link($board['dir'] . 'unsticky/' . $this->id) . '">' . $config['mod']['link_desticky'] . '</a>';
else
$built .= ' <a title="'._('Make thread sticky').'" href="?/' . secure_link($board['dir'] . 'sticky/' . $this->id) . '">' . $config['mod']['link_sticky'] . '</a>';
if (hasPermission($config['mod']['bumplock'], $board['uri'], $this->mod))
if ($this->sage)
$built .= ' <a title="'._('Allow thread to be bumped').'" href="?/' . secure_link($board['dir'] . 'bumpunlock/' . $this->id) . '">' . $config['mod']['link_bumpunlock'] . '</a>';
else
$built .= ' <a title="'._('Prevent thread from being bumped').'" href="?/' . secure_link($board['dir'] . 'bumplock/' . $this->id) . '">' . $config['mod']['link_bumplock'] . '</a>';
// Lock
if (hasPermission($config['mod']['lock'], $board['uri'], $this->mod))
if ($this->locked)
$built .= ' <a title="'._('Unlock thread').'" href="?/' . secure_link($board['dir'] . 'unlock/' . $this->id) . '">' . $config['mod']['link_unlock'] . '</a>';
else
$built .= ' <a title="'._('Lock thread').'" href="?/' . secure_link($board['dir'] . 'lock/' . $this->id) . '">' . $config['mod']['link_lock'] . '</a>';
if (hasPermission($config['mod']['move'], $board['uri'], $this->mod))
$built .= ' <a title="'._('Move thread to another board').'" href="?/' . $board['dir'] . 'move/' . $this->id . '">' . $config['mod']['link_move'] . '</a>';
// Edit post
if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
$built .= ' <a title="'._('Edit post').'" href="?/' . $board['dir'] . 'edit' . ($config['mod']['raw_html_default'] ? '_raw' : '') . '/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
if (!empty($built))
$built = '<span class="controls op">' . $built . '</span>';
}
return $built;
}
public function build($index=false, $isnoko50=false) {
global $board, $config, $debug;
@ -558,7 +441,7 @@ class Thread {
event('show-thread', $this);
$built = Element('post_thread.html', array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'hasnoko50' => $hasnoko50, 'isnoko50' => $isnoko50));
$built = Element('post_thread.html', array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'hasnoko50' => $hasnoko50, 'isnoko50' => $isnoko50, 'mod' => $this->mod));
return $built;
}

View File

@ -952,36 +952,40 @@ function bumpThread($id) {
}
// Remove file from post
function deleteFile($id, $remove_entirely_if_already=true) {
function deleteFile($id, $remove_entirely_if_already=true, $file=null) {
global $board, $config;
$query = prepare(sprintf("SELECT `thread`, `files` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri']));
$query = prepare(sprintf("SELECT `thread`, `files`, `num_files` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if (!$post = $query->fetch(PDO::FETCH_ASSOC))
error($config['error']['invalidpost']);
$files = json_decode($post['files']);
$files = json_decode($post['files']);
$file_to_delete = $file !== false ? $files[(int)$file] : (object)array('file' => false);
if ($files[0]->file == 'deleted' && !$post['thread'])
if ($files[0]->file == 'deleted' && $post['num_files'] == 1 && !$post['thread'])
return; // Can't delete OP's image completely.
$query = prepare(sprintf("UPDATE ``posts_%s`` SET `files` = :file WHERE `id` = :id", $board['uri']));
if ($files[0]->file == 'deleted' && $remove_entirely_if_already) {
if (($file && $file_to_delete->file == 'deleted') && $remove_entirely_if_already) {
// Already deleted; remove file fully
$query->bindValue(':file', null, PDO::PARAM_NULL);
$files[$file] = null;
} else {
foreach ($files as $i => $file) {
// Delete thumbnail
file_unlink($board['dir'] . $config['dir']['thumb'] . $file->thumb);
foreach ($files as $i => $f) {
if (($file !== false && $i == $file) || $file === null) {
// Delete thumbnail
file_unlink($board['dir'] . $config['dir']['thumb'] . $f->thumb);
unset($files[$i]->thumb);
// Delete file
file_unlink($board['dir'] . $config['dir']['img'] . $file->file);
}
// Set file to 'deleted'
$query->bindValue(':file', '[{"file":"deleted"}]', PDO::PARAM_STR);
// Delete file
file_unlink($board['dir'] . $config['dir']['img'] . $f->file);
$files[$i]->file = 'deleted';
}
}
}
$query->bindValue(':file', json_encode($files), PDO::PARAM_STR);
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -1052,8 +1056,10 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
if ($post['files']) {
// Delete file
foreach (json_decode($post['files']) as $i => $f) {
file_unlink($board['dir'] . $config['dir']['img'] . $f->file);
file_unlink($board['dir'] . $config['dir']['thumb'] . $f->thumb);
if ($f->file !== 'deleted') {
file_unlink($board['dir'] . $config['dir']['img'] . $f->file);
file_unlink($board['dir'] . $config['dir']['thumb'] . $f->thumb);
}
}
}
@ -1195,7 +1201,7 @@ function index($page, $mod=false) {
'post_url' => $config['post_url'],
'config' => $config,
'boardlist' => createBoardlist($mod),
'threads' => $threads
'threads' => $threads,
);
}

View File

@ -42,7 +42,9 @@ class Twig_Extensions_Extension_Tinyboard extends Twig_Extension
new Twig_SimpleFunction('timezone', 'twig_timezone_function'),
new Twig_SimpleFunction('hiddenInputs', 'hiddenInputs'),
new Twig_SimpleFunction('hiddenInputsHash', 'hiddenInputsHash'),
new Twig_SimpleFunction('ratio', 'twig_ratio_function')
new Twig_SimpleFunction('ratio', 'twig_ratio_function'),
new Twig_SimpleFunction('secure_link_confirm', 'twig_secure_link_confirm'),
new Twig_SimpleFunction('secure_link', 'twig_secure_link')
);
}
@ -104,3 +106,11 @@ function twig_truncate_filter($value, $length = 30, $preserve = false, $separato
function twig_ratio_function($w, $h) {
return fraction($w, $h, ':');
}
function twig_secure_link_confirm($text, $title, $confirm_message, $href) {
global $config;
return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlspecialchars(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
}
function twig_secure_link($href) {
return $href . '/' . make_secure_link_token($href);
}

View File

@ -1519,7 +1519,7 @@ function mod_delete($board, $post) {
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
}
function mod_deletefile($board, $post) {
function mod_deletefile($board, $post, $file) {
global $config, $mod;
if (!openBoard($board))
@ -1529,7 +1529,7 @@ function mod_deletefile($board, $post) {
error($config['error']['noaccess']);
// Delete file
deleteFile($post);
deleteFile($post, TRUE, $file);
// Record the action
modLog("Deleted file from post #{$post}");
@ -1542,7 +1542,7 @@ function mod_deletefile($board, $post) {
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
}
function mod_spoiler_image($board, $post) {
function mod_spoiler_image($board, $post, $file) {
global $config, $mod;
if (!openBoard($board))
@ -1551,19 +1551,21 @@ function mod_spoiler_image($board, $post) {
if (!hasPermission($config['mod']['spoilerimage'], $board))
error($config['error']['noaccess']);
// Delete file
$query = prepare(sprintf("SELECT `thumb`, `thread` FROM ``posts_%s`` WHERE id = :id", $board));
// Delete file thumbnail
$query = prepare(sprintf("SELECT `files`, `thread` FROM ``posts_%s`` WHERE id = :id", $board));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$result = $query->fetch(PDO::FETCH_ASSOC);
$files = json_decode($result['files']);
file_unlink($board . '/' . $config['dir']['thumb'] . $result['thumb']);
file_unlink($board . '/' . $config['dir']['thumb'] . $files[$file]->thumb);
$files[$file]->thumb = 'spoiler';
$files[$file]->thumbheight = 128;
$files[$file]->thumbwidth = 128;
// Make thumbnail spoiler
$query = prepare(sprintf("UPDATE ``posts_%s`` SET `thumb` = :thumb, `thumbwidth` = :thumbwidth, `thumbheight` = :thumbheight WHERE `id` = :id", $board));
$query->bindValue(':thumb', "spoiler");
$query->bindValue(':thumbwidth', 128, PDO::PARAM_INT);
$query->bindValue(':thumbheight', 128, PDO::PARAM_INT);
$query = prepare(sprintf("UPDATE ``posts_%s`` SET `files` = :files WHERE `id` = :id", $board));
$query->bindValue(':files', json_encode($files));
$query->bindValue(':id', $post, PDO::PARAM_INT);
$query->execute() or error(db_error($query));

View File

@ -76,8 +76,8 @@ $pages = array(
'/(\%b)/move_reply/(\d+)' => 'secure_POST move_reply', // move reply
'/(\%b)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post
'/(\%b)/delete/(\d+)' => 'secure delete', // delete post
'/(\%b)/deletefile/(\d+)' => 'secure deletefile', // delete file from post
'/(\%b+)/spoiler/(\d+)' => 'secure spoiler_image', // spoiler file
'/(\%b)/deletefile/(\d+)/(\d+)' => 'secure deletefile', // delete file from post
'/(\%b+)/spoiler/(\d+)/(\d+)' => 'secure spoiler_image', // spoiler file
'/(\%b)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address
'/(\%b)/(un)?lock/(\d+)' => 'secure lock', // lock thread
'/(\%b)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread

View File

@ -0,0 +1,10 @@
{% if post.files and mod %}
<span class="controls">
{% if file.file != 'deleted' and mod|hasPermission(config.mod.deletefile, board.uri) %}
{{ secure_link_confirm(config.mod.link_deletefile, 'Delete file'|trans, 'Are you sure you want to delete this file?'|trans, board.dir ~ 'deletefile/' ~ post.id ~ '/' ~ loop.index0 ) }}&nbsp;
{% endif %}
{% if file.file and file.file != 'deleted' and file.thumb != 'spoiler' and mod|hasPermission(config.mod.spoilerimage, board.uri) %}
{{ secure_link_confirm(config.mod.link_spoilerimage, 'Spoiler file'|trans, 'Are you sure you want to spoiler this file?'|trans, board.dir ~ 'spoiler/' ~ post.id ~ '/' ~ loop.index0 ) }}
{% endif %}
</span>
{% endif %}

View File

@ -29,7 +29,7 @@
{% endif %}
{% include "post/image_identification.html" %}
)
</span></p>
</span> {% include "post/file_controls.html" %}</p>
{% include "post/image.html" with {'post':file} %}
{% endif %}
</div>

View File

@ -0,0 +1,57 @@
{% if mod %}
<span class="controls {% if not post.thread %}op{% endif %}">
{% if mod|hasPermission(config.mod.delete, board.uri) %}
{{ secure_link_confirm(config.mod.link_delete, 'Delete'|trans, 'Are you sure you want to delete this?'|trans, board.dir ~ 'delete/' ~ post.id) }}&nbsp;
{% endif %}
{% if mod|hasPermission(config.mod.deletebyip, board.uri) %}
{{ secure_link_confirm(config.mod.link_deletebyip, 'Delete all posts by IP'|trans, 'Are you sure you want to delete all posts by this IP address?'|trans, board.dir ~ 'deletebyip/' ~ post.id) }}&nbsp;
{% endif %}
{% if mod|hasPermission(config.mod.deletebyip_global, board.uri) %}
{{ secure_link_confirm(config.mod.link_deletebyip_global, 'Delete all posts by IP across all boards'|trans, 'Are you sure you want to delete all posts by this IP address, across all boards?'|trans, board.dir ~ 'deletebyip/' ~ post.id ~ '/global') }}&nbsp;
{% endif %}
{% if mod|hasPermission(config.mod.ban, board.uri) %}
<a title="{% trans %}Ban{% endtrans %}" href="?/{{ board.dir }}ban/{{ post.id }}">{{ config.mod.link_ban }}</a>&nbsp;
{% endif %}
{% if mod|hasPermission(config.mod.bandelete, board.uri) %}
<a title="{% trans %}Ban & Delete{% endtrans %}" href="?/{{ board.dir }}ban&amp;delete/{{ post.id }}">{{ config.mod.link_bandelete }}</a>&nbsp;
{% endif %}
{% if not post.thread %}
{% if mod|hasPermission(config.mod.sticky, board.uri) %}
{% if post.sticky %}
<a title="{% trans %}Make thread not sticky{% endtrans %}" href="?/{{ secure_link(board.dir ~ 'unsticky/' ~ post.id) }}">{{ config.mod.link_desticky }}</a>&nbsp;
{% else %}
<a title="{% trans %}Make thread sticky{% endtrans %}" href="?/{{ secure_link(board.dir ~ 'sticky/' ~ post.id) }}">{{ config.mod.link_sticky }}</a>&nbsp;
{% endif %}
{% endif %}
{% if mod|hasPermission(config.mod.bumplock, board.uri) %}
{% if post.sage %}
<a title="{% trans %}Allow thread to be bumped{% endtrans %}" href="?/{{ secure_link(board.dir ~ 'bumpunlock/' ~ post.id) }}">{{ config.mod.link_bumpunlock }}</a>&nbsp;
{% else %}
<a title="{% trans %}Prevent thread from being bumped{% endtrans %}" href="?/{{ secure_link(board.dir ~ 'bumplock/' ~ post.id) }}">{{ config.mod.link_bumplock }}</a>&nbsp;
{% endif %}
{% endif %}
{% if mod|hasPermission(config.mod.lock, board.uri) %}
{% if post.locked %}
<a title="{% trans %}Unlock thread{% endtrans %}" href="?/{{ secure_link(board.dir ~ 'unlock/' ~ post.id) }}">{{ config.mod.link_unlock }}</a>&nbsp;
{% else %}
<a title="{% trans %}Lock thread{% endtrans %}" href="?/{{ secure_link(board.dir ~ 'lock/' ~ post.id) }}">{{ config.mod.link_lock }}</a>&nbsp;
{% endif %}
{% endif %}
{% endif %}
{% if mod|hasPermission(config.mod.move, board.uri) %}
{% if not post.thread %}
<a title="{% trans %}Move thread to another board{% endtrans %}" href="?/{{ board.dir }}move/{{ post.id }}">{{ config.mod.link_move }}</a>&nbsp;
{% else %}
<a title="{% trans %}Move reply to another board{% endtrans %}" href="?/{{ board.dir }}move_reply/{{ post.id }}">{{ config.mod.link_move }}</a>&nbsp;
{% endif %}
{% if mod|hasPermission(config.mod.editpost, board.uri) %}
<a title="{% trans %}Edit post{% endtrans %}" href="?/{{ board.dir }}edit{% if config.mod.raw_html_default %}_raw{% endif %}/{{ post.id }}">{{ config.mod.link_editpost }}</a>&nbsp;
{% endif %}
{% endif %}
</span>
{% endif %}

View File

@ -17,8 +17,8 @@
{{ post.id }}
</a>
</p>
{% include 'post/fileinfo.html' %}
{{ post.postControls }}
{% include 'post/fileinfo.html' %}
{% include 'post/post_controls.html' %}
<div class="body" {% if post.files|length > 1 %}style="clear:both"{% endif %}>
{% endfilter %}{% if index %}{{ post.body|truncate_body(post.link) }}{% else %}{{ post.body }}{% endif %}{% filter remove_whitespace %}
{% if post.modifiers['ban message'] %}

View File

@ -48,7 +48,7 @@
{% set lastcount = config.noko50_count %}
<a href="{{ post.root }}{{ board.dir }}{{ config.dir.res }}{{ config.file_page50|sprintf(post.id) }}">[{% trans %}Last 1 Post{% plural lastcount %}Last {{ count }} Posts{% endtrans %}]</a>
{% endif %}
{{ post.postControls }}
{% include 'post/post_controls.html' %}
</p>
<div class="body">
{% endfilter %}{% if index %}{{ post.body|truncate_body(post.link) }}{% else %}{{ post.body }}{% endif %}{% filter remove_whitespace %}