0
/
leftypol_lainchan
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/savetheinternet/Tinyboard 

Conflicts:
	mod.php
This commit is contained in:
Marcin Łabanowski 2013-01-26 15:08:48 +01:00
parent 9b7b1c996f db1b50cfc3
commit e6b9bad788
8 changed files with 279 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inc/config.php
View File

@ -903,6 +903,9 @@
// PM snippet (for ?/inbox) length in characters // PM snippet (for ?/inbox) length in characters
$config['mod']['snippet_length'] = 75; $config['mod']['snippet_length'] = 75;
// Edit raw HTML in posts by default
$config['mod']['raw_html_default'] = false;
// Probably best not to change these: // Probably best not to change these:
if (!defined('JANITOR')) { if (!defined('JANITOR')) {
define('JANITOR', 0, true); define('JANITOR', 0, true);
@ -1049,6 +1052,9 @@
// Edit the current configuration (via web interface) // Edit the current configuration (via web interface)
$config['mod']['edit_config'] = ADMIN; $config['mod']['edit_config'] = ADMIN;
// Execute un-filtered SQL queries on the database (?/debug/sql)
$config['mod']['debug_sql'] = DISABLED;
/* /*
* ==================== * ====================
* Events (PHP 5.3.0+) * Events (PHP 5.3.0+)

4
inc/display.php
View File

@ -297,7 +297,7 @@ class Post {
// Edit post // Edit post
if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod)) if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
$built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>'; $built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit' . ($config['mod']['raw_html_default'] ? '_raw' : '') . '/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
if (!empty($built)) if (!empty($built))
$built = '<span class="controls">' . $built . '</span>'; $built = '<span class="controls">' . $built . '</span>';
@ -418,7 +418,7 @@ class Thread {
// Edit post // Edit post
if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod)) if (hasPermission($config['mod']['editpost'], $board['uri'], $this->mod))
$built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>'; $built .= ' <a title="Edit post" href="?/' . $board['uri'] . '/edit' . ($config['mod']['raw_html_default'] ? '_raw' : '') . '/' . $this->id . '">' . $config['mod']['link_editpost'] . '</a>';
if (!empty($built)) if (!empty($built))
$built = '<span class="controls op">' . $built . '</span>'; $built = '<span class="controls op">' . $built . '</span>';

142
inc/mod/pages.php
View File

@ -986,7 +986,7 @@ function mod_ban_post($board, $delete, $post, $token = false) {
mod_page(_('New ban'), 'mod/ban_form.html', $args); mod_page(_('New ban'), 'mod/ban_form.html', $args);
} }
function mod_edit_post($board, $postID) { function mod_edit_post($board, $edit_raw_html, $postID) {
global $config, $mod; global $config, $mod;
if (!openBoard($board)) if (!openBoard($board))
@ -994,8 +994,11 @@ function mod_edit_post($board, $postID) {
if (!hasPermission($config['mod']['editpost'], $board)) if (!hasPermission($config['mod']['editpost'], $board))
error($config['error']['noaccess']); error($config['error']['noaccess']);
if ($edit_raw_html && !hasPermission($config['mod']['rawhtml'], $board))
error($config['error']['noaccess']);
$security_token = make_secure_link_token($board . '/edit/' . $postID); $security_token = make_secure_link_token($board . '/edit' . ($edit_raw_html ? '_raw' : '') . '/' . $postID);
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id', $board)); $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id', $board));
$query->bindValue(':id', $postID); $query->bindValue(':id', $postID);
@ -1005,7 +1008,10 @@ function mod_edit_post($board, $postID) {
error($config['error']['404']); error($config['error']['404']);
if (isset($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['body'])) { if (isset($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['body'])) {
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board)); if ($edit_raw_html)
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body` = :body WHERE `id` = :id', $board));
else
$query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board));
$query->bindValue(':id', $postID); $query->bindValue(':id', $postID);
$query->bindValue('name', $_POST['name']); $query->bindValue('name', $_POST['name']);
$query->bindValue(':email', $_POST['email']); $query->bindValue(':email', $_POST['email']);
@ -1013,15 +1019,19 @@ function mod_edit_post($board, $postID) {
$query->bindValue(':body', $_POST['body']); $query->bindValue(':body', $_POST['body']);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
rebuildPost($postID); if (!$edit_raw_html)
rebuildPost($postID);
buildIndex(); buildIndex();
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $postID) . '#' . $postID, true, $config['redirect_http']); header('Location: ?/' . sprintf($config['board_path'], $board) . $config['dir']['res'] . sprintf($config['file_page'], $post['thread'] ? $post['thread'] : $postID) . '#' . $postID, true, $config['redirect_http']);
} else { } else {
if ($config['minify_html']) if ($config['minify_html']) {
$post['body_nomarkup'] = str_replace("\n", '&#010;', $post['body_nomarkup']); $post['body_nomarkup'] = str_replace("\n", '&#010;', $post['body_nomarkup']);
$post['body'] = str_replace("\n", '&#010;', $post['body']);
}
mod_page(_('Edit post'), 'mod/edit_post_form.html', array('token' => $security_token, 'post' => $post)); mod_page(_('Edit post'), 'mod/edit_post_form.html', array('token' => $security_token, 'board' => $board, 'raw' => $edit_raw_html, 'post' => $post));
} }
} }
@ -1723,40 +1733,6 @@ function mod_config() {
mod_page(_('Config editor'), 'mod/config-editor.html', array('conf' => $conf)); mod_page(_('Config editor'), 'mod/config-editor.html', array('conf' => $conf));
} }
function mod_debug_antispam() {
global $pdo, $config;
$args = array();
if (isset($_POST['board'], $_POST['thread'])) {
$where = '`board` = ' . $pdo->quote($_POST['board']);
if ($_POST['thread'] != '')
$where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']);
if (isset($_POST['purge'])) {
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error());
}
$args['board'] = $_POST['board'];
$args['thread'] = $_POST['thread'];
} else {
$where = '';
}
$query = query('SELECT COUNT(*) FROM `antispam`' . ($where ? " WHERE $where" : '')) or error(db_error());
$args['total'] = number_format($query->fetchColumn(0));
$query = query('SELECT COUNT(*) FROM `antispam` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error());
$args['expiring'] = number_format($query->fetchColumn(0));
$query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error());
$args['top'] = $query->fetchAll(PDO::FETCH_ASSOC);
mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args);
}
function mod_themes_list() { function mod_themes_list() {
global $config; global $config;
@ -1884,3 +1860,89 @@ function mod_theme_rebuild($theme_name) {
'theme_name' => $theme_name, 'theme_name' => $theme_name,
)); ));
} }
function mod_debug_antispam() {
global $pdo, $config;
$args = array();
if (isset($_POST['board'], $_POST['thread'])) {
$where = '`board` = ' . $pdo->quote($_POST['board']);
if ($_POST['thread'] != '')
$where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']);
if (isset($_POST['purge'])) {
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error());
}
$args['board'] = $_POST['board'];
$args['thread'] = $_POST['thread'];
} else {
$where = '';
}
$query = query('SELECT COUNT(*) FROM `antispam`' . ($where ? " WHERE $where" : '')) or error(db_error());
$args['total'] = number_format($query->fetchColumn(0));
$query = query('SELECT COUNT(*) FROM `antispam` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error());
$args['expiring'] = number_format($query->fetchColumn(0));
$query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error());
$args['top'] = $query->fetchAll(PDO::FETCH_ASSOC);
$query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error());
$args['recent'] = $query->fetchAll(PDO::FETCH_ASSOC);
mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args);
}
function mod_debug_recent_posts() {
global $pdo, $config;
$limit = 500;
$boards = listBoards();
// Manually build an SQL query
$query = 'SELECT * FROM (';
foreach ($boards as $board) {
$query .= sprintf('SELECT *, %s AS `board` FROM `posts_%s` UNION ALL ', $pdo->quote($board['uri']), $board['uri']);
}
// Remove the last "UNION ALL" seperator and complete the query
$query = preg_replace('/UNION ALL $/', ') AS `all_posts` ORDER BY `time` DESC LIMIT ' . $limit, $query);
$query = query($query) or error(db_error());
$posts = $query->fetchAll(PDO::FETCH_ASSOC);
foreach ($posts as &$post) {
$post['snippet'] = pm_snippet($post['body']);
}
mod_page(_('Debug: Recent posts'), 'mod/debug/recent_posts.html', array('posts' => $posts));
}
function mod_debug_sql() {
global $config;
if (!hasPermission($config['mod']['debug_sql']))
error($config['error']['noaccess']);
$args['security_token'] = make_secure_link_token('debug/sql');
if (isset($_POST['query'])) {
$args['query'] = $_POST['query'];
if ($query = query($_POST['query'])) {
$args['result'] = $query->fetchAll(PDO::FETCH_ASSOC);
if (!empty($args['result']))
$args['keys'] = array_keys($args['result'][0]);
else
$args['result'] = 'empty';
} else {
$args['error'] = db_error();
}
}
mod_page(_('Debug: SQL'), 'mod/debug/sql.html', $args);
}

4
mod.php
View File

@ -61,7 +61,7 @@ $pages = array(
'/ban' => 'secure_POST ban', // new ban '/ban' => 'secure_POST ban', // new ban
'/([\w+.]+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster '/([\w+.]+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster
'/([\w+.]+)/move/(\d+)' => 'secure_POST move', // move thread '/([\w+.]+)/move/(\d+)' => 'secure_POST move', // move thread
'/([\w+.]+)/edit/(\d+)' => 'secure_POST edit_post', // edit post '/([\w+.])/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post
'/([\w+.]+)/delete/(\d+)' => 'secure delete', // delete post '/([\w+.]+)/delete/(\d+)' => 'secure delete', // delete post
'/([\w+.]+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post '/([\w+.]+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post
'/([\w+.]+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address '/([\w+.]+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address
@ -78,6 +78,8 @@ $pages = array(
// these pages aren't listed in the dashboard without $config['debug'] // these pages aren't listed in the dashboard without $config['debug']
'/debug/antispam' => 'debug_antispam', '/debug/antispam' => 'debug_antispam',
'/debug/recent' => 'debug_recent_posts',
'/debug/sql' => 'secure_POST debug_sql',
// This should always be at the end: // This should always be at the end:
'/([\w+.]+)/' => 'view_board', '/([\w+.]+)/' => 'view_board',

42
templates/mod/debug/antispam.html
View File

@ -1,3 +1,44 @@
<p style="text-align:center">
Most recent:
</p>
<table class="modlog" style="width:700px;margin:auto">
<tr>
<th>Board</th>
<th>Thread</th>
<th>Hash (SHA1)</th>
<th>Created</th>
<th>Expires</th>
<th>Passed</th>
</tr>
{% for hash in recent %}
<tr>
<td>{{ config.board_abbreviation|sprintf(hash.board) }}</td>
<td>
{% if hash.thread %}
{{ hash.thread }}
{% else %}
-
{% endif %}</td>
<td>
<small><code>{{ hash.hash }}</code></small>
</td>
<td>
<span title="{{ hash.created|date(config.post_date) }}">{{ hash.created|ago }} ago</span>
</td>
<td>
{% if hash.expires %}
<span title="{{ hash.expires|date(config.post_date) }}">
{{ hash.expires|until }}
</span>
{% else %}
-
{% endif %}
</td>
<td>{{ hash.passed }}</td>
</tr>
{% endfor %}
</table>
<p style="text-align:center"> <p style="text-align:center">
Most used (in active): Most used (in active):
</p> </p>
@ -38,6 +79,7 @@
</tr> </tr>
{% endfor %} {% endfor %}
</table> </table>
<p style="text-align:center"> <p style="text-align:center">
Total: <strong>{{ total }}</strong> (<strong>{{ expiring }}</strong> set to expire) Total: <strong>{{ total }}</strong> (<strong>{{ expiring }}</strong> set to expire)
</p> </p>

89
templates/mod/debug/recent_posts.html Normal file
View File

@ -0,0 +1,89 @@
<table class="modlog">
<tr>
<th>Time</th>
<th>Board</th>
<th>ID</th>
<th>Thread</th>
<th>IP</th>
<th>Name</th>
<th>Subject</th>
<th>File</th>
<th>Body (snippet)</th>
</tr>
{% for post in posts %}
<tr>
<td class="minimal">
<small>{{ post.time | ago }} ago</small>
</td>
<td class="minimal">
<a href="?/{{ config.board_path|sprintf(post.board) }}{{ config.file_index }}">{{ config.board_abbreviation|sprintf(post.board) }}</a>
</td>
<td class="minimal" >
{% if post.thread %}
{% set thread = post.thread %}
{% else %}
{% set thread = post.id %}
{% endif %}
<a href="{{ config.root ~ post.board ~ '/' ~ config.dir.res}}{{ config.file_page|sprintf(thread) }}#{{ post.id }}">
{{ post.id }}
</a>
</td>
<td class="minimal">
<small>
{% if post.thread %}
{{ post.thread }}
{% else %}
(OP)
{% endif %}
</small>
</td>
<td class="minimal">
{% if mod|hasPermission(config.mod.show_ip, post.board) %}
<a href="?/IP/{{ post.ip }}">
{{ post.ip }}
</a>
{% else %}
<em>hidden</em>
{% endif %}
</td>
<td class="minimal" >
<small>
{% if post.email|length > 0 %}
{# start email #}
<a class="email" href="mailto:{{ post.email }}">
{% endif %}
{% set capcode = post.capcode|capcode %}
<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name }}</span>
{% if post.trip|length > 0 %}
<span {% if capcode.trip %}style="{{ capcode.trip }}" {% endif %}class="trip">{{ post.trip }}</span>
{% endif %}
{% if post.email|length > 0 %}
{# end email #}
</a>
{% endif %}
{% if capcode %}
{{ capcode.cap }}
{% endif %}
</small>
</td>
<td class="minimal" >
{% if post.subject %}
<small>{{ post.subject }}</small>
{% else %}
&ndash;
{% endif %}
</td>
<td class="minimal">
{% if post.file %}
<small>{{ post.file }} ({{ post.filesize | filesize }})</small>
{% else %}
&ndash;
{% endif %}
</td>
<td>
<small><em>{{ post.snippet }}</em></small>
</td>
</tr>
{% endfor %}
</table>

26
templates/mod/debug/sql.html Normal file
View File

@ -0,0 +1,26 @@
<form action="" method="post">
<input type="hidden" name="token" value="{{ security_token }}">
<textarea style="display:block;margin:5px auto;width:90%;max-width:600px" rows="3" name="query">{{ query | e }}</textarea>
<input style="display:block;margin:5px auto" type="submit" value="Query">
</form>
{% if result == 'empty' %}
<p style="text-align:center">Query successful (no result).</p>
{% elseif result %}
<table class="modlog">
<tr>
{% for key in keys %}
<th>{{ key | e }}</th>
{% endfor %}
</tr>
{% for row in result %}
<tr>
{% for col in row %}
<td>{{ col | e }}</td>
{% endfor %}
</tr>
{% endfor %}
</table>
{% elseif error %}
<p style="text-align:center;color:#d00">{{ error | e }}</p>
{% endif %}

10
templates/mod/edit_post_form.html
View File

@ -32,8 +32,16 @@
{% trans %}Comment{% endtrans %} {% trans %}Comment{% endtrans %}
</th> </th>
<td> <td>
<textarea name="body" id="body" rows="5" cols="35">{{ post.body_nomarkup }}</textarea> <textarea name="body" id="body" rows="8" cols="35">{% if raw %}{{ post.body | e }}{% else %}{{ post.body_nomarkup }}{% endif %}</textarea>
</td> </td>
</tr> </tr>
</table> </table>
<p style="text-align:center">
{% if raw %}
{% trans %}Currently editing raw HTML.{% endtrans %}
<a href="?/{{ board }}/edit/{{ post.id }}">{% trans %}Edit markup instead?{% endtrans %}</a>
{% else %}
<a href="?/{{ board }}/edit_raw/{{ post.id }}">{% trans %}Edit raw HTML instead?{% endtrans %}</a>
{% endif %}
</p>
</form> </form>