Code Coverage for /data/phpBB/posting.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 1074		n/a	0 / 0	CRAP		n/a	0 / 0

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	define('IN_PHPBB', true);
18	$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
19	$phpEx = substr(strrchr(__FILE__, '.'), 1);
20	include($phpbb_root_path . 'common.' . $phpEx);
21	include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
22	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
23	include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
24
25
26	// Start session management
27	$user->session_begin();
28	$auth->acl($user->data);
29
30
31	// Grab only parameters needed here
32	$draft_id = $request->variable('d', 0);
33
34	$preview = (isset($_POST['preview'])) ? true : false;
35	$save = (isset($_POST['save'])) ? true : false;
36	$load = (isset($_POST['load'])) ? true : false;
37	$confirm = $request->is_set_post('confirm');
38	$cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
39
40	$refresh = (isset($_POST['add_file']) \|\| isset($_POST['delete_file']) \|\| $save \|\| $load \|\| $preview);
41	$submit = $request->is_set_post('post') && !$refresh && !$preview;
42	$mode = $request->variable('mode', '');
43
44	/** @var \phpbb\controller\helper $controller_helper */
45	$controller_helper = $phpbb_container->get('controller.helper');
46
47	// Only assign required URL parameters
48	$forum_id = 0;
49	$topic_id = 0;
50	$post_id = 0;
51
52	switch ($mode)
53	{
54	case 'popup':
55	case 'smilies':
56	$forum_id = $request->variable('f', 0);
57	break;
58
59	case 'post':
60	$forum_id = $request->variable('f', 0);
61	if (!$forum_id)
62	{
63	trigger_error('NO_FORUM');
64	}
65	break;
66
67	case 'bump':
68	case 'reply':
69	$topic_id = $request->variable('t', 0);
70	if ($topic_id)
71	{
72	$sql = 'SELECT forum_id
73	FROM ' . TOPICS_TABLE . "
74	WHERE topic_id = $topic_id";
75	$result = $db->sql_query($sql);
76	$forum_id = (int) $db->sql_fetchfield('forum_id');
77	$db->sql_freeresult($result);
78	}
79
80	if (!$topic_id \|\| !$forum_id)
81	{
82	trigger_error('NO_TOPIC');
83	}
84	break;
85
86	case 'edit':
87	case 'delete':
88	case 'quote':
89	case 'soft_delete':
90	$post_id = $request->variable('p', 0);
91	if ($post_id)
92	{
93	$topic_forum = [];
94
95	$sql = 'SELECT t.topic_id, t.forum_id
96	FROM ' . TOPICS_TABLE . ' t, ' . POSTS_TABLE . ' p
97	WHERE p.post_id = ' . $post_id . '
98	AND t.topic_id = p.topic_id';
99	$result = $db->sql_query($sql);
100	$topic_forum = $db->sql_fetchrow($result);
101	$db->sql_freeresult($result);
102	}
103
104	if (!$post_id \|\| !$topic_forum)
105	{
106	$user->setup('posting');
107	trigger_error('NO_POST');
108	}
109
110	// Need to update session forum_id to valid value for proper viewonline information
111	if (!$forum_id)
112	{
113	$user->page['forum'] = (int) $topic_forum['forum_id'];
114	$user->update_session_page = true;
115	$user->update_session_infos();
116	}
117
118	$topic_id = (int) $topic_forum['topic_id'];
119	$forum_id = (int) $topic_forum['forum_id'];
120
121	break;
122	}
123
124	// If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here.
125	if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) \|\| !$auth->acl_gets('f_delete', 'm_delete', $forum_id)))
126	{
127	$mode = 'soft_delete';
128	}
129
130	$error = $post_data = array();
131	$current_time = time();
132
133	/**
134	* This event allows you to alter the above parameters, such as submit and mode
135	*
136	* Note: $refresh must be true to retain previously submitted form data.
137	*
138	* Note: The template class will not work properly until $user->setup() is
139	* called, and it has not been called yet. Extensions requiring template
140	* assignments should use an event that comes later in this file.
141	*
142	* @event core.modify_posting_parameters
143	* @var int post_id ID of the post
144	* @var int topic_id ID of the topic
145	* @var int forum_id ID of the forum
146	* @var int draft_id ID of the draft
147	* @var bool submit Whether or not the form has been submitted
148	* @var bool preview Whether or not the post is being previewed
149	* @var bool save Whether or not a draft is being saved
150	* @var bool load Whether or not a draft is being loaded
151	* @var bool cancel Whether or not to cancel the form (returns to
152	* viewtopic or viewforum depending on if the user
153	* is posting a new topic or editing a post)
154	* @var bool refresh Whether or not to retain previously submitted data
155	* @var string mode What action to take if the form has been submitted
156	* post\|reply\|quote\|edit\|delete\|bump\|smilies\|popup
157	* @var array error Any error strings; a non-empty array aborts
158	* form submission.
159	* NOTE: Should be actual language strings, NOT
160	* language keys.
161	* @since 3.1.0-a1
162	* @changed 3.1.2-RC1 Removed 'delete' var as it does not exist
163	* @changed 3.2.4-RC1 Remove unused 'lastclick' var
164	*/
165	$vars = array(
166	'post_id',
167	'topic_id',
168	'forum_id',
169	'draft_id',
170	'submit',
171	'preview',
172	'save',
173	'load',
174	'cancel',
175	'refresh',
176	'mode',
177	'error',
178	);
179	extract($phpbb_dispatcher->trigger_event('core.modify_posting_parameters', compact($vars)));
180
181	// Was cancel pressed? If so then redirect to the appropriate page
182	if ($cancel)
183	{
184	$redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : $controller_helper->route('phpbb_index_controller')));
185	redirect($redirect);
186	}
187
188	/* @var $phpbb_content_visibility \phpbb\content_visibility */
189	$phpbb_content_visibility = $phpbb_container->get('content.visibility');
190
191	// We need to know some basic information in all cases before we do anything.
192	switch ($mode)
193	{
194	case 'post':
195	$sql = 'SELECT *
196	FROM ' . FORUMS_TABLE . "
197	WHERE forum_id = $forum_id";
198	break;
199
200	case 'bump':
201	case 'reply':
202	$sql = 'SELECT f., t.
203	FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
204	WHERE t.topic_id = $topic_id
205	AND f.forum_id = t.forum_id
206	AND " . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id, 't.');
207	break;
208
209	case 'quote':
210	case 'edit':
211	case 'delete':
212	case 'soft_delete':
213	$sql = 'SELECT f., t., p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
214	FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
215	WHERE p.post_id = $post_id
216	AND t.topic_id = p.topic_id
217	AND u.user_id = p.poster_id
218	AND f.forum_id = t.forum_id
219	AND " . $phpbb_content_visibility->get_visibility_sql('post', $forum_id, 'p.');
220	break;
221
222	case 'smilies':
223	$sql = '';
224	generate_smilies('window', $forum_id);
225	break;
226
227	case 'popup':
228	if ($forum_id)
229	{
230	$sql = 'SELECT forum_style
231	FROM ' . FORUMS_TABLE . '
232	WHERE forum_id = ' . $forum_id;
233	}
234	else
235	{
236	phpbb_upload_popup();
237	return;
238	}
239	break;
240
241	default:
242	$sql = '';
243	break;
244	}
245
246	if (!$sql)
247	{
248	$user->setup('posting');
249	trigger_error('NO_POST_MODE');
250	}
251
252	$result = $db->sql_query($sql);
253	$post_data = $db->sql_fetchrow($result);
254	$db->sql_freeresult($result);
255
256	if (!$post_data)
257	{
258	if (!($mode == 'post' \|\| $mode == 'bump' \|\| $mode == 'reply'))
259	{
260	$user->setup('posting');
261	}
262	trigger_error(($mode == 'post' \|\| $mode == 'bump' \|\| $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST');
263	}
264
265	/**
266	* This event allows you to bypass reply/quote test of an unapproved post.
267	*
268	* @event core.posting_modify_row_data
269	* @var array post_data All post data from database
270	* @var string mode What action to take if the form has been submitted
271	* post\|reply\|quote\|edit\|delete\|bump\|smilies\|popup
272	* @var int topic_id ID of the topic
273	* @var int forum_id ID of the forum
274	* @since 3.2.8-RC1
275	*/
276	$vars = array(
277	'post_data',
278	'mode',
279	'topic_id',
280	'forum_id',
281	);
282	extract($phpbb_dispatcher->trigger_event('core.posting_modify_row_data', compact($vars)));
283
284	// Not able to reply to unapproved posts/topics
285	// TODO: add more descriptive language key
286	if ($auth->acl_get('m_approve', $forum_id) && ((($mode == 'reply' \|\| $mode == 'bump') && $post_data['topic_visibility'] != ITEM_APPROVED) \|\| ($mode == 'quote' && $post_data['post_visibility'] != ITEM_APPROVED)))
287	{
288	trigger_error(($mode == 'reply' \|\| $mode == 'bump') ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED');
289	}
290
291	if ($mode == 'popup')
292	{
293	phpbb_upload_popup($post_data['forum_style']);
294	return;
295	}
296
297	$user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
298
299	// Need to login to passworded forum first?
300	if ($post_data['forum_password'])
301	{
302	login_forum_box(array(
303	'forum_id' => $forum_id,
304	'forum_name' => $post_data['forum_name'],
305	'forum_password' => $post_data['forum_password'])
306	);
307	}
308
309	// Check permissions
310	if ($user->data['is_bot'])
311	{
312	redirect($controller_helper->route('phpbb_index_controller'));
313	}
314
315	// Is the user able to read within this forum?
316	if (!$auth->acl_get('f_read', $forum_id))
317	{
318	if ($user->data['user_id'] != ANONYMOUS)
319	{
320	trigger_error('USER_CANNOT_READ');
321	}
322	$message = $user->lang['LOGIN_EXPLAIN_POST'];
323
324	if ($request->is_ajax())
325	{
326	$json = new phpbb\json_response();
327	$json->send(array(
328	'title' => $user->lang['INFORMATION'],
329	'message' => $message,
330	));
331	}
332
333	login_box('', $message);
334	}
335
336	// Permission to do the action asked?
337	$is_authed = false;
338
339	switch ($mode)
340	{
341	case 'post':
342	if ($auth->acl_get('f_post', $forum_id))
343	{
344	$is_authed = true;
345	}
346	break;
347
348	case 'bump':
349	if ($auth->acl_get('f_bump', $forum_id))
350	{
351	$is_authed = true;
352	}
353	break;
354
355	case 'quote':
356
357	$post_data['post_edit_locked'] = 0;
358
359	// no break;
360
361	case 'reply':
362	if ($auth->acl_get('f_reply', $forum_id))
363	{
364	$is_authed = true;
365	}
366	break;
367
368	case 'edit':
369	if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))
370	{
371	$is_authed = true;
372	}
373	break;
374
375	case 'delete':
376	if ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) \|\| ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id))))
377	{
378	$is_authed = true;
379	}
380
381	// no break;
382
383	case 'soft_delete':
384	if (!$is_authed && $user->data['is_registered'] && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $post_data['post_edit_locked']))
385	{
386	// Fall back to soft_delete if we have no permissions to delete posts but to soft delete them
387	$is_authed = true;
388	$mode = 'soft_delete';
389	}
390	break;
391	}
392	/**
393	* This event allows you to do extra auth checks and verify if the user
394	* has the required permissions
395	*
396	* Extensions should only change the error and is_authed variables.
397	*
398	* @event core.modify_posting_auth
399	* @var int post_id ID of the post
400	* @var int topic_id ID of the topic
401	* @var int forum_id ID of the forum
402	* @var int draft_id ID of the draft
403	* @var bool submit Whether or not the form has been submitted
404	* @var bool preview Whether or not the post is being previewed
405	* @var bool save Whether or not a draft is being saved
406	* @var bool load Whether or not a draft is being loaded
407	* @var bool refresh Whether or not to retain previously submitted data
408	* @var string mode What action to take if the form has been submitted
409	* post\|reply\|quote\|edit\|delete\|bump\|smilies\|popup
410	* @var array error Any error strings; a non-empty array aborts
411	* form submission.
412	* NOTE: Should be actual language strings, NOT
413	* language keys.
414	* @var bool is_authed Does the user have the required permissions?
415	* @var array post_data All post data from database
416	* @since 3.1.3-RC1
417	* @changed 3.1.10-RC1 Added post_data
418	* @changed 3.2.4-RC1 Remove unused 'lastclick' var
419	*/
420	$vars = array(
421	'post_id',
422	'topic_id',
423	'forum_id',
424	'draft_id',
425	'submit',
426	'preview',
427	'save',
428	'load',
429	'refresh',
430	'mode',
431	'error',
432	'is_authed',
433	'post_data',
434	);
435	extract($phpbb_dispatcher->trigger_event('core.modify_posting_auth', compact($vars)));
436
437	if (!$is_authed \|\| !empty($error))
438	{
439	$check_auth = ($mode == 'quote') ? 'reply' : (($mode == 'soft_delete') ? 'delete' : $mode);
440
441	if ($user->data['is_registered'])
442	{
443	trigger_error(empty($error) ? 'USER_CANNOT_' . strtoupper($check_auth) : implode('<br/>', $error));
444	}
445	$message = $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)];
446
447	if ($request->is_ajax())
448	{
449	$json = new phpbb\json_response();
450	$json->send(array(
451	'title' => $user->lang['INFORMATION'],
452	'message' => $message,
453	));
454	}
455
456	login_box('', $message);
457	}
458
459	if ($config['enable_post_confirm'] && !$user->data['is_registered'])
460	{
461	/** @var \phpbb\captcha\factory $captcha_factory */
462	$captcha_factory = $phpbb_container->get('captcha.factory');
463	$captcha = $captcha_factory->get_instance($config['captcha_plugin']);
464	$captcha->init(\phpbb\captcha\plugins\confirm_type::POST);
465	}
466
467	// Is the user able to post within this forum?
468	if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
469	{
470	trigger_error('USER_CANNOT_FORUM_POST');
471	}
472
473	// Forum/Topic locked?
474	if (($post_data['forum_status'] == ITEM_LOCKED \|\| (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get($mode == 'reply' ? 'm_lock' : 'm_edit', $forum_id))
475	{
476	trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
477	}
478
479	// Can we edit this post ... if we're a moderator with rights then always yes
480	// else it depends on editing times, lock status and if we're the correct user
481	if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id))
482	{
483	$force_edit_allowed = false;
484
485	$s_cannot_edit = $user->data['user_id'] != $post_data['poster_id'];
486	$s_cannot_edit_time = $config['edit_time'] && $post_data['post_time'] <= time() - ($config['edit_time'] * 60);
487	$s_cannot_edit_locked = $post_data['post_edit_locked'];
488
489	/**
490	* This event allows you to modify the conditions for the "cannot edit post" checks
491	*
492	* @event core.posting_modify_cannot_edit_conditions
493	* @var array post_data Array with post data
494	* @var bool force_edit_allowed Allow the user to edit the post (all permissions and conditions are ignored)
495	* @var bool s_cannot_edit User can not edit the post because it's not his
496	* @var bool s_cannot_edit_locked User can not edit the post because it's locked
497	* @var bool s_cannot_edit_time User can not edit the post because edit_time has passed
498	* @since 3.1.0-b4
499	*/
500	$vars = array(
501	'post_data',
502	'force_edit_allowed',
503	's_cannot_edit',
504	's_cannot_edit_locked',
505	's_cannot_edit_time',
506	);
507	extract($phpbb_dispatcher->trigger_event('core.posting_modify_cannot_edit_conditions', compact($vars)));
508
509	if (!$force_edit_allowed)
510	{
511	if ($s_cannot_edit)
512	{
513	trigger_error('USER_CANNOT_EDIT');
514	}
515	else if ($s_cannot_edit_time)
516	{
517	trigger_error('CANNOT_EDIT_TIME');
518	}
519	else if ($s_cannot_edit_locked)
520	{
521	trigger_error('CANNOT_EDIT_POST_LOCKED');
522	}
523	}
524	}
525
526	// Handle delete mode...
527	if ($mode == 'delete' \|\| $mode == 'soft_delete')
528	{
529	if ($mode == 'soft_delete' && $post_data['post_visibility'] == ITEM_DELETED)
530	{
531	$user->setup('posting');
532	trigger_error('NO_POST');
533	}
534
535	$delete_reason = $request->variable('delete_reason', '', true);
536	phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, ($mode == 'soft_delete' && !$request->is_set_post('delete_permanent')), $delete_reason);
537	return;
538	}
539
540	// Handle bump mode...
541	if ($mode == 'bump')
542	{
543	if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])
544	&& check_link_hash($request->variable('hash', ''), "topic_{$post_data['topic_id']}"))
545	{
546	$meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time);
547	meta_refresh(3, $meta_url);
548	$message = $user->lang['TOPIC_BUMPED'];
549
550	if (!$request->is_ajax())
551	{
552	$message .= '<br /><br />' . $user->lang('VIEW_MESSAGE', '<a href="' . $meta_url . '">', '</a>');
553	$message .= '<br /><br />' . $user->lang('RETURN_FORUM', '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
554	}
555
556	trigger_error($message);
557	}
558
559	trigger_error('BUMP_ERROR');
560	}
561
562	// Subject length limiting to 60 characters if first post...
563	if ($mode == 'post' \|\| ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']))
564	{
565	$template->assign_var('S_NEW_MESSAGE', true);
566	}
567
568	// Determine some vars
569	if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS)
570	{
571	$post_data['quote_username'] = (!empty($post_data['post_username'])) ? $post_data['post_username'] : $user->lang['GUEST'];
572	}
573	else
574	{
575	$post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
576	}
577
578	$post_data['post_edit_locked'] = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0;
579	$post_data['post_subject_md5'] = (isset($post_data['post_subject']) && $mode == 'edit') ? md5($post_data['post_subject']) : '';
580	$post_data['post_subject'] = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : '');
581	$post_data['topic_time_limit'] = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0;
582	$post_data['poll_length'] = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0;
583	$post_data['poll_start'] = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0;
584	$post_data['icon_id'] = (!isset($post_data['icon_id']) \|\| in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id'];
585	$post_data['poll_options'] = array();
586
587	// Get Poll Data
588	if ($post_data['poll_start'])
589	{
590	$sql = 'SELECT poll_option_text
591	FROM ' . POLL_OPTIONS_TABLE . "
592	WHERE topic_id = $topic_id
593	ORDER BY poll_option_id";
594	$result = $db->sql_query($sql);
595
596	while ($row = $db->sql_fetchrow($result))
597	{
598	$post_data['poll_options'][] = trim($row['poll_option_text']);
599	}
600	$db->sql_freeresult($result);
601	}
602
603	/**
604	* This event allows you to modify the post data before parsing
605	*
606	* @event core.posting_modify_post_data
607	* @var int forum_id ID of the forum
608	* @var string mode What action to take if the form has been submitted
609	* post\|reply\|quote\|edit\|delete\|bump\|smilies\|popup
610	* @var array post_data Array with post data
611	* @var int post_id ID of the post
612	* @var int topic_id ID of the topic
613	* @since 3.2.2-RC1
614	*/
615	$vars = array(
616	'forum_id',
617	'mode',
618	'post_data',
619	'post_id',
620	'topic_id',
621	);
622	extract($phpbb_dispatcher->trigger_event('core.posting_modify_post_data', compact($vars)));
623
624	if ($mode == 'edit')
625	{
626	$original_poll_data = array(
627	'poll_title' => $post_data['poll_title'],
628	'poll_length' => $post_data['poll_length'],
629	'poll_max_options' => $post_data['poll_max_options'],
630	'poll_option_text' => implode("\n", $post_data['poll_options']),
631	'poll_start' => $post_data['poll_start'],
632	'poll_last_vote' => $post_data['poll_last_vote'],
633	'poll_vote_change' => $post_data['poll_vote_change'],
634	);
635	}
636
637	$orig_poll_options_size = count($post_data['poll_options']);
638
639	$message_parser = new parse_message();
640	/* @var $plupload \phpbb\plupload\plupload */
641	$plupload = $phpbb_container->get('plupload');
642
643	/* @var $mimetype_guesser \phpbb\mimetype\guesser */
644	$mimetype_guesser = $phpbb_container->get('mimetype.guesser');
645	$message_parser->set_plupload($plupload);
646
647	if (isset($post_data['post_text']))
648	{
649	$message_parser->message = &$post_data['post_text'];
650	unset($post_data['post_text']);
651	}
652
653	// Set some default variables
654	$uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
655
656	/**
657	* This event allows you to modify the default variables for post_data, and unset them in post_data if needed
658	*
659	* @event core.posting_modify_default_variables
660	* @var array post_data Array with post data
661	* @var array uninit Array with default vars to put into post_data, if they aren't there
662	* @since 3.2.5-RC1
663	*/
664	$vars = array(
665	'post_data',
666	'uninit',
667	);
668	extract($phpbb_dispatcher->trigger_event('core.posting_modify_default_variables', compact($vars)));
669
670	foreach ($uninit as $var_name => $default_value)
671	{
672	if (!isset($post_data[$var_name]))
673	{
674	$post_data[$var_name] = $default_value;
675	}
676	}
677	unset($uninit);
678
679	// Always check if the submitted attachment data is valid and belongs to the user.
680	// Further down (especially in submit_post()) we do not check this again.
681	$message_parser->get_submitted_attachment_data($post_data['poster_id']);
682
683	if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit')
684	{
685	// Do not change to SELECT *
686	$sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize
687	FROM ' . ATTACHMENTS_TABLE . "
688	WHERE post_msg_id = $post_id
689	AND in_message = 0
690	AND is_orphan = 0
691	ORDER BY attach_id DESC";
692	$result = $db->sql_query($sql);
693	$message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
694	$db->sql_freeresult($result);
695	}
696
697	if ($post_data['poster_id'] == ANONYMOUS)
698	{
699	$post_data['username'] = ($mode == 'quote' \|\| $mode == 'edit') ? trim($post_data['post_username']) : '';
700	}
701	else
702	{
703	$post_data['username'] = ($mode == 'quote' \|\| $mode == 'edit') ? trim($post_data['username']) : '';
704	}
705
706	$post_data['enable_urls'] = $post_data['enable_magic_url'];
707
708	if ($mode != 'edit')
709	{
710	$post_data['enable_sig'] = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false;
711	$post_data['enable_smilies'] = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false;
712	$post_data['enable_bbcode'] = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false;
713	$post_data['enable_urls'] = true;
714	}
715
716	if ($mode == 'post')
717	{
718	$post_data['topic_status'] = ($request->is_set_post('lock_topic') && $auth->acl_gets('m_lock', 'f_user_lock', $forum_id)) ? ITEM_LOCKED : ITEM_UNLOCKED;
719	}
720
721	$post_data['enable_magic_url'] = $post_data['drafts'] = false;
722
723	// User own some drafts?
724	if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' \|\| $mode == 'post' \|\| $mode == 'quote'))
725	{
726	$sql = 'SELECT draft_id
727	FROM ' . DRAFTS_TABLE . '
728	WHERE user_id = ' . $user->data['user_id'] .
729	(($forum_id) ? ' AND forum_id = ' . (int) $forum_id : '') .
730	(($topic_id) ? ' AND topic_id = ' . (int) $topic_id : '') .
731	(($draft_id) ? " AND draft_id <> $draft_id" : '');
732	$result = $db->sql_query_limit($sql, 1);
733
734	if ($db->sql_fetchrow($result))
735	{
736	$post_data['drafts'] = true;
737	}
738	$db->sql_freeresult($result);
739	}
740
741	$check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
742
743	// Check if user is watching this topic
744	if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered'])
745	{
746	$sql = 'SELECT topic_id
747	FROM ' . TOPICS_WATCH_TABLE . '
748	WHERE topic_id = ' . $topic_id . '
749	AND user_id = ' . $user->data['user_id'];
750	$result = $db->sql_query($sql);
751	$post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
752	$db->sql_freeresult($result);
753	}
754
755	// Do we want to edit our post ?
756	if ($mode == 'edit' && $post_data['bbcode_uid'])
757	{
758	$message_parser->bbcode_uid = $post_data['bbcode_uid'];
759	}
760
761	// HTML, BBCode, Smilies and Images status
762	$bbcode_status = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false;
763	$smilies_status = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false;
764	$img_status = ($bbcode_status && $auth->acl_get('f_img', $forum_id)) ? true : false;
765	$url_status = ($config['allow_post_links']) ? true : false;
766	$quote_status = true;
767
768	/**
769	* Event to override message BBCode status indications
770	*
771	* @event core.posting_modify_bbcode_status
772	*
773	* @var bool bbcode_status BBCode status
774	* @var bool smilies_status Smilies status
775	* @var bool img_status Image BBCode status
776	* @var bool url_status URL BBCode status
777	* @var bool quote_status Quote BBCode status
778	* @since 3.3.3-RC1
779	* @changed 4.0.0-a1 Removed flash_status
780	*/
781	$vars = [
782	'bbcode_status',
783	'smilies_status',
784	'img_status',
785	'url_status',
786	'quote_status',
787	];
788	extract($phpbb_dispatcher->trigger_event('core.posting_modify_bbcode_status', compact($vars)));
789
790	// Save Draft
791	if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' \|\| $mode == 'post' \|\| $mode == 'quote'))
792	{
793	$subject = $request->variable('subject', '', true);
794	$subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
795	$message = $request->variable('message', '', true);
796
797	/**
798	* Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
799	* Using their Numeric Character Reference's Hexadecimal notation.
800	*/
801	$subject = utf8_encode_ucr($subject);
802
803	if ($subject && $message)
804	{
805	if (confirm_box(true))
806	{
807	$message_parser->message = $message;
808	$message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $quote_status, $config['allow_post_links']);
809
810	$sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
811	'user_id' => (int) $user->data['user_id'],
812	'topic_id' => (int) $topic_id,
813	'forum_id' => (int) $forum_id,
814	'save_time' => (int) $current_time,
815	'draft_subject' => (string) $subject,
816	'draft_message' => (string) $message_parser->message)
817	);
818	$db->sql_query($sql);
819
820	/** @var \phpbb\attachment\manager $attachment_manager */
821	$attachment_manager = $phpbb_container->get('attachment.manager');
822	$attachment_manager->delete('attach', array_column($message_parser->attachment_data, 'attach_id'));
823
824	$meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id");
825
826	meta_refresh(3, $meta_info);
827
828	$message = $user->lang['DRAFT_SAVED'] . '<br /><br />';
829	$message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : '';
830	$message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
831
832	trigger_error($message);
833	}
834	else
835	{
836	$s_hidden_fields = build_hidden_fields(array(
837	'mode' => $mode,
838	'save' => true,
839	'f' => $forum_id,
840	't' => $topic_id,
841	'subject' => $subject,
842	'message' => $message,
843	'attachment_data' => $message_parser->attachment_data,
844	)
845	);
846
847	$hidden_fields = array(
848	'icon_id' => 0,
849
850	'disable_bbcode' => false,
851	'disable_smilies' => false,
852	'disable_magic_url' => false,
853	'attach_sig' => true,
854	'notify' => false,
855	'lock_topic' => false,
856
857	'topic_type' => POST_NORMAL,
858	'topic_time_limit' => 0,
859
860	'poll_title' => '',
861	'poll_option_text' => '',
862	'poll_max_options' => 1,
863	'poll_length' => 0,
864	'poll_vote_change' => false,
865	);
866
867	foreach ($hidden_fields as $name => $default)
868	{
869	if (!isset($_POST[$name]))
870	{
871	// Don't include it, if its not available
872	unset($hidden_fields[$name]);
873	continue;
874	}
875
876	if (is_bool($default))
877	{
878	// Use the string representation
879	$hidden_fields[$name] = $request->variable($name, '');
880	}
881	else
882	{
883	$hidden_fields[$name] = $request->variable($name, $default);
884	}
885	}
886
887	$s_hidden_fields .= build_hidden_fields($hidden_fields);
888
889	confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
890	}
891	}
892	else
893	{
894	if (utf8_clean_string($subject) === '')
895	{
896	$error[] = $user->lang['EMPTY_SUBJECT'];
897	}
898
899	if (utf8_clean_string($message) === '')
900	{
901	$error[] = $user->lang['TOO_FEW_CHARS'];
902	}
903	}
904	unset($subject, $message);
905	}
906
907	// Load requested Draft
908	if ($draft_id && ($mode == 'reply' \|\| $mode == 'quote' \|\| $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
909	{
910	$sql = 'SELECT draft_subject, draft_message
911	FROM ' . DRAFTS_TABLE . "
912	WHERE draft_id = $draft_id
913	AND user_id = " . $user->data['user_id'];
914	$result = $db->sql_query_limit($sql, 1);
915	$row = $db->sql_fetchrow($result);
916	$db->sql_freeresult($result);
917
918	if ($row)
919	{
920	$post_data['post_subject'] = $row['draft_subject'];
921	$message_parser->message = $row['draft_message'];
922
923	$template->assign_var('S_DRAFT_LOADED', true);
924	}
925	else
926	{
927	$draft_id = 0;
928	}
929	}
930
931	// Load draft overview
932	if ($load && ($mode == 'reply' \|\| $mode == 'quote' \|\| $mode == 'post') && $post_data['drafts'])
933	{
934	load_drafts($topic_id, $forum_id);
935	}
936
937	/** @var \phpbb\textformatter\utils_interface $bbcode_utils */
938	$bbcode_utils = $phpbb_container->get('text_formatter.utils');
939
940	if ($submit \|\| $preview \|\| $refresh)
941	{
942	$post_data['topic_cur_post_id'] = $request->variable('topic_cur_post_id', 0);
943	$post_data['post_subject'] = $request->variable('subject', '', true);
944	$message_parser->message = $request->variable('message', '', true);
945
946	$post_data['username'] = $request->variable('username', $post_data['username'], true);
947	$post_data['post_edit_reason'] = ($request->variable('edit_reason', false, false, \phpbb\request\request_interface::POST) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? $request->variable('edit_reason', '', true) : '';
948
949	$post_data['orig_topic_type'] = $post_data['topic_type'];
950	$post_data['topic_type'] = $request->variable('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
951	$post_data['topic_time_limit'] = $request->variable('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
952
953	if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
954	{
955	$post_data['icon_id'] = $request->variable('icon', (int) $post_data['icon_id']);
956	}
957
958	$post_data['enable_bbcode'] = (!$bbcode_status \|\| isset($_POST['disable_bbcode'])) ? false : true;
959	$post_data['enable_smilies'] = (!$smilies_status \|\| isset($_POST['disable_smilies'])) ? false : true;
960	$post_data['enable_urls'] = (isset($_POST['disable_magic_url'])) ? 0 : 1;
961	$post_data['enable_sig'] = (!$config['allow_sig'] \|\| !$auth->acl_get('f_sigs', $forum_id) \|\| !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
962
963	if ($config['allow_topic_notify'] && $user->data['is_registered'])
964	{
965	$notify = (isset($_POST['notify'])) ? true : false;
966	}
967	else
968	{
969	$notify = false;
970	}
971
972	$topic_lock = (isset($_POST['lock_topic'])) ? true : false;
973	$post_lock = (isset($_POST['lock_post'])) ? true : false;
974	$poll_delete = (isset($_POST['poll_delete'])) ? true : false;
975
976	if ($submit)
977	{
978	$status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
979	$status_switch = ($status_switch != $check_value);
980	}
981	else
982	{
983	$status_switch = 1;
984	}
985
986	// Delete Poll
987	if ($poll_delete && $mode == 'edit' && count($post_data['poll_options']) &&
988	((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) \|\| $auth->acl_get('m_delete', $forum_id)))
989	{
990	if ($submit && check_form_key('posting'))
991	{
992	$sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . "
993	WHERE topic_id = $topic_id";
994	$db->sql_query($sql);
995
996	$sql = 'DELETE FROM ' . POLL_VOTES_TABLE . "
997	WHERE topic_id = $topic_id";
998	$db->sql_query($sql);
999
1000	$topic_sql = array(
1001	'poll_title' => '',
1002	'poll_start' => 0,
1003	'poll_length' => 0,
1004	'poll_last_vote' => 0,
1005	'poll_max_options' => 0,
1006	'poll_vote_change' => 0
1007	);
1008
1009	$sql = 'UPDATE ' . TOPICS_TABLE . '
1010	SET ' . $db->sql_build_array('UPDATE', $topic_sql) . "
1011	WHERE topic_id = $topic_id";
1012	$db->sql_query($sql);
1013	}
1014
1015	$post_data['poll_title'] = $post_data['poll_option_text'] = '';
1016	$post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0;
1017	}
1018	else
1019	{
1020	$post_data['poll_title'] = $request->variable('poll_title', '', true);
1021	$post_data['poll_length'] = $request->variable('poll_length', 0);
1022	$post_data['poll_option_text'] = $request->variable('poll_option_text', '', true);
1023	$post_data['poll_max_options'] = $request->variable('poll_max_options', 1);
1024	$post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
1025	}
1026
1027	// If replying/quoting and last post id has changed
1028	// give user option to continue submit or return to post
1029	// notify and show user the post made between his request and the final submit
1030	if (($mode == 'reply' \|\| $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id'])
1031	{
1032	// Only do so if it is allowed forum-wide
1033	if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
1034	{
1035	if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id']))
1036	{
1037	$template->assign_var('S_POST_REVIEW', true);
1038	}
1039
1040	$submit = false;
1041	$refresh = true;
1042	}
1043	}
1044
1045	// Parse Attachments - before checksum is calculated
1046	if ($message_parser->check_attachment_form_token($language, $request, 'posting'))
1047	{
1048	$message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
1049	}
1050
1051	/**
1052	* This event allows you to modify message text before parsing
1053	*
1054	* @event core.posting_modify_message_text
1055	* @var array post_data Array with post data
1056	* @var string mode What action to take if the form is submitted
1057	* post\|reply\|quote\|edit\|delete\|bump\|smilies\|popup
1058	* @var int post_id ID of the post
1059	* @var int topic_id ID of the topic
1060	* @var int forum_id ID of the forum
1061	* @var bool submit Whether or not the form has been submitted
1062	* @var bool preview Whether or not the post is being previewed
1063	* @var bool save Whether or not a draft is being saved
1064	* @var bool load Whether or not a draft is being loaded
1065	* @var bool cancel Whether or not to cancel the form (returns to
1066	* viewtopic or viewforum depending on if the user
1067	* is posting a new topic or editing a post)
1068	* @var bool refresh Whether or not to retain previously submitted data
1069	* @var object message_parser The message parser object
1070	* @var array error Array of errors
1071	* @since 3.1.2-RC1
1072	* @changed 3.1.11-RC1 Added error
1073	*/
1074	$vars = array(
1075	'post_data',
1076	'mode',
1077	'post_id',
1078	'topic_id',
1079	'forum_id',
1080	'submit',
1081	'preview',
1082	'save',
1083	'load',
1084	'cancel',
1085	'refresh',
1086	'message_parser',
1087	'error',
1088	);
1089	extract($phpbb_dispatcher->trigger_event('core.posting_modify_message_text', compact($vars)));
1090
1091	// Grab md5 'checksum' of new message
1092	$message_md5 = md5($message_parser->message);
1093
1094	// If editing and checksum has changed we know the post was edited while we're editing
1095	// Notify and show user the changed post
1096	if ($mode == 'edit' && $post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
1097	{
1098	$edit_post_message_checksum = $request->variable('edit_post_message_checksum', '');
1099	$edit_post_subject_checksum = $request->variable('edit_post_subject_checksum', '');
1100
1101	// $post_data['post_checksum'] is the checksum of the post submitted in the meantime
1102	// $message_md5 is the checksum of the post we're about to submit
1103	// $edit_post_message_checksum is the checksum of the post we're editing
1104	// ...
1105
1106	// We make sure nobody else made exactly the same change
1107	// we're about to submit by also checking $message_md5 != $post_data['post_checksum']
1108	if ($edit_post_message_checksum !== '' &&
1109	$edit_post_message_checksum != $post_data['post_checksum'] &&
1110	$message_md5 != $post_data['post_checksum']
1111	\|\|
1112	$edit_post_subject_checksum !== '' &&
1113	$edit_post_subject_checksum != $post_data['post_subject_md5'] &&
1114	md5($post_data['post_subject']) != $post_data['post_subject_md5'])
1115	{
1116	if (topic_review($topic_id, $forum_id, 'post_review_edit', $post_id))
1117	{
1118	$template->assign_vars(array(
1119	'S_POST_REVIEW' => true,
1120
1121	'L_POST_REVIEW' => $user->lang['POST_REVIEW_EDIT'],
1122	'L_POST_REVIEW_EXPLAIN' => $user->lang['POST_REVIEW_EDIT_EXPLAIN'],
1123	));
1124	}
1125
1126	$submit = false;
1127	$refresh = true;
1128	}
1129	}
1130
1131	// Check checksum ... don't re-parse message if the same
1132	$update_message = ($mode != 'edit' \|\| $message_md5 != $post_data['post_checksum'] \|\| $status_switch \|\| strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN) ? true : false;
1133
1134	// Also check if subject got updated...
1135	$update_subject = $mode != 'edit' \|\| ($post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']));
1136
1137	// Parse message
1138	if ($update_message)
1139	{
1140	if (count($message_parser->warn_msg))
1141	{
1142	$error[] = implode('<br />', $message_parser->warn_msg);
1143	$message_parser->warn_msg = array();
1144	}
1145
1146	if (!$preview \|\| !empty($message_parser->message))
1147	{
1148	$message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $quote_status, $config['allow_post_links']);
1149	}
1150
1151	// On a refresh we do not care about message parsing errors
1152	if (count($message_parser->warn_msg) && $refresh && !$preview)
1153	{
1154	$message_parser->warn_msg = array();
1155	}
1156	}
1157	else
1158	{
1159	$message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
1160	}
1161
1162	$ignore_flood = $auth->acl_get('u_ignoreflood') ? true : $auth->acl_get('f_ignoreflood', $forum_id);
1163	if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$ignore_flood)
1164	{
1165	// Flood check
1166	$last_post_time = 0;
1167
1168	if ($user->data['is_registered'])
1169	{
1170	$last_post_time = $user->data['user_lastpost_time'];
1171	}
1172	else
1173	{
1174	$sql = 'SELECT post_time AS last_post_time
1175	FROM ' . POSTS_TABLE . "
1176	WHERE poster_ip = '" . $user->ip . "'
1177	AND post_time > " . ($current_time - $config['flood_interval']);
1178	$result = $db->sql_query_limit($sql, 1);
1179	if ($row = $db->sql_fetchrow($result))
1180	{
1181	$last_post_time = $row['last_post_time'];
1182	}
1183	$db->sql_freeresult($result);
1184	}
1185
1186	if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval']))
1187	{
1188	$error[] = $user->lang['FLOOD_ERROR'];
1189	}
1190	}
1191
1192	// Validate username
1193	if (($post_data['username'] && !$user->data['is_registered']) \|\| ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']))
1194	{
1195	if (!function_exists('validate_username'))
1196	{
1197	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
1198	}
1199
1200	$user->add_lang('ucp');
1201
1202	if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false)
1203	{
1204	$error[] = $user->lang[$result . '_USERNAME'];
1205	}
1206
1207	if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false)
1208	{
1209	$min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars'];
1210	$error[] = $user->lang('FIELD_' . $result, $min_max_amount, $user->lang['USERNAME']);
1211	}
1212	}
1213
1214	if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
1215	{
1216	if ($captcha->validate() !== true)
1217	{
1218	$error[] = $captcha->get_error();
1219	}
1220	}
1221
1222	// check form
1223	if (($submit \|\| $preview) && !check_form_key('posting'))
1224	{
1225	$error[] = $user->lang['FORM_INVALID'];
1226	}
1227
1228	if ($submit && $mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED && !$request->is_set_post('delete') && $auth->acl_get('m_approve', $forum_id))
1229	{
1230	$is_first_post = ($post_id <= $post_data['topic_first_post_id'] \|\| !$post_data['topic_posts_approved']);
1231	$is_last_post = ($post_id >= $post_data['topic_last_post_id'] \|\| !$post_data['topic_posts_approved']);
1232	$updated_post_data = $phpbb_content_visibility->set_post_visibility(ITEM_APPROVED, $post_id, $post_data['topic_id'], $post_data['forum_id'], $user->data['user_id'], time(), '', $is_first_post, $is_last_post);
1233
1234	if (!empty($updated_post_data))
1235	{
1236	// Update the post_data, so we don't need to refetch it.
1237	$post_data = array_merge($post_data, $updated_post_data);
1238	}
1239	}
1240
1241	// Parse subject
1242	if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' \|\| ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1243	{
1244	$error[] = $user->lang['EMPTY_SUBJECT'];
1245	}
1246
1247	/**
1248	* Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
1249	* Using their Numeric Character Reference's Hexadecimal notation.
1250	* Check the permissions for posting Emojis first.
1251	*/
1252	if ($auth->acl_get('u_emoji'))
1253	{
1254	$post_data['post_subject'] = utf8_encode_ucr($post_data['post_subject']);
1255	}
1256	else
1257	{
1258	/**
1259	* Check for out-of-bounds characters that are currently
1260	* not supported by utf8_bin in MySQL
1261	*/
1262	if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
1263	{
1264	$character_list = implode('<br>', $matches[0]);
1265
1266	$error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
1267	}
1268	}
1269
1270	$post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;
1271
1272	if ($post_data['poll_option_text'] &&
1273	($mode == 'post' \|\| ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] \|\| $auth->acl_get('m_edit', $forum_id))*/))
1274	&& $auth->acl_get('f_poll', $forum_id))
1275	{
1276	$poll = array(
1277	'poll_title' => $post_data['poll_title'],
1278	'poll_length' => $post_data['poll_length'],
1279	'poll_max_options' => $post_data['poll_max_options'],
1280	'poll_option_text' => $post_data['poll_option_text'],
1281	'poll_start' => $post_data['poll_start'],
1282	'poll_last_vote' => $post_data['poll_last_vote'],
1283	'poll_vote_change' => $post_data['poll_vote_change'],
1284	'enable_bbcode' => $post_data['enable_bbcode'],
1285	'enable_urls' => $post_data['enable_urls'],
1286	'enable_smilies' => $post_data['enable_smilies'],
1287	'img_status' => $img_status
1288	);
1289
1290	$message_parser->parse_poll($poll);
1291
1292	$post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1293	$post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1294
1295	/* We reset votes, therefore also allow removing options
1296	if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size))
1297	{
1298	$message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS'];
1299	}*/
1300	}
1301	else if ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id))
1302	{
1303	// The user removed all poll options, this is equal to deleting the poll.
1304	$poll = array(
1305	'poll_title' => '',
1306	'poll_length' => 0,
1307	'poll_max_options' => 0,
1308	'poll_option_text' => '',
1309	'poll_start' => 0,
1310	'poll_last_vote' => 0,
1311	'poll_vote_change' => 0,
1312	'poll_options' => array(),
1313	);
1314
1315	$post_data['poll_options'] = array();
1316	$post_data['poll_title'] = '';
1317	$post_data['poll_start'] = $post_data['poll_length'] = $post_data['poll_max_options'] = $post_data['poll_last_vote'] = $post_data['poll_vote_change'] = 0;
1318	}
1319	else if (!$auth->acl_get('f_poll', $forum_id) && ($mode == 'edit') && ($post_id == $post_data['topic_first_post_id']) && !$bbcode_utils->is_empty($original_poll_data['poll_title']))
1320	{
1321	// We have a poll but the editing user is not permitted to create/edit it.
1322	// So we just keep the original poll-data.
1323	// Decode the poll title and options text fisrt.
1324	$original_poll_data['poll_title'] = $bbcode_utils->unparse($original_poll_data['poll_title']);
1325	$original_poll_data['poll_option_text'] = $bbcode_utils->unparse($original_poll_data['poll_option_text']);
1326	$original_poll_data['poll_options'] = explode("\n", $original_poll_data['poll_option_text']);
1327
1328	$poll = array_merge($original_poll_data, array(
1329	'enable_bbcode' => $post_data['enable_bbcode'],
1330	'enable_urls' => $post_data['enable_urls'],
1331	'enable_smilies' => $post_data['enable_smilies'],
1332	'img_status' => $img_status,
1333	));
1334
1335	$message_parser->parse_poll($poll);
1336
1337	$post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1338	$post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1339	}
1340	else
1341	{
1342	$poll = array();
1343	}
1344
1345	// Check topic type
1346	if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' \|\| ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1347	{
1348	switch ($post_data['topic_type'])
1349	{
1350	case POST_GLOBAL:
1351	$auth_option = 'f_announce_global';
1352	break;
1353
1354	case POST_ANNOUNCE:
1355	$auth_option = 'f_announce';
1356	break;
1357
1358	case POST_STICKY:
1359	$auth_option = 'f_sticky';
1360	break;
1361
1362	default:
1363	$auth_option = '';
1364	break;
1365	}
1366
1367	if ($auth_option != '' && !$auth->acl_get($auth_option, $forum_id))
1368	{
1369	// There is a special case where a user edits his post whereby the topic type got changed by an admin/mod.
1370	// Another case would be a mod not having sticky permissions for example but edit permissions.
1371	if ($mode == 'edit')
1372	{
1373	// To prevent non-authed users messing around with the topic type we reset it to the original one.
1374	$post_data['topic_type'] = $post_data['orig_topic_type'];
1375	}
1376	else
1377	{
1378	$error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))];
1379	}
1380	}
1381	}
1382
1383	if (count($message_parser->warn_msg))
1384	{
1385	$error[] = implode('<br />', $message_parser->warn_msg);
1386	}
1387
1388	// DNSBL check
1389	if ($config['check_dnsbl'] && !$refresh)
1390	{
1391	if (($dnsbl = $user->check_dnsbl('post')) !== false)
1392	{
1393	$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
1394	}
1395	}
1396
1397	/**
1398	* This event allows you to define errors before the post action is performed
1399	*
1400	* @event core.posting_modify_submission_errors
1401	* @var array post_data Array with post data
1402	* @var array poll Array with poll data from post (must be used instead of the post_data equivalent)
1403	* @var string mode What action to take if the form is submitted
1404	* post\|reply\|quote\|edit\|delete\|bump\|smilies\|popup
1405	* @var int post_id ID of the post
1406	* @var int topic_id ID of the topic
1407	* @var int forum_id ID of the forum
1408	* @var bool submit Whether or not the form has been submitted
1409	* @var array error Any error strings; a non-empty array aborts form submission.
1410	* NOTE: Should be actual language strings, NOT language keys.
1411	* @since 3.1.0-RC5
1412	* @changed 3.1.5-RC1 Added poll array to the event
1413	* @changed 3.2.0-a1 Removed undefined page_title
1414	*/
1415	$vars = array(
1416	'post_data',
1417	'poll',
1418	'mode',
1419	'post_id',
1420	'topic_id',
1421	'forum_id',
1422	'submit',
1423	'error',
1424	);
1425	extract($phpbb_dispatcher->trigger_event('core.posting_modify_submission_errors', compact($vars)));
1426
1427	// Store message, sync counters
1428	if (!count($error) && $submit)
1429	{
1430	/** @var \phpbb\lock\posting $posting_lock */
1431	$posting_lock = $phpbb_container->get('posting.lock');
1432
1433	// Get creation time and form token, must be already checked at this point
1434	$creation_time = abs($request->variable('creation_time', 0));
1435	$form_token = $request->variable('form_token', '');
1436
1437	if ($posting_lock->acquire($creation_time, $form_token))
1438	{
1439	// Lock/Unlock Topic
1440	$change_topic_status = $post_data['topic_status'];
1441	$perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) \|\| ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;
1442
1443	if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
1444	{
1445	$change_topic_status = ITEM_UNLOCKED;
1446	}
1447	else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock)
1448	{
1449	$change_topic_status = ITEM_LOCKED;
1450	}
1451
1452	if ($change_topic_status != $post_data['topic_status'])
1453	{
1454	$sql = 'UPDATE ' . TOPICS_TABLE . "
1455	SET topic_status = $change_topic_status
1456	WHERE topic_id = $topic_id
1457	AND topic_moved_id = 0";
1458	$db->sql_query($sql);
1459
1460	$user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : '';
1461
1462	$phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), false, array(
1463	'forum_id' => $forum_id,
1464	'topic_id' => $topic_id,
1465	$post_data['topic_title']
1466	));
1467	}
1468
1469	// Lock/Unlock Post Edit
1470	if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id))
1471	{
1472	$post_data['post_edit_locked'] = ITEM_UNLOCKED;
1473	}
1474	else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id))
1475	{
1476	$post_data['post_edit_locked'] = ITEM_LOCKED;
1477	}
1478
1479	$data = array(
1480	'topic_title' => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'],
1481	'topic_first_post_id' => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0,
1482	'topic_last_post_id' => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0,
1483	'topic_time_limit' => (int) $post_data['topic_time_limit'],
1484	'topic_attachment' => (isset($post_data['topic_attachment'])) ? (int) $post_data['topic_attachment'] : 0,
1485	'post_id' => (int) $post_id,
1486	'topic_id' => (int) $topic_id,
1487	'forum_id' => (int) $forum_id,
1488	'icon_id' => (int) $post_data['icon_id'],
1489	'poster_id' => (int) $post_data['poster_id'],
1490	'enable_sig' => (bool) $post_data['enable_sig'],
1491	'enable_bbcode' => (bool) $post_data['enable_bbcode'],
1492	'enable_smilies' => (bool) $post_data['enable_smilies'],
1493	'enable_urls' => (bool) $post_data['enable_urls'],
1494	'enable_indexing' => (bool) $post_data['enable_indexing'],
1495	'message_md5' => (string) $message_md5,
1496	'post_checksum' => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '',
1497	'post_edit_reason' => $post_data['post_edit_reason'],
1498	'post_edit_user' => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0),
1499	'forum_parents' => $post_data['forum_parents'],
1500	'forum_name' => $post_data['forum_name'],
1501	'notify' => $notify,
1502	'notify_set' => $post_data['notify_set'],
1503	'poster_ip' => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip,
1504	'post_edit_locked' => (int) $post_data['post_edit_locked'],
1505	'bbcode_bitfield' => $message_parser->bbcode_bitfield,
1506	'bbcode_uid' => $message_parser->bbcode_uid,
1507	'message' => $message_parser->message,
1508	'attachment_data' => $message_parser->attachment_data,
1509	'filename_data' => $message_parser->filename_data,
1510	'topic_status' => $post_data['topic_status'],
1511
1512	'topic_visibility' => (isset($post_data['topic_visibility'])) ? $post_data['topic_visibility'] : false,
1513	'post_visibility' => (isset($post_data['post_visibility'])) ? $post_data['post_visibility'] : false,
1514	);
1515
1516	if ($mode == 'edit')
1517	{
1518	$data['topic_posts_approved'] = $post_data['topic_posts_approved'];
1519	$data['topic_posts_unapproved'] = $post_data['topic_posts_unapproved'];
1520	$data['topic_posts_softdeleted'] = $post_data['topic_posts_softdeleted'];
1521	}
1522
1523	// Only return the username when it is either a guest posting or we are editing a post and
1524	// the username was supplied; otherwise post_data might hold the data of the post that is
1525	// being quoted (which could result in the username being returned being that of the quoted
1526	// post's poster, not the poster of the current post). See: PHPBB3-11769 for more information.
1527	$post_author_name = ((!$user->data['is_registered'] \|\| $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : '';
1528
1529	/**
1530	* This event allows you to define errors before the post action is performed
1531	*
1532	* @event core.posting_modify_submit_post_before
1533	* @var array post_data Array with post data
1534	* @var array poll Array with poll data
1535	* @var array data Array with post data going to be stored in the database
1536	* @var string mode What action to take if the form is submitted
1537	* post\|reply\|quote\|edit\|delete
1538	* @var int post_id ID of the post
1539	* @var int topic_id ID of the topic
1540	* @var int forum_id ID of the forum
1541	* @var string post_author_name Author name for guest posts
1542	* @var bool update_message Boolean if the post message was changed
1543	* @var bool update_subject Boolean if the post subject was changed
1544	* NOTE: Should be actual language strings, NOT language keys.
1545	* @since 3.1.0-RC5
1546	* @changed 3.1.6-RC1 remove submit and error from event Submit and Error are checked previously prior to running event
1547	* @change 3.2.0-a1 Removed undefined page_title
1548	*/
1549	$vars = array(
1550	'post_data',
1551	'poll',
1552	'data',
1553	'mode',
1554	'post_id',
1555	'topic_id',
1556	'forum_id',
1557	'post_author_name',
1558	'update_message',
1559	'update_subject',
1560	);
1561	extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_before', compact($vars)));
1562
1563	// The last parameter tells submit_post if search indexer has to be run
1564	$redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message \|\| $update_subject) ? true : false);
1565
1566	/**
1567	* This event allows you to define errors after the post action is performed
1568	*
1569	* @event core.posting_modify_submit_post_after
1570	* @var array post_data Array with post data
1571	* @var array poll Array with poll data
1572	* @var array data Array with post data going to be stored in the database
1573	* @var string mode What action to take if the form is submitted
1574	* post\|reply\|quote\|edit\|delete
1575	* @var int post_id ID of the post
1576	* @var int topic_id ID of the topic
1577	* @var int forum_id ID of the forum
1578	* @var string post_author_name Author name for guest posts
1579	* @var bool update_message Boolean if the post message was changed
1580	* @var bool update_subject Boolean if the post subject was changed
1581	* @var string redirect_url URL the user is going to be redirected to
1582	* NOTE: Should be actual language strings, NOT language keys.
1583	* @since 3.1.0-RC5
1584	* @changed 3.1.6-RC1 remove submit and error from event Submit and Error are checked previously prior to running event
1585	* @change 3.2.0-a1 Removed undefined page_title
1586	*/
1587	$vars = array(
1588	'post_data',
1589	'poll',
1590	'data',
1591	'mode',
1592	'post_id',
1593	'topic_id',
1594	'forum_id',
1595	'post_author_name',
1596	'update_message',
1597	'update_subject',
1598	'redirect_url',
1599	);
1600	extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_after', compact($vars)));
1601
1602	if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $captcha->is_solved() === true && ($mode == 'post' \|\| $mode == 'reply' \|\| $mode == 'quote'))
1603	{
1604	$captcha->reset();
1605	}
1606
1607	// Handle delete mode...
1608	if ($request->is_set_post('delete_permanent') \|\| ($request->is_set_post('delete') && $post_data['post_visibility'] != ITEM_DELETED))
1609	{
1610	$delete_reason = $request->variable('delete_reason', '', true);
1611	phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $delete_reason);
1612	return;
1613	}
1614
1615	// Check the permissions for post approval.
1616	// Moderators must go through post approval like ordinary users.
1617	if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && empty($data['force_approved_state'])) \|\| (isset($data['force_approved_state']) && !$data['force_approved_state']))
1618	{
1619	meta_refresh(10, $redirect_url);
1620	$message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];
1621	$message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']);
1622	$message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']) . '">', '</a>');
1623	trigger_error($message);
1624	}
1625
1626	redirect($redirect_url);
1627	}
1628	else
1629	{
1630	// Posting was already locked before, hence form submission was already attempted once and is now invalid
1631	$error[] = $language->lang('FORM_INVALID');
1632	}
1633	}
1634	}
1635
1636	// Preview
1637	if (!count($error) && $preview)
1638	{
1639	$post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time;
1640
1641	$preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
1642
1643	$preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig'];
1644	$preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
1645	$preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
1646
1647	// Signature
1648	if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id))
1649	{
1650	$flags = ($config['allow_sig_bbcode']) ? OPTION_FLAG_BBCODE : 0;
1651	$flags \|= ($config['allow_sig_links']) ? OPTION_FLAG_LINKS : 0;
1652	$flags \|= ($config['allow_sig_smilies']) ? OPTION_FLAG_SMILIES : 0;
1653
1654	$preview_signature = generate_text_for_display($preview_signature, $preview_signature_uid, $preview_signature_bitfield, $flags, false);
1655	}
1656	else
1657	{
1658	$preview_signature = '';
1659	}
1660
1661	$preview_subject = censor_text($post_data['post_subject']);
1662
1663	// Poll Preview
1664	if (!$poll_delete && ($mode == 'post' \|\| ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] \|\| $auth->acl_get('m_edit', $forum_id))*/))
1665	&& $auth->acl_get('f_poll', $forum_id))
1666	{
1667	$parse_poll = new parse_message($post_data['poll_title']);
1668	$parse_poll->bbcode_uid = $message_parser->bbcode_uid;
1669	$parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield;
1670
1671	$parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1672
1673	if ($post_data['poll_length'])
1674	{
1675	$poll_end = ($post_data['poll_length'] * 86400) + (($post_data['poll_start']) ? $post_data['poll_start'] : time());
1676	}
1677
1678	$template->assign_vars(array(
1679	'S_HAS_POLL_OPTIONS' => (count($post_data['poll_options'])),
1680	'S_IS_MULTI_CHOICE' => ($post_data['poll_max_options'] > 1) ? true : false,
1681
1682	'POLL_QUESTION' => $parse_poll->message,
1683
1684	'L_POLL_LENGTH' => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($poll_end)) : '',
1685	'L_MAX_VOTES' => $user->lang('MAX_OPTIONS_SELECT', (int) $post_data['poll_max_options']),
1686	));
1687
1688	$preview_poll_options = array();
1689	foreach ($post_data['poll_options'] as $poll_option)
1690	{
1691	$parse_poll->message = $poll_option;
1692	$parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1693	$preview_poll_options[] = $parse_poll->message;
1694	}
1695	unset($parse_poll);
1696
1697	foreach ($preview_poll_options as $key => $option)
1698	{
1699	$template->assign_block_vars('poll_option', array(
1700	'POLL_OPTION_CAPTION' => $option,
1701	'POLL_OPTION_ID' => $key + 1)
1702	);
1703	}
1704	unset($preview_poll_options);
1705	}
1706
1707	// Attachment Preview
1708	if (count($message_parser->attachment_data))
1709	{
1710	$template->assign_var('S_HAS_ATTACHMENTS', true);
1711
1712	$update_count = array();
1713	$attachment_data = $message_parser->attachment_data;
1714
1715	parse_attachments($forum_id, $preview_message, $attachment_data, $update_count, true);
1716
1717	foreach ($attachment_data as $i => $attachment)
1718	{
1719	$template->assign_block_vars('attachment', array(
1720	'DISPLAY_ATTACHMENT' => $attachment)
1721	);
1722	}
1723	unset($attachment_data);
1724	}
1725
1726	if (!count($error))
1727	{
1728	$template->assign_vars(array(
1729	'PREVIEW_SUBJECT' => $preview_subject,
1730	'PREVIEW_MESSAGE' => $preview_message,
1731	'PREVIEW_SIGNATURE' => $preview_signature,
1732
1733	'S_DISPLAY_PREVIEW' => !empty($preview_message),
1734	));
1735	}
1736	}
1737
1738	// Remove quotes that would become nested too deep before decoding the text
1739	$generate_quote = ($mode == 'quote' && !$submit && !$preview && !$refresh);
1740	if ($generate_quote && $config['max_quote_depth'] > 0)
1741	{
1742	$tmp_bbcode_uid = $message_parser->bbcode_uid;
1743	$message_parser->bbcode_uid = $post_data['bbcode_uid'];
1744	$message_parser->remove_nested_quotes($config['max_quote_depth'] - 1);
1745	$message_parser->bbcode_uid = $tmp_bbcode_uid;
1746	}
1747
1748	// Decode text for message display
1749	$post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !count($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
1750	$message_parser->decode_message($post_data['bbcode_uid']);
1751
1752	if ($generate_quote)
1753	{
1754	// Remove attachment bbcode tags from the quoted message to avoid mixing with the new post attachments if any
1755	$message_parser->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#uis', '\\2', $message_parser->message);
1756
1757	$quote_attributes = array(
1758	'author' => $post_data['quote_username'],
1759	'post_id' => $post_data['post_id'],
1760	'time' => $post_data['post_time'],
1761	'user_id' => $post_data['poster_id'],
1762	);
1763
1764	/**
1765	* This event allows you to modify the quote attributes of the post being quoted
1766	*
1767	* @event core.posting_modify_quote_attributes
1768	* @var array quote_attributes Array with quote attributes
1769	* @var array post_data Array with post data
1770	* @since 3.2.6-RC1
1771	*/
1772	$vars = array(
1773	'quote_attributes',
1774	'post_data',
1775	);
1776	extract($phpbb_dispatcher->trigger_event('core.posting_modify_quote_attributes', compact($vars)));
1777
1778	/** @var \phpbb\language\language $language */
1779	$language = $phpbb_container->get('language');
1780	phpbb_format_quote($language, $message_parser, $bbcode_utils, $bbcode_status, $quote_attributes);
1781	}
1782
1783	if (($mode == 'reply' \|\| $mode == 'quote') && !$submit && !$preview && !$refresh)
1784	{
1785	$post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']);
1786
1787	$post_subject = $post_data['post_subject'];
1788
1789	/**
1790	* This event allows you to modify the post subject of the post being quoted
1791	*
1792	* @event core.posting_modify_post_subject
1793	* @var string post_subject String with the post subject already censored.
1794	* @since 3.2.8-RC1
1795	*/
1796	$vars = array('post_subject');
1797	extract($phpbb_dispatcher->trigger_event('core.posting_modify_post_subject', compact($vars)));
1798
1799	$post_data['post_subject'] = $post_subject;
1800	}
1801
1802	$attachment_data = $message_parser->attachment_data;
1803	$filename_data = $message_parser->filename_data;
1804	$post_data['post_text'] = $message_parser->message;
1805
1806	if (count($post_data['poll_options']) \|\| (isset($post_data['poll_title']) && !$bbcode_utils->is_empty($post_data['poll_title'])))
1807	{
1808	$message_parser->message = $post_data['poll_title'];
1809	$message_parser->bbcode_uid = $post_data['bbcode_uid'];
1810
1811	$message_parser->decode_message();
1812	$post_data['poll_title'] = $message_parser->message;
1813
1814	$message_parser->message = implode("\n", $post_data['poll_options']);
1815	$message_parser->decode_message();
1816	$post_data['poll_options'] = explode("\n", $message_parser->message);
1817	}
1818
1819	// MAIN POSTING PAGE BEGINS HERE
1820
1821	// Forum moderators?
1822	$moderators = array();
1823	if ($config['load_moderators'])
1824	{
1825	get_moderators($moderators, $forum_id);
1826	}
1827
1828	// Generate smiley listing
1829	generate_smilies('inline', $forum_id);
1830
1831	// Generate inline attachment select box
1832	posting_gen_inline_attachments($attachment_data);
1833
1834	// Do show topic type selection only in first post.
1835	$topic_type_toggle = false;
1836
1837	if ($mode == 'post' \|\| ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']))
1838	{
1839	$topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']);
1840	}
1841
1842	$s_topic_icons = false;
1843	if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
1844	{
1845	$s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
1846	}
1847
1848	$bbcode_checked = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1);
1849	$smilies_checked = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1);
1850	$urls_checked = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0;
1851	$sig_checked = $post_data['enable_sig'];
1852	$lock_topic_checked = (isset($topic_lock) && $topic_lock) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0);
1853	$lock_post_checked = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked'];
1854
1855	// If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
1856	$notify_set = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set'];
1857	$notify_checked = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);
1858
1859	// Page title & action URL
1860	$s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode");
1861
1862	switch ($mode)
1863	{
1864	case 'post':
1865	$s_action .= $forum_id ? "&f=$forum_id" : '';
1866	$page_title = $user->lang['POST_TOPIC'];
1867	break;
1868
1869	case 'reply':
1870	$s_action .= $topic_id ? "&t=$topic_id" : '';
1871	$page_title = $user->lang['POST_REPLY'];
1872	break;
1873
1874	case 'quote':
1875	$s_action .= $post_id ? "&p=$post_id" : '';
1876	$page_title = $user->lang['POST_REPLY'];
1877	break;
1878
1879	case 'delete':
1880	case 'edit':
1881	$s_action .= $post_id ? "&p=$post_id" : '';
1882	$page_title = $user->lang['EDIT_POST'];
1883	break;
1884	}
1885
1886	// Build Navigation Links
1887	generate_forum_nav($post_data);
1888
1889	// Build Forum Rules
1890	generate_forum_rules($post_data);
1891
1892	// Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed.
1893	if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' \|\| $mode == 'reply' \|\| $mode == 'quote'))
1894	{
1895
1896	$template->assign_vars(array(
1897	'S_CONFIRM_CODE' => true,
1898	'CAPTCHA_TEMPLATE' => $captcha->get_template(),
1899	));
1900	}
1901
1902	$s_hidden_fields = ($mode == 'reply' \|\| $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
1903	$s_hidden_fields .= ($draft_id \|\| isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . $request->variable('draft_loaded', $draft_id) . '" />' : '';
1904
1905	if ($mode == 'edit')
1906	{
1907	$s_hidden_fields .= build_hidden_fields(array(
1908	'edit_post_message_checksum' => $post_data['post_checksum'],
1909	'edit_post_subject_checksum' => $post_data['post_subject_md5'],
1910	));
1911	}
1912
1913	// Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
1914	if (isset($captcha) && $captcha->is_solved() !== false)
1915	{
1916	$s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
1917	}
1918
1919	$form_enctype = (@ini_get('file_uploads') == '0' \|\| strtolower(@ini_get('file_uploads')) == 'off' \|\| !$config['allow_attachments'] \|\| !$auth->acl_get('u_attach') \|\| !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"';
1920	add_form_key('posting');
1921
1922
1923	// Build array of variables for main posting page
1924	$page_data = array(
1925	'L_POST_A' => $page_title,
1926	'L_ICON' => ($mode == 'reply' \|\| $mode == 'quote' \|\| ($mode == 'edit' && $post_id != $post_data['topic_first_post_id'])) ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'],
1927	'L_MESSAGE_BODY_EXPLAIN' => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']),
1928	'L_DELETE_POST_PERMANENTLY' => $user->lang('DELETE_POST_PERMANENTLY', 1),
1929
1930	'FORUM_NAME' => $post_data['forum_name'],
1931	'FORUM_DESC' => ($post_data['forum_desc']) ? generate_text_for_display($post_data['forum_desc'], $post_data['forum_desc_uid'], $post_data['forum_desc_bitfield'], $post_data['forum_desc_options']) : '',
1932	'TOPIC_TITLE' => censor_text($post_data['topic_title']),
1933	'MODERATORS' => (count($moderators)) ? implode($user->lang['COMMA_SEPARATOR'], $moderators[$forum_id]) : '',
1934	'USERNAME' => ((!$preview && $mode != 'quote') \|\| $preview) ? $post_data['username'] : '',
1935	'SUBJECT' => $post_data['post_subject'],
1936	'MESSAGE' => $post_data['post_text'],
1937	'BBCODE_STATUS' => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
1938	'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
1939	'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
1940	'URL_STATUS' => ($bbcode_status && $url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
1941	'MAX_FONT_SIZE' => (int) $config['max_post_font_size'],
1942	'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']),
1943	'POST_DATE' => ($post_data['post_time']) ? $user->format_date($post_data['post_time']) : '',
1944	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
1945	'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'],
1946	'EDIT_REASON' => $request->variable('edit_reason', '', true),
1947	'SHOW_PANEL' => $request->variable('show_panel', ''),
1948	'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"),
1949	'U_VIEW_TOPIC' => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t=$topic_id") : '',
1950	'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup"),
1951	'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup")),
1952
1953	'S_PRIVMSGS' => false,
1954	'S_CLOSE_PROGRESS_WINDOW' => (isset($_POST['add_file'])) ? true : false,
1955	'S_EDIT_POST' => ($mode == 'edit') ? true : false,
1956	'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1957	'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] \|\| ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
1958	'S_SHOW_TOPIC_ICONS' => $s_topic_icons,
1959	'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) \|\| !$config['delete_time'])) \|\| $auth->acl_get('m_delete', $forum_id))) ? true : false,
1960	'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0,
1961	'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '',
1962	'S_SMILIES_ALLOWED' => $smilies_status,
1963	'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '',
1964	'S_SIG_ALLOWED' => ($user->data['is_registered'] && $config['allow_sig'] && $auth->acl_get('f_sigs', $forum_id) && $auth->acl_get('u_sig')) ? true : false,
1965	'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '',
1966	'S_NOTIFY_ALLOWED' => (!$user->data['is_registered'] \|\| ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) \|\| !$config['allow_topic_notify'] \|\| !$config['email_enable']) ? false : true,
1967	'S_NOTIFY_CHECKED' => ($notify_checked) ? ' checked="checked"' : '',
1968	'S_LOCK_TOPIC_ALLOWED' => (($mode == 'edit' \|\| $mode == 'reply' \|\| $mode == 'quote' \|\| $mode == 'post') && ($auth->acl_get('m_lock', $forum_id) \|\| ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false,
1969	'S_LOCK_TOPIC_CHECKED' => ($lock_topic_checked) ? ' checked="checked"' : '',
1970	'S_LOCK_POST_ALLOWED' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1971	'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? ' checked="checked"' : '',
1972	'S_SOFTDELETE_CHECKED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? ' checked="checked"' : '',
1973	'S_SOFTDELETE_ALLOWED' => ($mode == 'edit' && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $lock_post_checked) && $post_id == $post_data['topic_last_post_id'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) \|\| !$config['delete_time'])) ? true : false,
1974	'S_RESTORE_ALLOWED' => $auth->acl_get('m_approve', $forum_id),
1975	'S_IS_DELETED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? true : false,
1976	'S_LINKS_ALLOWED' => $url_status,
1977	'S_MAGIC_URL_CHECKED' => ($urls_checked) ? ' checked="checked"' : '',
1978	'S_TYPE_TOGGLE' => $topic_type_toggle,
1979	'S_SAVE_ALLOWED' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $mode != 'edit') ? true : false,
1980	'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false,
1981	'S_FORM_ENCTYPE' => $form_enctype,
1982
1983	'S_BBCODE_IMG' => $img_status,
1984	'S_BBCODE_URL' => $url_status,
1985	'S_BBCODE_QUOTE' => $quote_status,
1986
1987	'S_POST_ACTION' => $s_action,
1988	'S_HIDDEN_FIELDS' => $s_hidden_fields,
1989	'S_ATTACH_DATA' => json_encode($message_parser->attachment_data),
1990	'S_IN_POSTING' => true,
1991	);
1992
1993	// Build custom bbcodes array
1994	display_custom_bbcodes();
1995
1996	// Poll entry
1997	if (($mode == 'post' \|\| ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] \|\| $auth->acl_get('m_edit', $forum_id))*/))
1998	&& $auth->acl_get('f_poll', $forum_id))
1999	{
2000	$page_data = array_merge($page_data, array(
2001	'S_SHOW_POLL_BOX' => true,
2002	'S_POLL_VOTE_CHANGE' => ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id)),
2003	'S_POLL_DELETE' => ($mode == 'edit' && count($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) \|\| $auth->acl_get('m_delete', $forum_id))),
2004	'S_POLL_DELETE_CHECKED' => (!empty($poll_delete)) ? true : false,
2005
2006	'L_POLL_OPTIONS_EXPLAIN' => $user->lang('POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN', (int) $config['max_poll_options']),
2007
2008	'VOTE_CHANGE_CHECKED' => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '',
2009	'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
2010	'POLL_OPTIONS' => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '',
2011	'POLL_MAX_OPTIONS' => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1,
2012	'POLL_LENGTH' => $post_data['poll_length'],
2013	)
2014	);
2015	}
2016
2017	/**
2018	* This event allows you to modify template variables for the posting screen
2019	*
2020	* @event core.posting_modify_template_vars
2021	* @var array post_data Array with post data
2022	* @var array moderators Array with forum moderators
2023	* @var string mode What action to take if the form is submitted
2024	* post\|reply\|quote\|edit\|delete\|bump\|smilies\|popup
2025	* @var string page_title Title of the mode page
2026	* @var bool s_topic_icons Whether or not to show the topic icons
2027	* @var string form_enctype If attachments are allowed for this form
2028	* "multipart/form-data" or empty string
2029	* @var string s_action The URL to submit the POST data to
2030	* @var string s_hidden_fields Concatenated hidden input tags of posting form
2031	* @var int post_id ID of the post
2032	* @var int topic_id ID of the topic
2033	* @var int forum_id ID of the forum
2034	* @var int draft_id ID of the draft
2035	* @var bool submit Whether or not the form has been submitted
2036	* @var bool preview Whether or not the post is being previewed
2037	* @var bool save Whether or not a draft is being saved
2038	* @var bool load Whether or not a draft is being loaded
2039	* @var bool cancel Whether or not to cancel the form (returns to
2040	* viewtopic or viewforum depending on if the user
2041	* is posting a new topic or editing a post)
2042	* @var array error Any error strings; a non-empty array aborts
2043	* form submission.
2044	* NOTE: Should be actual language strings, NOT
2045	* language keys.
2046	* @var bool refresh Whether or not to retain previously submitted data
2047	* @var array page_data Posting page data that should be passed to the
2048	* posting page via $template->assign_vars()
2049	* @var object message_parser The message parser object
2050	* @since 3.1.0-a1
2051	* @changed 3.1.0-b3 Added vars post_data, moderators, mode, page_title,
2052	* s_topic_icons, form_enctype, s_action, s_hidden_fields,
2053	* post_id, topic_id, forum_id, submit, preview, save, load,
2054	* delete, cancel, refresh, error, page_data, message_parser
2055	* @changed 3.1.2-RC1 Removed 'delete' var as it does not exist
2056	* @changed 3.1.5-RC1 Added poll variables to the page_data array
2057	* @changed 3.1.6-RC1 Added 'draft_id' var
2058	*/
2059	$vars = array(
2060	'post_data',
2061	'moderators',
2062	'mode',
2063	'page_title',
2064	's_topic_icons',
2065	'form_enctype',
2066	's_action',
2067	's_hidden_fields',
2068	'post_id',
2069	'topic_id',
2070	'forum_id',
2071	'draft_id',
2072	'submit',
2073	'preview',
2074	'save',
2075	'load',
2076	'cancel',
2077	'refresh',
2078	'error',
2079	'page_data',
2080	'message_parser',
2081	);
2082	extract($phpbb_dispatcher->trigger_event('core.posting_modify_template_vars', compact($vars)));
2083
2084	// Start assigning vars for main posting page ...
2085	$template->assign_vars($page_data);
2086
2087	// Show attachment box for adding attachments if true
2088	$allowed = ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && $form_enctype);
2089
2090	if ($allowed)
2091	{
2092	$max_files = ($auth->acl_get('a_') \|\| $auth->acl_get('m_', $forum_id)) ? 0 : (int) $config['max_attachments'];
2093	$plupload->configure($cache, $template, $s_action, $forum_id, $max_files);
2094	}
2095
2096	// Attachment entry
2097	posting_gen_attachment_entry($attachment_data, $filename_data, $allowed, $forum_id);
2098
2099	// Output page ...
2100	page_header($page_title);
2101
2102	$template->set_filenames(array(
2103	'body' => 'posting_body.html')
2104	);
2105
2106	make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
2107
2108	// Topic review
2109	if ($mode == 'reply' \|\| $mode == 'quote')
2110	{
2111	if (topic_review($topic_id, $forum_id))
2112	{
2113	$template->assign_var('S_DISPLAY_REVIEW', true);
2114	}
2115	}
2116
2117	page_footer();