Abstracting the compose box for staffpms

Allow FLS to assign to staff or forum staff

Allow FLS to unresolve all FLS PMs

empty commit (testing debug site)

empty commit (again)

Permissions can only be created up to your current level

Permissions can only be altered up to your current level

Image proxy should function correctly with SSL now

Forums can only be altered up to your current level

Adding option to delete polls

Remove ghost resolver bug

Fixing autocomplete escpaing

improved .gitignore

Adding debug to all ajax pages

Fixed escaping on autocomplete pages
This commit is contained in:
What.CD 2011-07-13 08:00:06 +00:00
parent dd04b95709
commit f76e290493
15 changed files with 107 additions and 1711 deletions

View File

@ -1,7 +1,10 @@
<?
require 'config.php'; //The config contains all site wide configuration information as well as memcached rules
require(SERVER_ROOT.'/classes/class_debug.php');
require(SERVER_ROOT.'/classes/class_cache.php'); //Require the caching class
require(SERVER_ROOT.'/classes/class_encrypt.php'); //Require the caching class
$Debug = new DEBUG;
$Cache = NEW CACHE; //Load the caching class
$Enc = NEW CRYPT; //Load the encryption class
@ -89,3 +92,21 @@ function display_array($Array, $DontEscape = array()) {
}
return $Array;
}
function make_secret($Length = 32) {
$Secret = '';
$Chars='abcdefghijklmnopqrstuvwxyz0123456789';
for($i=0; $i<$Length; $i++) {
$Rand = mt_rand(0, strlen($Chars)-1);
$Secret .= substr($Chars, $Rand, 1);
}
return str_shuffle($Secret);
}
// Send a message to an IRC bot listening on SOCKET_LISTEN_PORT
function send_irc($Raw) {
$IRCSocket = fsockopen(SOCKET_LISTEN_ADDRESS, SOCKET_LISTEN_PORT);
$Raw = str_replace(array("\n", "\r"), '', $Raw);
fwrite($IRCSocket, $Raw);
fclose($IRCSocket);
}

View File

@ -514,7 +514,7 @@ function to_html($Array) {
$Str.='[img]'.$Block['Val'].'[/img]';
} else {
if(check_perms('site_proxy_images')) {
$Str.='<img style="max-width: 500px;" onclick="lightbox.init(this,500);" alt="'.$Block['Val'].'" src="http://'.SITE_URL.'/image.php?i='.urlencode($Block['Val']).'" />';
$Str.='<img style="max-width: 500px;" onclick="lightbox.init(this,500);" alt="'.$Block['Val'].'" src="http'.($SSL?'s':'').'://'.SITE_URL.'/image.php?i='.urlencode($Block['Val']).'" />';
} else {
$Str.='<img style="max-width: 500px;" onclick="lightbox.init(this,500);" alt="'.$Block['Val'].'" src="'.$Block['Val'].'" />';
}

View File

@ -314,7 +314,7 @@ function user_info($UserID) {
// Image proxy
if(check_perms('site_proxy_images') && !empty($UserInfo['Avatar'])) {
$UserInfo['Avatar'] = 'http://'.SITE_URL.'/image.php?c=1&amp;avatar='.$UserID.'&amp;i='.urlencode($UserInfo['Avatar']);
$UserInfo['Avatar'] = 'http'.($SSL?'s':'').'://'.SITE_URL.'/image.php?c=1&amp;avatar='.$UserID.'&amp;i='.urlencode($UserInfo['Avatar']);
}
return $UserInfo;
}
@ -1030,10 +1030,11 @@ function delete_torrent($ID, $GroupID=0) {
$DB->query("UPDATE reportsv2 SET
Status='Resolved',
LastChangeTime='".sqltime()."',
ModComment='Report already dealt with (Torrent deleted)'
WHERE TorrentID=".$ID);
Status='Resolved',
LastChangeTime='".sqltime()."',
ModComment='Report already dealt with (Torrent deleted)'
WHERE TorrentID=".$ID."
AND Status != 'Resolved'");
$Reports = $DB->affected_rows();
if($Reports) {
$Cache->decrement('num_torrent_reportsv2', $Reports);

File diff suppressed because it is too large Load Diff

View File

@ -4,13 +4,15 @@
if(empty($_GET['name'])) { die('["",[],[],[]]'); }
$FullName = rawurldecode($_GET['name']);
$MaxKeySize = 4;
if (strtolower(substr($_GET['name'],0,4)) == 'the ') {
if (strtolower(substr($FullName,0,4)) == 'the ') {
$MaxKeySize += 4;
}
$KeySize = min($MaxKeySize,max(1,strlen($_GET['name'])));
$KeySize = min($MaxKeySize,max(1,strlen($FullName)));
$Letters = strtolower(substr($_GET['name'],0,$KeySize));
$Letters = strtolower(substr($FullName,0,$KeySize));
$AutoSuggest = $Cache->get('autocomplete_artist_'.$KeySize.'_'.$Letters);
if(!is_array($AutoSuggest)) {
if(!isset($DB) || !is_object($DB)) {
@ -25,7 +27,7 @@
FROM artists_group AS a
INNER JOIN torrents_artists AS ta ON ta.ArtistID=a.ArtistID
INNER JOIN torrents AS t ON t.GroupID=ta.GroupID
WHERE a.Name LIKE '$Letters%'
WHERE a.Name LIKE '".db_string($Letters)."%'
GROUP BY ta.ArtistID
ORDER BY Snatches DESC
LIMIT $Limit");
@ -39,7 +41,7 @@
$Links = array();
foreach ($AutoSuggest as $Suggestion) {
list($ID,$Name, $Snatch) = $Suggestion;
if (stripos($Name,$_GET['name']) === 0) {
if (stripos($Name,$FullName) === 0) {
$Suggestions[] = display_str($Name);
$Snatches[] = number_format($Snatch).' snatches';
$Links[] = 'http'.($SSL?'s':'').'://'.$_SERVER['HTTP_HOST'].'/artist.php?id='.$ID;
@ -49,4 +51,4 @@
}
}
echo json_encode(array($_GET['name'],$Suggestions,$Snatches,$Links));
echo json_encode(array($FullName,$Suggestions,$Snatches,$Links));

View File

@ -0,0 +1,35 @@
<?
authorize();
if(!check_perms("site_moderate_forums")) {
error(404);
}
$ThreadID = $_GET['threadid'];
$PollOption = $_GET['vote'];
if(is_number($ThreadID) && is_number($PollOption)) {
$DB->query("SELECT ForumID FROM forums_topics WHERE ID = $ThreadID");
list($ForumID) = $DB->next_record();
if(!in_array($ForumID, $ForumsRevealVoters)) {
error(403);
}
$DB->query("SELECT Answers FROM forums_polls WHERE TopicID = ".$ThreadID);
if($DB->record_count() < 1) {
error(404);
}
list($Answers) = $DB->next_record(MYSQLI_NUM, false);
$Answers = unserialize($Answers);
unset($Answers[$PollOption]);
$Answers = serialize($Answers);
$DB->query("UPDATE forums_polls SET Answers = '".db_string($Answers)."' WHERE TopicID = ".$ThreadID);
$DB->query("DELETE FROM forums_polls_votes WHERE Vote = ".$PollOption." AND TopicID = ".$ThreadID);
$Cache->delete_value('polls_'.$ThreadID);
header("Location: forums.php?action=viewthread&threadid=".$ThreadID);
} else {
error(404);
}

View File

@ -109,6 +109,9 @@
// Change poll vote
require(SERVER_ROOT.'/sections/forums/change_vote.php');
break;
case 'delete_poll_option':
require(SERVER_ROOT.'/sections/forums/delete_poll_option.php');
break;
case 'sticky_post':
require(SERVER_ROOT.'/sections/forums/sticky_post.php');
break;

View File

@ -245,7 +245,11 @@
foreach($Answers as $i => $Answer) {
?>
<li><a href="forums.php?action=change_vote&amp;threadid=<?=$ThreadID?>&amp;auth=<?=$LoggedUser['AuthKey']?>&amp;vote=<?=(int) $i?>"><?=display_str($Answer == '' ? "Blank" : $Answer)?></a> - <?=$StaffVotes[$i]?>&nbsp;(<?=number_format(((float) $Votes[$i]/$TotalVotes)*100, 2)?>%)</li>
<li>
<a href="forums.php?action=change_vote&amp;threadid=<?=$ThreadID?>&amp;auth=<?=$LoggedUser['AuthKey']?>&amp;vote=<?=(int) $i?>"><?=display_str($Answer == '' ? "Blank" : $Answer)?></a>
- <?=$StaffVotes[$i]?>&nbsp;(<?=number_format(((float) $Votes[$i]/$TotalVotes)*100, 2)?>%)
<a href="forums.php?action=delete_poll_option&amp;threadid=<?=$ThreadID?>&amp;auth=<?=$LoggedUser['AuthKey']?>&amp;vote=<?=(int) $i?>">[X]</a>
</li>
<? } ?>
<li><a href="forums.php?action=change_vote&amp;threadid=<?=$ThreadID?>&amp;auth=<?=$LoggedUser['AuthKey']?>&amp;vote=0">Blank</a> - <?=$StaffVotes[0]?>&nbsp;(<?=number_format(((float) $Votes[0]/$TotalVotes)*100, 2)?>%)</li>
</ul>

View File

@ -94,7 +94,7 @@
if(empty($HeavyInfo['DisableAvatars'])) {
if(!empty($Avatar)) {
if(check_perms('site_proxy_images')) {
$Avatar = 'http://'.SITE_URL.'/image.php?c=1&i='.urlencode($Avatar);
$Avatar = 'http'.($SSL?'s':'').'://'.SITE_URL.'/image.php?c=1&i='.urlencode($Avatar);
}
?>
<img src="<?=$Avatar?>" alt="<?=$Username?>'s avatar" width="50px" />

View File

@ -50,7 +50,7 @@
</div>
<br />
<div class="box pad" style="padding:0px 10px 10px 10px;">
<h3>Forum moderators</h3>
<h3>Forum Moderators</h3>
<p>Forum Mods are users who have been promoted to help moderate the forums. They can only help with forum oriented questions</p>
<table class="staff" width="100%">
<tr class="colhead">

View File

@ -155,9 +155,16 @@
$DB->query("SELECT p.ID,p.Name,p.Level,p.Values,p.DisplayStaff,COUNT(u.ID) FROM permissions AS p LEFT JOIN users_main AS u ON u.PermissionID=p.ID WHERE p.ID='".db_string($_REQUEST['id'])."' GROUP BY p.ID");
list($ID,$Name,$Level,$Values,$DisplayStaff,$UserCount)=$DB->next_record(MYSQLI_NUM, array(3));
if($Level > $LoggedUser['Class'] || $_REQUEST['level'] > $LoggedUser['Class']) {
error(403);
}
$Values=unserialize($Values);
}
if (!empty($_POST['submit'])) {
$Err = $Val->ValidateForm($_POST);

View File

@ -17,8 +17,23 @@
$Err=$Val->ValidateForm($_POST); // Validate the form
if($Err){ error($Err); }
if($P['minclassread'] > $LoggedUser['Class'] || $P['minclasswrite'] > $LoggedUser['Class'] || $P['minclasscreate'] > $LoggedUser['Class']) {
error(403);
}
if($_POST['submit'] == 'Edit'){ //Edit
if(!is_number($_POST['id']) || $_POST['id'] == ''){ error(0); }
$DB->query("SELECT MinClassRead FROM forums WHERE ID=".$P['id']);
if($DB->record_count() < 1) {
error(404);
} else {
list($MinClassRead) = $DB->next_record();
if($MinClassRead > $LoggedUser['Class']) {
error(403);
}
}
$DB->query("UPDATE forums SET
Sort='$P[sort]',
CategoryID='$P[categoryid]',

View File

@ -180,7 +180,7 @@ function check_paranoia_here($Setting) {
<div class="sidebar">
<? if ($Avatar && empty($HeavyInfo['DisableAvatars'])) {
if(check_perms('site_proxy_images') && !empty($Avatar)) {
$Avatar = 'http://'.SITE_URL.'/image.php?c=1&avatar='.$UserID.'&i='.urlencode($Avatar);
$Avatar = 'http'.($SSL?'s':'').'://'.SITE_URL.'/image.php?c=1&avatar='.$UserID.'&i='.urlencode($Avatar);
}
?>
<div class="box">

View File

@ -47,7 +47,7 @@
}
if(check_perms('site_proxy_images') && !empty($Avatar)) {
$Avatar = 'http://'.SITE_URL.'/image.php?c=1&i='.urlencode($Avatar);
$Avatar = 'http'.($SSL?'s':'').'://'.SITE_URL.'/image.php?c=1&i='.urlencode($Avatar);
}
show_header('Post history for '.$Username,'subscriptions,comments,bbcode');

View File

@ -37,7 +37,7 @@ var autocomp = {
case 8: //backspace
this.href = null;
this.list.style.visibility = 'hidden';
this.timer = setTimeout("autocomp.get('" + this.input.value + "');",500);
this.timer = setTimeout("autocomp.get('" + escape(this.input.value) + "');",500);
break;
case 38: //up
case 40: //down
@ -52,7 +52,7 @@ var autocomp = {
return 0;
default:
this.href = null;
this.timer = setTimeout("autocomp.get('"+this.input.value+"');",300);
this.timer = setTimeout("autocomp.get('" + escape(this.input.value) + "');",300);
return 1;
}
return 0;