mirror of
https://github.com/e107inc/e107.git
synced 2025-06-02 17:04:58 +02:00
Forum quick-reply fix.
This commit is contained in:
Cameron
parent
a1c768f847
commit
29f74508c2
@ -580,11 +580,11 @@ if(isset($pref['lan_global_list']))
|
||||
|
||||
$sql->db_Mark_Time('Start: CHAP challenge');
|
||||
|
||||
|
||||
$die = (e_AJAX_REQUEST == true) ? false : true; // prevent json breakage.
|
||||
e107::getSession()
|
||||
->challenge() // Make sure there is a unique challenge string for CHAP login
|
||||
->check(); // Token protection
|
||||
|
||||
->check($die); // Token protection
|
||||
unset($die);
|
||||
|
||||
//
|
||||
// N: misc setups: online user tracking, cache
|
||||
|
||||
@ -715,12 +715,14 @@ class e_admin_log
|
||||
* @param string Title for use inside the Log file
|
||||
* @param boolean true = append to file, false = new file each save.
|
||||
*/
|
||||
public function toFile($name,$logTitle='',$append=false)
|
||||
public function toFile($name, $logTitle='',$append=false)
|
||||
{
|
||||
|
||||
|
||||
$this->logFile = $name;
|
||||
$this->saveToFile($logTitle,$append);
|
||||
$file = $this->saveToFile($logTitle,$append);
|
||||
|
||||
$this->logFile = null;
|
||||
return $file;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -820,6 +820,7 @@ class e_core_session extends e_session
|
||||
$this->end();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Core CSF protection, see class2.php
|
||||
* Could be adopted by plugins for their own (different) protection logic
|
||||
@ -837,32 +838,45 @@ class e_core_session extends e_session
|
||||
if($this->getSessionId())
|
||||
{
|
||||
if((isset($_POST['e-token']) && !$this->checkFormToken($_POST['e-token']))
|
||||
|| (isset($_GET['e-token']) && !$this->checkFormToken($_GET['e-token'])))
|
||||
|| (isset($_GET['e-token']) && !$this->checkFormToken($_GET['e-token']))
|
||||
|| (isset($_POST['e_token']) && !$this->checkFormToken($_POST['e_token']))) // '-' is not allowed in jquery. b
|
||||
{
|
||||
// if(defsettrue('e_DEBUG'))
|
||||
{
|
||||
$details = "USER: ".USERNAME."\n";
|
||||
$details = "HOST: ".$_SERVER['HTTP_HOST']."\n";
|
||||
$details .= "REQUEST_URI: ".$_SERVER['REQUEST_URI']."\n";
|
||||
$details .= "e-token (POST): ".$_POST['e-token']."\n";
|
||||
$details .= "e-token (GET): ".$_GET['e-token']."\n";
|
||||
$details .= ($_POST['e-token']) ? "e-token (POST): ".$_POST['e-token']."\n" : "";
|
||||
$details .= ($_GET['e-token']) ? "e-token (GET): ".$_GET['e-token']."\n" : "";
|
||||
$details .= ($_POST['e_token']) ? "AJAX e_token (POST): ".$_POST['e_token']."\n" : "";
|
||||
|
||||
$details .= "_SESSION:\n";
|
||||
$details .= print_r($_SESSION,true);
|
||||
// $details .= "\n_POST:\n";
|
||||
// $details .= print_r($_POST,true);
|
||||
// $details .= "\n_GET:\n";
|
||||
// $details .= print_r($_GET,true);
|
||||
$details .= "\nPlugins:\n";
|
||||
$details .= print_r($pref['plug_installed'],true);
|
||||
if($pref['plug_installed'])
|
||||
{
|
||||
$details .= "\nPlugins:\n";
|
||||
$details .= print_r($pref['plug_installed'],true);
|
||||
}
|
||||
|
||||
$details .= "die = ".($die == true ? 'true' : 'false')."\n\n---------------------------------\n\n";
|
||||
|
||||
$log = e107::getAdminLog();
|
||||
$log->addDebug($details);
|
||||
$log->toFile('Unauthorized_access','Unauthorized access Log', true);
|
||||
$log->add('Unauthorized access!', $details, E_LOG_FATAL);
|
||||
// e107::getAdminLog()->log_event('Unauthorized access!', $details, E_LOG_FATAL);
|
||||
}
|
||||
|
||||
// do not redirect, prevent dead loop, save server resources
|
||||
if($die) die('Unauthorized access!');
|
||||
if($die == true)
|
||||
{
|
||||
die('Unauthorized access!');
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -883,8 +897,21 @@ class e_core_session extends e_session
|
||||
}
|
||||
define('e_TOKEN', $this->getFormToken());
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Manually Reset the Token.
|
||||
* @see e107forum::ajaxQuickReply();
|
||||
*/
|
||||
public function reset()
|
||||
{
|
||||
$this->_regenerateFormToken()->clear('__form_token_regenerate');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Make sure there is unique challenge string for CHAP login
|
||||
|
||||
@ -27,7 +27,7 @@ $(document).ready(function()
|
||||
var post = $(this).attr('data-forum-post');
|
||||
var text = $('#forum-quickreply-text').val();
|
||||
var insert = $(this).attr('data-forum-insert');
|
||||
|
||||
var token = $(this).attr('data-token');
|
||||
|
||||
|
||||
if(action != 'stick' && action !='unstick')
|
||||
@ -40,8 +40,9 @@ $(document).ready(function()
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
url: script,
|
||||
data: { thread: thread, action: action, post: post, text: text, insert:insert },
|
||||
data: { thread: thread, action: action, post: post, text: text, insert:insert, e_token: token },
|
||||
success: function(data) {
|
||||
|
||||
// alert(data);
|
||||
|
||||
var d = $.parseJSON(data);
|
||||
@ -189,6 +190,16 @@ class e107forum
|
||||
function ajaxQuickReply()
|
||||
{
|
||||
$tp = e107::getParser();
|
||||
|
||||
if(!e107::getSession()->check(false))
|
||||
{
|
||||
//$ret['status'] = 'ok';
|
||||
// $ret['msg'] = "Token Error";
|
||||
|
||||
// echo json_encode($ret);
|
||||
|
||||
exit;
|
||||
}
|
||||
|
||||
if(varset($_POST['action']) == 'quickreply' && vartrue($_POST['text']))
|
||||
{
|
||||
@ -223,7 +234,7 @@ class e107forum
|
||||
$tmpl = e107::getTemplate('forum','forum_viewtopic','replies');
|
||||
$sc = e107::getScBatch('view', 'forum');
|
||||
$sc->setScVar('postInfo', $postInfo);
|
||||
$ret['html'] = $tp->parseTemplate($tmpl, true, vartrue($forum_shortcodes)) . "\n";
|
||||
$ret['html'] = $tp->parseTemplate($tmpl, true, $sc) . "\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -237,6 +248,7 @@ class e107forum
|
||||
echo json_encode($ret);
|
||||
}
|
||||
|
||||
e107::getSession()->reset();
|
||||
exit;
|
||||
|
||||
}
|
||||
@ -246,6 +258,12 @@ class e107forum
|
||||
|
||||
function ajaxModerate()
|
||||
{
|
||||
|
||||
if(!ADMIN) //FIXME check permissions per forum.
|
||||
{
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!vartrue($_POST['thread']) && !vartrue($_POST['post']))
|
||||
{
|
||||
exit;
|
||||
|
||||
@ -376,16 +376,18 @@ if ($forum->checkPerm($thread->threadInfo['thread_forum_id'], 'post') && $thread
|
||||
$ajaxInsert = ($thread->pages == $thread->page || $thread->pages == 0) ? 1 : 0;
|
||||
|
||||
// echo "AJAX-INSERT=".$ajaxInsert ."(".$thread->pages." vs ".$thread->page.")";
|
||||
$frm = e107::getForm();
|
||||
|
||||
$tVars->QUICKREPLY = "
|
||||
<form action='" . $e107->url->create('forum/thread/reply', array('id' => $thread->threadId)) . "' method='post'>
|
||||
<textarea cols='80' placeholder='".LAN_FORUM_2007."' rows='4' id='forum-quickreply-text' class='tbox input-xxlarge' name='post' onselect='storeCaret(this);' onclick='storeCaret(this);' onkeyup='storeCaret(this);'></textarea>
|
||||
<div class='center'>
|
||||
<input type='submit' data-forum-insert='".$ajaxInsert."' data-forum-post='".$thread->threadInfo['thread_forum_id']."' data-forum-thread='".$threadId."' data-forum-action='quickreply' name='reply' value='".LAN_FORUM_2006. "' class='btn btn-success button' />
|
||||
<input type='submit' data-token='".e_TOKEN."' data-forum-insert='".$ajaxInsert."' data-forum-post='".$thread->threadInfo['thread_forum_id']."' data-forum-thread='".$threadId."' data-forum-action='quickreply' name='reply' value='".LAN_FORUM_2006. "' class='btn btn-success button' />
|
||||
<input type='hidden' name='thread_id' value='$thread_parent' />
|
||||
|
||||
</div>
|
||||
</form>";
|
||||
|
||||
|
||||
// Preview should be reserved for the full 'Post reply' page. <input type='submit' name='fpreview' value='" . Preview . "' class='btn button' />
|
||||
}
|
||||
else
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user