mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-30 19:30:25 +02:00
Code Issues Releases Wiki Activity

New method to post forum attachment related data directly (cleaned)

Browse Source 
Allows posting new forum attachment file data directly with the $_POST request so that uploads and attachment data can be handled before the post is submitted. Alternate types of attachments also become possible then when overriding the forum attachment shortcodes. Data is posted with JSON instead of PHP Array to avoid the chance of eval() related security issues.
This commit is contained in:
Michael Waskosky
2016-04-24 16:56:06 -06:00
parent a14b3baff7
commit 611ba19838
1 changed files with 34 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
e107_plugins/forum/forum_post.php
View File

@@ -798,15 +798,10 @@ class forum_post_handler
}
//Allows directly overriding the method of adding files (or other data) as attachments
if(isset($_POST['post_attachments_json']) && trim($_POST['post_attachments_json']))
if($attachmentsPosted = $this->processAttachmentsPosted())
{
$posted_attachments = json_decode($_POST['post_attachments_json'], true);
$attachments_json_errors = json_last_error();
if($attachments_json_errors === JSON_ERROR_NONE)
{
$postInfo['post_attachments'] = e107::serialize($posted_attachments);
}
}
$postInfo['post_attachments'] = $attachmentsPosted;
}
// var_dump($uploadResult);
@@ -1019,16 +1014,10 @@ class forum_post_handler
}
//Allows directly overriding the method of adding files (or other data) as attachments
if(isset($_POST['post_attachments_json']) && trim($_POST['post_attachments_json']))
if($attachmentsPosted = $this->processAttachmentsPosted($this->data['post_attachments']))
{
$existingValues = e107::unserialize($this->data['post_attachments']);
$posted_attachments = json_decode($_POST['post_attachments_json'], true);
$attachments_json_errors = json_last_error();
if($attachments_json_errors === JSON_ERROR_NONE)
{
$postVals['post_attachments'] = e107::serialize(array_merge_recursive($existingValues,$posted_attachments));
}
}
$postVals['post_attachments'] = $attachmentsPosted;
}
$postVals['post_edit_datestamp'] = time();
$postVals['post_edit_user'] = USERID;
@@ -1097,16 +1086,10 @@ class forum_post_handler
}
//Allows directly overriding the method of adding files (or other data) as attachments
if(isset($_POST['post_attachments_json']) && trim($_POST['post_attachments_json']))
if($attachmentsPosted = $this->processAttachmentsPosted($this->data['post_attachments']))
{
$existingValues = e107::unserialize($this->data['post_attachments']);
$posted_attachments = json_decode($_POST['post_attachments_json'], true);
$attachments_json_errors = json_last_error();
if($attachments_json_errors === JSON_ERROR_NONE)
{
$postVals['post_attachments'] = e107::serialize(array_merge_recursive($existingValues,$posted_attachments));
}
}
$postVals['post_attachments'] = $attachmentsPosted;
}
$this->forumObj->postUpdate($this->data['post_id'], $postVals);
@@ -1258,6 +1241,31 @@ class forum_post_handler
}
*/
}
//Allows directly overriding the method of adding files (or other data) as attachments
function processAttachmentsPosted($existingValues = false)
{
if(isset($_POST['post_attachments_json']) && trim($_POST['post_attachments_json']))
{
$postedAttachments = json_decode($_POST['post_attachments_json'], true);
$attachmentsJsonErrors = json_last_error();
if($attachmentsJsonErrors === JSON_ERROR_NONE)
{
if($existingValues)
{
$existingValues = e107::unserialize($existingValues);
return e107::serialize(array_merge_recursive($existingValues,$postedAttachments));
}
else
{
return e107::serialize($postedAttachments);
}
}
}
return false;
}
}