From 0d7c33c1afd2595ca4f5569af69d1514bec29b35 Mon Sep 17 00:00:00 2001
From: Oliver Schramm <oliver.schramm97@gmail.com>
Date: Fri, 14 Sep 2018 14:54:20 +0200
Subject: [PATCH] [ticket/15329] Parse drafts before saving them (and decode)

PHPBB3-15329
---
 phpBB/includes/ucp/ucp_main.php       | 24 ++++++++++++++++++++++--
 phpBB/includes/ucp/ucp_pm_compose.php |  5 ++++-
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php
index 71a615e75c..cd75eead1e 100644
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@@ -502,6 +502,9 @@ class ucp_main
 				$draft_subject = $draft_message = '';
 				add_form_key('ucp_draft');
 
+				include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
+				$message_parser = new parse_message();
+
 				if ($delete)
 				{
 					if (check_form_key('ucp_draft'))
@@ -535,9 +538,19 @@ class ucp_main
 					{
 						if ($draft_message && $draft_subject)
 						{
+							// $auth->acl_gets can't be used here because it will check for global forum permissions in this case
+							// In general we don't need too harsh checking here for permissions, as this will be handled later when submitting
+							$bbcode_status = $auth->acl_get('u_pm_bbcode') || $auth->acl_getf_global('f_bbcode');
+							$smilies_status = $auth->acl_get('u_pm_smilies') || $auth->acl_getf_global('f_smilies');
+							$img_status = $auth->acl_get('u_pm_img') || $auth->acl_getf_global('f_img');
+							$flash_status = $auth->acl_get('u_pm_flash') || $auth->acl_getf_global('f_flash');
+
+							$message_parser->message = $draft_message;
+							$message_parser->parse($bbcode_status, $config['allow_post_links'], $smilies_status, $img_status, $flash_status, true, $config['allow_post_links']);
+
 							$draft_row = array(
 								'draft_subject' => $draft_subject,
-								'draft_message' => $draft_message
+								'draft_message' => $message_parser->message,
 							);
 
 							$sql = 'UPDATE ' . DRAFTS_TABLE . '
@@ -639,9 +652,16 @@ class ucp_main
 						$insert_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=compose&amp;d=" . $draft['draft_id']);
 					}
 
+					if (!$submit)
+					{
+						$message_parser->message = $draft['draft_message'];
+						$message_parser->decode_message();
+						$draft_message = $message_parser->message;
+					}
+
 					$template_row = array(
 						'DATE'			=> $user->format_date($draft['save_time']),
-						'DRAFT_MESSAGE'	=> ($submit) ? $draft_message : $draft['draft_message'],
+						'DRAFT_MESSAGE'	=> $draft_message,
 						'DRAFT_SUBJECT'	=> ($submit) ? $draft_subject : $draft['draft_subject'],
 						'TITLE'			=> $title,
 
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index bf18e76568..bc43b5d1fe 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -659,13 +659,16 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		{
 			if (confirm_box(true))
 			{
+				$message_parser->message = $message;
+				$message_parser->parse($bbcode_status, $url_status, $smilies_status, $img_status, $flash_status, true, $url_status);
+
 				$sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 					'user_id'		=> $user->data['user_id'],
 					'topic_id'		=> 0,
 					'forum_id'		=> 0,
 					'save_time'		=> $current_time,
 					'draft_subject'	=> $subject,
-					'draft_message'	=> $message
+					'draft_message'	=> $message_parser->message,
 					)
 				);
 				$db->sql_query($sql);