- viewtopic/forum search boxes should also use search config option and u_search permission [Bug #9850]

- mcp_reports was still using some of the mcp_queue post_id logic, changed enough to report_id logic to make it work properly now. I hope I didn't miss any external places referring to mcp_reports which send it a post_id_list. I really wonder whether people don't test the MCP at all? Good that I noticed this myself when fixing an incorrect language string (No reports selected) message [Bug #9741] - forgot to check in the changed mcp/info file for mcp_warn with global m_warn option - mcp_post.html was missing a submit button for changing the poster in prosilver [Bug #9771] - language variables in javascript in templates should use LA_ not L_ for proper escaping of single quotes git-svn-id: file:///svn/phpbb/trunk@7361 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 14:18:52 +00:00 · 2007-04-15 21:40:25 +00:00 · 2007-04-15 21:40:25 +00:00 · c76a2cdfe8
commit c76a2cdfe8
parent 6e92276b87
10 changed files with 102 additions and 77 deletions
--- a/phpBB/includes/mcp/info/mcp_warn.php
+++ b/phpBB/includes/mcp/info/mcp_warn.php
@ -23,7 +23,7 @@ class mcp_warn_info
 				'front'				=> array('title' => 'MCP_WARN_FRONT', 'auth' => 'aclf_m_warn', 'cat' => array('MCP_WARN')),
 				'list'				=> array('title' => 'MCP_WARN_LIST', 'auth' => 'aclf_m_warn', 'cat' => array('MCP_WARN')),
 				'warn_user'			=> array('title' => 'MCP_WARN_USER', 'auth' => 'aclf_m_warn', 'cat' => array('MCP_WARN')),
-				'warn_post'			=> array('title' => 'MCP_WARN_POST', 'auth' => 'acl_m_warn,$id || (!$id && aclf_m_warn)', 'cat' => array('MCP_WARN')),
+				'warn_post'			=> array('title' => 'MCP_WARN_POST', 'auth' => 'acl_m_warn && acl_f_read,$id', 'cat' => array('MCP_WARN')),
 			),
 		);
 	}
--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@ -41,14 +41,14 @@ class mcp_reports
 			case 'delete':
 				include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);

-				$post_id_list = request_var('post_id_list', array(0));
+				$report_id_list = request_var('report_id_list', array(0));

-				if (!sizeof($post_id_list))
+				if (!sizeof($report_id_list))
 				{
-					trigger_error('NO_POST_SELECTED');
+					trigger_error('NO_REPORT_SELECTED');
 				}

-				close_report($post_id_list, $mode, $action);
+				close_report($report_id_list, $mode, $action);

 			break;
 		}
@ -64,7 +64,7 @@ class mcp_reports
 				// closed reports are accessed by report id
 				$report_id = request_var('r', 0);

-				$sql = 'SELECT r.post_id, r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username, u.username_clean, u.user_colour
+				$sql = 'SELECT r.post_id, r.user_id, r.report_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username, u.username_clean, u.user_colour
 					FROM ' . REPORTS_TABLE . ' r, ' . REPORTS_REASONS_TABLE . ' rr, ' . USERS_TABLE . ' u
 					WHERE ' . (($report_id) ? 'r.report_id = ' . $report_id : "r.post_id = $post_id AND r.report_closed = 0") . '
 						AND rr.reason_id = r.reason_id
@ -75,19 +75,17 @@ class mcp_reports

 				if (!$report)
 				{
-					trigger_error('NO_POST_REPORT');
+					trigger_error('NO_REPORT_REPORT');
 				}

-				if ($report_id)
-				{
 				$post_id = $report['post_id'];
-				}
+				$report_id = $report['report_id'];

 				$post_info = get_post_data(array($post_id), 'm_report', true);

 				if (!sizeof($post_info))
 				{
-					trigger_error('NO_POST_SELECTED');
+					trigger_error('NO_REPORT_SELECTED');
 				}

 				$post_info = $post_info[$post_id];
@ -158,9 +156,10 @@ class mcp_reports

 					'RETURN_REPORTS'			=> sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&amp;mode=reports' : '&amp;mode=reports_closed') . '&amp;start=' . $start . '&amp;f=' . $post_info['forum_id']) . '">', '</a>'),
 					'REPORTED_IMG'				=> $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
+					'REPORT_DATE'				=> $user->format_date($report['report_time']),
+					'REPORT_ID'					=> $report_id,
 					'REPORT_REASON_TITLE'		=> $reason['title'],
 					'REPORT_REASON_DESCRIPTION'	=> $reason['description'],
-					'REPORT_DATE'				=> $user->format_date($report['report_time']),
 					'REPORT_TEXT'				=> $report['report_text'],

 					'POST_AUTHOR_FULL'		=> get_username_string('full', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']),
@ -335,6 +334,7 @@ class mcp_reports
 							'POST_ID'		=> $row['post_id'],
 							'POST_SUBJECT'	=> $row['post_subject'],
 							'POST_TIME'		=> $user->format_date($row['post_time']),
+							'REPORT_ID'		=> $row['report_id'],
 							'REPORT_TIME'	=> $user->format_date($row['report_time']),
 							'TOPIC_TITLE'	=> $row['topic_title'])
 						);
@ -370,11 +370,23 @@ class mcp_reports
 /**
 * Closes a report
 */
-function close_report($post_id_list, $mode, $action)
+function close_report($report_id_list, $mode, $action)
 {
 	global $db, $template, $user, $config;
 	global $phpEx, $phpbb_root_path;

+	$sql = 'SELECT r.post_id
+		FROM ' . REPORTS_TABLE . ' r
+		WHERE ' . $db->sql_in_set('r.report_id', $report_id_list);
+	$result = $db->sql_query($sql);
+
+	$post_id_list = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$post_id_list[] = $row['post_id'];
+	}
+	$post_id_list = array_unique($post_id_list);
+
 	if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_report')))
 	{
 		trigger_error('NOT_AUTHORISED');
@ -397,7 +409,7 @@ function close_report($post_id_list, $mode, $action)
 	$s_hidden_fields = build_hidden_fields(array(
 		'i'					=> 'reports',
 		'mode'				=> $mode,
-		'post_id_list'	=> $post_id_list,
+		'report_id_list'	=> $report_id_list,
 		'action'			=> $action,
 		'redirect'			=> $redirect)
 	);
@ -406,39 +418,39 @@ function close_report($post_id_list, $mode, $action)
 	{
 		$post_info = get_post_data($post_id_list, 'm_report');

-		$sql = 'SELECT r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type
+		$sql = 'SELECT r.report_id, r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type
 			FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u
-			WHERE ' . $db->sql_in_set('r.post_id', array_keys($post_info)) . '
+			WHERE ' . $db->sql_in_set('r.report_id', $report_id_list) . '
 				' . (($action == 'close') ? 'AND r.report_closed = 0' : '') . '
 				AND r.user_id = u.user_id';
 		$result = $db->sql_query($sql);

-		$reports = array();
+		$reports = $close_report_posts = $close_report_topics = $notify_reporters = $report_id_list = array();
 		while ($report = $db->sql_fetchrow($result))
 		{
-			$reports[$report['post_id']] = $report;
+			$reports[$report['report_id']] = $report;
+			$report_id_list[] = $report['report_id'];
+
+			if (!$report['report_closed'])
+			{
+				$close_report_posts[] = $report['post_id'];
+				$close_report_topics[] = $post_info[$report['post_id']]['topic_id'];
+			}
+
+			if ($report['user_notify'] && !$report['report_closed'])
+			{
+				$notify_reporters[$report['report_id']] = &$reports[$report['report_id']];
+			}
 		}
 		$db->sql_freeresult($result);

-		$close_report_posts = $close_report_topics = $notify_reporters = array();
-		foreach ($post_info as $post_id => $post_data)
+		if (sizeof($reports))
 		{
-			if (isset($reports[$post_id]))
-			{
-				$close_report_posts[] = $post_id;
-				$close_report_topics[] = $post_data['topic_id'];
-
-				if ($reports[$post_id]['user_notify'] && !$reports[$post_id]['report_closed'])
-				{
-					$notify_reporters[$post_id] = $reports[$post_id];
-				}
-			}
-		}
+			$close_report_posts = array_unique($close_report_posts);
+			$close_report_topics = array_unique($close_report_topics);

 			if (sizeof($close_report_posts))
 			{
-			$close_report_topics = array_unique($close_report_topics);
-
 				// Get a list of topics that still contain reported posts
 				$sql = 'SELECT DISTINCT topic_id
 					FROM ' . POSTS_TABLE . '
@ -456,6 +468,7 @@ function close_report($post_id_list, $mode, $action)

 				$close_report_topics = array_diff($close_report_topics, $keep_report_topics);
 				unset($keep_report_topics);
+			}

 			$db->sql_transaction('begin');

@ -463,15 +476,18 @@ function close_report($post_id_list, $mode, $action)
 			{
 				$sql = 'UPDATE ' . REPORTS_TABLE . '
 					SET report_closed = 1
-					WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
+					WHERE ' . $db->sql_in_set('report_id', $report_id_list);
 			}
 			else
 			{
 				$sql = 'DELETE FROM ' . REPORTS_TABLE . '
-					WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
+					WHERE ' . $db->sql_in_set('report_id', $report_id_list);
 			}
 			$db->sql_query($sql);

+
+			if (sizeof($close_report_posts))
+			{
 				$sql = 'UPDATE ' . POSTS_TABLE . '
 					SET post_reported = 0
 					WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
@ -484,6 +500,7 @@ function close_report($post_id_list, $mode, $action)
 						WHERE ' . $db->sql_in_set('topic_id', $close_report_topics);
 					$db->sql_query($sql);
 				}
+			}

 			$db->sql_transaction('commit');
 		}
@ -494,13 +511,15 @@ function close_report($post_id_list, $mode, $action)
 		// Notify reporters
 		if (sizeof($notify_reporters))
 		{
-			foreach ($notify_reporters as $post_id => $reporter)
+			foreach ($notify_reporters as $report_id => $reporter)
 			{
 				if ($reporter['user_id'] == ANONYMOUS)
 				{
 					continue;
 				}

+				$post_id = $reporter['post_id'];
+
 				$messenger->template('report_' . $action . 'd', $reporter['user_lang']);

 				$messenger->to($reporter['user_email'], $reporter['username']);
@ -516,15 +535,15 @@ function close_report($post_id_list, $mode, $action)
 				$messenger->send($reporter['user_notify_type']);
 			}
 		}
-		unset($notify_reporters, $post_info);
+		unset($notify_reporters, $post_info, $reports);

 		$messenger->save_queue();

-		$success_msg = (sizeof($post_id_list) == 1) ? 'REPORT_' . strtoupper($action) . 'D_SUCCESS' : 'REPORTS_' . strtoupper($action) . 'D_SUCCESS';
+		$success_msg = (sizeof($report_id_list) == 1) ? 'REPORT_' . strtoupper($action) . 'D_SUCCESS' : 'REPORTS_' . strtoupper($action) . 'D_SUCCESS';
 	}
 	else
 	{
-		confirm_box(false, $user->lang[strtoupper($action) . '_REPORT' . ((sizeof($post_id_list) == 1) ? '' : 'S') . '_CONFIRM'], $s_hidden_fields);
+		confirm_box(false, $user->lang[strtoupper($action) . '_REPORT' . ((sizeof($report_id_list) == 1) ? '' : 'S') . '_CONFIRM'], $s_hidden_fields);
 	}

 	$redirect = request_var('redirect', "index.$phpEx");
--- a/phpBB/language/en/mcp.php
+++ b/phpBB/language/en/mcp.php
@ -217,6 +217,7 @@ $lang = array_merge($lang, array(
 	'NO_POST_SELECTED'				=> 'You must select at least one post to perform this action',
 	'NO_REASON_DISAPPROVAL'			=> 'Please give an appropriate reason for disapproval',
 	'NO_REPORTS'					=> 'No reports',	
+	'NO_REPORT_SELECTED'			=> 'You must select at least one report to perform this action',
 	'NO_TOPIC_ICON'					=> 'None',
 	'NO_TOPIC_SELECTED'				=> 'You must select at least one topic to perform this action',
 	'NO_TOPICS_QUEUE'				=> 'No topics',
--- a/phpBB/styles/prosilver/template/mcp_post.html
+++ b/phpBB/styles/prosilver/template/mcp_post.html
@ -31,7 +31,7 @@
 			<input class="button1" type="submit" value="{L_CLOSE_REPORT}" name="action[close]" /> &nbsp;
 		<!-- ENDIF -->
 		<input class="button2" type="submit" value="{L_DELETE_REPORT}" name="action[delete]" />
-		<input type="hidden" name="post_id_list[]" value="{POST_ID}" />
+		<input type="hidden" name="report_id_list[]" value="{REPORT_ID}" />
 	</fieldset>

 	</form>
@ -110,7 +110,12 @@
 			<dl>
 				<dt><label>{L_CHANGE_POSTER}:</label></dt>
 				<!-- IF S_USER_SELECT --><dd><select name="u">{S_USER_SELECT}</select> <input type="submit" class="button2" name="action[chgposter_ip]" value="{L_CONFIRM}" /></dd><!-- ENDIF -->
-				<dd style="margin-top:3px;"><input class="inputbox autowidth" type="text" name="username" value="" /> <span>[ <a href="{U_FIND_USERNAME}" onclick="find_username(); return false;">{L_FIND_USERNAME}</a> ]</span></dd>
+				<dd style="margin-top:3px;">
+					<input class="inputbox autowidth" type="text" name="username" value="" />
+					<input type="submit" class="button2" name="action[chgposter]" value="{L_CONFIRM}" />
+					<br />
+					<span>[ <a href="{U_FIND_USERNAME}" onclick="find_username(); return false;">{L_FIND_USERNAME}</a> ]</span>
+				</dd>
 			</dl>
 			</fieldset>

--- a/phpBB/styles/prosilver/template/mcp_reports.html
+++ b/phpBB/styles/prosilver/template/mcp_reports.html
@ -43,7 +43,7 @@
 						<span>{postrow.REPORTER_FULL} {L_REPORTED_ON_DATE} {postrow.REPORT_TIME}<br />
 						{L_FORUM}: <a href="{postrow.U_VIEWFORUM}">{postrow.FORUM_NAME}</a></span>
 					</dd>
-					<dd class="mark"><input type="checkbox" name="post_id_list[]" value="{postrow.POST_ID}" /></dd>
+					<dd class="mark"><input type="checkbox" name="report_id_list[]" value="{postrow.REPORT_ID}" /></dd>
 				</dl>
 			</li>
 		<!-- END postrow -->
@ -75,7 +75,7 @@
 	<fieldset class="display-actions">		
 		<input class="button2" type="submit" value="{L_DELETE_REPORTS}" name="action[delete]" />
 		<!-- IF not S_CLOSED -->&nbsp;<input class="button1" type="submit" name="action[close]" value="{L_CLOSE_REPORTS}" /><!-- ENDIF -->
-		<div><a href="#" onclick="marklist('mcp', 'post_id_list', true); return false;">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('mcp', 'post_id_list', false); return false;">{L_UNMARK_ALL}</a></div>
+		<div><a href="#" onclick="marklist('mcp', 'report_id_list', true); return false;">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('mcp', 'report_id_list', false); return false;">{L_UNMARK_ALL}</a></div>
 	</fieldset>
 <!-- ENDIF -->

--- a/phpBB/styles/prosilver/template/overall_header.html
+++ b/phpBB/styles/prosilver/template/overall_header.html
@ -129,7 +129,7 @@
 		<div id="search-box">
 			<form action="{U_SEARCH}" method="get" id="search">
 			<fieldset>
-				<input name="keywords" id="keywords" type="text" maxlength="128" title="{L_SEARCH_KEYWORDS}" class="inputbox search" value="<!-- IF SEARCH_WORDS-->{SEARCH_WORDS}<!-- ELSE -->{L_SEARCH_MINI}<!-- ENDIF -->" onclick="if(this.value=='{L_SEARCH_MINI}')this.value='';" onblur="if(this.value=='')this.value='{L_SEARCH_MINI}';" accesskey="s" /> 
+				<input name="keywords" id="keywords" type="text" maxlength="128" title="{L_SEARCH_KEYWORDS}" class="inputbox search" value="<!-- IF SEARCH_WORDS-->{SEARCH_WORDS}<!-- ELSE -->{L_SEARCH_MINI}<!-- ENDIF -->" onclick="if(this.value=='{LA_SEARCH_MINI}')this.value='';" onblur="if(this.value=='')this.value='{LA_SEARCH_MINI}';" accesskey="s" /> 
 				<input class="button2" value="{L_SEARCH}" type="submit" /><br />
 				<a href="{U_SEARCH}" title="{L_SEARCH_ADV_EXPLAIN}">{L_SEARCH_ADV}</a> {S_HIDDEN_FIELDS}
 			</fieldset>
--- a/phpBB/styles/subsilver2/template/mcp_post.html
+++ b/phpBB/styles/subsilver2/template/mcp_post.html
@ -32,7 +32,7 @@
 	</tr>
 	</table>

-	<input type="hidden" name="post_id_list[]" value="{POST_ID}" />
+	<input type="hidden" name="report_id_list[]" value="{REPORT_ID}" />
 	</form>

 	<br clear="all"/>
--- a/phpBB/styles/subsilver2/template/mcp_reports.html
+++ b/phpBB/styles/subsilver2/template/mcp_reports.html
@ -26,7 +26,7 @@
 		<td style="padding: 4px;" align="{S_CONTENT_FLOW_BEGIN}" valign="top" nowrap="nowrap"><span class="gen">{postrow.REPORTER_FULL}</span></td>
 		<td style="padding: 4px;" align="{S_CONTENT_FLOW_BEGIN}" valign="top" nowrap="nowrap"><span class="gen">{postrow.REPORT_TIME}</span><br />
 			<span class="gensmall">[ <a href="{postrow.U_VIEW_DETAILS}">{L_VIEW_DETAILS}</a> ]</span></td>
-		<td align="center"><input type="checkbox" class="radio" name="post_id_list[]" value="{postrow.POST_ID}" /></td>
+		<td align="center"><input type="checkbox" class="radio" name="report_id_list[]" value="{postrow.REPORT_ID}" /></td>
 	</tr>
 <!-- BEGINELSE -->
 	<tr>
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@ -276,7 +276,7 @@ $template->assign_vars(array(
 	'S_WATCH_FORUM_LINK'	=> $s_watching_forum['link'],
 	'S_WATCH_FORUM_TITLE'	=> $s_watching_forum['title'],
 	'S_FORUM_ACTION'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id&amp;start=$start"),
-	'S_DISPLAY_SEARCHBOX'	=> ($auth->acl_get('f_search', $forum_id)) ? true : false,
+	'S_DISPLAY_SEARCHBOX'	=> ($auth->acl_get('u_search') && $auth->acl_get('f_search', $forum_id) && $config['load_search']) ? true : false,
 	'S_SEARCHBOX_ACTION'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'fid[]=' . $forum_id),
 	'S_SINGLE_MODERATOR'	=> (!empty($moderators[$forum_id]) && sizeof($moderators[$forum_id]) > 1) ? false : true,

--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -573,7 +573,7 @@ $template->assign_vars(array(
 	'S_TOPIC_MOD' 			=> ($topic_mod != '') ? '<select name="action">' . $topic_mod . '</select>' : '',
 	'S_MOD_ACTION' 			=> append_sid("{$phpbb_root_path}mcp.$phpEx", "t=$topic_id&amp;f=$forum_id&amp;quickmod=1&amp;redirect=" . urlencode(str_replace('&amp;', '&', $viewtopic_url)), true, $user->session_id),

-	'S_DISPLAY_SEARCHBOX'	=> ($auth->acl_get('f_search', $forum_id)) ? true : false,
+	'S_DISPLAY_SEARCHBOX'	=> ($auth->acl_get('u_search') && $auth->acl_get('f_search', $forum_id) && $config['load_search']) ? true : false,
 	'S_SEARCHBOX_ACTION'	=> append_sid("{$phpbb_root_path}search.$phpEx", 't=' . $topic_id),

 	'U_TOPIC'				=> "{$server_path}viewtopic.$phpEx?f=$forum_id&amp;t=$topic_id",