Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

Merge pull request #5717 from BOINC/dpa_mod_pm 

web: don't allow blocking PMs from a moderator or admin.
This commit is contained in:
Vitalii Koshura 2024-07-30 10:37:39 +02:00 committed by GitHub
parent dfec74671b fc9fd0ce8d
commit f0fed141d0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 44 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
html/inc/forum.inc
View File

@ -1291,8 +1291,9 @@ function check_reply_access($user, $forum, $thread) {
// - edit their posts at any time // - edit their posts at any time
// - hide/unhide/move threads and posts // - hide/unhide/move threads and posts
function is_moderator($user, $forum) { function is_moderator($user, $forum=null) {
if (!$user) return false; if (!$user) return false;
BoincForumPrefs::lookup($user);
$type = $forum?$forum->parent_type:0; $type = $forum?$forum->parent_type:0;
switch ($type) { switch ($type) {
case 0: case 0:

5
html/inc/pm.inc
View File

@ -106,7 +106,9 @@ function pm_team_form($user, $teamid, $error=null) {
page_tail(); page_tail();
} }
function pm_form($replyto, $userid, $error = null) { // show the send-PM page, possibly with an error message
//
function pm_form_page($replyto, $userid, $error = null) {
global $bbcode_html, $bbcode_js; global $bbcode_html, $bbcode_js;
global $g_logged_in_user; global $g_logged_in_user;
page_head(tra("Send private message"),'','','', $bbcode_js); page_head(tra("Send private message"),'','','', $bbcode_js);
@ -193,7 +195,6 @@ function pm_form($replyto, $userid, $error = null) {
end_table(); end_table();
page_tail(); page_tail();
exit();
} }
function send_pm_notification_email( function send_pm_notification_email(

52
html/user/pm.php
View File

@ -193,7 +193,7 @@ function do_new($logged_in_user) {
if (VALIDATE_EMAIL_TO_POST) { if (VALIDATE_EMAIL_TO_POST) {
check_validated_email($logged_in_user); check_validated_email($logged_in_user);
} }
pm_form($replyto, $userid); pm_form_page($replyto, $userid);
} }
function do_delete($logged_in_user) { function do_delete($logged_in_user) {
@ -259,44 +259,62 @@ function do_send($logged_in_user) {
$content = post_str("content", true); $content = post_str("content", true);
if (post_str("preview", true) == tra("Preview")) { if (post_str("preview", true) == tra("Preview")) {
pm_form($replyto, $userid); pm_form_page($replyto, $userid);
return;
} }
if (($to == null) || ($subject == null) || ($content == null)) { if (($to == null) || ($subject == null) || ($content == null)) {
pm_form( pm_form_page(
$replyto, $userid, $replyto, $userid,
tra("You need to fill all fields to send a private message") tra("You need to fill all fields to send a private message")
); );
return; return;
} }
if (!akismet_check($logged_in_user, $content)) { if (!akismet_check($logged_in_user, $content)) {
pm_form($replyto, $userid, pm_form_page($replyto, $userid,
tra("Your message was flagged as spam by the Akismet anti-spam system. Please modify your text and try again.") tra("Your message was flagged as spam by the Akismet anti-spam system. Please modify your text and try again.")
); );
return;
} }
$users = explode("\n", $to); $usernames = explode("\n", $to);
$userlist = array(); $userlist = array();
$userids = array(); // To prevent from spamming a single user by adding it multiple times $userids = array(); // To prevent from spamming a single user by adding it multiple times
foreach ($users as $username) { foreach ($usernames as $username) {
if (is_numeric($username)) { // user ID is given // can be <id>, name, or '<id> (name)'
$userid = (int)$username; // (PM reply fills in the latter)
//
$x = explode(' ', $username);
if (is_numeric($x[0])) { // user ID
$userid = (int)$x[0];
$user = BoincUser::lookup_id($userid); $user = BoincUser::lookup_id($userid);
if ($user == null) { if ($user == null) {
pm_form($replyto, $userid, tra("Could not find user with id %1", $userid)); pm_form_page(
$replyto, $userid,
tra("Could not find user with id %1", $userid)
);
return;
} }
} else { } else {
$users = BoincUser::lookup_name($username); $users = BoincUser::lookup_name($username);
if (count($users) == 0) { if (count($users) == 0) {
pm_form($replyto, $userid, tra("Could not find user with username %1", $username)); pm_form_page(
$replyto, $userid,
tra("Could not find user with username %1", $username)
);
return;
} elseif (count($users) > 1) { // Non-unique username } elseif (count($users) > 1) { // Non-unique username
pm_form($replyto, $userid, tra("%1 is not a unique username; you will have to use user ID", $username)); pm_form_page(
$replyto, $userid,
tra("%1 is not a unique username; you will have to use user ID", $username)
);
return;
} }
$user = $users[0]; $user = $users[0];
} }
BoincForumPrefs::lookup($user); BoincForumPrefs::lookup($user);
if (is_ignoring($user, $logged_in_user)) { if (!is_moderator($logged_in_user) && is_ignoring($user, $logged_in_user)) {
pm_form( pm_form_page(
$replyto, $userid, $replyto, $userid,
UNIQUE_USER_NAME UNIQUE_USER_NAME
?tra("User %1 is not accepting private messages from you.", ?tra("User %1 is not accepting private messages from you.",
@ -307,6 +325,7 @@ function do_send($logged_in_user) {
$user->id $user->id
) )
); );
return;
} }
if (!isset($userids[$user->id])) { if (!isset($userids[$user->id])) {
$userlist[] = $user; $userlist[] = $user;
@ -350,6 +369,13 @@ function do_confirmedblock($logged_in_user) {
$id = post_int("id"); $id = post_int("id");
$blocked_user = BoincUser::lookup_id($id); $blocked_user = BoincUser::lookup_id($id);
if (!$blocked_user) error_page(tra("no such user")); if (!$blocked_user) error_page(tra("no such user"));
if (is_moderator($blocked_user)) {
error_page(
sprintf('%s is a moderator, and can\'t be blocked',
$blocked_user->name
)
);
}
add_ignored_user($logged_in_user, $blocked_user); add_ignored_user($logged_in_user, $blocked_user);
page_head(tra("User %1 blocked", $blocked_user->name)); page_head(tra("User %1 blocked", $blocked_user->name));