ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Universal check for form submission

Browse source
This commit is contained in:
Marcin Kurczewski 2013-10-21 23:50:30 +02:00
parent 90a75e4d30
commit 823888b0c1
10 changed files with 198 additions and 168 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public_html/media/js/core.js
View file

@ -70,7 +70,7 @@ $(function()
aDom.addClass('inactive');
var url = $(this).attr('href') + '?json';
$.get(url, function(data)
$.get(url, {submit: 1}, function(data)
{
if (data['success'])
{

1
public_html/media/js/upload.js
View file

@ -82,6 +82,7 @@ $(function()
fd.append('tags', tags);
fd.append('safety', safety);
fd.append('source', source);
fd.append('submit', 1);
var ajaxData =
{

191
src/Controllers/PostController.php
View file

@ -203,7 +203,7 @@ class PostController
if ($this->config->registration->needEmailForUploading)
PrivilegesHelper::confirmEmail($this->context->user);
if (!empty($_FILES['file']['name']))
if (InputHelper::get('submit'))
{
/* file contents */
$suppliedFile = $_FILES['file'];
@ -290,73 +290,71 @@ class PostController
{
$post = Model_Post::locate($id);
R::preload($post, ['uploader' => 'user']);
$edited = false;
$this->context->transport->post = $post;
/* safety */
$suppliedSafety = InputHelper::get('safety');
if ($suppliedSafety !== null)
if (InputHelper::get('submit'))
{
PrivilegesHelper::confirmWithException(Privilege::EditPostSafety, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$suppliedSafety = Model_Post::validateSafety($suppliedSafety);
$post->safety = $suppliedSafety;
$edited = true;
}
/* safety */
$suppliedSafety = InputHelper::get('safety');
if ($suppliedSafety !== null)
{
PrivilegesHelper::confirmWithException(Privilege::EditPostSafety, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$suppliedSafety = Model_Post::validateSafety($suppliedSafety);
$post->safety = $suppliedSafety;
$edited = true;
}
/* tags */
$suppliedTags = InputHelper::get('tags');
if ($suppliedTags !== null)
{
PrivilegesHelper::confirmWithException(Privilege::EditPostTags, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$currentToken = self::serializeTags($post);
if (InputHelper::get('tags-token') != $currentToken)
throw new SimpleException('Someone else has changed the tags in the meantime');
/* tags */
$suppliedTags = InputHelper::get('tags');
if ($suppliedTags !== null)
{
PrivilegesHelper::confirmWithException(Privilege::EditPostTags, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$currentToken = self::serializeTags($post);
if (InputHelper::get('tags-token') != $currentToken)
throw new SimpleException('Someone else has changed the tags in the meantime');
$suppliedTags = Model_Tag::validateTags($suppliedTags);
$dbTags = Model_Tag::insertOrUpdate($suppliedTags);
$post->sharedTag = $dbTags;
$edited = true;
}
$suppliedTags = Model_Tag::validateTags($suppliedTags);
$dbTags = Model_Tag::insertOrUpdate($suppliedTags);
$post->sharedTag = $dbTags;
$edited = true;
}
/* thumbnail */
if (!empty($_FILES['thumb']['name']))
{
PrivilegesHelper::confirmWithException(Privilege::EditPostThumb, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$suppliedFile = $_FILES['thumb'];
self::handleUploadErrors($suppliedFile);
/* thumbnail */
if (!empty($_FILES['thumb']['name']))
{
PrivilegesHelper::confirmWithException(Privilege::EditPostThumb, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$suppliedFile = $_FILES['thumb'];
self::handleUploadErrors($suppliedFile);
$mimeType = mime_content_type($suppliedFile['tmp_name']);
if (!in_array($mimeType, ['image/gif', 'image/png', 'image/jpeg']))
throw new SimpleException('Invalid thumbnail type "' . $mimeType . '"');
list ($imageWidth, $imageHeight) = getimagesize($suppliedFile['tmp_name']);
if ($imageWidth != $this->config->browsing->thumbWidth)
throw new SimpleException('Invalid thumbnail width (should be ' . $this->config->browsing->thumbWidth . ')');
if ($imageWidth != $this->config->browsing->thumbHeight)
throw new SimpleException('Invalid thumbnail width (should be ' . $this->config->browsing->thumbHeight . ')');
$mimeType = mime_content_type($suppliedFile['tmp_name']);
if (!in_array($mimeType, ['image/gif', 'image/png', 'image/jpeg']))
throw new SimpleException('Invalid thumbnail type "' . $mimeType . '"');
list ($imageWidth, $imageHeight) = getimagesize($suppliedFile['tmp_name']);
if ($imageWidth != $this->config->browsing->thumbWidth)
throw new SimpleException('Invalid thumbnail width (should be ' . $this->config->browsing->thumbWidth . ')');
if ($imageWidth != $this->config->browsing->thumbHeight)
throw new SimpleException('Invalid thumbnail width (should be ' . $this->config->browsing->thumbHeight . ')');
$path = $this->config->main->thumbsPath . DS . $post->name;
move_uploaded_file($suppliedFile['tmp_name'], $path);
}
$path = $this->config->main->thumbsPath . DS . $post->name;
move_uploaded_file($suppliedFile['tmp_name'], $path);
}
/* source */
$suppliedSource = InputHelper::get('source');
if ($suppliedSource !== null)
{
PrivilegesHelper::confirmWithException(Privilege::EditPostSource, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$suppliedSource = Model_Post::validateSource($suppliedSource);
$post->source = $suppliedSource;
$edited = true;
}
/* source */
$suppliedSource = InputHelper::get('source');
if ($suppliedSource !== null)
{
PrivilegesHelper::confirmWithException(Privilege::EditPostSource, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$suppliedSource = Model_Post::validateSource($suppliedSource);
$post->source = $suppliedSource;
$edited = true;
}
/* db storage */
if ($edited)
R::store($post);
$this->context->transport->success = true;
$this->context->transport->success = true;
}
}
@ -368,9 +366,12 @@ class PostController
{
$post = Model_Post::locate($id);
PrivilegesHelper::confirmWithException(Privilege::HidePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$post->hidden = true;
R::store($post);
$this->context->transport->success = true;
if (InputHelper::get('submit'))
{
$post->hidden = true;
R::store($post);
$this->context->transport->success = true;
}
}
/**
@ -380,9 +381,12 @@ class PostController
{
$post = Model_Post::locate($id);
PrivilegesHelper::confirmWithException(Privilege::HidePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
$post->hidden = false;
R::store($post);
$this->context->transport->success = true;
if (InputHelper::get('submit'))
{
$post->hidden = false;
R::store($post);
$this->context->transport->success = true;
}
}
/**
@ -392,12 +396,15 @@ class PostController
{
$post = Model_Post::locate($id);
PrivilegesHelper::confirmWithException(Privilege::DeletePost, PrivilegesHelper::getIdentitySubPrivilege($post->uploader));
//remove stuff from auxiliary tables
$post->ownFavoritee = [];
$post->sharedTag = [];
R::store($post);
R::trash($post);
$this->context->transport->success = true;
if (InputHelper::get('submit'))
{
//remove stuff from auxiliary tables
$post->ownFavoritee = [];
$post->sharedTag = [];
R::store($post);
R::trash($post);
$this->context->transport->success = true;
}
}
@ -410,18 +417,21 @@ class PostController
{
$post = Model_Post::locate($id);
R::preload($post, ['favoritee' => 'user']);
if (!$this->context->loggedIn)
throw new SimpleException('Not logged in');
foreach ($post->via('favoritee')->sharedUser as $fav)
if ($fav->id == $this->context->user->id)
throw new SimpleException('Already in favorites');
PrivilegesHelper::confirmWithException(Privilege::FavoritePost);
$post->link('favoritee')->user = $this->context->user;
R::store($post);
$this->context->transport->success = true;
if (InputHelper::get('submit'))
{
if (!$this->context->loggedIn)
throw new SimpleException('Not logged in');
foreach ($post->via('favoritee')->sharedUser as $fav)
if ($fav->id == $this->context->user->id)
throw new SimpleException('Already in favorites');
$post->link('favoritee')->user = $this->context->user;
R::store($post);
$this->context->transport->success = true;
}
}
/**
@ -432,22 +442,25 @@ class PostController
{
$post = Model_Post::locate($id);
R::preload($post, ['favoritee' => 'user']);
PrivilegesHelper::confirmWithException(Privilege::FavoritePost);
if (!$this->context->loggedIn)
throw new SimpleException('Not logged in');
$finalKey = null;
foreach ($post->ownFavoritee as $key => $fav)
if ($fav->user->id == $this->context->user->id)
$finalKey = $key;
if (InputHelper::get('submit'))
{
if (!$this->context->loggedIn)
throw new SimpleException('Not logged in');
if ($finalKey === null)
throw new SimpleException('Not in favorites');
$finalKey = null;
foreach ($post->ownFavoritee as $key => $fav)
if ($fav->user->id == $this->context->user->id)
$finalKey = $key;
unset ($post->ownFavoritee[$finalKey]);
R::store($post);
$this->context->transport->success = true;
if ($finalKey === null)
throw new SimpleException('Not in favorites');
unset ($post->ownFavoritee[$finalKey]);
R::store($post);
$this->context->transport->success = true;
}
}

53
src/Controllers/TagController.php
View file

@ -49,22 +49,25 @@ class TagController
public function mergeAction()
{
PrivilegesHelper::confirmWithException(Privilege::MergeTags);
$sourceTag = Model_Tag::locate(InputHelper::get('source-tag'));
$targetTag = Model_Tag::locate(InputHelper::get('target-tag'));
R::preload($sourceTag, 'post');
foreach ($sourceTag->sharedPost as $post)
if (InputHelper::get('submit'))
{
foreach ($post->sharedTag as $key => $postTag)
if ($postTag->id == $sourceTag->id)
unset($post->sharedTag[$key]);
$post->sharedTag []= $targetTag;
R::store($post);
$sourceTag = Model_Tag::locate(InputHelper::get('source-tag'));
$targetTag = Model_Tag::locate(InputHelper::get('target-tag'));
R::preload($sourceTag, 'post');
foreach ($sourceTag->sharedPost as $post)
{
foreach ($post->sharedTag as $key => $postTag)
if ($postTag->id == $sourceTag->id)
unset($post->sharedTag[$key]);
$post->sharedTag []= $targetTag;
R::store($post);
}
R::trash($sourceTag);
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('tag', 'list'));
$this->view->context->success = true;
}
R::trash($sourceTag);
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('tag', 'list'));
$this->view->context->success = true;
}
/**
@ -73,18 +76,20 @@ class TagController
public function renameAction()
{
PrivilegesHelper::confirmWithException(Privilege::MergeTags);
if (InputHelper::get('submit'))
{
$suppliedSourceTag = InputHelper::get('source-tag');
$suppliedSourceTag = Model_Tag::validateTag($suppliedSourceTag);
$suppliedSourceTag = InputHelper::get('source-tag');
$suppliedSourceTag = Model_Tag::validateTag($suppliedSourceTag);
$suppliedTargetTag = InputHelper::get('target-tag');
$suppliedTargetTag = Model_Tag::validateTag($suppliedTargetTag);
$suppliedTargetTag = InputHelper::get('target-tag');
$suppliedTargetTag = Model_Tag::validateTag($suppliedTargetTag);
$sourceTag = Model_Tag::locate($suppliedSourceTag);
$sourceTag->name = $suppliedTargetTag;
R::store($sourceTag);
$sourceTag = Model_Tag::locate($suppliedSourceTag);
$sourceTag->name = $suppliedTargetTag;
R::store($sourceTag);
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('tag', 'list'));
$this->context->transport->success = true;
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('tag', 'list'));
$this->context->transport->success = true;
}
}
}

105
src/Controllers/UserController.php
View file

@ -128,9 +128,12 @@ class UserController
{
$user = Model_User::locate($name);
PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
$user->banned = true;
R::store($user);
$this->context->transport->success = true;
if (InputHelper::get('submit'))
{
$user->banned = true;
R::store($user);
$this->context->transport->success = true;
}
}
/**
@ -141,9 +144,12 @@ class UserController
{
$user = Model_User::locate($name);
PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
$user->banned = false;
R::store($user);
$this->context->transport->success = true;
if (InputHelper::get('submit'))
{
$user->banned = false;
R::store($user);
$this->context->transport->success = true;
}
}
/**
@ -154,14 +160,16 @@ class UserController
{
$user = Model_User::locate($name);
PrivilegesHelper::confirmWithException(Privilege::AcceptUserRegistration);
$user->staff_confirmed = true;
R::store($user);
$this->context->transport->success = true;
if (InputHelper::get('submit'))
{
$user->staff_confirmed = true;
R::store($user);
$this->context->transport->success = true;
}
}
/**
* @route /user/{name}/delete
* @validate name [^\/]+
@ -181,7 +189,7 @@ class UserController
$this->context->suppliedCurrentPassword = $suppliedCurrentPassword = InputHelper::get('current-password');
if (InputHelper::get('remove'))
if (InputHelper::get('submit'))
{
if ($this->context->user->id == $user->id)
{
@ -217,9 +225,7 @@ class UserController
{
try
{
$user = Model_User::locate($name);
$edited = false;
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
$this->context->handleExceptions = true;
@ -237,51 +243,47 @@ class UserController
$this->context->suppliedAccessRank = $suppliedAccessRank = InputHelper::get('access-rank');
$currentPasswordHash = $user->pass_hash;
if ($suppliedName != '' and $suppliedName != $user->name)
if (InputHelper::get('submit'))
{
PrivilegesHelper::confirmWithException(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedName = Model_User::validateUserName($suppliedName);
$user->name = $suppliedName;
$edited = true;
}
if ($suppliedPassword1 != '')
{
PrivilegesHelper::confirmWithException(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($user));
if ($suppliedPassword1 != $suppliedPassword2)
throw new SimpleException('Specified passwords must be the same');
$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
$user->pass_hash = Model_User::hashPassword($suppliedPassword, $user->pass_salt);
$edited = true;
}
if ($suppliedEmail != '' and $suppliedEmail != $user->email_confirmed)
{
PrivilegesHelper::confirmWithException(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedEmail = Model_User::validateEmail($suppliedEmail);
if ($this->context->user->id == $user->id)
if ($suppliedName != '' and $suppliedName != $user->name)
{
$user->email_unconfirmed = $suppliedEmail;
if (!empty($user->email_unconfirmed))
self::sendEmailConfirmation($user);
PrivilegesHelper::confirmWithException(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedName = Model_User::validateUserName($suppliedName);
$user->name = $suppliedName;
}
else
if ($suppliedPassword1 != '')
{
$user->email_confirmed = $suppliedEmail;
PrivilegesHelper::confirmWithException(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($user));
if ($suppliedPassword1 != $suppliedPassword2)
throw new SimpleException('Specified passwords must be the same');
$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
$user->pass_hash = Model_User::hashPassword($suppliedPassword, $user->pass_salt);
}
$edited = true;
}
if ($suppliedAccessRank != '' and $suppliedAccessRank != $user->access_rank)
{
PrivilegesHelper::confirmWithException(Privilege::ChangeUserAccessRank, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedAccessRank = Model_User::validateAccessRank($suppliedAccessRank);
$user->access_rank = $suppliedAccessRank;
$edited = true;
}
if ($suppliedEmail != '' and $suppliedEmail != $user->email_confirmed)
{
PrivilegesHelper::confirmWithException(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedEmail = Model_User::validateEmail($suppliedEmail);
if ($this->context->user->id == $user->id)
{
$user->email_unconfirmed = $suppliedEmail;
if (!empty($user->email_unconfirmed))
self::sendEmailConfirmation($user);
}
else
{
$user->email_confirmed = $suppliedEmail;
}
}
if ($suppliedAccessRank != '' and $suppliedAccessRank != $user->access_rank)
{
PrivilegesHelper::confirmWithException(Privilege::ChangeUserAccessRank, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedAccessRank = Model_User::validateAccessRank($suppliedAccessRank);
$user->access_rank = $suppliedAccessRank;
}
if ($edited)
{
if ($this->context->user->id == $user->id)
{
$suppliedPasswordHash = Model_User::hashPassword($suppliedCurrentPassword, $user->pass_salt);
@ -291,7 +293,6 @@ class UserController
R::store($user);
$this->context->transport->success = true;
}
}
catch (Exception $e)
{

2
src/Views/post-upload.phtml
View file

@ -81,6 +81,8 @@
<label class="left">Source:</label>
<div class="input-wrapper"><input type="text" name="source" placeholder="where did you get this from? (optional)"/></div>
</div>
<input type="hidden" name="submit" value="1"/>
</form>
</div>
</div>

2
src/Views/post-view.phtml
View file

@ -252,6 +252,8 @@
</div>
<?php endif ?>
<input type="hidden" name="submit" value="1"/>
<div>
<label class="left">&nbsp;</label>
<button type="submit">Submit</button>

4
src/Views/tag-list.phtml
View file

@ -25,6 +25,8 @@
<div class="input-wrapper"><input type="text" name="target-tag" id="merge-target-tag"></div>
</div>
<input type="hidden" name="submit" value="1"/>
<div>
<label class="left">&nbsp;</label>
<button type="submit">Merge!</button>
@ -47,6 +49,8 @@
<div class="input-wrapper"><input type="text" name="target-tag" id="rename-target-tag"></div>
</div>
<input type="hidden" name="submit" value="1"/>
<div>
<label class="left">&nbsp;</label>
<button type="submit">Rename!</button>

4
src/Views/user-delete.phtml
View file

@ -1,4 +1,4 @@
<form action="<?php echo \Chibi\UrlHelper::route('user', 'delete', ['name' => $this->context->transport->user->name]) ?>" method="post" class="edit aligned" autocomplete="off" data-confirm-text="Are you sure you want to delete your account?">
<form action="<?php echo \Chibi\UrlHelper::route('user', 'delete', ['name' => $this->context->transport->user->name]) ?>" method="post" class="delete aligned" autocomplete="off" data-confirm-text="Are you sure you want to delete your account?">
<?php if ($this->context->user->id == $this->context->transport->user->id): ?>
<div class="current-password">
<label class="left" for="current-password">Current password:</label>
@ -6,7 +6,7 @@
</div>
<?php endif ?>
<input type="hidden" name="remove" value="1"/>
<input type="hidden" name="submit" value="1"/>
<?php if ($this->context->transport->success === true): ?>
<p class="alert alert-success">Account settings updated!</p>

2
src/Views/user-edit.phtml
View file

@ -50,6 +50,8 @@
</div>
<?php endif ?>
<input type="hidden" name="submit" value="1"/>
<?php if ($this->context->transport->success === true): ?>
<p class="alert alert-success">Account settings updated! <?php if (!empty($this->context->mailSent)) echo 'You will be sent new e-mail address confirmation message soon.' ?></p>
<?php elseif (isset($this->context->transport->errorMessage)): ?>