flashii/misuzu
flashii/misuzu
1
1
Fork 0
Code Issues Pull requests Releases 159 Wiki Activity Actions

Removed more XHR leftovers.

Browse source
This commit is contained in:
flash 2023-01-02 23:12:23 +00:00
parent 053109fe4f
commit f9d2ca2bb5
3 changed files with 117 additions and 232 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

175
public/forum/post.php
View file

@ -11,22 +11,10 @@ $postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : ''; $postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1'; $submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
// basing whether or not this is an xhr request on whether a referrer header is present
// this page is never directy accessed, under normal circumstances
$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : '';
$isXHR = !$redirect;
if($isXHR) {
header('Content-Type: application/json; charset=utf-8');
} elseif(!is_local_url($redirect)) {
echo render_info('Possible request forgery detected.', 403);
return;
}
$postRequestVerified = CSRF::validateRequest(); $postRequestVerified = CSRF::validateRequest();
if(!empty($postMode) && !UserSession::hasCurrent()) { if(!empty($postMode) && !UserSession::hasCurrent()) {
echo render_info_or_json($isXHR, 'You must be logged in to manage posts.', 401); echo render_info('You must be logged in to manage posts.', 401);
return; return;
} }
@ -34,27 +22,14 @@ $currentUser = User::getCurrent();
$currentUserId = $currentUser === null ? 0 : $currentUser->getId(); $currentUserId = $currentUser === null ? 0 : $currentUser->getId();
if(isset($currentUser) && $currentUser->isBanned()) { if(isset($currentUser) && $currentUser->isBanned()) {
echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403); echo render_info('You have been banned, check your profile for more information.', 403);
return; return;
} }
if(isset($currentUser) && $currentUser->isSilenced()) { if(isset($currentUser) && $currentUser->isSilenced()) {
echo render_info_or_json($isXHR, 'You have been silenced, check your profile for more information.', 403); echo render_info('You have been silenced, check your profile for more information.', 403);
return; return;
} }
if($isXHR) {
if(!$postRequestVerified) {
http_response_code(403);
echo json_encode([
'success' => false,
'message' => 'Possible request forgery detected.',
]);
return;
}
header(CSRF::header());
}
$postInfo = forum_post_get($postId, true); $postInfo = forum_post_get($postId, true);
$perms = empty($postInfo) $perms = empty($postInfo)
? 0 ? 0
@ -103,40 +78,27 @@ switch($postMode) {
} }
if($canDelete !== MSZ_E_FORUM_POST_DELETE_OK) { if($canDelete !== MSZ_E_FORUM_POST_DELETE_OK) {
if($isXHR) {
http_response_code($responseCode);
echo json_encode([
'success' => false,
'post_id' => $postInfo['post_id'],
'code' => $canDelete,
'message' => $canDeleteMsg,
]);
break;
}
echo render_info($canDeleteMsg, $responseCode); echo render_info($canDeleteMsg, $responseCode);
break; break;
} }
if(!$isXHR) { if($postRequestVerified && !$submissionConfirmed) {
if($postRequestVerified && !$submissionConfirmed) { url_redirect('forum-post', [
url_redirect('forum-post', [ 'post' => $postInfo['post_id'],
'post' => $postInfo['post_id'], 'post_fragment' => 'p' . $postInfo['post_id'],
'post_fragment' => 'p' . $postInfo['post_id'], ]);
]); break;
break; } elseif(!$postRequestVerified) {
} elseif(!$postRequestVerified) { Template::render('forum.confirm', [
Template::render('forum.confirm', [ 'title' => 'Confirm post deletion',
'title' => 'Confirm post deletion', 'class' => 'far fa-trash-alt',
'class' => 'far fa-trash-alt', 'message' => sprintf('You are about to delete post #%d. Are you sure about that?', $postInfo['post_id']),
'message' => sprintf('You are about to delete post #%d. Are you sure about that?', $postInfo['post_id']), 'params' => [
'params' => [ 'p' => $postInfo['post_id'],
'p' => $postInfo['post_id'], 'm' => 'delete',
'm' => 'delete', ],
], ]);
]); break;
break;
}
} }
$deletePost = forum_post_delete($postInfo['post_id']); $deletePost = forum_post_delete($postInfo['post_id']);
@ -145,15 +107,6 @@ switch($postMode) {
AuditLog::create(AuditLog::FORUM_POST_DELETE, [$postInfo['post_id']]); AuditLog::create(AuditLog::FORUM_POST_DELETE, [$postInfo['post_id']]);
} }
if($isXHR) {
echo json_encode([
'success' => $deletePost,
'post_id' => $postInfo['post_id'],
'message' => $deletePost ? 'Post deleted!' : 'Failed to delete post.',
]);
break;
}
if(!$deletePost) { if(!$deletePost) {
echo render_error(500); echo render_error(500);
break; break;
@ -168,25 +121,23 @@ switch($postMode) {
break; break;
} }
if(!$isXHR) { if($postRequestVerified && !$submissionConfirmed) {
if($postRequestVerified && !$submissionConfirmed) { url_redirect('forum-post', [
url_redirect('forum-post', [ 'post' => $postInfo['post_id'],
'post' => $postInfo['post_id'], 'post_fragment' => 'p' . $postInfo['post_id'],
'post_fragment' => 'p' . $postInfo['post_id'], ]);
]); break;
break; } elseif(!$postRequestVerified) {
} elseif(!$postRequestVerified) { Template::render('forum.confirm', [
Template::render('forum.confirm', [ 'title' => 'Confirm post nuke',
'title' => 'Confirm post nuke', 'class' => 'fas fa-radiation',
'class' => 'fas fa-radiation', 'message' => sprintf('You are about to PERMANENTLY DELETE post #%d. Are you sure about that?', $postInfo['post_id']),
'message' => sprintf('You are about to PERMANENTLY DELETE post #%d. Are you sure about that?', $postInfo['post_id']), 'params' => [
'params' => [ 'p' => $postInfo['post_id'],
'p' => $postInfo['post_id'], 'm' => 'nuke',
'm' => 'nuke', ],
], ]);
]); break;
break;
}
} }
$nukePost = forum_post_nuke($postInfo['post_id']); $nukePost = forum_post_nuke($postInfo['post_id']);
@ -197,11 +148,8 @@ switch($postMode) {
} }
AuditLog::create(AuditLog::FORUM_POST_NUKE, [$postInfo['post_id']]); AuditLog::create(AuditLog::FORUM_POST_NUKE, [$postInfo['post_id']]);
http_response_code(204);
if(!$isXHR) { url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
}
break; break;
case 'restore': case 'restore':
@ -210,25 +158,23 @@ switch($postMode) {
break; break;
} }
if(!$isXHR) { if($postRequestVerified && !$submissionConfirmed) {
if($postRequestVerified && !$submissionConfirmed) { url_redirect('forum-post', [
url_redirect('forum-post', [ 'post' => $postInfo['post_id'],
'post' => $postInfo['post_id'], 'post_fragment' => 'p' . $postInfo['post_id'],
'post_fragment' => 'p' . $postInfo['post_id'], ]);
]); break;
break; } elseif(!$postRequestVerified) {
} elseif(!$postRequestVerified) { Template::render('forum.confirm', [
Template::render('forum.confirm', [ 'title' => 'Confirm post restore',
'title' => 'Confirm post restore', 'class' => 'fas fa-magic',
'class' => 'fas fa-magic', 'message' => sprintf('You are about to restore post #%d. Are you sure about that?', $postInfo['post_id']),
'message' => sprintf('You are about to restore post #%d. Are you sure about that?', $postInfo['post_id']), 'params' => [
'params' => [ 'p' => $postInfo['post_id'],
'p' => $postInfo['post_id'], 'm' => 'restore',
'm' => 'restore', ],
], ]);
]); break;
break;
}
} }
$restorePost = forum_post_restore($postInfo['post_id']); $restorePost = forum_post_restore($postInfo['post_id']);
@ -239,11 +185,8 @@ switch($postMode) {
} }
AuditLog::create(AuditLog::FORUM_POST_RESTORE, [$postInfo['post_id']]); AuditLog::create(AuditLog::FORUM_POST_RESTORE, [$postInfo['post_id']]);
http_response_code(204);
if(!$isXHR) { url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
}
break; break;
default: // function as an alt for topic.php?p= by default default: // function as an alt for topic.php?p= by default
@ -267,13 +210,9 @@ switch($postMode) {
unset($postInfo['preceeding_post_deleted_count']); unset($postInfo['preceeding_post_deleted_count']);
if($isXHR) {
echo json_encode($postFind);
break;
}
url_redirect('forum-topic', [ url_redirect('forum-topic', [
'topic' => $postFind['topic_id'], 'topic' => $postFind['topic_id'],
'page' => floor($postFind['preceeding_post_count'] / MSZ_FORUM_POSTS_PER_PAGE) + 1, 'page' => floor($postFind['preceeding_post_count'] / MSZ_FORUM_POSTS_PER_PAGE) + 1,
]); ]);
break;
} }

163
public/forum/topic.php
View file

@ -67,34 +67,24 @@ $validModerationModes = [
]; ];
if(in_array($moderationMode, $validModerationModes, true)) { if(in_array($moderationMode, $validModerationModes, true)) {
$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : '';
$isXHR = !$redirect;
if($isXHR) {
header('Content-Type: application/json; charset=utf-8');
} elseif(!is_local_url($redirect)) {
echo render_info('Possible request forgery detected.', 403);
return;
}
if(!CSRF::validateRequest()) { if(!CSRF::validateRequest()) {
echo render_info_or_json($isXHR, "Couldn't verify this request, please refresh the page and try again.", 403); echo render_info("Couldn't verify this request, please refresh the page and try again.", 403);
return; return;
} }
header(CSRF::header()); header(CSRF::header());
if(!UserSession::hasCurrent()) { if(!UserSession::hasCurrent()) {
echo render_info_or_json($isXHR, 'You must be logged in to manage posts.', 401); echo render_info('You must be logged in to manage posts.', 401);
return; return;
} }
if($topicUser->isBanned()) { if($topicUser->isBanned()) {
echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403); echo render_info('You have been banned, check your profile for more information.', 403);
return; return;
} }
if($topicUser->isSilenced()) { if($topicUser->isSilenced()) {
echo render_info_or_json($isXHR, 'You have been silenced, check your profile for more information.', 403); echo render_info('You have been silenced, check your profile for more information.', 403);
return; return;
} }
@ -141,56 +131,33 @@ if(in_array($moderationMode, $validModerationModes, true)) {
} }
if($canDeleteCode !== MSZ_E_FORUM_TOPIC_DELETE_OK) { if($canDeleteCode !== MSZ_E_FORUM_TOPIC_DELETE_OK) {
if($isXHR) {
http_response_code($responseCode);
echo json_encode([
'success' => false,
'topic_id' => $topic['topic_id'],
'code' => $canDeleteCode,
'message' => $canDeleteMsg,
]);
break;
}
echo render_info($canDeleteMsg, $responseCode); echo render_info($canDeleteMsg, $responseCode);
break; break;
} }
if(!$isXHR) { if(!isset($_GET['confirm'])) {
if(!isset($_GET['confirm'])) { Template::render('forum.confirm', [
Template::render('forum.confirm', [ 'title' => 'Confirm topic deletion',
'title' => 'Confirm topic deletion', 'class' => 'far fa-trash-alt',
'class' => 'far fa-trash-alt', 'message' => sprintf('You are about to delete topic #%d. Are you sure about that?', $topic['topic_id']),
'message' => sprintf('You are about to delete topic #%d. Are you sure about that?', $topic['topic_id']), 'params' => [
'params' => [ 't' => $topic['topic_id'],
't' => $topic['topic_id'], 'm' => 'delete',
'm' => 'delete', ],
], ]);
]); break;
break; } elseif(!$submissionConfirmed) {
} elseif(!$submissionConfirmed) { url_redirect(
url_redirect( 'forum-topic',
'forum-topic', ['topic' => $topic['topic_id']]
['topic' => $topic['topic_id']] );
); break;
break;
}
} }
$deleteTopic = forum_topic_delete($topic['topic_id']); $deleteTopic = forum_topic_delete($topic['topic_id']);
if($deleteTopic) { if($deleteTopic)
AuditLog::create(AuditLog::FORUM_TOPIC_DELETE, [$topic['topic_id']]); AuditLog::create(AuditLog::FORUM_TOPIC_DELETE, [$topic['topic_id']]);
}
if($isXHR) {
echo json_encode([
'success' => $deleteTopic,
'topic_id' => $topic['topic_id'],
'message' => $deleteTopic ? 'Topic deleted!' : 'Failed to delete topic.',
]);
break;
}
if(!$deleteTopic) { if(!$deleteTopic) {
echo render_error(500); echo render_error(500);
@ -208,24 +175,22 @@ if(in_array($moderationMode, $validModerationModes, true)) {
break; break;
} }
if(!$isXHR) { if(!isset($_GET['confirm'])) {
if(!isset($_GET['confirm'])) { Template::render('forum.confirm', [
Template::render('forum.confirm', [ 'title' => 'Confirm topic restore',
'title' => 'Confirm topic restore', 'class' => 'fas fa-magic',
'class' => 'fas fa-magic', 'message' => sprintf('You are about to restore topic #%d. Are you sure about that?', $topic['topic_id']),
'message' => sprintf('You are about to restore topic #%d. Are you sure about that?', $topic['topic_id']), 'params' => [
'params' => [ 't' => $topic['topic_id'],
't' => $topic['topic_id'], 'm' => 'restore',
'm' => 'restore', ],
], ]);
]); break;
break; } elseif(!$submissionConfirmed) {
} elseif(!$submissionConfirmed) { url_redirect('forum-topic', [
url_redirect('forum-topic', [ 'topic' => $topic['topic_id'],
'topic' => $topic['topic_id'], ]);
]); break;
break;
}
} }
$restoreTopic = forum_topic_restore($topic['topic_id']); $restoreTopic = forum_topic_restore($topic['topic_id']);
@ -236,13 +201,10 @@ if(in_array($moderationMode, $validModerationModes, true)) {
} }
AuditLog::create(AuditLog::FORUM_TOPIC_RESTORE, [$topic['topic_id']]); AuditLog::create(AuditLog::FORUM_TOPIC_RESTORE, [$topic['topic_id']]);
http_response_code(204);
if(!$isXHR) { url_redirect('forum-category', [
url_redirect('forum-category', [ 'forum' => $topic['forum_id'],
'forum' => $topic['forum_id'], ]);
]);
}
break; break;
case 'nuke': case 'nuke':
@ -251,24 +213,22 @@ if(in_array($moderationMode, $validModerationModes, true)) {
break; break;
} }
if(!$isXHR) { if(!isset($_GET['confirm'])) {
if(!isset($_GET['confirm'])) { Template::render('forum.confirm', [
Template::render('forum.confirm', [ 'title' => 'Confirm topic nuke',
'title' => 'Confirm topic nuke', 'class' => 'fas fa-radiation',
'class' => 'fas fa-radiation', 'message' => sprintf('You are about to PERMANENTLY DELETE topic #%d. Are you sure about that?', $topic['topic_id']),
'message' => sprintf('You are about to PERMANENTLY DELETE topic #%d. Are you sure about that?', $topic['topic_id']), 'params' => [
'params' => [ 't' => $topic['topic_id'],
't' => $topic['topic_id'], 'm' => 'nuke',
'm' => 'nuke', ],
], ]);
]); break;
break; } elseif(!$submissionConfirmed) {
} elseif(!$submissionConfirmed) { url_redirect('forum-topic', [
url_redirect('forum-topic', [ 'topic' => $topic['topic_id'],
'topic' => $topic['topic_id'], ]);
]); break;
break;
}
} }
$nukeTopic = forum_topic_nuke($topic['topic_id']); $nukeTopic = forum_topic_nuke($topic['topic_id']);
@ -279,13 +239,10 @@ if(in_array($moderationMode, $validModerationModes, true)) {
} }
AuditLog::create(AuditLog::FORUM_TOPIC_NUKE, [$topic['topic_id']]); AuditLog::create(AuditLog::FORUM_TOPIC_NUKE, [$topic['topic_id']]);
http_response_code(204);
if(!$isXHR) { url_redirect('forum-category', [
url_redirect('forum-category', [ 'forum' => $topic['forum_id'],
'forum' => $topic['forum_id'], ]);
]);
}
break; break;
case 'bump': case 'bump':

11
utility.php
View file

@ -117,17 +117,6 @@ function render_info(?string $message, int $httpCode, string $template = 'errors
return \Misuzu\Template::renderRaw(sprintf($template, $httpCode)); return \Misuzu\Template::renderRaw(sprintf($template, $httpCode));
} }
function render_info_or_json(bool $json, string $message, int $httpCode = 200, string $template = 'errors.%d'): string {
$error = $httpCode >= 400;
http_response_code($httpCode);
if($json) {
return json_encode([($error ? 'error' : 'message') => $message, 'success' => $error]);
}
return render_info($message, $httpCode, $template);
}
function html_colour(?int $colour, $attribs = '--user-colour'): string { function html_colour(?int $colour, $attribs = '--user-colour'): string {
$colour = $colour == null ? \Misuzu\Colour::none() : new \Misuzu\Colour($colour); $colour = $colour == null ? \Misuzu\Colour::none() : new \Misuzu\Colour($colour);