diff --git a/public/forum/post.php b/public/forum/post.php index e76411a..0fedca1 100644 --- a/public/forum/post.php +++ b/public/forum/post.php @@ -11,22 +11,10 @@ $postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0; $postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : ''; $submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1'; -// basing whether or not this is an xhr request on whether a referrer header is present -// this page is never directy accessed, under normal circumstances -$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : ''; -$isXHR = !$redirect; - -if($isXHR) { - header('Content-Type: application/json; charset=utf-8'); -} elseif(!is_local_url($redirect)) { - echo render_info('Possible request forgery detected.', 403); - return; -} - $postRequestVerified = CSRF::validateRequest(); if(!empty($postMode) && !UserSession::hasCurrent()) { - echo render_info_or_json($isXHR, 'You must be logged in to manage posts.', 401); + echo render_info('You must be logged in to manage posts.', 401); return; } @@ -34,27 +22,14 @@ $currentUser = User::getCurrent(); $currentUserId = $currentUser === null ? 0 : $currentUser->getId(); if(isset($currentUser) && $currentUser->isBanned()) { - echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403); + echo render_info('You have been banned, check your profile for more information.', 403); return; } if(isset($currentUser) && $currentUser->isSilenced()) { - echo render_info_or_json($isXHR, 'You have been silenced, check your profile for more information.', 403); + echo render_info('You have been silenced, check your profile for more information.', 403); return; } -if($isXHR) { - if(!$postRequestVerified) { - http_response_code(403); - echo json_encode([ - 'success' => false, - 'message' => 'Possible request forgery detected.', - ]); - return; - } - - header(CSRF::header()); -} - $postInfo = forum_post_get($postId, true); $perms = empty($postInfo) ? 0 @@ -103,40 +78,27 @@ switch($postMode) { } if($canDelete !== MSZ_E_FORUM_POST_DELETE_OK) { - if($isXHR) { - http_response_code($responseCode); - echo json_encode([ - 'success' => false, - 'post_id' => $postInfo['post_id'], - 'code' => $canDelete, - 'message' => $canDeleteMsg, - ]); - break; - } - echo render_info($canDeleteMsg, $responseCode); break; } - if(!$isXHR) { - if($postRequestVerified && !$submissionConfirmed) { - url_redirect('forum-post', [ - 'post' => $postInfo['post_id'], - 'post_fragment' => 'p' . $postInfo['post_id'], - ]); - break; - } elseif(!$postRequestVerified) { - Template::render('forum.confirm', [ - 'title' => 'Confirm post deletion', - 'class' => 'far fa-trash-alt', - 'message' => sprintf('You are about to delete post #%d. Are you sure about that?', $postInfo['post_id']), - 'params' => [ - 'p' => $postInfo['post_id'], - 'm' => 'delete', - ], - ]); - break; - } + if($postRequestVerified && !$submissionConfirmed) { + url_redirect('forum-post', [ + 'post' => $postInfo['post_id'], + 'post_fragment' => 'p' . $postInfo['post_id'], + ]); + break; + } elseif(!$postRequestVerified) { + Template::render('forum.confirm', [ + 'title' => 'Confirm post deletion', + 'class' => 'far fa-trash-alt', + 'message' => sprintf('You are about to delete post #%d. Are you sure about that?', $postInfo['post_id']), + 'params' => [ + 'p' => $postInfo['post_id'], + 'm' => 'delete', + ], + ]); + break; } $deletePost = forum_post_delete($postInfo['post_id']); @@ -145,15 +107,6 @@ switch($postMode) { AuditLog::create(AuditLog::FORUM_POST_DELETE, [$postInfo['post_id']]); } - if($isXHR) { - echo json_encode([ - 'success' => $deletePost, - 'post_id' => $postInfo['post_id'], - 'message' => $deletePost ? 'Post deleted!' : 'Failed to delete post.', - ]); - break; - } - if(!$deletePost) { echo render_error(500); break; @@ -168,25 +121,23 @@ switch($postMode) { break; } - if(!$isXHR) { - if($postRequestVerified && !$submissionConfirmed) { - url_redirect('forum-post', [ - 'post' => $postInfo['post_id'], - 'post_fragment' => 'p' . $postInfo['post_id'], - ]); - break; - } elseif(!$postRequestVerified) { - Template::render('forum.confirm', [ - 'title' => 'Confirm post nuke', - 'class' => 'fas fa-radiation', - 'message' => sprintf('You are about to PERMANENTLY DELETE post #%d. Are you sure about that?', $postInfo['post_id']), - 'params' => [ - 'p' => $postInfo['post_id'], - 'm' => 'nuke', - ], - ]); - break; - } + if($postRequestVerified && !$submissionConfirmed) { + url_redirect('forum-post', [ + 'post' => $postInfo['post_id'], + 'post_fragment' => 'p' . $postInfo['post_id'], + ]); + break; + } elseif(!$postRequestVerified) { + Template::render('forum.confirm', [ + 'title' => 'Confirm post nuke', + 'class' => 'fas fa-radiation', + 'message' => sprintf('You are about to PERMANENTLY DELETE post #%d. Are you sure about that?', $postInfo['post_id']), + 'params' => [ + 'p' => $postInfo['post_id'], + 'm' => 'nuke', + ], + ]); + break; } $nukePost = forum_post_nuke($postInfo['post_id']); @@ -197,11 +148,8 @@ switch($postMode) { } AuditLog::create(AuditLog::FORUM_POST_NUKE, [$postInfo['post_id']]); - http_response_code(204); - if(!$isXHR) { - url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]); - } + url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]); break; case 'restore': @@ -210,25 +158,23 @@ switch($postMode) { break; } - if(!$isXHR) { - if($postRequestVerified && !$submissionConfirmed) { - url_redirect('forum-post', [ - 'post' => $postInfo['post_id'], - 'post_fragment' => 'p' . $postInfo['post_id'], - ]); - break; - } elseif(!$postRequestVerified) { - Template::render('forum.confirm', [ - 'title' => 'Confirm post restore', - 'class' => 'fas fa-magic', - 'message' => sprintf('You are about to restore post #%d. Are you sure about that?', $postInfo['post_id']), - 'params' => [ - 'p' => $postInfo['post_id'], - 'm' => 'restore', - ], - ]); - break; - } + if($postRequestVerified && !$submissionConfirmed) { + url_redirect('forum-post', [ + 'post' => $postInfo['post_id'], + 'post_fragment' => 'p' . $postInfo['post_id'], + ]); + break; + } elseif(!$postRequestVerified) { + Template::render('forum.confirm', [ + 'title' => 'Confirm post restore', + 'class' => 'fas fa-magic', + 'message' => sprintf('You are about to restore post #%d. Are you sure about that?', $postInfo['post_id']), + 'params' => [ + 'p' => $postInfo['post_id'], + 'm' => 'restore', + ], + ]); + break; } $restorePost = forum_post_restore($postInfo['post_id']); @@ -239,11 +185,8 @@ switch($postMode) { } AuditLog::create(AuditLog::FORUM_POST_RESTORE, [$postInfo['post_id']]); - http_response_code(204); - if(!$isXHR) { - url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]); - } + url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]); break; default: // function as an alt for topic.php?p= by default @@ -267,13 +210,9 @@ switch($postMode) { unset($postInfo['preceeding_post_deleted_count']); - if($isXHR) { - echo json_encode($postFind); - break; - } - url_redirect('forum-topic', [ 'topic' => $postFind['topic_id'], 'page' => floor($postFind['preceeding_post_count'] / MSZ_FORUM_POSTS_PER_PAGE) + 1, ]); + break; } diff --git a/public/forum/topic.php b/public/forum/topic.php index 681a37e..347a61b 100644 --- a/public/forum/topic.php +++ b/public/forum/topic.php @@ -67,34 +67,24 @@ $validModerationModes = [ ]; if(in_array($moderationMode, $validModerationModes, true)) { - $redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : ''; - $isXHR = !$redirect; - - if($isXHR) { - header('Content-Type: application/json; charset=utf-8'); - } elseif(!is_local_url($redirect)) { - echo render_info('Possible request forgery detected.', 403); - return; - } - if(!CSRF::validateRequest()) { - echo render_info_or_json($isXHR, "Couldn't verify this request, please refresh the page and try again.", 403); + echo render_info("Couldn't verify this request, please refresh the page and try again.", 403); return; } header(CSRF::header()); if(!UserSession::hasCurrent()) { - echo render_info_or_json($isXHR, 'You must be logged in to manage posts.', 401); + echo render_info('You must be logged in to manage posts.', 401); return; } if($topicUser->isBanned()) { - echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403); + echo render_info('You have been banned, check your profile for more information.', 403); return; } if($topicUser->isSilenced()) { - echo render_info_or_json($isXHR, 'You have been silenced, check your profile for more information.', 403); + echo render_info('You have been silenced, check your profile for more information.', 403); return; } @@ -141,56 +131,33 @@ if(in_array($moderationMode, $validModerationModes, true)) { } if($canDeleteCode !== MSZ_E_FORUM_TOPIC_DELETE_OK) { - if($isXHR) { - http_response_code($responseCode); - echo json_encode([ - 'success' => false, - 'topic_id' => $topic['topic_id'], - 'code' => $canDeleteCode, - 'message' => $canDeleteMsg, - ]); - break; - } - echo render_info($canDeleteMsg, $responseCode); break; } - if(!$isXHR) { - if(!isset($_GET['confirm'])) { - Template::render('forum.confirm', [ - 'title' => 'Confirm topic deletion', - 'class' => 'far fa-trash-alt', - 'message' => sprintf('You are about to delete topic #%d. Are you sure about that?', $topic['topic_id']), - 'params' => [ - 't' => $topic['topic_id'], - 'm' => 'delete', - ], - ]); - break; - } elseif(!$submissionConfirmed) { - url_redirect( - 'forum-topic', - ['topic' => $topic['topic_id']] - ); - break; - } + if(!isset($_GET['confirm'])) { + Template::render('forum.confirm', [ + 'title' => 'Confirm topic deletion', + 'class' => 'far fa-trash-alt', + 'message' => sprintf('You are about to delete topic #%d. Are you sure about that?', $topic['topic_id']), + 'params' => [ + 't' => $topic['topic_id'], + 'm' => 'delete', + ], + ]); + break; + } elseif(!$submissionConfirmed) { + url_redirect( + 'forum-topic', + ['topic' => $topic['topic_id']] + ); + break; } $deleteTopic = forum_topic_delete($topic['topic_id']); - if($deleteTopic) { + if($deleteTopic) AuditLog::create(AuditLog::FORUM_TOPIC_DELETE, [$topic['topic_id']]); - } - - if($isXHR) { - echo json_encode([ - 'success' => $deleteTopic, - 'topic_id' => $topic['topic_id'], - 'message' => $deleteTopic ? 'Topic deleted!' : 'Failed to delete topic.', - ]); - break; - } if(!$deleteTopic) { echo render_error(500); @@ -208,24 +175,22 @@ if(in_array($moderationMode, $validModerationModes, true)) { break; } - if(!$isXHR) { - if(!isset($_GET['confirm'])) { - Template::render('forum.confirm', [ - 'title' => 'Confirm topic restore', - 'class' => 'fas fa-magic', - 'message' => sprintf('You are about to restore topic #%d. Are you sure about that?', $topic['topic_id']), - 'params' => [ - 't' => $topic['topic_id'], - 'm' => 'restore', - ], - ]); - break; - } elseif(!$submissionConfirmed) { - url_redirect('forum-topic', [ - 'topic' => $topic['topic_id'], - ]); - break; - } + if(!isset($_GET['confirm'])) { + Template::render('forum.confirm', [ + 'title' => 'Confirm topic restore', + 'class' => 'fas fa-magic', + 'message' => sprintf('You are about to restore topic #%d. Are you sure about that?', $topic['topic_id']), + 'params' => [ + 't' => $topic['topic_id'], + 'm' => 'restore', + ], + ]); + break; + } elseif(!$submissionConfirmed) { + url_redirect('forum-topic', [ + 'topic' => $topic['topic_id'], + ]); + break; } $restoreTopic = forum_topic_restore($topic['topic_id']); @@ -236,13 +201,10 @@ if(in_array($moderationMode, $validModerationModes, true)) { } AuditLog::create(AuditLog::FORUM_TOPIC_RESTORE, [$topic['topic_id']]); - http_response_code(204); - if(!$isXHR) { - url_redirect('forum-category', [ - 'forum' => $topic['forum_id'], - ]); - } + url_redirect('forum-category', [ + 'forum' => $topic['forum_id'], + ]); break; case 'nuke': @@ -251,24 +213,22 @@ if(in_array($moderationMode, $validModerationModes, true)) { break; } - if(!$isXHR) { - if(!isset($_GET['confirm'])) { - Template::render('forum.confirm', [ - 'title' => 'Confirm topic nuke', - 'class' => 'fas fa-radiation', - 'message' => sprintf('You are about to PERMANENTLY DELETE topic #%d. Are you sure about that?', $topic['topic_id']), - 'params' => [ - 't' => $topic['topic_id'], - 'm' => 'nuke', - ], - ]); - break; - } elseif(!$submissionConfirmed) { - url_redirect('forum-topic', [ - 'topic' => $topic['topic_id'], - ]); - break; - } + if(!isset($_GET['confirm'])) { + Template::render('forum.confirm', [ + 'title' => 'Confirm topic nuke', + 'class' => 'fas fa-radiation', + 'message' => sprintf('You are about to PERMANENTLY DELETE topic #%d. Are you sure about that?', $topic['topic_id']), + 'params' => [ + 't' => $topic['topic_id'], + 'm' => 'nuke', + ], + ]); + break; + } elseif(!$submissionConfirmed) { + url_redirect('forum-topic', [ + 'topic' => $topic['topic_id'], + ]); + break; } $nukeTopic = forum_topic_nuke($topic['topic_id']); @@ -279,13 +239,10 @@ if(in_array($moderationMode, $validModerationModes, true)) { } AuditLog::create(AuditLog::FORUM_TOPIC_NUKE, [$topic['topic_id']]); - http_response_code(204); - if(!$isXHR) { - url_redirect('forum-category', [ - 'forum' => $topic['forum_id'], - ]); - } + url_redirect('forum-category', [ + 'forum' => $topic['forum_id'], + ]); break; case 'bump': diff --git a/utility.php b/utility.php index c93acd8..b7c011e 100644 --- a/utility.php +++ b/utility.php @@ -117,17 +117,6 @@ function render_info(?string $message, int $httpCode, string $template = 'errors return \Misuzu\Template::renderRaw(sprintf($template, $httpCode)); } -function render_info_or_json(bool $json, string $message, int $httpCode = 200, string $template = 'errors.%d'): string { - $error = $httpCode >= 400; - http_response_code($httpCode); - - if($json) { - return json_encode([($error ? 'error' : 'message') => $message, 'success' => $error]); - } - - return render_info($message, $httpCode, $template); -} - function html_colour(?int $colour, $attribs = '--user-colour'): string { $colour = $colour == null ? \Misuzu\Colour::none() : new \Misuzu\Colour($colour);