vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Beta Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=5)
-   -   Quote Post PM (https://vborg.vbsupport.ru/showthread.php?t=49669)

Mutt 03-04-2003 10:00 PM
Quote Post PM
 
Inspired by Private Message Auto-Subject Hack

If you want to pm a member about a post, you click his pm link under that post and get a blank pm form. This hack changes the pm link so that the user's post is quoted in the pm form.

basically it adds the post id to the link and then uses the quote reply code from newreply.php. this hasn't been fully tested (thus beta), but as far as I can see this should check to make sure the person has the right to see the post he is trying to quote.
Please let me know

Mutt

Boofo 03-05-2003 06:30 AM
If it uses the send_pm button, wouldn't the user have to be able to view the post to see the button? No post, no button to click?

And it works great so far, by the way. ;)

Bob 03-05-2003 06:36 AM
Thanks for this one!!! I was wanting something like this. Easier then copying and pasting all the time :D:D

Boofo 03-05-2003 06:45 AM
I have a question, Mutt. Why are these 2 lines AFTER you call the quote reply? The first line is already before you add your code.

PHP Code:
    $message[message] = htmlspecialchars($message[message]); // Without this, a </textarea> in the message breaks the form on preview
      $subject htmlspecialchars($subject); 
And wouldn't it be better to change this:

PHP Code:
    eval("\$message[message] = \"".gettemplate("quotereply",1,0)."\";"); 
to this:

PHP Code:
    eval("\$message[message] = \"".gettemplate("quotereply",1,0)."\n\n\";"); 
so you will be down 2 lines from the quote, instead of on the quote line, when you click in the box? Just a thought. ;)

Boofo 03-05-2003 06:54 AM
Ok, it works, but if you quote the message to someone and then change the username before you send it, it will send the message to that user whether they are allowed to view that message or not. Someone could quote a post for someone else that can't view the area. Does that make any sense?

LeeCHeSSS 03-05-2003 08:03 AM
What's to stop anyone from doing that without this hack?

Boofo 03-05-2003 08:55 AM
Nothing. But without this hack, they wouldn't be able to quote the message. ;)

I have a small fix for those posts that don't have a post title. This will put a Re: thread title in if there is no post title on the message. Otherwise, on a message with no post title, you will have to manually enter a subject to be able to send the message. Kind of defeats some of the purpose of this hack without it. ;)

Find:

PHP Code:
    if ($postinfo[title]!="") {
      $subject="Re: ".unhtmlspecialchars($postinfo[title]);
    } 
and replace it with:

PHP Code:
    if ($postinfo[title]!="") {
      $subject="Re: ".unhtmlspecialchars($postinfo[title]);
    } else {
      $subject="Re: ".unhtmlspecialchars($threadinfo[title]);
    } 
I also have it where it will put in the username and the subject but no quote if you are using Firefly's hidden reply Hack and you don't want any of the Mods or Admins to quote the hidden message to anyone. Just a catch-all, if anyone is interested. ;)

Dean C 03-05-2003 03:21 PM
Good to see you back posting hacks again Mutt :D!

Regards

- miSt

Mutt 03-05-2003 07:51 PM
Boofo, thanks for the title fix, I like it.

as for the 2 htmlspecialchar lines, I'm not sure, but they were in the quote code from newreply.php so I left them.

the security checks were someone couldn't hit the pm quote link in a thread they had access to and then manually change the url to a differnet postid that they can't see. whithout the checks, someone could theoretically see a post they shouldn't. I 'm 90% sure that the checks in there now are sufficent. I was hoping someone else might be able to give it the thumbs up or perhapos even simplify the checks. I guess I should have just looked at the showpost code from showthread, but I didn't think of that until just now :)

Mist, vb3 is a coming. I need to get back into the swing of things. :classic:

Boofo 03-05-2003 08:01 PM
Quote:
Originally posted by Mutt
[B]Boofo, thanks for the title fix, I like it.
You're very welcome. ;) I also have a fix for anyone who wants to turn off the quote feature (but leave the title and name) for any given user (like if they have certain vbcode they use that they don't want anyone finding out about by quoting the message).

Quote:
as for the 2 htmlspecialchar lines, I'm not sure, but they were in the quote code from newreply.php so I left them.
I didn't find them in my code (2.2.9) but it works fine without them so you can take them out if you want.

Quote:
the security checks were someone couldn't hit the pm quote link in a thread they had access to and then manually change the url to a different postid that they can't see. without the checks, someone could theoretically see a post they shouldn't. I 'm 90% sure that the checks in there now are sufficient. I was hoping someone else might be able to give it the thumbs up or perhaps even simplify the checks. I guess I should have just looked at the showpost code from showthread, but I didn't think of that until just now :)
Ok, I see what you meant now. Changing the link itself. Ahhh...I didn't even catch that. Good eyes! ;)


All times are GMT. The time now is 01:41 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01003 seconds
  • Memory Usage 1,746KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_php_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete