ponepaste/public/admin/paste_action.php

<?php
define('IN_PONEPASTE', 1);
require_once(__DIR__ . '/common.php');

use PonePaste\Models\AdminLog;
use PonePaste\Models\Paste;

if (empty($_POST['paste_id'])) {
    echo "Error: No paste ID specified.";
    die();
}

$paste = Paste::find((int) $_POST['paste_id']);

if (!$paste) {
    echo "Error: Paste not found.";
    die();
}

if (!verifyCsrfToken()) {
    flashError('Invalid CSRF token (do you have cookies enabled?)');
    header('Location: ' . urlForPaste($paste));
    die();
}

if (isset($_POST['hide'])) {
    if (!can('hide', $paste)) {
        flashError('You do not have permission to hide this paste.');
    } else {
        $is_hidden = !$paste->is_hidden;

        if ($is_hidden) {
            $paste->reports()->update(['open' => false]);
            $paste->deleted_at = date_create();
            $paste->deleted_by_id = $current_user->id;
        } else {
            $paste->deleted_at = null;
            $paste->deleted_by_id = null;
        }

        $paste->is_hidden = $is_hidden;
        $paste->save();
        $redis->del('ajax_pastes'); /* Expire from Redis so it doesn't show up anymore */

        AdminLog::updateAdminHistory($current_user, AdminLog::ACTION_HIDE_PASTE, 'Paste ' . $paste->id . ' ' . ($is_hidden ? 'hidden' : 'unhidden') . '.');
        flashSuccess('Paste ' . ($is_hidden ? 'hidden' : 'unhidden') . '.');
    }

    header('Location: ' . urlForPaste($paste));
    die();
} elseif (isset($_POST['blank'])) {
    if (!can('blank', $paste)) {
        flashError('You do not have permission to blank this paste.');
    } else {
        $paste->content = '';
        $paste->title = 'Removed by moderator';
        $paste->tags()->detach();

        $paste->save();
        $redis->del('ajax_pastes'); /* Expire from Redis so it doesn't show up anymore */
        AdminLog::updateAdminHistory($current_user, AdminLog::ACTION_BLANK_PASTE, 'Paste ' . $paste->id . ' blanked.');

        flashSuccess('Paste contents blanked.');
    }

    header('Location: ' . urlForPaste($paste));
    die();
} else {
    flashError('Internal Error: No action specified.');
    header('Location: ' . urlForPaste($paste));
}
chore: move paste actions to paste_action.php to require admin authentication 2023-07-05 03:22:09 -04:00			`<?php`
			`define('IN_PONEPASTE', 1);`
			`require_once(__DIR__ . '/common.php');`

			`use PonePaste\Models\AdminLog;`
			`use PonePaste\Models\Paste;`

			`if (empty($_POST['paste_id'])) {`
			`echo "Error: No paste ID specified.";`
			`die();`
			`}`

			`$paste = Paste::find((int) $_POST['paste_id']);`

			`if (!$paste) {`
			`echo "Error: Paste not found.";`
			`die();`
			`}`

chore: move user actions to user_action.php 2023-07-05 03:30:16 -04:00			`if (!verifyCsrfToken()) {`
			`flashError('Invalid CSRF token (do you have cookies enabled?)');`
fix: paste_action and user_action CSRF 2023-07-11 03:22:14 -04:00			`header('Location: ' . urlForPaste($paste));`
			`die();`
chore: move user actions to user_action.php 2023-07-05 03:30:16 -04:00			`}`

chore: move paste actions to paste_action.php to require admin authentication 2023-07-05 03:22:09 -04:00			`if (isset($_POST['hide'])) {`
			`if (!can('hide', $paste)) {`
			`flashError('You do not have permission to hide this paste.');`
			`} else {`
			`$is_hidden = !$paste->is_hidden;`

			`if ($is_hidden) {`
			`$paste->reports()->update(['open' => false]);`
feat: better transparency page 2024-10-30 00:22:35 -04:00			`$paste->deleted_at = date_create();`
			`$paste->deleted_by_id = $current_user->id;`
			`} else {`
			`$paste->deleted_at = null;`
			`$paste->deleted_by_id = null;`
chore: move paste actions to paste_action.php to require admin authentication 2023-07-05 03:22:09 -04:00			`}`

			`$paste->is_hidden = $is_hidden;`
			`$paste->save();`
			`$redis->del('ajax_pastes'); /* Expire from Redis so it doesn't show up anymore */`

chore: move updateAdminHistory to AdminLog.php 2023-07-11 03:19:58 -04:00			`AdminLog::updateAdminHistory($current_user, AdminLog::ACTION_HIDE_PASTE, 'Paste ' . $paste->id . ' ' . ($is_hidden ? 'hidden' : 'unhidden') . '.');`
chore: move paste actions to paste_action.php to require admin authentication 2023-07-05 03:22:09 -04:00			`flashSuccess('Paste ' . ($is_hidden ? 'hidden' : 'unhidden') . '.');`
			`}`

			`header('Location: ' . urlForPaste($paste));`
			`die();`
			`} elseif (isset($_POST['blank'])) {`
			`if (!can('blank', $paste)) {`
			`flashError('You do not have permission to blank this paste.');`
			`} else {`
			`$paste->content = '';`
			`$paste->title = 'Removed by moderator';`
			`$paste->tags()->detach();`

			`$paste->save();`
			`$redis->del('ajax_pastes'); /* Expire from Redis so it doesn't show up anymore */`
fix: make CSRF tokens exist for the duration of the session 2023-07-11 03:20:58 -04:00			`AdminLog::updateAdminHistory($current_user, AdminLog::ACTION_BLANK_PASTE, 'Paste ' . $paste->id . ' blanked.');`
chore: move paste actions to paste_action.php to require admin authentication 2023-07-05 03:22:09 -04:00
			`flashSuccess('Paste contents blanked.');`
			`}`

			`header('Location: ' . urlForPaste($paste));`
			`die();`
			`} else {`
			`flashError('Internal Error: No action specified.');`
			`header('Location: ' . urlForPaste($paste));`
			`}`