<%= OutputCSS() %> <% if not fromThisDomain("edit.asp?") then response.clear response.redirect (forumdir&"first.asp?error=referer") response.end end if if request.form("jsenabled")="false" then response.clear response.redirect (forumdir&"first.asp") response.end end if Dim messageID, subject, Body, objConn, SQL, edit, searchstring, lastModified, dateCreated, forumID, appid, deleteupfile Dim upfile, objCom, foruminfo, upfileori, memori, oriupfilename, finalupfile, objFSO, action, withsig, p, tmode, embed Dim objRS, mem, locked, access, allforum, makeRevision,parentAuthor,adminmod,mode, allowPoll dim smode, isAdminOrMod:isAdminOrMod = 0 action = "edit" p = request.form("p") tmode = request.form("tmode") smode = request.form("smode") appid = request.form("appid") forumID = request.form("forumID") Subject = trim(request.form("subject")) Body = trim(request.form("body")) messageID = request.form("messageID") deleteupfile = request.form("deleteupfile") upfileori = request.form("upfileori") memori = request.form("memori") upfile = CheckDelimitedFormat(request.form("upfile"),"|") withsig = request.form("withsig") embed = request.form("embed") 'parentAuthor = Trim(request.form("parentAuthor")&"") adminmod = CheckedOrNot(request.form("adminmod")&"") 'if len(parentAuthor) <> 0 then body = parentAuthor&chr(1)&body allforum = Application(dbName&"foruminfo") access = false Dim objPermission Set objPermission = new PermissionSetting With objPermission .memID = memID .appid = appid .GetPermission(true) allowpoll = .poll mode = .isModerator End With Set objPermission = nothing ' New security check to prevent domain spoofing by skillful hacker set objRS = server.createobject("adodb.recordset") with objRS .CacheSize = 1 .open "SELECT mem, locked FROM pgd_messages WHERE forumID="&Clng(forumID)&" AND messageID="&Clng(messageID), datastore, , , adCmdText If not (.EOF or .BOF) then mem = .fields(0) locked = .fields(1) End if .close end with set objRS=nothing if not isGuest then SELECT CASE memID CASE cStr(mem) access = true END SELECT end if if locked = 1 then access = false if isAdmin or mode then access = true isAdminOrMod = 1 end if if not access then response.end ' end of new security check withsig = CheckedOrNot(withsig) if deleteupfile = "on" and (lcase(upfile) = lcase(upfileori)) then 'delete the file set objFSO = Server.CreateObject("Scripting.FileSystemObject") with objFSO Dim i, arrUpfiles:arrUpfiles=split(upfileori,"|") for i=0 to ubound(arrUpfiles) oriupfilename = server.mappath("upfiles/"&memori&"/"&arrUpfiles(i)) if .fileexists(oriupfilename) then .DeleteFile oriupfilename, true next end with set objFSO = nothing finalupfile = "" elseif deleteupfile <> "on" and (lcase(upfile) = lcase(upfileori)) then 'no change finalupfile = upfileori elseif (lcase(upfile) <> lcase(upfileori)) then 'upload another file finalupfile = upfile end if if len(subject)=0 or len(body) = 0 then response.write (emptyTextBoxWarning&"
") response.write (""&javascriptBackDesc&"") response.end end if if embed = "on" then if len(finalupfile)<>0 then arrUpfiles=split(finalupfile,"|") for i = 0 to ubound(arrUpfiles) Dim fileExt:fileExt = Lcase(right(arrUpfiles(i),len(arrUpfiles(i))-instr(arrUpfiles(i),"."))) if fileExt = "gif" or fileExt = "jpg" or fileExt = "bmp" or fileExt = "png" or fileExt = "jpeg" then body = body & vbCrlf & vbCrlf & "[image]local://upfiles/" & memID & "/" & arrUpfiles(i) & "[/image]" end if next end if end if '========================================================= body = SQLin(body) subject = SQLin(subject) subject = replace(subject,chr(1),"")'safetree '========================================================= %><% dateCreated=SQLNowDate() edit = "< "&editByDesc&" "& memLogin &" -- "& SQLDate(dateCreated, Application(dbName&"timeoffset"), true) &" >" set objCom = server.createobject("adodb.command") with objCom .activeconnection = datastore .commandText = dbOwnerPrefix&"spEdit" .commandType = adCmdStoredProc .Parameters.Append .Createparameter("@nv_edit_edit", adVarChar, adParamInput, 100, edit) .Parameters.Append .Createparameter("@nv_edit_subject", adVarChar, adParamInput, 255, subject) .Parameters.Append .Createparameter("@nt_edit_body", adLongVarWChar, adParamInput, 2147483647, body) .Parameters.Append .Createparameter("@nv_edit_searchstring", adVarChar, adParamInput, 150, searchstring) .Parameters.Append .Createparameter("@int_edit_msgID", adInteger, adParamInput, 0, messageID) .Parameters.Append .Createparameter("@nv_edit_upfile", adVarChar, adParamInput, 500, finalupfile) .Parameters.Append .Createparameter("@int_edit_forumID", adInteger, adParamInput, 0, forumID) .Parameters.Append .Createparameter("@int_msgIcons", adUnsignedTinyInt, adParamInput, 0, request.form("msgIcons")) .Parameters.Append .Createparameter("@int_msgIcons", adUnsignedTinyInt, adParamInput, 0, withsig) .Parameters.Append .Createparameter("@isTop", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makePin"))) .Parameters.Append .Createparameter("@isFAQ", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makeFAQ"))) .Parameters.Append .Createparameter("@locked", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makeLock"))) .Parameters.Append .Createparameter("@makeRevision", adUnsignedTinyInt, adParamInput, 0, CheckedOrNot(request.form("makeRevision"))) .Parameters.Append .Createparameter("@adminmod", adUnsignedTinyInt, adParamInput, 0, adminmod) .Parameters.Append .Createparameter("@isAdminOrMod", adUnsignedTinyInt, adParamInput, 0, isAdminOrMod) .execute , , adExecuteNoRecords end with set objCom = nothing if request.form("allowpoll")="true" and allowpoll then Dim arrPollOptions, numberOfOptions, iPollOption, choiceID, allowMultiple, strSQLAddPoll strSQLAddPoll = "" allowMultiple = CheckedOrNot(request.form("allowMultiple")) 'if allowMultiple = "on" then allowMultiple = 1 else allowMultiple = 0 numberOfOptions = CLng(request.form("numberOfOptions")) Redim arrPollOptions(numberOfOptions-1) for iPollOption = 1 to numberOfOptions arrPollOptions(iPollOption-1) = SQLAccessInput(trim(request.form("pollOption"&iPollOption))) next choiceID = 0 for iPollOption = 0 to ubound(arrPollOptions) if not len(arrPollOptions(iPollOption))=0 then choiceID = choiceID + 1 strSQLAddPoll = strSQLAddPoll & "INSERT INTO pgd_Poll (pollID, forumID, choiceID, choice, allowMultiple) VALUES ({selfMessageID}"&_ ", "&Clng(forumid)&", "&Clng(choiceID)&", '"&arrPollOptions(iPollOption)&"', "&allowMultiple&") " end if next if choiceID>0 then ' user indeed insert options strSQLAddPoll = strSQLAddPoll & "update pgd_messages Set isPoll = 1 WHERE messageID="&messageID Dim objCon Set objCon = server.createobject("adodb.connection") with objCon .open datastore .execute Replace(strSQLAddPoll,"{selfMessageID}",messageID), , adCmdtext + adExecuteNoRecords .close end with set objCon = nothing end if end if response.write "" %>