class Andy_ChangeDate_Listener
{
public static function Post($class, array &$extend)
{
$extend[] = 'Andy_ChangeDate_ControllerPublic_Post';
}
public static function loadClassModel($class, array &$extend)
{
$extend[] = 'Andy_ChangeDate_Model_Post';
}
}
I tried that, but I still get the same error.
PHP:$db->fetchAllKeyed(' SELECT post_id FROM xf_post WHERE thread_id= ? ORDER BY post_date ASC ', 'post_id', $thread_id);
Question, what does the ? mark do? I see that in the Xenforo code but never understood it.
Yes, I also updated my post #120.If I understand correctly, I should create the following folder and file:
library/Andy/ChangeDate/Model/Post.php
and queries should be contained in this file?
$this->recalculatePostPositionsInThread($threadId);
I have access to Andys addon and I think Andys code is good. The post id is fetched with XenForo_Input::UINT and the $threadId is fetched from xenForos database. I think this is secure.The variable(s) (in this case $thread_id) are securely swapped in in place of the ?
By simply using string concatenation in your code, you've introduced SQL injection vulnerabilities.
class Andy.......
{
.... here are your action classes ...
public function actionChangedatesave()
{
.....
$postModel = $this->_getPostModel();
$postModel->recalculatePostPositionsInThread($threadId);
...
}
protected function _getPostModel()
{
return $this->getModelFromCache('XenForo_Model_Post');
}
}
$this->_getPostModel()->recalculatePostPositionsInThread($threadId);
I have access to Andys addon and I think Andys code is good. The post id is fetched with XenForo_Input::UINT and the $threadId is fetched from xenForos database. I think this is secure.
/**
* Rebuilds the discussion info.
*
* @return boolean True if still valid
*/
public function rebuildDiscussion()
$dw = XenForo_DataWriter::create('XenForo_DataWriter_Discussion_Thread');
$dw->setExistingData('thread_id', $threadId);
$dw->rebuildDiscussion();
$dw->save();
$dw = XenForo_DataWriter::create('XenForo_DataWriter_DiscussionMessage_Post');
$dw->setExistingData('post_id', $postId);
$dw->set('date', $newDate);
$dw->save();
// fetching thread_id from the DataWriter
$threadId = $dw->get('thread_id');
$dw = XenForo_DataWriter::create('XenForo_DataWriter_Discussion_Thread');
$dw->setExistingData('thread_id', $threadId);
$dw->rebuildDiscussion();
// Maybe it works even without this:
$dw->save();
public action Changedatesave()
{
$this->_assertPostOnly();
// if you are not a super admin, you will get an error
if (!XenForo_Visitor::getInstance()->isSuperAdmin())
{
return;
}
$postId= $this->_input->filterSingle('post_id', XenForo_Input::UINT);
......
$dw = XenForo_DataWriter::create('XenForo_DataWriter_DiscussionMessage_Post');
$dw->setExistingData('post_id', $postId);
$dw->set('date', $newDate);$dw->save();
// fetching thread_id from the DataWriter
$threadId = $dw->get('thread_id');
$dw = XenForo_DataWriter::create('XenForo_DataWriter_Discussion_Thread');
$dw->setExistingData('thread_id', $threadId);
$dw->rebuildDiscussion();
// Maybe it works even without this:
$dw->save();
$post['post_id'] = $postId;
return $this->responseRedirect(
XenForo_ControllerResponse_Redirect::SUCCESS,
XenForo_Link::buildPublicLink('posts', $post),'Post Date Changed');
}
<?php
class Andy_ChangeDate_ControllerPublic_Post extends XFCP_Andy_ChangeDate_ControllerPublic_Post
{
public function actionChangedate()
{
$post['post_id'] = $this->_input->filterSingle('post_id', XenForo_Input::UINT);
$viewParams = array('post' => $post,
);
if (XenForo_Visitor::getInstance()->isSuperAdmin())
{
return $this->responseView('Andy_DateChange_ViewPublic_Post','andy_changedate',$viewParams);
}
}
public function actionChangedatesave()
{
$this->_assertPostOnly();
// if you are not a super admin, you will get an error
if (!XenForo_Visitor::getInstance()->isSuperAdmin())
{
return;
}
$postId= $this->_input->filterSingle('post_id', XenForo_Input::UINT);
// get input text from template
$newPostDate = $this->_input->filterSingle('new_post_date', XenForo_Input::STRING);
if ($newPostDate == '')
{
return $this->responseError(new XenForo_Phrase('date_missing'));
}
// get input text from template
$newPostTime = $this->_input->filterSingle('new_post_time', XenForo_Input::STRING);
if ($newPostTime == '')
{
return $this->responseError(new XenForo_Phrase('time_missing'));
}
// convert to unix timestamp
date_default_timezone_set('America/Los_Angeles');
$date = $newPostDate . ' ' . $newPostTime;
$newDate = strtotime($date);
if ($newDate == '')
{
return $this->responseError(new XenForo_Phrase('date_or_time_format_incorrect'));
}
//########################################
// start database operations
//########################################
$dw = XenForo_DataWriter::create('XenForo_DataWriter_DiscussionMessage_Post');
$dw->setExistingData('post_id', $postId);
$dw->set('date', $newDate);
$dw->save();
// fetching thread_id from the DataWriter
$threadId = $dw->get('thread_id');
$dw = XenForo_DataWriter::create('XenForo_DataWriter_Discussion_Thread');
$dw->setExistingData('thread_id', $threadId);
$dw->rebuildDiscussion();
// Maybe it works even without this:
$dw->save();
$post['post_id'] = $postId;
return $this->responseRedirect(
XenForo_ControllerResponse_Redirect::SUCCESS,
XenForo_Link::buildPublicLink('posts', $post),'Post Date Changed');
}
}
?>
We use essential cookies to make this site work, and optional cookies to enhance your experience.