if an admin tries to use a banned tag (eg during a mass-revert), ignore it

2020-07-29 14:03:28 +01:00 · 2020-07-29 14:03:28 +01:00 · aeb9829c9a
commit aeb9829c9a
parent 8c713af952
2 changed files with 53 additions and 10 deletions
--- a/ext/not_a_tag/main.php
+++ b/ext/not_a_tag/main.php
@ -55,7 +55,12 @@ class NotATag extends Extension

    public function onTagSet(TagSetEvent $event)
    {
-        $this->scan($event->tags);
+        global $user;
+        if ($user->can(Permissions::BAN_IMAGE)) {
+            $event->tags = $this->strip($event->tags);
+        } else {
+            $this->scan($event->tags);
+        }
    }

    /**
@ -70,17 +75,36 @@ class NotATag extends Extension
            $tags[] = strtolower($tag);
        }

-        $pairs = $database->get_all("SELECT * FROM untags");
-        foreach ($pairs as $tag_url) {
-            $tag = strtolower($tag_url[0]);
-            $url = $tag_url[1];
-            if (in_array($tag, $tags)) {
-                header("Location: $url");
-                exit; # FIXME: need a better way of aborting the tag-set or upload
+        $pairs = $database->get_pairs("SELECT LOWER(tag), redirect FROM untags");
+        foreach ($pairs as $tag => $url) {
+            if (in_array(strtolower($tag), $tags)) {
+                throw new TagSetException("Invalid tag used: $tag", $url);
            }
        }
    }

+    /**
+     * #param string[] $tags
+     */
+    private function strip(array $tags): array
+    {
+        global $database;
+        $untags = $database->get_col("SELECT LOWER(tag) FROM untags");
+
+        $ok_tags = [];
+        foreach ($tags as $tag) {
+            if (!in_array(strtolower($tag), $untags)) {
+                $ok_tags[] = $tag;
+            }
+        }
+
+        if (count($ok_tags) == 0) {
+            $ok_tags = ["tagme"];
+        }
+
+        return $ok_tags;
+    }
+
    public function onPageSubNavBuilding(PageSubNavBuildingEvent $event)
    {
        global $user;
--- a/ext/tag_edit/main.php
+++ b/ext/tag_edit/main.php
@ -38,6 +38,17 @@ class SourceSetEvent extends Event
 }


+class TagSetException extends SCoreException
+{
+    public $redirect;
+
+    public function __construct(string $msg, ?string $redirect = null)
+    {
+        parent::__construct($msg, null);
+        $this->redirect = $redirect;
+    }
+}
+
 class TagSetEvent extends Event
 {
    /** @var Image */
@ -162,7 +173,7 @@ class TagEdit extends Extension

    public function onImageInfoSet(ImageInfoSetEvent $event)
    {
-        global $user;
+        global $page, $user;
        if ($user->can(Permissions::EDIT_IMAGE_OWNER) && isset($_POST['tag_edit__owner'])) {
            $owner = User::by_name($_POST['tag_edit__owner']);
            if ($owner instanceof User) {
@ -172,7 +183,15 @@ class TagEdit extends Extension
            }
        }
        if ($user->can(Permissions::EDIT_IMAGE_TAG) && isset($_POST['tag_edit__tags'])) {
-            send_event(new TagSetEvent($event->image, Tag::explode($_POST['tag_edit__tags'])));
+            try {
+                send_event(new TagSetEvent($event->image, Tag::explode($_POST['tag_edit__tags'])));
+            } catch (TagSetException $e) {
+                if ($e->redirect) {
+                    $page->flash("{$e->getMessage()}, please see {$e->redirect}");
+                } else {
+                    $page->flash($e->getMessage());
+                }
+            }
        }
        if ($user->can(Permissions::EDIT_IMAGE_SOURCE) && isset($_POST['tag_edit__source'])) {
            if (isset($_POST['tag_edit__tags']) ? !preg_match('/source[=|:]/', $_POST["tag_edit__tags"]) : true) {