Browse Source

Don't allow marking deleted messages as unread

spaghetti 3 years ago
parent
commit
dad171ef87
2 changed files with 26 additions and 26 deletions
  1. 12
    12
      sections/inbox/massdelete_handle.php
  2. 14
    14
      sections/inbox/takeedit.php

+ 12
- 12
sections/inbox/massdelete_handle.php View File

@@ -1,9 +1,7 @@
1 1
 <?
2
+authorize();
2 3
 
3
-/* replace
4 4
 $UserID = $LoggedUser['ID'];
5
-authorize();
6
-replace */
7 5
 
8 6
 if (!isset($_POST['messages']) || !is_array($_POST['messages'])) {
9 7
   error('You forgot to select messages to delete.');
@@ -33,22 +31,24 @@ if (isset($_POST['delete'])) {
33 31
   $DB->query("
34 32
     UPDATE pm_conversations_users
35 33
     SET
36
-      InInbox='0',
37
-      InSentbox='0',
38
-      Sticky='0',
39
-      UnRead='0'
34
+      InInbox = '0',
35
+      InSentbox = '0',
36
+      Sticky = '0',
37
+      UnRead = '0'
40 38
     WHERE ConvID IN($ConvIDs)
41
-      AND UserID=$UserID");
39
+      AND UserID = $UserID");
42 40
 } elseif (isset($_POST['unread'])) {
43 41
   $DB->query("
44 42
     UPDATE pm_conversations_users
45
-    SET Unread='1'
46
-    WHERE ConvID IN($ConvIDs) AND UserID=$UserID");
43
+    SET Unread = '1'
44
+    WHERE ConvID IN($ConvIDs)
45
+    AND InInbox = '1'
46
+    AND UserID = $UserID");
47 47
 } elseif (isset($_POST['read'])) {
48 48
   $DB->query("
49 49
     UPDATE pm_conversations_users
50
-    SET Unread='0'
51
-    WHERE ConvID IN($ConvIDs) AND UserID=$UserID");
50
+    SET Unread = '0'
51
+    WHERE ConvID IN($ConvIDs) AND UserID = $UserID");
52 52
 }
53 53
 $Cache->delete_value('inbox_new_'.$UserID);
54 54
 

+ 14
- 14
sections/inbox/takeedit.php View File

@@ -3,13 +3,11 @@ authorize();
3 3
 
4 4
 $UserID = $LoggedUser['ID'];
5 5
 $ConvID = $_POST['convid'];
6
-if (!is_number($ConvID)) {
7
-  error(404);
8
-}
6
+
9 7
 $DB->query("
10 8
   SELECT UserID
11 9
   FROM pm_conversations_users
12
-  WHERE UserID='$UserID' AND ConvID='$ConvID'");
10
+  WHERE UserID = ? AND ConvID = ?", $UserID, $ConvID);
13 11
 if (!$DB->has_results()) {
14 12
   error(403);
15 13
 }
@@ -18,27 +16,29 @@ if (isset($_POST['delete'])) {
18 16
   $DB->query("
19 17
     UPDATE pm_conversations_users
20 18
     SET
21
-      InInbox='0',
22
-      InSentbox='0',
23
-      Sticky='0'
24
-    WHERE ConvID='$ConvID' AND UserID='$UserID'");
19
+      InInbox = '0',
20
+      InSentbox = '0',
21
+      Sticky = '0'
22
+    WHERE ConvID = ? AND UserID = ?", $ConvID, $UserID);
25 23
 } else {
26 24
   if (isset($_POST['sticky'])) {
27 25
     $DB->query("
28 26
       UPDATE pm_conversations_users
29
-      SET Sticky='1'
30
-      WHERE ConvID='$ConvID' AND UserID='$UserID'");
27
+      SET Sticky = '1'
28
+      WHERE ConvID = ? AND UserID = ?", $ConvID, $UserID);
31 29
   } else {
32 30
     $DB->query("
33 31
       UPDATE pm_conversations_users
34
-      SET Sticky='0'
35
-      WHERE ConvID='$ConvID' AND UserID='$UserID'");
32
+      SET Sticky = '0'
33
+      WHERE ConvID = ? AND UserID = ?", $ConvID, $UserID);
36 34
   }
37 35
   if (isset($_POST['mark_unread'])) {
38 36
     $DB->query("
39 37
       UPDATE pm_conversations_users
40
-      SET Unread='1'
41
-      WHERE ConvID='$ConvID' AND UserID='$UserID'");
38
+      SET Unread = '1'
39
+      WHERE ConvID = ?
40
+      AND InInbox = '1'
41
+      AND UserID = ?", $ConvID, $UserID);
42 42
     $Cache->increment('inbox_new_'.$UserID);
43 43
   }
44 44
 }

Loading…
Cancel
Save