preimpression · AnimatedCritter · Feb 3, 2023 · Feb 3, 2023 · Mar 26, 2023 · May 28, 2023
diff --git a/app/Console/Commands/UpdateCommentTypes.php b/app/Console/Commands/UpdateCommentTypes.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Comment;
+use Illuminate\Console\Command;
+
+class UpdateCommentTypes extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'update-comment-types';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Updates comment types.';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     */
+    public function handle()
+    {
+        $comments = Comment::where('commentable_type', 'App\Models\Report\Report')->where('type', 'User-User');
+
+        if($comments->count()) {
+            $this->line('Updating comment types...');
+            $comments->update(['type' => 'Staff-User']);
+        } else {
+            $this->info('No comments to update!');
+        }
+
+        return 0;
+    }
+}
diff --git a/app/Helpers/Helpers.php b/app/Helpers/Helpers.php
@@ -101,7 +101,6 @@ function parse($text, &$pings = null) {
     $config->set('Attr.EnableID', true);
     $config->set('HTML.DefinitionID', 'include');
     $config->set('HTML.DefinitionRev', 2);
-	$config->set('Cache.DefinitionImpl', null); // TODO: remove this later!
     if ($def = $config->maybeGetRawHTMLDefinition()) {
         $def->addElement('include', 'Block', 'Empty', 'Common', array('file*' => 'URI', 'height' => 'Text', 'width' => 'Text'));
 		$def->addAttribute('a', 'data-toggle', 'Enum#collapse,tab');

diff --git a/app/Http/Controllers/Characters/CharacterController.php b/app/Http/Controllers/Characters/CharacterController.php
@@ -147,7 +147,7 @@ public function getCharacterGallery($slug)
     {
         return view('character.gallery', [
             'character' => $this->character,
-            'submissions' => GallerySubmission::whereIn('id', $this->character->gallerySubmissions->pluck('gallery_submission_id')->toArray())->visible()->accepted()->orderBy('created_at', 'DESC')->paginate(20),
+            'submissions' => GallerySubmission::whereIn('id', $this->character->gallerySubmissions->pluck('gallery_submission_id')->toArray())->visible(Auth::user() ?? null)->orderBy('created_at', 'DESC')->paginate(20),
         ]);
     }
 

diff --git a/app/Http/Controllers/PermalinkController.php b/app/Http/Controllers/PermalinkController.php
@@ -12,6 +12,7 @@
 use App\Models\Model;
 
 use App\Models\Comment;
+use App\Models\Report\Report;
 
 class PermalinkController extends Controller
 {
@@ -25,33 +26,49 @@ public function getComment($id) {
         $comments = Comment::withTrashed()->get();
         //$comments = $comments->sortByDesc('created_at');
         $comment = $comments->find($id);
-         
+
         if(!$comment) abort(404);
         if(!$comment->commentable) abort(404);
 
         // Check if the comment can be viewed
         switch($comment->type) {
             case "Staff-User":
                 if(!Auth::check()) abort(404);
-                $submission = GallerySubmission::find($comment->commentable_id);
-                $isMod = Auth::user()->hasPower('manage_submissions');
-                $isOwner = ($submission->user_id == Auth::user()->id);
-                $isCollaborator = $submission->collaborators->where('user_id', Auth::user()->id)->first() != null ? true : false;
-                if(!$isMod && !$isOwner && !$isCollaborator) abort(404);
-                break;
+                switch($comment->commentable_type) {
+                    case 'App\Models\Gallery\GallerySubmission':
+                        $submission = GallerySubmission::where('id', $comment->commentable_id)->first();
+                        $isMod = Auth::user()->hasPower('manage_submissions');
+                        $isOwner = ($submission->user_id == Auth::user()->id);
+                        $isCollaborator = $submission->collaborators->where('user_id', Auth::user()->id)->first() != null ? true : false;
+                        if(!$isMod && !$isOwner && !$isCollaborator) abort(404);
+                        break;
+                    case 'App\Models\Report\Report':
+                        $report = Report::where('id', $comment->commentable_id)->first();
+                        $isMod = Auth::user()->hasPower('manage_reports');
+                        $isOwner = ($report->user_id == Auth::user()->id);
+                        if(!$isMod && !$isOwner) abort(404);
+                        break;
+                    default:
+                        if(!Auth::user()->isStaff) abort(404);
+                        break;
+                }
             case "Staff-Staff":
                 if(!Auth::check()) abort(404);
-                if(!Auth::user()->hasPower('manage_submissions')) abort(404);
-                break;
-            default:
+                if(!Auth::user()->isStaff) abort(404);
+                // More specific filtering depending on circumstance
+                switch($comment->commentable_type) {
+                    case 'App\Models\Gallery\GallerySubmission':
+                        if(!Auth::user()->hasPower('manage_submissions')) abort(404);
+                        break;
+                }
                 break;
         }
 
         if($comment->commentable_type == 'App\Models\User\UserProfile') $comment->location = $comment->commentable->user->url;
         else $comment->location = $comment->commentable->url;
-        
+
         return view('comments._perma_layout',[
-            'comment' => $comment,            
+            'comment' => $comment,
         ]);
     }
 }
diff --git a/app/Http/Controllers/Users/AccountController.php b/app/Http/Controllers/Users/AccountController.php
@@ -146,6 +146,24 @@ public function postBirthday(Request $request, UserService $service)
         return redirect()->back();
     }
 
+    /**
+     * Changes user last-online setting
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  App\Services\UserService  $service
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function postLastOnline(Request $request, UserService $service)
+    {
+        if($service->updateLastOnline($request->input('last_online_setting'), Auth::user())) {
+            flash('Setting updated successfully.')->success();
+        }
+        else {
+            foreach($service->errors()->getMessages()['error'] as $error) flash($error)->error();
+        }
+        return redirect()->back();
+    }
+
     /**
      * Shows the notifications page.
      *

diff --git a/app/Http/Controllers/Users/UserController.php b/app/Http/Controllers/Users/UserController.php
@@ -65,7 +65,7 @@ public function getUser($name)
     {
         $characters = $this->user->characters();
         if(!Auth::check() || !(Auth::check() && Auth::user()->hasPower('manage_characters'))) $characters->visible();
-        
+
         return view('user.profile', [
             'user' => $this->user,
             'items' => $this->user->items()->where('count', '>', 0)->orderBy('user_items.updated_at', 'DESC')->take(4)->get(),
@@ -84,7 +84,7 @@ public function getUserAliases($name)
     {
         $aliases = $this->user->aliases();
         if(!Auth::check() || !(Auth::check() && Auth::user()->hasPower('edit_user_info'))) $aliases->visible();
-        
+
         return view('user.aliases', [
             'user' => $this->user,
             'aliases' => $aliases->orderBy('is_primary_alias', 'DESC')->orderBy('site')->get(),
@@ -299,7 +299,7 @@ public function getUserGallery($name)
     {
         return view('user.gallery', [
             'user' => $this->user,
-            'submissions' => $this->user->gallerySubmissions()->paginate(20),
+            'submissions' => $this->user->gallerySubmissions()->visible(Auth::user() ?? null)->paginate(20),
             'sublists' => Sublist::orderBy('sort', 'DESC')->get()
         ]);
     }
@@ -315,7 +315,7 @@ public function getUserFavorites($name)
         return view('user.favorites', [
             'user' => $this->user,
             'characters' => false,
-            'favorites' => GallerySubmission::whereIn('id', $this->user->galleryFavorites()->pluck('gallery_submission_id')->toArray())->visible(Auth::check() ? Auth::user() : null)->accepted()->orderBy('created_at', 'DESC')->paginate(20),
+            'favorites' => GallerySubmission::whereIn('id', $this->user->galleryFavorites()->pluck('gallery_submission_id')->toArray())->visible(Auth::user() ?? null)->orderBy('created_at', 'DESC')->paginate(20),
             'sublists' => Sublist::orderBy('sort', 'DESC')->get()
         ]);
     }
@@ -335,7 +335,7 @@ public function getUserOwnCharacterFavorites($name)
         return view('user.favorites', [
             'user' => $this->user,
             'characters' => true,
-            'favorites' => $this->user->characters->count() ? GallerySubmission::whereIn('id', $userFavorites)->whereIn('id', GalleryCharacter::whereIn('character_id', $userCharacters)->pluck('gallery_submission_id')->toArray())->visible(Auth::check() ? Auth::user() : null)->accepted()->orderBy('created_at', 'DESC')->paginate(20) : null,
+            'favorites' => $this->user->characters->count() ? GallerySubmission::whereIn('id', $userFavorites)->whereIn('id', GalleryCharacter::whereIn('character_id', $userCharacters)->pluck('gallery_submission_id')->toArray())->visible(Auth::user() ?? null)->orderBy('created_at', 'DESC')->paginate(20) : null,
             'sublists' => Sublist::orderBy('sort', 'DESC')->get()
         ]);
     }

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -19,6 +19,7 @@ class Kernel extends HttpKernel
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
         \App\Http\Middleware\TrustProxies::class,
+        \App\Http\Middleware\ParsePostRequestFields::class,
     ];
 
     /**

diff --git a/app/Http/Middleware/ParsePostRequestFields.php b/app/Http/Middleware/ParsePostRequestFields.php
@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class ParsePostRequestFields
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
+     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
+     */
+    public function handle(Request $request, Closure $next) {
+        if ($request->isMethod('post')) {
+            $excludedFields = ['_token', 'password', 'email', 'description', 'text'];
+            $strippedFields = ['name', 'title'];
+
+            $parsedFields = [];
+            foreach ($request->except($excludedFields) as $key => $value) {
+                if (is_array($value)) {
+                    $parsedFields[$key] = $this->parseArray($value, $strippedFields);
+                } else {
+                    if (is_numeric($value)) {
+                        continue;
+                    }
+
+                    if (in_array($key, $strippedFields)) { // we strip these since parse() doesn't remove HTML tags
+                        $parsedFields[$key] = parse(strip_tags($value));
+                    } else {
+                        $parsedFields[$key] = parse($value);
+                    }
+                }
+            }
+
+            $request->merge($parsedFields);
+        }
+
+        return $next($request);
+    }
+
+    /**
+     * Recursively parse array values.
+     *
+     * @param  array  $array
+     * @param  array  $strippedFields
+     * @return array
+     */
+    private function parseArray(array $array, array $strippedFields) : array {
+        foreach ($array as $key => $value) {
+            if (is_numeric($value)) {
+                continue;
+            }
+
+            if (is_array($value)) {
+                $array[$key] = $this->parseArray($value, $strippedFields);
+            } else {
+                if (in_array($key, $strippedFields)) {
+                    $array[$key] = parse(strip_tags($value));
+                } else {
+                    $array[$key] = parse($value);
+                }
+            }
+        }
+
+        return $array;
+    }
+}
diff --git a/app/Models/Sales/SalesCharacter.php b/app/Models/Sales/SalesCharacter.php
@@ -168,16 +168,18 @@ public function getPriceAttribute()
                 ;
                 break;
             case 'ota':
-                return (isset($this->data['autobuy']) ? '<br/>Autobuy: '.$symbol.$this->data['autobuy'] : '');
+                return (isset($this->data['autobuy']) ? 'Autobuy: '.$symbol.$this->data['autobuy'].'<br/>' : '').
+				(isset($this->data['minimum']) ? 'Minimum: '.$symbol.$this->data['minimum'].'<br/>' : '');
                 break;
             case 'xta':
-                return (isset($this->data['autobuy']) ? '<br/>Autobuy: '.$symbol.$this->data['autobuy'] : '');
+                return (isset($this->data['autobuy']) ? 'Autobuy: '.$symbol.$this->data['autobuy'].'<br/>' : '').
+				(isset($this->data['minimum']) ? 'Minimum: '.$symbol.$this->data['minimum'].'<br/>' : '');
                 break;
             case 'flaffle':
                 return 'Price: '.$symbol.$this->data['price'];
                 break;
             case 'pwyw':
-                return 'Minimum: '.$symbol.$this->data['minimum'];
+                return (isset($this->data['minimum']) ? 'Minimum: '.$symbol.$this->data['minimum'].'<br/>' : '');
                 break;
         }
     }

diff --git a/app/Models/User/User.php b/app/Models/User/User.php
@@ -172,7 +172,7 @@ public function items()
      */
     public function gallerySubmissions()
     {
-        return $this->hasMany('App\Models\Gallery\GallerySubmission')->where('user_id', $this->id)->orWhereIn('id', GalleryCollaborator::where('user_id', $this->id)->where('type', 'Collab')->pluck('gallery_submission_id')->toArray())->visible($this)->accepted()->orderBy('created_at', 'DESC');
+        return $this->hasMany('App\Models\Gallery\GallerySubmission')->where('user_id', $this->id)->orWhereIn('id', GalleryCollaborator::where('user_id', $this->id)->where('type', 'Collab')->pluck('gallery_submission_id')->toArray())->orderBy('created_at', 'DESC');
     }
 
     /**
@@ -348,15 +348,39 @@ public function getLogTypeAttribute()
     // Check if user is online and display When they were online
     public function isOnline()
     {
+        $onlineStatus = Cache::has('user-is-online-' . $this->id);
+        $online = Carbon::createFromTimeStamp(strtotime(Cache::get('user-is-online-time-' . $this->id)));
+        $onlineTime = isset($this->last_seen) ? Carbon::parse($this->last_seen)->diffForHumans() : 'a long time ago';
 
-      $onlineStatus = Cache::has('user-is-online-' . $this->id);
-      $online = Carbon::createFromTimeStamp(strtotime(Cache::get('user-is-online-time-' . $this->id)));
-      $onlineTime = isset($this->last_seen) ? Carbon::parse($this->last_seen)->diffForHumans() : 'A long time ago.';
-
-      if($onlineStatus) $result = '<i class="fas fa-circle text-success mr-2" data-toggle="tooltip" title="This user is online."></i>';
-      else  $result = '<i class="far fa-circle text-secondary mr-2" data-toggle="tooltip" title="This user was last online ' . $onlineTime .'."></i>';
+        $statusHidden = '<i class="fas fa-circle text-faded mr-2" data-toggle="tooltip" title="This user\'s online status is hidden"></i>';
+        if ($onlineStatus) {
+            $statusShow = '<i class="fas fa-circle text-success mr-2" data-toggle="tooltip" title="This user is online."></i>';
+        } else {
+            $statusShow = '<i class="far fa-circle text-secondary mr-2" data-toggle="tooltip" title="This user was last online ' . $onlineTime .'."></i>';
+        }
 
-      return $result;
+        switch($this->settings->last_online_setting) {
+            case 0:
+                return $statusHidden;
+            break;
+            case 1:
+                return $statusShow;
+            break;
+            case 2:
+                if(Auth::check() && Auth::user()->isStaff){
+                    return $statusShow;
+                } else {
+                    return $statusHidden;
+                }
+            break;
+            case 3:
+                if(Auth::check()){
+                    return $statusShow;
+                } else {
+                    return $statusHidden;
+                }
+            break;
+        }
     }
 
     /**

diff --git a/app/Models/User/UserSettings.php b/app/Models/User/UserSettings.php
@@ -13,7 +13,7 @@ class UserSettings extends Model
      * @var array
      */
     protected $fillable = [
-        'is_fto', 'submission_count', 'banned_at', 'ban_reason', 'birthday_setting'
+        'is_fto', 'submission_count', 'banned_at', 'ban_reason', 'birthday_setting', 'last_online_setting'
     ];
 
     /**

diff --git a/app/Policies/CommentPolicy.php b/app/Policies/CommentPolicy.php
@@ -27,7 +27,7 @@ public function create($user) : bool
      */
     public function delete($user, Comment $comment) : bool
     {
-            if(auth::user()->isStaff) {
+            if(Auth::user()->isStaff) {
                 return true;
             }
             else {

diff --git a/app/Services/CharacterManager.php b/app/Services/CharacterManager.php
@@ -237,8 +237,8 @@ private function handleCharacterImage($data, $character, $isMyo = false)
                 // Use default images for MYO slots without an image provided
                 if(!isset($data['image']))
                 {
-                    $data['image'] = asset('images/myo.png');
-                    $data['thumbnail'] = asset('images/myo-th.png');
+                    $data['image'] = public_path('images/myo.png');
+                    $data['thumbnail'] = public_path('images/myo-th.png');
                     $data['extension'] = 'png';
                     $data['default_image'] = true;
                     unset($data['use_cropper']);