- $result = SQL_QUERY_ESC("SELECT id, data_type
-FROM "._MYSQL_PREFIX."_pool
-WHERE sender=%s AND url='%s' AND timestamp > (UNIX_TIMESTAMP() - %s) LIMIT 1",
- array($GLOBALS['userid'], $_POST['url'], $_CONFIG['url_tlock']), __FILE__, __LINE__);
-
- $type = "TEMP"; $id = 0;
- if (SQL_NUMROWS($result) == 1)
- {
- list($id, $type) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- }
- if ($type == "TEMP")
- {
- // No entry found, so we need to check out the stats table as well... :)
- // We have to add that suff here, now we continue WITHOUT checking and check the text and subject against some filters
- $URL = "";
- if ($_CONFIG['test_text'] == "Y")
- {
- // Test submitted text against some filters (length, URLs in text etc.)
- if ((strpos(strtolower($_POST['text']), "https://") > -1) || (strpos(strtolower($_POST['text']), "http://") > -1) || (strpos(strtolower($_POST['text']), "www") > -1))
- {
- // URL found!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_URL_FOUND;
- }
- $TEST = str_replace("\n", "", str_replace("\r", "", addslashes($_POST['text'])));
- if (strlen($TEST) > $_CONFIG['max_tlength'])
- {
- // Text is too long!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_OVERLENGTH;
- }
- }
- // Shall I test the subject line against URLs?
- if ($_CONFIG['test_subj'] == "Y")
- {
- // Check the subject line for issues
- $_POST['subject'] = str_replace("\\", "[nl]", substr($_POST['subject'], 0, 200));
- if ((strpos(strtolower($_POST['subject']), "http://") > -1) || (strpos(strtolower($_POST['subject']), "www") > -1))
- {
- // URL in subject found
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_SUBJ_URL;
- }
- }
- // And shall I check that his URL is not in the black list?
- if ($_CONFIG['url_blacklist'] == "Y")
- {
- // Ok, I do that for you know...
- $result = SQL_QUERY_ESC("SELECT timestamp FROM "._MYSQL_PREFIX."_url_blist WHERE url='%s' LIMIT 1",
- array($_POST['url']), __FILE__, __LINE__);
-
- if (SQL_NUMROWS($result) == 1)
- {
- // Jupp, we got one listed
- list($blist) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_BLIST_URL."&blist=".$blist;
- }
- }
- if (($_POST['receiver'] < $_CONFIG['order_min']) && (!IS_ADMIN()))
- {
- // Less than allowed receivers entered!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_MORE_RECEIVERS3;
- }
-
- // Validate URL
- if (!VALIDATE_URL($_POST['url']))
- {
- // URL is invalid!
- $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_URL;
- }
-
- // Probe for HTML extension
- if ($HTML_EXT)
- {
- if ($_POST['html'] == "Y")
- {
- // Chek for valid HTML tags
- $_POST['text'] = HTML_CHECK_TAGS($_POST['text']);
-
- // Maybe invalid tags found?
- if (empty($_POST['text'])) $URL = URL."/modules.php?module=login&what=order&msg=".CODE_INVALID_TAGS."&id=".$id;
- }
- else
- {
- // Remove any HTML code
- $_POST['text'] = str_replace("<", "{OPEN_HTML}", str_replace(">", "{CLOSE_HTML}", $_POST['text']));
- }
- }
- }
- elseif (!IS_ADMIN())
- {
+ // @TODO Try to move out url_tlock to a filter for extra SQL statements
+ $result = sqlQueryEscaped("SELECT
+ `id`,
+ `data_type`
+FROM
+ `{?_MYSQL_PREFIX?}_pool`
+WHERE
+ `sender`=%s AND
+ `url`='%s' AND
+ (UNIX_TIMESTAMP() - `timestamp`) >= {?url_tlock?}
+LIMIT 1",
+ array(
+ getMemberId(),
+ postRequestElement('url')
+ ), __FILE__, __LINE__);
+
+ if (sqlNumRows($result) == 1) {
+ // Load id and mail type
+ $data = sqlFetchArray($result);
+ } // END - if
+
+ // Free result
+ sqlFreeResult($result);
+
+ if ($data['data_type'] == 'TEMP') {
+ // Prepare data for filter chain
+ $filterData = array(
+ 'url' => postRequestElement('url'),
+ 'text' => postRequestElement('text'),
+ 'subject' => postRequestElement('subject'),
+ 'receiver' => bigintval(postRequestElement('receiver')),
+ 'mail_type' => bigintval(postRequestElement('mail_type')),
+ 'html' => postRequestElement('html'),
+ 'id' => bigintval($data['id']),
+ 'redirect' => '',
+ );
+
+ // Run the filter chain
+ $filterData = runFilterChain('pre_mail_order', $filterData);
+
+ // Copy field redirect->url
+ $data['url'] = $filterData['redirect'];
+
+ // Is there an error?
+ if (empty($data['url'])) {
+ // Copy all filter data -> POST
+ foreach ($filterData as $key => $value) {
+ // Set it
+ setPostRequestElement($key, $value);
+ } // END - foreach
+ } // END - if
+ } elseif (!isAdmin()) {