Prevent users from voting on hidden and queued questions

Determine queued status when fetching from database.
Simplify voting tooltips.

qa-include/app/format.php

@@ -316,7 +316,8 @@ function qa_post_html_fields($post, $userid, $cookieid, $usershtml, $dummy, $opt
 
 	// High level information
 
-	$fields['hidden'] = @$post['hidden'];
+	$fields['hidden'] = isset($post['hidden']) ? $post['hidden'] : null;
+	$fields['queued'] = isset($post['queued']) ? $post['queued'] : null;
 	$fields['tags'] = 'id="' . qa_html($elementid) . '"';
 
 	$fields['classes'] = ($isquestion && $favoritedview && @$post['userfavoriteq']) ? 'qa-q-favorited' : '';
@@ -498,7 +499,12 @@ function qa_post_html_fields($post, $userid, $cookieid, $usershtml, $dummy, $opt
 
 		if ($fields['hidden']) {
 			$fields['vote_state'] = 'disabled';
-			$fields['vote_up_tags'] = 'title="' . qa_lang_html($isanswer ? 'main/vote_disabled_hidden_a' : 'main/vote_disabled_hidden_q') . '"';
+			$fields['vote_up_tags'] = 'title="' . qa_lang_html('main/vote_disabled_hidden') . '"';
+			$fields['vote_down_tags'] = $fields['vote_up_tags'];
+
+		} elseif ($fields['queued']) {
+			$fields['vote_state'] = 'disabled';
+			$fields['vote_up_tags'] = 'title="' . qa_lang_html('main/vote_disabled_queued') . '"';
 			$fields['vote_down_tags'] = $fields['vote_up_tags'];
 
 		} elseif ($isbyuser) {

qa-include/app/votes.php

@@ -45,7 +45,7 @@ function qa_vote_error_html($post, $vote, $userid, $topage)
 	require_once QA_INCLUDE_DIR . 'app/users.php';
 	require_once QA_INCLUDE_DIR . 'app/limits.php';
 
-	if (is_array($post) && ($post['basetype'] == 'Q' || $post['basetype'] == 'A') &&
+	if (is_array($post) && !$post['hidden'] && !$post['queued'] && ($post['basetype'] == 'Q' || $post['basetype'] == 'A') &&
 		qa_opt(($post['basetype'] == 'Q') ? 'voting_on_qs' : 'voting_on_as') &&
 		(!isset($post['userid']) || !isset($userid) || $post['userid'] != $userid)
 	) {

qa-include/db/selects.php

@@ -155,7 +155,8 @@ function qa_db_posts_basic_selectspec($voteuserid = null, $full = false, $user =
 
 	$selectspec = array(
 		'columns' => array(
-			'^posts.postid', '^posts.categoryid', '^posts.type', 'basetype' => 'LEFT(^posts.type, 1)', 'hidden' => "INSTR(^posts.type, '_HIDDEN')>0",
+			'^posts.postid', '^posts.categoryid', '^posts.type', 'basetype' => 'LEFT(^posts.type, 1)',
+			'hidden' => "INSTR(^posts.type, '_HIDDEN')>0", 'queued' => "INSTR(^posts.type, '_QUEUED')>0",
 			'^posts.acount', '^posts.selchildid', '^posts.closedbyid', '^posts.upvotes', '^posts.downvotes', '^posts.netvotes', '^posts.views', '^posts.hotness',
 			'^posts.flagcount', '^posts.title', '^posts.tags', 'created' => 'UNIX_TIMESTAMP(^posts.created)', '^posts.name',
 			'categoryname' => '^categories.title', 'categorybackpath' => "^categories.backpath",

qa-include/lang/qa-lang-main.php

@@ -187,15 +187,17 @@ return array(
 	'view_q_must_login' => 'Please ^1log in^2 or ^3register^4 to view question pages.',
 	'viewed_qs_in_x' => 'Most viewed questions in ^',
 	'viewed_qs_title' => 'Most viewed questions',
-	'vote_disabled_approve' => 'You account must be approved before you can vote',
+	'vote_disabled_approve' => 'Your account must be approved before you can vote',
 	'vote_disabled_down' => 'Voting down is only available to some users',
 	'vote_disabled_down_approve' => 'Your account must be approved before you can vote down',
-	'vote_disabled_hidden_a' => 'You cannot vote on hidden answers',
-	'vote_disabled_hidden_q' => 'You cannot vote on hidden questions',
+	'vote_disabled_hidden' => 'You cannot vote on hidden posts',
+	'vote_disabled_hidden_a' => 'You cannot vote on hidden answers',  // @deprecated
+	'vote_disabled_hidden_q' => 'You cannot vote on hidden questions',  // @deprecated
 	'vote_disabled_level' => 'Voting is only available to some users',
 	'vote_disabled_my_a' => 'You cannot vote on your own answers',
 	'vote_disabled_my_q' => 'You cannot vote on your own questions',
 	'vote_disabled_q_page_only' => 'Please view this question to vote',
+	'vote_disabled_queued' => 'You can only vote on approved posts',
 	'vote_down_must_confirm' => 'Please ^5confirm your email address^6 to vote down.',
 	'vote_down_popup' => 'Click to vote down',
 	'vote_limit' => 'Too many votes received - please try again in an hour',

qa-include/pages/question-view.php

@@ -119,7 +119,6 @@ function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $
 	}
 
 	$rules['isbyuser'] = qa_post_is_by_user($post, $userid, $cookieid);
-	$rules['queued'] = substr($post['type'], 1) == '_QUEUED';
 	$rules['closed'] = $post['basetype'] == 'Q' && (isset($post['closedbyid']) || (isset($post['selchildid']) && qa_opt('do_close_on_select')));
 
 	// Cache some responses to the user permission checks
@@ -142,7 +141,7 @@ function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $
 	// General permissions
 
 	$rules['authorlast'] = !isset($post['lastuserid']) || $post['lastuserid'] === $post['userid'];
-	$rules['viewable'] = $post['hidden'] ? !$permiterror_hide_show_self : ($rules['queued'] ? ($rules['isbyuser'] || !$permiterror_moderate) : true);
+	$rules['viewable'] = $post['hidden'] ? !$permiterror_hide_show_self : ($post['queued'] ? ($rules['isbyuser'] || !$permiterror_moderate) : true);
 
 	// Answer, comment and edit might show the button even if the user still needs to do something (e.g. log in)
 
@@ -156,7 +155,7 @@ function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $
 	$button_errors = array('login', 'level', 'approve');
 
 	$rules['editbutton'] = !$post['hidden'] && !$rules['closed']
-		&& ($rules['isbyuser'] || (!in_array($permiterror_edit, $button_errors) && (!$rules['queued'])));
+		&& ($rules['isbyuser'] || (!in_array($permiterror_edit, $button_errors) && (!$post['queued'])));
 	$rules['editable'] = $rules['editbutton'] && ($rules['isbyuser'] || !$permiterror_edit);
 
 	$rules['retagcatbutton'] = $post['basetype'] == 'Q' && (qa_using_tags() || qa_using_categories())
@@ -173,7 +172,7 @@ function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $
 
 	$rules['aselectable'] = $post['type'] == 'Q' && !qa_user_permit_error($rules['isbyuser'] ? null : 'permit_select_a', null, $userlevel, true, $userfields);
 
-	$rules['flagbutton'] = qa_opt('flagging_of_posts') && !$rules['isbyuser'] && !$post['hidden'] && !$rules['queued']
+	$rules['flagbutton'] = qa_opt('flagging_of_posts') && !$rules['isbyuser'] && !$post['hidden'] && !$post['queued']
 		&& !@$post['userflag'] && !in_array($permiterror_flag, $button_errors);
 	$rules['flagtohide'] = $rules['flagbutton'] && !$permiterror_flag && ($post['flagcount'] + 1) >= qa_opt('flagging_hide_after');
 	$rules['unflaggable'] = @$post['userflag'] && !$post['hidden'];
@@ -189,9 +188,9 @@ function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $
 	$rules['reopenable'] = $rules['closed'] && isset($post['closedbyid']) && $permiterror_close_open === false && !$post['hidden']
 		&& ($notclosedbyother || !qa_user_permit_error('permit_close_q', null, $userlevel, true, $userfields));
 
-	$rules['moderatable'] = $rules['queued'] && !$permiterror_moderate;
+	$rules['moderatable'] = $post['queued'] && !$permiterror_moderate;
 	// cannot hide a question if it was closed by someone else and you don't have global hiding permissions
-	$rules['hideable'] = !$post['hidden'] && ($rules['isbyuser'] || !$rules['queued']) && !$permiterror_hide_show_self
+	$rules['hideable'] = !$post['hidden'] && ($rules['isbyuser'] || !$post['queued']) && !$permiterror_hide_show_self
 		&& ($notclosedbyother || !$permiterror_hide_show);
 	// means post can be reshown immediately without checking whether it needs moderation
 	$rules['reshowimmed'] = $post['hidden'] && !$permiterror_hide_show;