Beispiel #1
0
function addComment($blogid, &$comment)
{
    global $database, $user, $blog, $defaultURL;
    $openid = Acl::getIdentity('openid');
    $filtered = 0;
    if (!doesHaveOwnership()) {
        if (!Filter::isAllowed($comment['homepage'])) {
            if (Filter::isFiltered('ip', $comment['ip'])) {
                $blockType = "ip";
                $filtered = 1;
            } else {
                if (Filter::isFiltered('name', $comment['name'])) {
                    $blockType = "name";
                    $filtered = 1;
                } else {
                    if (Filter::isFiltered('url', $comment['homepage'])) {
                        $blockType = "homepage";
                        $filtered = 1;
                    } elseif (Filter::isFiltered('content', $comment['comment'])) {
                        $blockType = "comment";
                        $filtered = 1;
                    } elseif (!Acl::check("group.writers") && !$openid && Setting::getBlogSettingGlobal('AddCommentMode', '') == 'openid') {
                        $blockType = "openidonly";
                        $filtered = 1;
                    } else {
                        if (!fireEvent('AddingComment', true, $comment)) {
                            $blockType = "etc";
                            $filtered = 1;
                        }
                    }
                }
            }
        }
    }
    $comment['homepage'] = stripHTML($comment['homepage']);
    $comment['name'] = UTF8::lessenAsEncoding($comment['name'], 80);
    $comment['homepage'] = UTF8::lessenAsEncoding($comment['homepage'], 80);
    $comment['comment'] = UTF8::lessenAsEncoding($comment['comment'], 65535);
    if (!doesHaveOwnership() && $comment['entry'] != 0) {
        $result = POD::queryCount("SELECT *\n\t\t\tFROM {$database['prefix']}Entries\n\t\t\tWHERE blogid = {$blogid}\n\t\t\t\tAND id = {$comment['entry']}\n\t\t\t\tAND draft = 0\n\t\t\t\tAND visibility > 0\n\t\t\t\tAND acceptcomment = 1");
        if (!$result || $result == 0) {
            return false;
        }
    }
    $parent = $comment['parent'] == null ? 'null' : $comment['parent'];
    if ($user !== null) {
        $comment['replier'] = getUserId();
        $name = POD::escapeString($user['name']);
        $password = '';
        $homepage = POD::escapeString($user['homepage']);
        if (empty($homepage) && $openid) {
            $homepage = POD::escapeString($openid);
        }
    } else {
        $comment['replier'] = 'null';
        $name = POD::escapeString($comment['name']);
        $password = empty($comment['password']) ? '' : md5($comment['password']);
        $homepage = POD::escapeString($comment['homepage']);
    }
    $comment0 = POD::escapeString($comment['comment']);
    $filteredAux = $filtered == 1 ? "UNIX_TIMESTAMP()" : 0;
    $insertId = getCommentsMaxId() + 1;
    $result = POD::query("INSERT INTO {$database['prefix']}Comments\n\t\t(blogid,replier,id,openid,entry,parent,name,password,homepage,secret,comment,ip,written,isfiltered)\n\t\tVALUES (\n\t\t\t{$blogid},\n\t\t\t{$comment['replier']},\n\t\t\t{$insertId},\n\t\t\t'{$openid}',\n\t\t\t{$comment['entry']},\n\t\t\t{$parent},\n\t\t\t'{$name}',\n\t\t\t'{$password}',\n\t\t\t'{$homepage}',\n\t\t\t{$comment['secret']},\n\t\t\t'{$comment0}',\n\t\t\t'{$comment['ip']}',\n\t\t\tUNIX_TIMESTAMP(),\n\t\t\t{$filteredAux}\n\t\t)");
    if ($result) {
        $id = $insertId;
        if ($filtered != 1) {
            CacheControl::flushCommentRSS($comment['entry']);
            CacheControl::flushDBCache('comment');
            if ($parent != 'null' && $comment['secret'] < 1) {
                $insertId = getCommentsNotifiedQueueMaxId() + 1;
                POD::execute("INSERT INTO {$database['prefix']}CommentsNotifiedQueue\n\t\t\t\t\t\t( blogid , id, commentid , sendstatus , checkdate , written )\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('" . $blogid . "' , '" . $insertId . "', '" . $id . "', '0', '0', UNIX_TIMESTAMP())");
            }
            updateCommentsOfEntry($blogid, $comment['entry']);
            fireEvent($comment['entry'] ? 'AddComment' : 'AddGuestComment', $id, $comment);
            return $id;
        } else {
            return $blockType;
        }
    }
    return false;
}
Beispiel #2
0
function addComment($blogid, &$comment)
{
    $pool = DBModel::getInstance();
    $openid = Acl::getIdentity('openid');
    $filtered = 0;
    if (!doesHaveOwnership()) {
        if (!Filter::isAllowed($comment['homepage'])) {
            if (Filter::isFiltered('ip', $comment['ip'])) {
                $blockType = "ip";
                $filtered = 1;
            } else {
                if (Filter::isFiltered('name', $comment['name'])) {
                    $blockType = "name";
                    $filtered = 1;
                } else {
                    if (Filter::isFiltered('url', $comment['homepage'])) {
                        $blockType = "homepage";
                        $filtered = 1;
                    } elseif (Filter::isFiltered('content', $comment['comment'])) {
                        $blockType = "comment";
                        $filtered = 1;
                    } elseif (!Acl::check("group.writers") && !$openid && Setting::getBlogSettingGlobal('AddCommentMode', '') == 'openid') {
                        $blockType = "openidonly";
                        $filtered = 1;
                    } else {
                        if (!fireEvent('AddingComment', true, $comment)) {
                            $blockType = "etc";
                            $filtered = 1;
                        }
                    }
                }
            }
        }
    }
    $comment['homepage'] = stripHTML($comment['homepage']);
    $comment['name'] = Utils_Unicode::lessenAsEncoding($comment['name'], 80);
    $comment['homepage'] = Utils_Unicode::lessenAsEncoding($comment['homepage'], 80);
    $comment['comment'] = Utils_Unicode::lessenAsEncoding($comment['comment'], 65535);
    if (!doesHaveOwnership() && $comment['entry'] != 0) {
        $pool->reset('Entries');
        $pool->setQualifier('blogid', 'eq', $blogid);
        $pool->setQualifier('id', 'eq', $comment['entry']);
        $pool->setQualifier('draft', 'eq', 0);
        $pool->setQualifier('visibility', 'b', 0);
        $pool->setQualifier('acceptcomment', 'eq', 1);
        $result = $pool->getCount();
        if (!$result || $result == 0) {
            return false;
        }
    }
    $parent = $comment['parent'] == null ? null : $comment['parent'];
    $userid = getUserId();
    if (!empty($userid)) {
        $comment['replier'] = $userid;
        $name = User::getName($userid);
        $password = '';
        $homepage = User::getHomepage($userid);
        if (empty($homepage)) {
            if ($openid) {
                $homepage = $openid;
            } else {
                $homepage = '';
            }
        }
    } else {
        $comment['replier'] = null;
        $name = $comment['name'];
        $password = empty($comment['password']) ? '' : md5($comment['password']);
        $homepage = $comment['homepage'];
    }
    $comment0 = $comment['comment'];
    $filteredAux = $filtered == 1 ? Timestamp::getUNIXtime() : 0;
    $insertId = getCommentsMaxId() + 1;
    $pool->reset('Comments');
    $pool->setAttribute('blogid', $blogid);
    $pool->setAttribute('replier', $comment['replier']);
    $pool->setAttribute('id', $insertId);
    if (is_null($openid)) {
        $pool->setAttribute('openid', '', true);
    } else {
        $pool->setAttribute('openid', $openid, true);
    }
    $pool->setAttribute('entry', $comment['entry']);
    $pool->setAttribute('parent', $parent);
    $pool->setAttribute('name', $name, true);
    $pool->setAttribute('password', $password, true);
    $pool->setAttribute('homepage', $homepage, true);
    $pool->setAttribute('secret', $comment['secret']);
    $pool->setAttribute('comment', $comment0, true);
    $pool->setAttribute('ip', $comment['ip'], true);
    $pool->setAttribute('written', Timestamp::getUNIXtime());
    $pool->setAttribute('isfiltered', $filteredAux);
    $result = $pool->insert();
    if ($result) {
        $id = $insertId;
        if ($filtered != 1) {
            CacheControl::flushCommentRSS($comment['entry']);
            CacheControl::flushDBCache('comment');
            if ($parent != 'null' && $comment['secret'] < 1) {
                $insertId = getCommentsNotifiedQueueMaxId() + 1;
                $pool->reset('CommentsNotifiedQueue');
                $pool->setAttribute('blogid', $blogid);
                $pool->setAttribute('id', $insertId);
                $pool->setAttribute('commentid', $id);
                $pool->setAttribute('sendstatus', 0);
                $pool->setAttribute('checkdate', 0);
                $pool->setAttribute('written', Timestamp::getUNIXtime());
                $pool->insert();
            }
            updateCommentsOfEntry($blogid, $comment['entry']);
            fireEvent($comment['entry'] ? 'AddComment' : 'AddGuestComment', $id, $comment);
            return $id;
        } else {
            return $blockType;
        }
    }
    return false;
}