/**
 * Enter description here...
 *
 */
function handlePostComment()
{
    global $weblogmessage, $PIVOTX, $temp_comment;
    $entry = $PIVOTX['db']->read_entry($_POST['piv_code']);
    // Check if we're allowed to comment on this entry. 'isset' is needed, because old entries
    // might not have 'allow comments' set to either choice.
    if (isset($entry['allow_comments']) && $entry['allow_comments'] == 0) {
        echo "Spam is not appreciated.";
        logspammer($_POST['piv_comment'], "closedcomments");
        die;
    }
    // execute a hook here before a comment is processed
    $PIVOTX['extensions']->executeHook('comment_before_processing', $entry);
    $registered = 0;
    // check if the current poster is a (logged in) registered visitor.
    require_once $PIVOTX['paths']['pivotx_path'] . 'modules/module_userreg.php';
    $visitors = new Visitors();
    if ($visitor = $visitors->isLoggedIn()) {
        if ($visitor['name'] == $_POST['piv_name']) {
            $registered = 1;
        }
    }
    // Strip out HTML from input..
    $_POST['piv_name'] = strip_tags($_POST['piv_name']);
    $_POST['piv_email'] = strip_tags($_POST['piv_email']);
    $_POST['piv_url'] = strip_tags($_POST['piv_url']);
    if ($PIVOTX['config']->get('allow_html_in_comments') == 1) {
        $_POST['piv_comment'] = stripTagsAttributes($_POST['piv_comment'], "*");
    } else {
        $_POST['piv_comment'] = stripTagsAttributes($_POST['piv_comment'], "<b><em><i><strong>");
    }
    // Do some more processing on the comment itself: trimming, standardizing line-breaks.
    $comment_text = stripTrailingSpace($_POST['piv_comment']);
    $comment_text = str_replace("\r\n", "\n", $comment_text);
    // CRLF(Win) to LF
    $comment_text = str_replace("\r", "\n", $comment_text);
    // CR(Mac) to LF
    $temp_comment = array('entry_uid' => intval($_POST['piv_code']), 'name' => encodeText($_POST['piv_name']), 'email' => encodeText($_POST['piv_email']), 'url' => encodeText($_POST['piv_url']), 'ip' => $_SERVER['REMOTE_ADDR'], 'useragent' => $_SERVER['HTTP_USER_AGENT'], 'date' => formatDate("", "%year%-%month%-%day%-%hour24%-%minute%"), 'comment' => $comment_text, 'registered' => $registered, 'notify' => intval($_POST['piv_notify']), 'discreet' => intval($_POST['piv_discreet']), 'rememberinfo' => intval($_POST['piv_rememberinfo']), 'moderate' => $PIVOTX['config']->get('moderate_comments'), 'spamscore' => 0);
    if ($temp_comment['rememberinfo'] == 1) {
        rememberCommentInfo($temp_comment);
    }
    //here we do a check to prevent double entries...
    $duplicate = FALSE;
    if (isset($entry['comments']) && count($entry['comments']) > 0) {
        foreach ($entry['comments'] as $loop_comment) {
            $diff = 1 / (min(strlen($loop_comment['comment']), 200) / (levenshtein(substr($loop_comment['comment'], 0, 200), substr($temp_comment['comment'], 0, 200)) + 1));
            if ($diff < 0.25 && $loop_comment['ip'] == $temp_comment['ip']) {
                $duplicate = TRUE;
                break;
            }
        }
    }
    // Check for Hashcash violations..
    if ($PIVOTX['config']->get('hashcash') == 1 && !hashcash_check_hidden_tag()) {
        $weblogmessage = getDefault($PIVOTX['config']->get('hashcash_message'), __('The Hashcash code was not valid, so this comment could not be posted. If you believe this is an error, please make sure you have a modern browser, and that Javascript is enabled. If it still doesn\'t work, contact the maintainer of this website.'));
        unset($_POST['post']);
        $_POST['preview'] = true;
        $spammessage = substr(implode(", ", $temp_comment), 0, 250);
        logspammer($_SERVER["REMOTE_ADDR"], "hashcash", "pom pom pom", $spammessage);
    }
    // Check for SpamQuiz violations, but not when previewing..
    if ($PIVOTX['config']->get('spamquiz') == 1 && !isset($_POST['preview'])) {
        // Is the entry old enough?
        $entryDate = substr($PIVOTX['db']->entry['date'], 0, 10);
        $then = strtotime($entryDate);
        $secsPerDay = 60 * 60 * 24;
        $now = strtotime('now');
        $diff = $now - $then;
        $dayDiff = $diff / $secsPerDay;
        $numDaysOld = (int) $dayDiff;
        if ($numDaysOld > $PIVOTX['config']->get("spamquiz_age")) {
            if (strtolower($_POST['spamquiz_answer']) != strtolower($PIVOTX['config']->get("spamquiz_answer"))) {
                $weblogmessage = __('The Spamquiz answer was not correct, so this comment could not be posted. If you believe this is an error, please try again. If it still doesn\'t work, contact the maintainer of this website.');
                unset($_POST['post']);
                $_POST['preview'] = true;
                logspammer($_SERVER["REMOTE_ADDR"], "spamquiz");
            } else {
                // Store the correct answer in a cookie.
                $sess = $PIVOTX['session'];
                setcookie("spamquiz_answer", $_POST["spamquiz_answer"], time() + $sess->cookie_lifespan, $sess->cookie_path, $sess->cookie_domain);
            }
        }
    }
    // set the message and take proper action:
    if (isset($_POST['preview'])) {
        // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
        $temp_comment['showpreview'] = 1;
        // update the current entry
        $entry['comments'][] = $temp_comment;
        if (empty($weblogmessage)) {
            $weblogmessage = __('You are previewing your comment. Be sure to click on "Post Comment" to store it.');
        }
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    } else {
        if ($temp_comment['spamscore'] > $PIVOTX['config']->get('spamthreshold')) {
            // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
            $temp_comment['showpreview'] = 1;
            $weblogmessage = __('Your comment has not been stored, because it seems to be spam.');
            unset($_POST['post']);
            $_POST['preview'] = TRUE;
        } else {
            if ($duplicate) {
                $temp_comment['duplicate'] = true;
                // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
                $temp_comment['showpreview'] = 1;
                $weblogmessage = __('Your comment has not been stored, because it seems to be a duplicate of a previous entry.');
                unset($_POST['post']);
                $_POST['preview'] = TRUE;
            } else {
                if ($PIVOTX['config']->get('moderate_comments') == 1) {
                    // update the current entry
                    $entry['comments'][] = $temp_comment;
                    $weblogmessage = __('Your comment has been stored. Because comment moderation is enabled, it is now waiting for approval by an editor.');
                    $_POST['post'] = TRUE;
                } else {
                    // update the current entry
                    $entry['comments'][] = $temp_comment;
                    $weblogmessage = __('Your comment has been stored.');
                    $_POST['post'] = TRUE;
                }
            }
        }
    }
    // if comment or name is missing, give a notice, and show the form again..
    if (strlen($temp_comment['name']) < 2) {
        $weblogmessage = __('You should type your name (or an alias) in the "name"-field. Be sure to click on "Post Comment" to store it permanently.');
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    }
    if (strlen($temp_comment['comment']) < 3) {
        $weblogmessage = __('You should type something in the "comment"-field. Be sure to click on "Post Comment" to store it permanently.');
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    }
    if ($PIVOTX['config']->get('maxhrefs') > 0) {
        $low_comment = strtolower($temp_comment['comment']);
        $low_comment_formatted = strtolower(commentFormat($temp_comment['comment']));
        if (substr_count($low_comment, "href=") > $PIVOTX['config']->get('maxhrefs') || substr_count($low_comment_formatted, "href=") > $PIVOTX['config']->get('maxhrefs')) {
            $weblogmessage = __('The maximum number of hyperlinks was exceeded. Stop spamming.');
            unset($_POST['post']);
            $_POST['preview'] = TRUE;
        }
    }
    // execute a hook here after a comment is processed but before that comment is saved
    $PIVOTX['extensions']->executeHook('comment_before_save', $entry);
    if (isset($_POST['post'])) {
        $PIVOTX['db']->set_entry($entry);
        $PIVOTX['db']->save_entry(FALSE);
        // do not update the index.
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        //update the 'latest comments' file
        if (isset($temp_comment)) {
            if ($PIVOTX['config']->get('moderate_comments') != 1) {
                generateLatestComments($temp_comment);
                debug("comment from '" . $_POST['piv_name'] . "' added.");
            } else {
                generateModerationQueue($temp_comment);
                debug("comment from '" . $_POST['piv_name'] . "' added to moderation queue.");
            }
        }
        // Handle the users that want to be notified via email..
        if ($PIVOTX['config']->get('dont_send_mail_notification') != 1) {
            $notifications = sendMailNotification('comment', array($PIVOTX['db']->entry, $temp_comment, $PIVOTX['config']->get('moderate_comments')));
        }
        // send mail..
        sendMailComment($temp_comment, $notifications);
        // Don't display the 'preview' of the comment after posting.
        $temp_comment = array();
        unset($_POST);
        // Clean the simple cache..
        $PIVOTX['cache']->clear();
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        // Redirect to the entrypage from which we came. (prevents reload-resubmit)
        $uri = $_SERVER['REQUEST_URI'];
        if (strpos($uri, "?") > 0) {
            $uri .= "&weblogmessage=" . urlencode($weblogmessage);
        } else {
            $uri .= "?weblogmessage=" . urlencode($weblogmessage);
        }
        header('Location: ' . $uri);
        exit;
    }
    // Set the 'you are previewing' message..
    if (isset($_POST['preview']) && empty($weblogmessage)) {
        $weblogmessage = __('You are previewing your comment. Be sure to click on "Post Comment" to store it.');
    }
    // execute a hook here after a comment is saved and the mails are sent
    $PIVOTX['extensions']->executeHook('comment_after_save', $entry);
    // After messing about with the comments, clear the cache.
    $PIVOTX['cache']->cache['entries'] = array();
}
Beispiel #2
0
/**
 * Updates a post.
 *
 * @param string $uid
 * @param string $postid
 * @param string $title
 * @param string $content
 * @param array $categories
 * @return void
 */
function pivotx_update_post($uid, $postid, $title, $content, $categories = '')
{
    global $PIVOTX, $conversion_method, $body_separator;
    $oldentry = $PIVOTX['db']->read_entry($postid);
    $entry['code'] = $postid;
    $entry['date'] = $oldentry['date'];
    list($pivotintro, $pivotbody) = explode($body_separator, stripTrailingSpace(stripslashes($content)));
    $entry['introduction'] = $pivotintro;
    $entry['body'] = $pivotbody;
    $entry['introduction'] = tidyHtml($entry['introduction'], TRUE);
    $entry['body'] = tidyHtml($entry['body'], TRUE);
    if (empty($categories)) {
        $entry['category'] = $oldentry['category'];
    } else {
        $entry['category'] = $categories;
    }
    $entry['publish_date'] = $oldentry['publish_date'];
    $entry['edit_date'] = date("Y-m-d-H-i", getCurrentDate());
    $entry['title'] = stripTrailingSpace(stripslashes($title));
    $entry['subtitle'] = $oldentry['subtitle'];
    $entry['user'] = $uid;
    $entry['convert_lb'] = $conversion_method;
    $entry['status'] = "publish";
    $entry['allow_comments'] = 1;
    $entry['keywords'] = $oldentry['keywords'];
    $entry['vialink'] = $oldentry['vialink'];
    $entry['viatitle'] = $oldentry['viatitle'];
    $PIVOTX['db']->set_entry($entry);
    $PIVOTX['db']->save_entry(TRUE);
}
/**
 * Parsing intro or body.
 *
 * if $strip is set, we strip out all tags, except for the most common ones. If
 * $text_processing_only is set, we only apply the text processing (textile,
 * markdown), but not the Smarty parsing. This is useful for converting between
 * one editing mode to the other
 *
 * @param string $text
 * @param boolean $strip
 * @param integer $textmode
 * @param boolean $text_processing_only
 * 
 */
function parse_intro_or_body($text, $strip = false, $textmode = 0, $text_processing_only = false)
{
    global $PIVOTX;
    // Abort immediately if there is no text to parse.
    if (empty($text)) {
        return '';
    }
    $output = $text;
    // Parse [[tags]] in introduction and body..
    // Use $key so a unique name is made, to prevent strange results
    // popping up when we're using caching.
    if (!$text_processing_only) {
        $cachekey = "tpl_" . substr(md5($output), 0, 10);
        $PIVOTX['template']->caching = false;
        $PIVOTX['template']->custom_template[$cachekey] = $output;
        $output = $PIVOTX['template']->fetch("db:" . $cachekey, $cachekey);
        // Re-enable caching, if desired..
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->caching = true;
        }
    }
    if ($strip != false) {
        $output = strip_tags($output, "<a><b><i><u><strong><em>");
    }
    /**
     * text processing: nl2br, Textile or Markdown/SmartyPants
     * We ensure that newlines aren't converted to br elements in script
     * blocks - currently handling PHP and JavaScript.
     * More exclusions will/can be added.
     */
    // Use the ACK (006) ASCII symbol to replace all script elements temporarily
    $output = str_replace("", "", $output);
    $regexp = "#(<script[ >].*?</script>)|(<\\?php\\s.*?\\?>)#is";
    preg_match_all($regexp, $output, $scripts);
    $output = preg_replace($regexp, "", $output);
    if ($textmode == 1) {
        $output = stripTrailingSpace(nl2br($output));
    } else {
        if ($textmode == 2) {
            $output = pivotxTextile($output);
        } else {
            if ($textmode == 3 || $textmode == 4) {
                $output = pivotxMarkdown($output, $textmode);
            }
        }
    }
    // Put captured scripts back into the output
    foreach ($scripts[0] as $script) {
        $output = preg_replace("//", $script, $output, 1);
    }
    // emoticons..
    if ($PIVOTX['weblogs']->get('', 'emoticons') == 1) {
        $output = emoticonize($output);
    }
    // There's a silly quirk in TinyMCE, that prevents transparent Flash. We
    // need to fix this, to make Youtube videos work properly.
    $output = str_replace("<param name=\"wmode\" value=\"\" />", "<param name=\"wmode\" value=\"transparent\" />", $output);
    $output = str_replace(" wmode=\"\" ", " wmode=\"transparent\" ", $output);
    return tidyHtml($output);
}