/** * Handles a comment delete * * @copyright Vincent Furia 2005 * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net * @return string HTML (possibly a refresh) */ function handleDelete($formtype) { global $_CONF, $_TABLES; $display = ''; if ($formtype == 'editsubmission') { DB_delete($_TABLES['commentsubmissions'], 'cid', COM_applyFilter($_REQUEST['cid'], true)); $display = COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { $type = COM_applyFilter($_REQUEST['type']); $sid = COM_applyFilter($_REQUEST['sid']); switch ($type) { case 'article': $has_editPermissions = SEC_hasRights('story.edit'); $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'"); $A = DB_fetchArray($result); if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) { CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid, 'article'); $comments = DB_count($_TABLES['comments'], 'sid', $sid); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid); $display .= COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$sid}") . '#comments'); } else { COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}"); $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } break; default: // assume plugin if (!($display = PLG_commentDelete($type, COM_applyFilter($_REQUEST['cid'], true), $sid))) { $display = COM_refresh($_CONF['site_url'] . '/index.php'); } break; } } return $display; }
/** * Hanldes a comment submission * * @copyright Vincent Furia 2005 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> * @return string HTML (possibly a refresh) */ function CMT_handleDelete($sid, $type, $formtype) { global $_CONF, $_TABLES; $display = ''; $cid = 0; if (isset($_REQUEST[CMT_CID])) { $cid = COM_applyFilter($_REQUEST[CMT_CID], true); } if ($cid <= 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } if ($formtype == 'editsubmission') { DB_delete($_TABLES['commentsubmissions'], 'cid', $cid); $display = COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { $display = PLG_commentDelete($type, $cid, $sid); if (!$display) { $display = COM_refresh($_CONF['site_url'] . '/index.php'); } } return $display; }
/** * Deletes a given comment * (lifted from comment.php) * @param int $cid Comment ID * @param string $sid ID of object comment belongs to * @param string $type Comment type (e.g. article, poll, etc) * @return string Returns string needed to redirect page to right place * */ public function delcomment($cid, $sid, $type) { global $_CONF, $_TABLES, $LANG_SX00; $type = COM_applyFilter($type); $sid = COM_applyFilter($sid); switch ($type) { case 'article': $has_editPermissions = SEC_hasRights('story.edit'); $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'"); $A = DB_fetchArray($result); if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) { CMT_deleteComment(COM_applyFilter($cid, true), $sid, 'article'); $comments = DB_count($_TABLES['comments'], array('sid', 'type'), array($sid, 'article')); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid); } else { COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}"); } break; default: // assume plugin PLG_commentDelete($type, COM_applyFilter($cid, true), $sid); break; } SPAMX_log($LANG_SX00['spamdeleted']); }
/** * Handles a comment delete * * @copyright Vincent Furia 2005 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> * @return string HTML (possibly a refresh) */ function handleDelete() { global $_CONF, $_TABLES, $_USER, $_PLUGINS; $retval = ''; $cid = 0; $type = COM_applyFilter($_REQUEST['type']); $sid = COM_sanitizeID(COM_applyFilter($_REQUEST['sid'])); if (isset($_REQUEST['cid'])) { $cid = COM_applyFilter($_REQUEST['cid'], true); } if ($type != 'article') { if (!in_array($type, $_PLUGINS)) { $type = ''; } } if (!($retval = PLG_commentDelete($type, $cid, $sid))) { CACHE_remove_instance('whatsnew'); echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } return $retval; }