/** * Insert the document * @param object $obj * @param bool $manual_inserted * @param bool $isRestore * @return object */ function insertDocument($obj, $manual_inserted = false, $isRestore = false, $isLatest = true) { if (!$manual_inserted && !checkCSRF()) { return new Object(-1, 'msg_invalid_request'); } // begin transaction $oDB =& DB::getInstance(); $oDB->begin(); // List variables if ($obj->comment_status) { $obj->commentStatus = $obj->comment_status; } if (!$obj->commentStatus) { $obj->commentStatus = 'DENY'; } if ($obj->commentStatus == 'DENY') { $this->_checkCommentStatusForOldVersion($obj); } if ($obj->allow_trackback != 'Y') { $obj->allow_trackback = 'N'; } if ($obj->homepage) { $obj->homepage = removeHackTag($obj->homepage); if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } } if ($obj->notify_message != 'Y') { $obj->notify_message = 'N'; } if (!$obj->email_address) { $obj->email_address = ''; } if (!$isRestore) { $obj->ipaddress = $_SERVER['REMOTE_ADDR']; } // can modify regdate only manager $grant = Context::get('grant'); if (!$grant->manager) { unset($obj->regdate); } // Serialize the $extra_vars, check the extra_vars type, because duplicate serialized avoid if (!is_string($obj->extra_vars)) { $obj->extra_vars = serialize($obj->extra_vars); } // Remove the columns for automatic saving unset($obj->_saved_doc_srl); unset($obj->_saved_doc_title); unset($obj->_saved_doc_content); unset($obj->_saved_doc_message); // Call a trigger (before) $output = ModuleHandler::triggerCall('document.insertDocument', 'before', $obj); if (!$output->toBool()) { return $output; } // Register it if no given document_srl exists if (!$obj->document_srl) { $obj->document_srl = getNextSequence(); } elseif (!$manual_inserted && !$isRestore && !checkUserSequence($obj->document_srl)) { return new Object(-1, 'msg_not_permitted'); } $oDocumentModel = getModel('document'); // Set to 0 if the category_srl doesn't exist if ($obj->category_srl) { $category_list = $oDocumentModel->getCategoryList($obj->module_srl); if (count($category_list) > 0 && !$category_list[$obj->category_srl]->grant) { return new Object(-1, 'msg_not_permitted'); } if (count($category_list) > 0 && !$category_list[$obj->category_srl]) { $obj->category_srl = 0; } } // Set the read counts and update order. if (!$obj->readed_count) { $obj->readed_count = 0; } if ($isLatest) { $obj->update_order = $obj->list_order = $obj->document_srl * -1; } else { $obj->update_order = $obj->list_order; } // Check the status of password hash for manually inserting. Apply hashing for otherwise. if ($obj->password && !$obj->password_is_hashed) { $obj->password = getModel('member')->hashPassword($obj->password); } // Insert member's information only if the member is logged-in and not manually registered. $logged_info = Context::get('logged_info'); if (Context::get('is_logged') && !$manual_inserted && !$isRestore) { $obj->member_srl = $logged_info->member_srl; // user_id, user_name and nick_name already encoded $obj->user_id = htmlspecialchars_decode($logged_info->user_id); $obj->user_name = htmlspecialchars_decode($logged_info->user_name); $obj->nick_name = htmlspecialchars_decode($logged_info->nick_name); $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } // If the tile is empty, extract string from the contents. $obj->title = htmlspecialchars($obj->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); settype($obj->title, "string"); if ($obj->title == '') { $obj->title = cut_str(trim(strip_tags(nl2br($obj->content))), 20, '...'); } // If no tile extracted from the contents, leave it untitled. if ($obj->title == '') { $obj->title = 'Untitled'; } // Remove XE's own tags from the contents. $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); // if use editor of nohtml, Remove HTML tags from the contents. if (!$manual_inserted) { if (Mobile::isFromMobilePhone() && $obj->use_editor != 'Y') { if ($obj->use_html != 'Y') { $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); } $obj->content = nl2br($obj->content); } else { $oEditorModel = getModel('editor'); $editor_config = $oEditorModel->getEditorConfig($obj->module_srl); if (strpos($editor_config->sel_editor_colorset, 'nohtml') !== FALSE) { $obj->content = preg_replace('/\\<br(\\s*)?\\/?\\>/i', PHP_EOL, $obj->content); $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); $obj->content = str_replace(array("\r\n", "\r", "\n"), '<br />', $obj->content); } } } // Remove iframe and script if not a top adminisrator in the session. if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } // An error appears if both log-in info and user name don't exist. if (!$logged_info->member_srl && !$obj->nick_name) { return new Object(-1, 'msg_invalid_request'); } // Fix encoding of non-BMP UTF-8 characters. $obj->title = utf8_mbencode($obj->title); $obj->content = utf8_mbencode($obj->content); $obj->lang_code = Context::getLangType(); // Insert data into the DB if (!$obj->status) { $this->_checkDocumentStatusForOldVersion($obj); } $output = executeQuery('document.insertDocument', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // Insert extra variables if the document successfully inserted. $extra_vars = array(); $extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl); if (count($extra_keys)) { foreach ($extra_keys as $idx => $extra_item) { $value = NULL; if (isset($obj->{'extra_vars' . $idx})) { $tmp = $obj->{'extra_vars' . $idx}; if (is_array($tmp)) { $value = implode('|@|', $tmp); } else { $value = trim($tmp); } } else { if (isset($obj->{$extra_item->name})) { $value = trim($obj->{$extra_item->name}); } } if ($value == NULL) { continue; } $extra_vars[$extra_item->name] = $value; $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid); } } // Update the category if the category_srl exists. if ($obj->category_srl) { $this->updateCategoryCount($obj->module_srl, $obj->category_srl); } // Call a trigger (after) if ($obj->update_log_setting === 'Y') { $obj->extra_vars = serialize($extra_vars); $update_output = $this->insertDocumentUpdateLog($obj); if (!$update_output->toBool()) { $oDB->rollback(); return $update_output; } } ModuleHandler::triggerCall('document.insertDocument', 'after', $obj); // commit $oDB->commit(); // return if (!$manual_inserted) { $this->addGrant($obj->document_srl); } $output->add('document_srl', $obj->document_srl); $output->add('category_srl', $obj->category_srl); return $output; }
/** * Enter comments * @param object $obj * @param bool $manual_inserted * @return object */ function insertComment($obj, $manual_inserted = FALSE) { if (!$manual_inserted && !checkCSRF()) { return new Object(-1, 'msg_invalid_request'); } if (!is_object($obj)) { $obj = new stdClass(); } // check if comment's module is using comment validation and set the publish status to 0 (false) // for inserting query, otherwise default is 1 (true - means comment is published) $using_validation = $this->isModuleUsingPublishValidation($obj->module_srl); if (!$manual_inserted) { if (Context::get('is_logged')) { $logged_info = Context::get('logged_info'); if ($logged_info->is_admin == 'Y') { $is_admin = TRUE; } else { $is_admin = FALSE; } } } else { $is_admin = FALSE; } if (!$using_validation) { $obj->status = 1; } else { if ($is_admin) { $obj->status = 1; } else { $obj->status = 0; } } $obj->__isupdate = FALSE; // call a trigger (before) $output = ModuleHandler::triggerCall('comment.insertComment', 'before', $obj); if (!$output->toBool()) { return $output; } // check if a posting of the corresponding document_srl exists $document_srl = $obj->document_srl; if (!$document_srl) { return new Object(-1, 'msg_invalid_document'); } // get a object of document model $oDocumentModel = getModel('document'); // even for manual_inserted if password exists, hash it. if ($obj->password) { $obj->password = getModel('member')->hashPassword($obj->password); } // get the original posting if (!$manual_inserted) { $oDocument = $oDocumentModel->getDocument($document_srl); if ($document_srl != $oDocument->document_srl) { return new Object(-1, 'msg_invalid_document'); } if ($oDocument->isLocked()) { return new Object(-1, 'msg_invalid_request'); } if ($obj->homepage) { $obj->homepage = removeHackTag($obj->homepage); if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } } // input the member's information if logged-in if (Context::get('is_logged')) { $logged_info = Context::get('logged_info'); $obj->member_srl = $logged_info->member_srl; // user_id, user_name and nick_name already encoded $obj->user_id = htmlspecialchars_decode($logged_info->user_id); $obj->user_name = htmlspecialchars_decode($logged_info->user_name); $obj->nick_name = htmlspecialchars_decode($logged_info->nick_name); $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // error display if neither of log-in info and user name exist. if (!$logged_info->member_srl && !$obj->nick_name) { return new Object(-1, 'msg_invalid_request'); } if (!$obj->comment_srl) { $obj->comment_srl = getNextSequence(); } elseif (!$is_admin && !$manual_inserted && !checkUserSequence($obj->comment_srl)) { return new Object(-1, 'msg_not_permitted'); } // determine the order $obj->list_order = getNextSequence() * -1; // remove XE's own tags from the contents $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); if (Mobile::isFromMobilePhone()) { if ($obj->use_html != 'Y') { $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); } $obj->content = nl2br($obj->content); } if (!$obj->regdate) { $obj->regdate = date("YmdHis"); } // remove iframe and script if not a top administrator on the session. if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } if (!$obj->notify_message) { $obj->notify_message = 'N'; } if (!$obj->is_secret) { $obj->is_secret = 'N'; } // begin transaction $oDB = DB::getInstance(); $oDB->begin(); // Enter a list of comments first $list_args = new stdClass(); $list_args->comment_srl = $obj->comment_srl; $list_args->document_srl = $obj->document_srl; $list_args->module_srl = $obj->module_srl; $list_args->regdate = $obj->regdate; // If parent comment doesn't exist, set data directly if (!$obj->parent_srl) { $list_args->head = $list_args->arrange = $obj->comment_srl; $list_args->depth = 0; // If parent comment exists, get information of the parent comment } else { // get information of the parent comment posting $parent_args = new stdClass(); $parent_args->comment_srl = $obj->parent_srl; $parent_output = executeQuery('comment.getCommentListItem', $parent_args); // return if no parent comment exists if (!$parent_output->toBool() || !$parent_output->data) { return; } $parent = $parent_output->data; $list_args->head = $parent->head; $list_args->depth = $parent->depth + 1; // if the depth of comments is less than 2, execute insert. if ($list_args->depth < 2) { $list_args->arrange = $obj->comment_srl; // if the depth of comments is greater than 2, execute update. } else { // get the top listed comment among those in lower depth and same head with parent's. $p_args = new stdClass(); $p_args->head = $parent->head; $p_args->arrange = $parent->arrange; $p_args->depth = $parent->depth; $output = executeQuery('comment.getCommentParentNextSibling', $p_args); if ($output->data->arrange) { $list_args->arrange = $output->data->arrange; $output = executeQuery('comment.updateCommentListArrange', $list_args); } else { $list_args->arrange = $obj->comment_srl; } } } $output = executeQuery('comment.insertCommentList', $list_args); if (!$output->toBool()) { return $output; } // insert comment $output = executeQuery('comment.insertComment', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // creat the comment model object $oCommentModel = getModel('comment'); // get the number of all comments in the posting $comment_count = $oCommentModel->getCommentCount($document_srl); // create the controller object of the document $oDocumentController = getController('document'); // Update the number of comments in the post if (!$using_validation) { $output = $oDocumentController->updateCommentCount($document_srl, $comment_count, $obj->nick_name, TRUE); } else { if ($is_admin) { $output = $oDocumentController->updateCommentCount($document_srl, $comment_count, $obj->nick_name, TRUE); } } // grant autority of the comment if (!$manual_inserted) { $this->addGrant($obj->comment_srl); } // call a trigger(after) if ($output->toBool()) { $trigger_output = ModuleHandler::triggerCall('comment.insertComment', 'after', $obj); if (!$trigger_output->toBool()) { $oDB->rollback(); return $trigger_output; } } // commit $oDB->commit(); if (!$manual_inserted) { // send a message if notify_message option in enabled in the original article $oDocument->notify(Context::getLang('comment'), $obj->content); // send a message if notify_message option in enabled in the original comment if ($obj->parent_srl) { $oParent = $oCommentModel->getComment($obj->parent_srl); if ($oParent->get('member_srl') != $oDocument->get('member_srl')) { $oParent->notify(Context::getLang('comment'), $obj->content); } } } $this->sendEmailToAdminAfterInsertComment($obj); $output->add('comment_srl', $obj->comment_srl); return $output; }