/** * Moderates an item * * This will actually perform moderation (approve or delete) one or more items * * @param array $mid Array of items * @param array $action Array of actions to perform on items * @param string $type Type of items ('story', etc.) * @param int $count Number of items to moderate * @return string HTML for "command and control" page * */ function moderation($mid, $action, $type, $count) { global $_CONF, $_TABLES; $retval = ''; switch ($type) { case 'story': $id = 'sid'; $table = $_TABLES['stories']; $submissiontable = $_TABLES['storysubmission']; $fields = 'sid,uid,tid,title,introtext,date,postmode'; break; case 'comment': $id = 'cid'; $submissiontable = $_TABLES['commentsubmissions']; $sidArray[] = ''; break; default: if (strlen($type) <= 0) { // something is terribly wrong, bail $retval .= COM_errorLog("Unable to find type of {$type} in moderation() in moderation.php"); return $retval; } list($id, $table, $fields, $submissiontable) = PLG_getModerationValues($type); } // Set true if an valid action other than delete_all is selected $formaction = false; for ($i = 0; $i < $count; $i++) { if (isset($action[$i]) and $action[$i] != '') { $formaction = true; } else { continue; } switch ($action[$i]) { case 'delete': if (!empty($type) && $type != 'story' && $type != 'draft') { // There may be some plugin specific processing that needs to // happen first. $retval .= PLG_deleteSubmission($type, $mid[$i]); } if (empty($mid[$i])) { $retval .= COM_errorLog("moderation.php just tried deleting everything in table {$submissiontable} because it got an empty id. Please report this immediately to your site administrator"); return $retval; } if ($type == 'draft') { STORY_deleteStory($mid[$i]); } else { DB_delete($submissiontable, "{$id}", $mid[$i]); } break; case 'approve': if ($type == 'story') { $result = DB_query("SELECT * FROM {$_TABLES['storysubmission']} WHERE sid = '{$mid[$i]}'"); $A = DB_fetchArray($result); $A['related'] = addslashes(implode("\n", STORY_extractLinks($A['introtext']))); $A['owner_id'] = $A['uid']; $A['title'] = addslashes($A['title']); $A['introtext'] = addslashes($A['introtext']); $A['bodytext'] = addslashes($A['bodytext']); $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); $T = DB_fetchArray($result); if ($T['archive_flag'] == 1) { $frontpage = 0; } else { if (isset($_CONF['frontpage'])) { $frontpage = $_CONF['frontpage']; } else { $frontpage = 1; } } DB_save($_TABLES['stories'], 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}"); DB_delete($_TABLES['storysubmission'], "{$id}", $mid[$i]); PLG_itemSaved($A['sid'], 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); } else { if ($type == 'draft') { DB_query("UPDATE {$_TABLES['stories']} SET draft_flag = 0 WHERE sid = '{$mid[$i]}'"); COM_rdfUpToDateCheck(); COM_olderStuff(); } else { if ($type == 'comment') { $sid = CMT_approveModeration($mid[$i]); if (!in_array($sid, $sidArray)) { $sidArray[$i] = $sid; } } else { // This is called in case this is a plugin. There may be some // plugin specific processing that needs to happen. DB_copy($table, $fields, $fields, $submissiontable, $id, $mid[$i]); $retval .= PLG_approveSubmission($type, $mid[$i]); } } } break; } } // after loop update comment tree and count for each story if (isset($sidArray)) { foreach ($sidArray as $sid) { CMT_rebuildTree($sid); //update comment count of stories; $comments = DB_count($_TABLES['comments'], 'sid', $sid); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid); } } //Add new comment users to group comment.submit group if (isset($_POST['publishfuture'])) { for ($i = 0; $i < count($_POST['publishfuture']); $i++) { $uid = COM_applyFilter($_POST['publishfuture'][$i], true); if ($uid > 1 && !SEC_inGroup('Comment Submitters', $uid)) { SEC_addUserToGroup($uid, 'Comment Submitters'); } } } // Check if there was no direct action used on the form // and if the delete_all submit action was used if (!$formaction and isset($_POST['delitem'])) { foreach ($_POST['delitem'] as $delitem) { $delitem = COM_applyFilter($delitem); if (!empty($type) && $type != 'story' && $type != 'draft') { // There may be some plugin specific processing that needs to // happen first. $retval .= PLG_deleteSubmission($type, $delitem); } if ($type == 'draft') { STORY_deleteStory($delitem); } else { DB_delete($submissiontable, "{$id}", $delitem); } } } $retval .= commandcontrol(SEC_createToken()); return $retval; }
/** * Approve a comment * * @param string $suffix */ function approveComments($suffix) { global $_CONF, $_USER; $commentIds = getCommentIds($suffix); if (SEC_checkToken()) { if (count($commentIds) > 0) { foreach ($commentIds as $commentId) { CMT_approveModeration($commentId); } } COM_redirect($_CONF['site_admin_url'] . '/comment.php?msg=142'); } else { COM_accessLog("User {$_USER['username']} tried to approve comments (cid = " . implode(', ', $commentIds) . ") and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/index.php'); } }