/**
*
*
* @param Event $event An Event instance
*/
public function filter(Event $event, Response $response)
{
if (!$configuration = $event->get('request')->attributes->get('_cache')) {
return $response;
}
if (!$response->isSuccessful()) {
return $response;
}
if (null !== $configuration->getSMaxAge()) {
$response->setSharedMaxAge($configuration->getSMaxAge());
}
if (null !== $configuration->getMaxAge()) {
$response->setMaxAge($configuration->getMaxAge());
}
if (null !== $configuration->getExpires()) {
$date = \DateTime::create(\DateTime::createFromFormat('U', $configuration->getExpires(), new \DateTimeZone('UTC')));
$response->setLastModified($date);
}
return $response;
}
/**
* Handles get requests for the dashboard
* @todo update check should probably be cron'd and cached, not re-checked every load
*/
public function get_dashboard()
{
// Not sure how best to determine this yet, maybe set an option on install, maybe do this:
$firstpostdate = DB::get_value('SELECT min(pubdate) FROM {posts} WHERE status = ?', array(Post::status('published')));
if ($firstpostdate) {
$this->theme->active_time = DateTime::create($firstpostdate);
}
// check to see if we have updates to display
$this->theme->updates = Options::get('updates_available', array());
// collect all the stats we display on the dashboard
$user = User::identify();
$this->theme->stats = array('author_count' => Users::get(array('count' => 1)), 'post_count' => Posts::get(array('count' => 1, 'content_type' => Post::type('any'), 'status' => Post::status('published'))), 'comment_count' => Comments::count_total('approved', false), 'tag_count' => Tags::vocabulary()->count_total(), 'user_draft_count' => Posts::get(array('count' => 1, 'content_type' => Post::type('any'), 'status' => Post::status('draft'), 'user_id' => $user->id)), 'unapproved_comment_count' => User::identify()->can('manage_all_comments') ? Comments::count_total('unapproved', false) : Comments::count_by_author(User::identify()->id, Comment::status('unapproved')), 'spam_comment_count' => $user->can('manage_all_comments') ? Comments::count_total('spam', false) : Comments::count_by_author($user->id, Comment::status('spam')), 'user_scheduled_count' => Posts::get(array('count' => 1, 'content_type' => Post::type('any'), 'status' => Post::status('scheduled'), 'user_id' => $user->id)));
// check for first run
$u = User::identify();
$uinfo = $u->info;
if (!isset($uinfo->experience_level)) {
$this->theme->first_run = true;
$u->info->experience_level = 'user';
$u->info->commit();
} else {
$this->theme->first_run = false;
}
$this->get_additem_form();
Stack::add('admin_header_javascript', 'dashboard-js');
$this->display('dashboard');
}
public function test_delete_on_fail()
{
$job = CronTab::add_single_cron('test_delete_fail', 'this_cron_hook_doesnt_exist', DateTime::create(), 'Test Cron');
for ($z = 0; $z < 10; $z++) {
$job = CronTab::get_cronjob('test_delete_fail');
Options::set('next_cron', 0);
Options::delete('cron_running');
$job->execute();
}
$this->assert_false($job->active, 'The cron is still active after failing more than the allowed number of times.');
CronTab::delete_cronjob('test_delete_fail');
}
public function __construct()
{
parent::__construct();
// Let's register the options page form so we can use it with ajax
$self = $this;
FormUI::register('admin_options', function ($form, $name, $extra_data) use($self) {
$option_items = array();
$timezones = \DateTimeZone::listIdentifiers();
$timezones = array_merge(array('' => ''), array_combine(array_values($timezones), array_values($timezones)));
$option_items[_t('Name & Tagline')] = array('title' => array('label' => _t('Site Name'), 'type' => 'text', 'helptext' => ''), 'tagline' => array('label' => _t('Site Tagline'), 'type' => 'text', 'helptext' => ''), 'about' => array('label' => _t('About'), 'type' => 'textarea', 'helptext' => ''));
$option_items[_t('Publishing')] = array('pagination' => array('label' => _t('Items per Page'), 'type' => 'text', 'helptext' => ''), 'atom_entries' => array('label' => _t('Entries to show in Atom feed'), 'type' => 'text', 'helptext' => ''), 'comments_require_id' => array('label' => _t('Require Comment Author Email'), 'type' => 'checkbox', 'helptext' => ''), 'spam_percentage' => array('label' => _t('Comment SPAM Threshold'), 'type' => 'text', 'helptext' => _t('The likelihood a comment is considered SPAM, in percent.')));
$option_items[_t('Time & Date')] = array('timezone' => array('label' => _t('Time Zone'), 'type' => 'select', 'selectarray' => $timezones, 'helptext' => _t('Current Date Time: %s', array(DateTime::create()->format()))), 'dateformat' => array('label' => _t('Date Format'), 'type' => 'text', 'helptext' => _t('Current Date: %s', array(DateTime::create()->date))), 'timeformat' => array('label' => _t('Time Format'), 'type' => 'text', 'helptext' => _t('Current Time: %s', array(DateTime::create()->time))));
$option_items[_t('Language')] = array('locale' => array('label' => _t('Locale'), 'type' => 'select', 'selectarray' => array_merge(array('' => 'default'), array_combine(Locale::list_all(), Locale::list_all())), 'helptext' => Config::exists('locale') ? _t('International language code : This value is set in your config.php file, and cannot be changed here.') : _t('International language code'), 'disabled' => Config::exists('locale'), 'value' => Config::get('locale', Options::get('locale', 'en-us'))), 'system_locale' => array('label' => _t('System Locale'), 'type' => 'text', 'helptext' => _t('The appropriate locale code for your server')));
$option_items[_t('Troubleshooting')] = array('log_min_severity' => array('label' => _t('Minimum Severity'), 'type' => 'select', 'selectarray' => LogEntry::list_severities(), 'helptext' => _t('Only log entries with a this or higher severity.')), 'log_backtraces' => array('label' => _t('Log Backtraces'), 'type' => 'checkbox', 'helptext' => _t('Logs error backtraces to the log table\'s data column. Can drastically increase log size!')));
$option_items = Plugins::filter('admin_option_items', $option_items);
$tab_index = 3;
foreach ($option_items as $name => $option_fields) {
/** @var FormControlFieldset $fieldset */
$fieldset = $form->append(FormControlWrapper::create(Utils::slugify(_u($name)))->set_properties(array('class' => 'container main settings')));
$fieldset->append(FormControlStatic::create($name)->set_static('<h2 class="lead">' . htmlentities($name, ENT_COMPAT, 'UTF-8') . '</h2>'));
$fieldset->set_wrap_each('<div>%s</div>');
foreach ($option_fields as $option_name => $option) {
/** @var FormControlLabel $label */
$label = $fieldset->append(FormControlLabel::create('label_for_' . $option_name, null)->set_label($option['label']));
/** @var FormControl $field */
$field = $label->append($option['type'], $option_name, $option_name);
$label->set_for($field);
if (isset($option['value'])) {
$field->set_value($option['value']);
}
if (isset($option['disabled']) && $option['disabled'] == true) {
$field->set_properties(array('disabled' => 'disabled'));
}
if ($option['type'] == 'select' && isset($option['selectarray'])) {
$field->set_options($option['selectarray']);
}
$field->tabindex = $tab_index;
$tab_index++;
if (isset($option['helptext'])) {
$field->set_helptext($option['helptext']);
}
}
}
$buttons = $form->append(new FormControlWrapper('buttons', null, array('class' => 'container')));
$buttons->append(FormControlSubmit::create('apply', null, array('tabindex' => $tab_index))->set_caption(_t('Apply')));
$form->on_success(array($self, 'form_options_success'));
$form = Plugins::filter('admin_options_form', $form);
});
}
public function loginform_do_login($form)
{
$name = $form->habari_username->value;
$pass = $form->habari_password->value;
if (null != $name || null != $pass) {
$user = User::authenticate($name, $pass);
if ($user instanceof User && $user != false) {
$userinfo = $user->info;
// if there's an unused password reset token, unset it to make sure there's no possibility of a compromise that way
if (isset($userinfo->password_reset)) {
unset($userinfo->password_reset);
}
/* Successfully authenticated. */
// Timestamp last login date and time.
$user->info->authenticate_time = DateTime::create()->format('Y-m-d H:i:s');
$user->update();
// Remove left over expired session error message.
if (Session::has_errors('expired_session')) {
Session::remove_error('expired_session');
}
$login_session = Session::get_set('login');
if (!empty($login_session)) {
/* Now that we know we're dealing with the same user, transfer the form data so he does not lose his request */
if (!empty($login_session['post_data'])) {
Session::add_to_set('last_form_data', $last_form_data['post'], 'post');
}
if (!empty($login_session['get_data'])) {
Session::add_to_set('last_form_data', $last_form_data['get'], 'get');
}
// don't bother parsing out the URL, we store the URI that was requested, so just append that to the hostname and we're done
$login_dest = Site::get_url('host') . $login_session['original'];
} else {
$login_session = null;
$login_dest = Site::get_url('admin');
}
// filter the destination
$login_dest = Plugins::filter('login_redirect_dest', $login_dest, $user, $login_session);
// finally, redirect to the destination
Utils::redirect($login_dest);
return true;
}
/* Authentication failed. */
// Remove submitted password, see, we're secure!
$form->habari_password->value = '';
$this->handler_vars['error'] = _t('Bad credentials');
}
}
/**
* Handles asyncronous cron calls.
*
* @todo next_cron should be the actual next run time and update it when new
* crons are added instead of just maxing out at one day..
*/
function act_poll_cron()
{
Utils::check_request_method(array('GET', 'HEAD', 'POST'));
$time = doubleval($this->handler_vars['time']);
if ($time != Options::get('cron_running')) {
return;
}
// allow script to run for 10 minutes. This only works on host with safe mode DISABLED
if (!ini_get('safe_mode')) {
set_time_limit(600);
}
$time = DateTime::create();
$crons = DB::get_results('SELECT * FROM {crontab} WHERE start_time <= ? AND next_run <= ? AND active != ?', array($time->sql, $time->sql, 0), 'CronJob');
if ($crons) {
foreach ($crons as $cron) {
$cron->execute();
}
}
// set the next run time to the lowest next_run OR a max of one day.
$next_cron = DB::get_value('SELECT next_run FROM {crontab} WHERE active != ? ORDER BY next_run ASC LIMIT 1', array(0));
Options::set('next_cron', min(intval($next_cron), $time->modify('+1 day')->int));
Options::set('cron_running', false);
}
/**
* Get the fields of the post that differ from what is stored by date
* @param DateTime|string|int $date The date to fetch the revision of
* @return array An array of field data for the post with the values of those fields at the specified date
*/
public function get_revision_data($date)
{
$sql = <<<GET_REVISION_DATA
SELECT
id, post_id, change_field, old_value, user_id, min(change_date) as change_date
FROM {revisions}
WHERE
post_id = :post_id
AND change_date > :rev_date
GROUP BY change_field
ORDER BY change_date;
GET_REVISION_DATA;
return DB::get_results($sql, array('post_id' => $this->id, 'rev_date' => DateTime::create($date)->sql));
}
private function fetch_logs()
{
// load all the values for our filter drop-downs
$dates = $this->fetch_log_dates();
$users = $this->fetch_log_users();
$ips = $this->fetch_log_ips();
extract($this->fetch_log_modules_types());
// $modules and $types
$severities = LogEntry::list_severities();
// parse out the arguments we'll fetch logs for
// the initial arguments
$arguments = array('limit' => Controller::get_var('limit', 20), 'offset' => Controller::get_var('offset', 0));
// filter for the search field
$search = Controller::get_var('search', '');
if ($search != '') {
$arguments['criteria'] = $search;
}
// filter by date
$date = Controller::get_var('date', 'any');
if ($date != 'any') {
$d = DateTime::create($date);
// ! means fill any non-specified pieces with default Unix Epoch ones
$arguments['year'] = $d->format('Y');
$arguments['month'] = $d->format('m');
}
// filter by user
$user = Controller::get_var('user', 'any');
if ($user != 'any') {
$arguments['user_id'] = $user;
}
// filter by ip
$ip = Controller::get_var('address', 'any');
if ($ip != 'any') {
$arguments['ip'] = $ip;
}
// filter modules and types
// @todo get events of a specific type in a specific module, instead of either of the two
// the interface doesn't currently make any link between module and type, so we won't worry about it for now
$module = Controller::get_var('module', 'any');
$type = Controller::get_var('type', 'any');
if ($module != 'any') {
// we get a slugified key back, get the actual module name
$arguments['module'] = $modules[$module];
}
if ($type != 'any') {
// we get a slugified key back, get the actual type name
$arguments['type'] = $types[$type];
}
// filter by severity
$severity = Controller::get_var('severity', 0);
if ($severity != 0) {
$arguments['severity'] = $severity;
}
// get the logs!
$logs = EventLog::get($arguments);
// last, but not least, generate the list of years used for the timeline
$months = EventLog::get(array_merge($arguments, array('month_cts' => true)));
$years = array();
foreach ($months as $m) {
$years[$m->year][] = $m;
}
// assign all our theme values in one spot
// first the filter options
$this->theme->dates = $dates;
$this->theme->users = $users;
$this->theme->addresses = $ips;
$this->theme->modules = $modules;
$this->theme->types = $types;
$this->theme->severities = $severities;
// next the filter criteria we used
$this->theme->search_args = $search;
$this->theme->date = $date;
$this->theme->user = $user;
$this->theme->address = $ip;
$this->theme->module = $module;
$this->theme->type = $type;
$this->theme->severity = $severity;
$this->theme->logs = $logs;
$this->theme->years = $years;
$form = new FormUI('logs_batch', 'logs_batch');
$form->append(FormControlAggregate::create('entries')->set_selector('.log_entry')->set_value(array())->label('None Selected'));
$form->append($actions = FormControlDropbutton::create('actions'));
$actions->append(FormControlSubmit::create('delete_selected')->on_success(function (FormUI $form) {
$ids = $form->entries->value;
$count = 0;
/** @var LogEntry $log */
foreach ($ids as $id) {
$logs = EventLog::get(array('id' => $id));
foreach ($logs as $log) {
$log->delete();
$count++;
}
}
Session::notice(_t('Deleted %d logs.', array($count)));
$form->bounce(false);
})->set_caption(_t('Delete Selected')));
$actions->append(FormControlSubmit::create('purge_logs')->on_success(function (FormUI $form) {
if (EventLog::purge()) {
Session::notice(_t('Logs purged.'));
} else {
Session::notice(_t('There was a problem purging the event logs.'));
}
$form->bounce(false);
})->set_caption(_t('Purge Logs')));
$this->theme->form = $form;
$this->theme->wsse = Utils::WSSE();
// prepare a WSSE token for any ajax calls
}
/**
* function get
* Returns requested comments
* @param array $paramarray An associated array of parameters, or a querystring
* @return array An array of Comment objects, one for each query result
*
* <code>
* $comments = comments::get( array ( "author" => "skippy" ) );
* $comments = comments::get( array ( "slug" => "first-post", "status" => "1", "orderby" => "date ASC" ) );
* </code>
**/
public static function get($paramarray = array())
{
$params = array();
$fns = array('get_results', 'get_row', 'get_value');
$select = '';
// what to select -- by default, everything
foreach (Comment::default_fields() as $field => $value) {
$select .= '' == $select ? "{comments}.{$field} as {$field}" : ", {comments}.{$field} as {$field}";
}
// defaults
$orderby = 'date DESC';
$limit = Options::get('pagination');
// Put incoming parameters into the local scope
$paramarray = Utils::get_params($paramarray);
// let plugins alter the param array before we use it. could be useful for modifying search results, etc.
$paramarray = Plugins::filter('comments_get_paramarray', $paramarray);
$join_params = array();
// Transact on possible multiple sets of where information that is to be OR'ed
if (isset($paramarray['where']) && is_array($paramarray['where'])) {
$wheresets = $paramarray['where'];
} else {
$wheresets = array(array());
}
$wheres = array();
$joins = array();
if (isset($paramarray['where']) && is_string($paramarray['where'])) {
$wheres[] = $paramarray['where'];
} else {
foreach ($wheresets as $paramset) {
// safety mechanism to prevent empty queries
$where = array('1=1');
$paramset = array_merge((array) $paramarray, (array) $paramset);
if (isset($paramset['id']) && (is_numeric($paramset['id']) || is_array($paramset['id']))) {
if (is_numeric($paramset['id'])) {
$where[] = "{comments}.id= ?";
$params[] = $paramset['id'];
} else {
if (is_array($paramset['id']) && !empty($paramset['id'])) {
$id_list = implode(',', $paramset['id']);
// Clean up the id list - remove all non-numeric or comma information
$id_list = preg_replace("/[^0-9,]/", "", $id_list);
// You're paranoid, ringmaster! :P
$limit = count($paramset['id']);
$where[] = '{comments}.id IN (' . addslashes($id_list) . ')';
}
}
}
if (isset($paramset['status']) && false !== $paramset['status']) {
if (is_array($paramset['status'])) {
$paramset['status'] = array_diff($paramset['status'], array('any'));
array_walk($paramset['status'], function (&$a) {
$a = Comment::status($a);
});
$where[] = "{comments}.status IN (" . Utils::placeholder_string(count($paramset['status'])) . ")";
$params = array_merge($params, $paramset['status']);
} else {
$where[] = "{comments}.status= ?";
$params[] = Comment::status($paramset['status']);
}
}
if (isset($paramset['type']) && false !== $paramset['type']) {
if (is_array($paramset['type'])) {
$paramset['type'] = array_diff($paramset['type'], array('any'));
array_walk($paramset['type'], function (&$a) {
$a = Comment::type($a);
});
$where[] = "type IN (" . Utils::placeholder_string(count($paramset['type'])) . ")";
$params = array_merge($params, $paramset['type']);
} else {
$where[] = "type= ?";
$params[] = Comment::type($paramset['type']);
}
}
if (isset($paramset['name'])) {
$where[] = "LOWER( name ) = ?";
$params[] = MultiByte::strtolower($paramset['name']);
}
if (isset($paramset['email'])) {
$where[] = "LOWER( email ) = ?";
$params[] = MultiByte::strtolower($paramset['email']);
}
if (isset($paramset['url'])) {
$where[] = "LOWER( url ) = ?";
$params[] = MultiByte::strtolower($paramset['url']);
}
if (isset($paramset['post_id'])) {
$where[] = "{comments}.post_id= ?";
$params[] = $paramset['post_id'];
}
if (isset($paramset['ip'])) {
$where[] = "ip= ?";
$params[] = $paramset['ip'];
}
/* do searching */
if (isset($paramset['post_author'])) {
$joins['posts'] = ' INNER JOIN {posts} ON {comments}.post_id = {posts}.id';
if (is_array($paramset['post_author'])) {
$where[] = "{posts}.user_id IN (" . implode(',', array_fill(0, count($paramset['post_author']), '?')) . ")";
$params = array_merge($params, $paramset['post_author']);
} else {
$where[] = '{posts}.user_id = ?';
$params[] = (string) $paramset['post_author'];
}
}
if (isset($paramset['criteria'])) {
if (isset($paramset['criteria_fields'])) {
// Support 'criteria_fields' => 'author,ip' rather than 'criteria_fields' => array( 'author', 'ip' )
if (!is_array($paramset['criteria_fields']) && is_string($paramset['criteria_fields'])) {
$paramset['criteria_fields'] = explode(',', $paramset['criteria_fields']);
}
} else {
$paramset['criteria_fields'] = array('content');
}
$paramset['criteria_fields'] = array_unique($paramset['criteria_fields']);
preg_match_all('/(?<=")([\\p{L}\\p{N}]+[^"]*)(?=")|([\\p{L}\\p{N}]+)/u', $paramset['criteria'], $matches);
$where_search = array();
foreach ($matches[0] as $word) {
foreach ($paramset['criteria_fields'] as $criteria_field) {
$where_search[] .= "( LOWER( {comments}.{$criteria_field} ) LIKE ? )";
$params[] = '%' . MultiByte::strtolower($word) . '%';
}
}
if (count($where_search) > 0) {
$where[] = '(' . implode(" \nOR\n ", $where_search) . ')';
}
}
/*
* Build the pubdate
* If we've got the day, then get the date.
* If we've got the month, but no date, get the month.
* If we've only got the year, get the whole year.
* @todo Ensure that we've actually got all the needed parts when we query on them
* @todo Ensure that the value passed in is valid to insert into a SQL date (ie '04' and not '4')
*/
if (isset($paramset['day'])) {
/* Got the full date */
$where[] = 'date BETWEEN ? AND ?';
$start_date = sprintf('%d-%02d-%02d', $paramset['year'], $paramset['month'], $paramset['day']);
$start_date = DateTime::create($start_date);
$params[] = $start_date->sql;
$params[] = $start_date->modify('+1 day')->sql;
} elseif (isset($paramset['month'])) {
$where[] = 'date BETWEEN ? AND ?';
$start_date = sprintf('%d-%02d-%02d', $paramset['year'], $paramset['month'], 1);
$start_date = DateTime::create($start_date);
$params[] = $start_date->sql;
$params[] = $start_date->modify('+1 month')->sql;
} elseif (isset($paramset['year'])) {
$where[] = 'date BETWEEN ? AND ?';
$start_date = sprintf('%d-%02d-%02d', $paramset['year'], 1, 1);
$start_date = DateTime::create($start_date);
$params[] = $start_date->sql;
$params[] = $start_date->modify('+1 year')->sql;
}
// Concatenate the WHERE clauses
if (count($where) > 0) {
$wheres[] = ' (' . implode(' AND ', $where) . ') ';
}
}
}
// Only show comments to which the current user has permission to read the associated post
if (isset($paramset['ignore_permissions'])) {
$master_perm_where = '';
// Set up the merge params
$merge_params = array($join_params, $params);
$params = call_user_func_array('array_merge', $merge_params);
} else {
// This set of wheres will be used to generate a list of comment_ids that this user can read
$perm_where = array();
$perm_where_denied = array();
$params_where = array();
$where = array();
// every condition here will require a join with the posts table
$joins['posts'] = 'INNER JOIN {posts} ON {comments}.post_id={posts}.id';
// Get the tokens that this user is granted or denied access to read
$read_tokens = isset($paramset['read_tokens']) ? $paramset['read_tokens'] : ACL::user_tokens(User::identify(), 'read', true);
$deny_tokens = isset($paramset['deny_tokens']) ? $paramset['deny_tokens'] : ACL::user_tokens(User::identify(), 'deny', true);
// If a user can read his own posts, let him
if (User::identify()->can('own_posts', 'read')) {
$perm_where['own_posts_id'] = '{posts}.user_id = ?';
$params_where[] = User::identify()->id;
}
// If a user can read any post type, let him
if (User::identify()->can('post_any', 'read')) {
$perm_where = array('post_any' => '(1=1)');
$params_where = array();
} else {
// If a user can read specific post types, let him
$permitted_post_types = array();
foreach (Post::list_active_post_types() as $name => $posttype) {
if (User::identify()->can('post_' . Utils::slugify($name), 'read')) {
$permitted_post_types[] = $posttype;
}
}
if (count($permitted_post_types) > 0) {
$perm_where[] = '{posts}.content_type IN (' . implode(',', $permitted_post_types) . ')';
}
// If a user can read posts with specific tokens, let him see comments on those posts
if (count($read_tokens) > 0) {
$joins['post_tokens__allowed'] = ' LEFT JOIN {post_tokens} pt_allowed ON {posts}.id= pt_allowed.post_id AND pt_allowed.token_id IN (' . implode(',', $read_tokens) . ')';
$perm_where['perms_join_null'] = 'pt_allowed.post_id IS NOT NULL';
}
}
// If a user is denied access to all posts, do so
if (User::identify()->cannot('post_any')) {
$perm_where_denied = array('(0=1)');
} else {
// If a user is denied read access to specific post types, deny him
$denied_post_types = array();
foreach (Post::list_active_post_types() as $name => $posttype) {
if (User::identify()->cannot('post_' . Utils::slugify($name))) {
$denied_post_types[] = $posttype;
}
}
if (count($denied_post_types) > 0) {
$perm_where_denied[] = '{posts}.content_type NOT IN (' . implode(',', $denied_post_types) . ')';
}
}
// If there are granted permissions to check, add them to the where clause
if (count($perm_where) == 0 && !isset($joins['post_tokens__allowed'])) {
// You have no grants. You get no comments.
$where['perms_granted'] = '(0=1)';
} elseif (count($perm_where) > 0) {
$where['perms_granted'] = '
(' . implode(' OR ', $perm_where) . ')
';
$params = array_merge($params, $params_where);
}
if (count($deny_tokens) > 0) {
$joins['post_tokens__denied'] = ' LEFT JOIN {post_tokens} pt_denied ON {posts}.id= pt_denied.post_id AND pt_denied.token_id IN (' . implode(',', $deny_tokens) . ')';
$perm_where_denied['perms_join_null'] = 'pt_denied.post_id IS NULL';
}
// If there are denied permissions to check, add them to the where clause
if (count($perm_where_denied) > 0) {
$where['perms_denied'] = '
(' . implode(' AND ', $perm_where_denied) . ')
';
}
$master_perm_where = implode(' AND ', $where);
}
// Get any full-query parameters
$possible = array('page', 'fetch_fn', 'count', 'month_cts', 'nolimit', 'limit', 'offset', 'orderby');
foreach ($possible as $varname) {
if (isset($paramarray[$varname])) {
${$varname} = $paramarray[$varname];
}
}
if (isset($page) && is_numeric($page)) {
$offset = (intval($page) - 1) * intval($limit);
}
if (isset($fetch_fn)) {
if (!in_array($fetch_fn, $fns)) {
$fetch_fn = $fns[0];
}
} else {
$fetch_fn = $fns[0];
}
// is a count being request?
if (isset($count)) {
$select = "COUNT( 1 )";
$fetch_fn = 'get_value';
$orderby = '';
}
// is a count of comments by month being requested?
$groupby = '';
if (isset($month_cts)) {
$select = 'MONTH(FROM_UNIXTIME(date)) AS month, YEAR(FROM_UNIXTIME(date)) AS year, COUNT({comments}.id) AS ct';
$groupby = 'year, month';
$orderby = 'year, month';
}
if (isset($limit)) {
$limit = " LIMIT {$limit}";
if (isset($offset)) {
$limit .= " OFFSET {$offset}";
}
}
if (isset($nolimit) || isset($month_cts)) {
$limit = '';
}
// Build the final SQL statement
$query = '
SELECT DISTINCT ' . $select . ' FROM {comments} ' . implode(' ', $joins);
if (count($wheres) > 0) {
$query .= ' WHERE (' . implode(" \nOR\n ", $wheres) . ')';
$query .= $master_perm_where == '' ? '' : ' AND (' . $master_perm_where . ')';
} elseif ($master_perm_where != '') {
$query .= ' WHERE (' . $master_perm_where . ')';
}
$query .= $groupby == '' ? '' : ' GROUP BY ' . $groupby;
$query .= ($orderby == '' ? '' : ' ORDER BY ' . $orderby) . $limit;
DB::set_fetch_mode(\PDO::FETCH_CLASS);
DB::set_fetch_class('Comment');
$results = DB::$fetch_fn($query, $params, 'Comment');
if ('get_results' != $fetch_fn) {
// return the results
return $results;
} elseif (is_array($results)) {
$c = __CLASS__;
$return_value = new $c($results);
$return_value->get_param_cache = $paramarray;
return $return_value;
}
return false;
}
/**
* Compare the current set of plugins with those we last checked for updates.
* This is run by AdminHandler on every page load to make sure we always have fresh data on the dashboard.
*/
public static function check_plugins()
{
// register the beacons
self::register_beacons();
// get the list we checked last time
$checked_list = Options::get('updates_beacons');
// if the lists are different
if ($checked_list != self::instance()->beacons) {
// remove any stored updates, just to avoid showing stale data
Options::delete('updates_available');
// schedule an update check the next time cron runs
CronTab::add_single_cron('update_check_single', Method::create('\\Habari\\Update', 'cron'), DateTime::create()->int, _t('Perform a single check for plugin updates, the plugin set has changed.'));
}
}
/**
* Magic property setter to set the cronjob properties.
* Serializes the callback if needed.
*
* @see QueryRecord::__set()
* @param string $name The name of the property to set.
* @param mixed $value The value of the property to set.
* @return mixed The new value of the property.
*/
public function __set($name, $value)
{
switch ($name) {
case 'callback':
if (is_array($value) || is_object($value)) {
$value = serialize($value);
}
break;
case 'next_run':
case 'last_run':
case 'start_time':
case 'end_time':
if (!$value instanceof DateTime && !is_null($value)) {
$value = DateTime::create($value);
}
break;
}
return parent::__set($name, $value);
}
/**
* Returns an array representing the difference between two times by interval.
*
* <code>
* print_r( DateTime::difference( 'now', 'January 1, 2010' ) );
* // output (past): Array ( [invert] => [y] => 0 [m] => 9 [w] => 3 [d] => 5 [h] => 22 [i] => 33 [s] => 5 )
* print_r( DateTime::difference( 'now', 'January 1, 2011' ) );
* // output (future): Array ( [invert] => 1 [y] => 0 [m] => 2 [w] => 0 [d] => 3 [h] => 5 [i] => 33 [s] => 11 )
* </code>
*
* If 'invert' is true, the time is in the future (ie: x from now). If it is false, the time is in the past (ie: x ago).
*
* For more information, see PHP's DateInterval class, which this and friendly() attempt to emulate for < PHP 5.3
*
* @todo Add total_days, total_years, etc. values?
*
* @param mixed $start_date The start date, as a HDT object or any format accepted by DateTime::create().
* @param mixed $end_date The end date, as a HDT object or any format accepted by DateTime::create().
* @return array Array of each interval and whether the interval is inverted or not.
*/
public static function difference($start_date, $end_date)
{
// if the dates aren't HDT objects, try to convert them to one. this lets you pass in just about any format
if (!$start_date instanceof DateTime) {
$start_date = DateTime::create($start_date);
}
if (!$end_date instanceof DateTime) {
$end_date = DateTime::create($end_date);
}
$result = array();
// calculate the difference, in seconds
$difference = $end_date->int - $start_date->int;
if ($difference < 0) {
// if it's negative, time AGO
$result['invert'] = false;
} else {
// if it's positive, time UNTIL
$result['invert'] = true;
}
$difference = abs($difference);
// we'll progressively subtract from the seconds left, so initialize it
$seconds_left = $difference;
$result['y'] = floor($seconds_left / self::YEAR);
$seconds_left = $seconds_left - $result['y'] * self::YEAR;
$result['m'] = floor($seconds_left / self::MONTH);
$seconds_left = $seconds_left - $result['m'] * self::MONTH;
$result['w'] = floor($seconds_left / self::WEEK);
$seconds_left = $seconds_left - $result['w'] * self::WEEK;
$result['d'] = floor($seconds_left / self::DAY);
$seconds_left = $seconds_left - $result['d'] * self::DAY;
$result['h'] = floor($seconds_left / self::HOUR);
$seconds_left = $seconds_left - $result['h'] * self::HOUR;
$result['i'] = floor($seconds_left / self::MINUTE);
$seconds_left = $seconds_left - $result['i'] * self::MINUTE;
$result['s'] = $seconds_left;
return $result;
}
/**
* Return max validator
*
* @return DateTime
*/
public function max()
{
return DateTime::create();
}
/**
* function update_scheduled_posts_cronjob
*
* Creates or recreates the cronjob to publish
* scheduled posts. It is called whenever a post
* is updated or created
*
*/
public static function update_scheduled_posts_cronjob()
{
$min_time = DB::get_value('SELECT MIN(pubdate) FROM {posts} WHERE status = ?', array(Post::status('scheduled')));
CronTab::delete_cronjob('publish_scheduled_posts');
if ($min_time) {
CronTab::add_single_cron('publish_scheduled_posts', Method::create('\\Habari\\Posts', 'publish_scheduled_posts'), $min_time, 'Next run: ' . DateTime::create($min_time)->get('c'));
}
}
public static function trim()
{
// allow an option to be set to override the log retention - in days
$retention_days = Options::get('log_retention', 14);
// default to 14 days
// make it into the string we'll use
$retention = '-' . intval($retention_days) . ' days';
// Trim the log table down
$date = DateTime::create()->modify($retention);
$result = DB::query('DELETE FROM {log} WHERE timestamp < ?', array($date->sql));
if ($result) {
EventLog::log(_t('Entries over %d days old were trimmed from the EventLog', array($retention_days)), 'info');
} else {
EventLog::log(_t('There was an error trimming old entries from the EventLog!'), 'err');
}
return $result;
}
}
?>
</p>
</div>
<?php
if (!empty($updates)) {
?>
<ul class="updates">
<?php
foreach ($updates as $beacon_id => $beacon) {
$u_strings = array();
foreach ($beacon['updates'] as $u_version => $u) {
if (!empty($u['date'])) {
$u_title = _t('%1$s update released on %2$s: %3$s', array(MultiByte::ucfirst($u['severity']), DateTime::create($u['date'])->format('Y-m-d'), Utils::htmlspecialchars($u['text'])));
} else {
$u_title = _t('%1$s update: %3$s', array(MultiByte::ucfirst($u['severity']), $u['date'], Utils::htmlspecialchars($u['text'])));
}
if (!empty($u['url'])) {
$u_string = sprintf('<a href="%1$s" title="%2$s" class="%3$s">%4$s</a>', $u['url'], $u_title, $u['severity'], $u['version']);
} else {
$u_string = sprintf('<span title="%1$s" class="%2$s">%3$s</span>', $u_title, $u['severity'], $u['version']);
}
// add it to the array of updates available for this plugin
$u_strings[$u['version']] = $u_string;
}
$u_strings = Format::and_list($u_strings);
?>
<li class="update">
/**
* function nice_time
* Formats a time using a date format string
* @param DateTime $date A date as a DateTime object
* @param string $dateformat A date format string
* @returns string The time formatted as a string
*/
public static function nice_time($date, $dateformat = 'H:i:s')
{
if (!$date instanceof DateTime) {
$date = DateTime::create($date);
}
return $date->format($dateformat);
}
/**
* Overrides QueryRecord __set to implement custom object properties
*
* @param string $name name of property to return
* @param mixed $value The requested field value
* @return mixed The requested field value
*/
public function __set($name, $value)
{
switch ($name) {
case 'timestamp':
if (!$value instanceof DateTime) {
$value = DateTime::create($value);
}
break;
}
return parent::__set($name, $value);
}
/**
* Handles GET requests for an individual comment.
*/
public function get_comment($update = false)
{
if (isset($this->handler_vars['id']) && ($comment = Comment::get($this->handler_vars['id']))) {
$this->theme->comment = $comment;
// Convenience array to output actions twice
$actions = array('deleted' => 'delete', 'spam' => 'spam', 'unapproved' => 'unapprove', 'approved' => 'approve', 'saved' => 'save');
$form = $this->form_comment($comment, $actions);
if ($update) {
// Get the $_POSTed values
$form->process();
foreach ($actions as $key => $action) {
$id_one = $action . '_1';
$id_two = $action . '_2';
if ($form->{$id_one}->value != null || $form->{$id_two}->value != null) {
if ($action == 'delete') {
$comment->delete();
Utils::redirect(URL::get('display_comments'));
}
if ($action != 'save') {
foreach (Comment::list_comment_statuses() as $status) {
if ($status == $key) {
$comment->status = Comment::status_name($status);
$set_status = true;
}
}
}
}
}
$comment->content = $form->content->value;
$comment->name = $form->author_name->value;
$comment->url = $form->author_url->value;
$comment->email = $form->author_email->value;
$comment->ip = $form->author_ip->value;
$comment->date = DateTime::create($form->comment_date->value);
$comment->post_id = $form->comment_post->value;
if (!isset($set_status)) {
$comment->status = $form->comment_status->value;
}
$comment->update();
Plugins::act('comment_edit', $comment, $form);
Utils::redirect();
}
$comment->content = $form;
$this->theme->form = $form;
$this->display('comment');
} else {
Utils::redirect(URL::get('display_comments'));
}
}
public function __construct()
{
$self = $this;
FormUI::register('add_user', function (FormUI $form, $name) use($self) {
$form->set_settings(array('use_session_errors' => true));
$form->append(FormControlText::create('username')->set_properties(array('class' => 'columns three', 'placeholder' => _t('Username')))->add_validator('validate_username')->add_validator('validate_required'));
$form->append(FormControlText::create('email')->set_properties(array('class' => 'columns four', 'placeholder' => _t('E-Mail')))->add_validator('validate_email')->add_validator('validate_required'));
$password = FormControlPassword::create('password')->set_properties(array('class' => 'columns three', 'placeholder' => _t('Password')))->add_validator('validate_required');
$form->append($password);
$form->append(FormControlPassword::create('password_again')->set_properties(array('class' => 'columns three', 'placeholder' => _t('Password Again')))->add_validator('validate_same', $password));
$form->append(FormControlSubmit::create('newuser')->set_caption('Add User'));
$form->add_validator(array($self, 'validate_add_user'));
$form->on_success(array($self, 'do_add_user'));
});
FormUI::register('delete_users', function (FormUI $form, $name) use($self) {
$form->set_settings(array('use_session_errors' => true));
$form->append(FormControlAggregate::create('deletion_queue')->set_selector('.select_user')->label('Select All'));
$author_list = Users::get_all();
$authors[0] = _t('nobody');
foreach ($author_list as $author) {
$authors[$author->id] = $author->displayname;
}
$form->append(FormControlSelect::create('reassign')->set_options($authors));
$form->append(FormControlSubmit::create('delete_selected')->set_caption(_t('Delete Selected')));
$form->add_validator(array($self, 'validate_delete_users'));
$form->on_success(array($self, 'do_delete_users'));
});
FormUI::register('edit_user', function (FormUI $form, $name, $form_type, $data) use($self) {
$form->set_settings(array('use_session_errors' => true));
$edit_user = $data['edit_user'];
$field_sections = array('user_info' => _t('User Information'), 'change_password' => _t('Change Password'), 'regional_settings' => _t('Regional Settings'), 'dashboard' => _t('Dashboard'));
// Create a tracker for who we are dealing with
$form->append(FormControlData::create('edit_user')->set_value($edit_user->id));
// Generate sections
foreach ($field_sections as $key => $name) {
$fieldset = $form->append('wrapper', $key, $name);
$fieldset->add_class('container main settings');
$fieldset->append(FormControlStatic::create($key)->set_static('<h2 class="lead">' . htmlentities($name, ENT_COMPAT, 'UTF-8') . '</h2>'));
}
// User Info
$displayname = FormControlText::create('displayname')->set_value($edit_user->displayname);
$form->user_info->append(FormControlLabel::wrap(_t('Display Name'), $displayname));
$username = FormControlText::create('username')->add_validator('validate_username', $edit_user->username)->set_value($edit_user->username);
$form->user_info->append(FormControlLabel::wrap(_t('User Name'), $username));
$email = FormControlText::create('email')->add_validator('validate_email')->set_value($edit_user->email);
$form->user_info->append(FormControlLabel::wrap(_t('Email'), $email));
$imageurl = FormControlText::create('imageurl')->set_value($edit_user->info->imageurl);
$form->user_info->append(FormControlLabel::wrap(_t('Portrait URL'), $imageurl));
// Change Password
$password1 = FormControlPassword::create('password1', null, array('autocomplete' => 'off'))->set_value('');
$form->change_password->append(FormControlLabel::wrap(_t('New Password'), $password1));
$password2 = FormControlPassword::create('password2', null, array('autocomplete' => 'off'))->set_value('');
$form->change_password->append(FormControlLabel::wrap(_t('New Password Again'), $password2));
$delete = $self->handler_vars->filter_keys('delete');
// don't validate password match if action is delete
if (!isset($delete['delete'])) {
$password2->add_validator('validate_same', $password1, _t('Passwords must match.'));
}
// Regional settings
$timezones = \DateTimeZone::listIdentifiers();
$timezones = array_merge(array_combine(array_values($timezones), array_values($timezones)));
$locale_tz = FormControlSelect::create('locale_tz', null, array('multiple' => false))->set_options($timezones)->set_value($edit_user->info->locale_tz);
$form->regional_settings->append(FormControlLabel::wrap(_t('Timezone'), $locale_tz));
$locale_date_format = FormControlText::create('locale_date_format')->set_value($edit_user->info->locale_date_format);
$form->regional_settings->append(FormControlLabel::wrap(_t('Date Format'), $locale_date_format));
$edit_user_info = $edit_user->info;
if (isset($edit_user_info->locale_date_format) && $edit_user_info->locale_date_format != '') {
$current = DateTime::create()->get($edit_user_info->locale_date_format);
} else {
$current = DateTime::create()->date;
}
$locale_date_format->set_helptext(_t('See <a href="%s">php.net/date</a> for details. Current format: %s', array('http://php.net/date', $current)));
$locale_time_format = FormControlText::create('locale_time_format')->set_value($edit_user_info->locale_time_format);
$form->regional_settings->append(FormControlLabel::wrap(_t('Time Format'), $locale_time_format));
if (isset($edit_user_info->locale_time_format) && $edit_user_info->locale_time_format != '') {
$current = DateTime::create()->get($edit_user_info->locale_time_format);
} else {
$current = DateTime::create()->time;
}
$locale_time_format->set_helptext(_t('See <a href="%s">php.net/date</a> for details. Current format: %s', array('http://php.net/date', $current)));
$locales = array_merge(array('' => _t('System default') . ' (' . Options::get('locale', 'en-us') . ')'), array_combine(Locale::list_all(), Locale::list_all()));
$locale_lang = FormcontrolSelect::create('locale_lang', null, array('multiple' => false))->set_options($locales)->set_value($edit_user_info->locale_lang);
$form->regional_settings->append(FormControlLabel::wrap(_t(' Language'), $locale_lang));
$spam_count = FormControlCheckbox::create('dashboard_hide_spam_count')->set_helptext(_t('Hide the number of SPAM comments on your dashboard.'))->set_value($edit_user_info->dashboard_hide_spam_count);
$form->dashboard->append(FormControlLabel::wrap(_t('Hide Spam Count'), $spam_count));
// Groups
if (User::identify()->can('manage_groups')) {
$fieldset = $form->append(FormControlWrapper::create('groups'));
$fieldset->add_class('container main settings');
$fieldset->append(FormControlStatic::create('groups_title')->set_static('<h2 class="lead">' . htmlentities(_t('Groups'), ENT_COMPAT, 'UTF-8') . '</h2>'));
$fieldset->append(FormControlCheckboxes::create('user_group_membership')->set_options(Utils::array_map_field(UserGroups::get_all(), 'name', 'id'))->set_value($edit_user->groups));
}
// Controls
$controls = $form->append(FormControlWrapper::create('page_controls')->add_class('container controls transparent'));
$apply = $controls->append(FormControlSubmit::create('apply')->set_caption(_t('Apply')));
// Get author list
$author_list = Users::get_all();
$authors[0] = _t('nobody');
foreach ($author_list as $author) {
$authors[$author->id] = $author->displayname;
}
unset($authors[$edit_user->id]);
// We can't reassign this user's posts to themselves if we're deleting them
$reassign = FormControlSelect::create('reassign')->set_options($authors);
$reassign_label = FormControlLabel::wrap(_t('Reassign posts to:'), $reassign)->set_settings(array('wrap' => '<span class="reassigntext">%s</span>'));
$controls->append($reassign_label);
$controls->append(FormControlStatic::create('conjunction')->set_static(_t('and'))->set_settings(array('wrap' => '<span class="conjunction">%s</span>')));
$delete = $controls->append(FormControlSubmit::create('delete')->set_caption(_t('Delete'))->set_settings(array('wrap' => '<span>%s</span>'))->add_class('button'));
$delete->on_success(array($self, 'edit_user_delete'));
$delete->add_validator(array($self, 'validate_delete_user'));
$apply->on_success(array($self, 'edit_user_apply'));
$apply->add_validator(array($self, 'validate_edit_user'));
});
parent::__construct();
}
/**
* Sends HTTP headers that limit the cacheability of the page.
*
* @link http://php.net/session_cache_limiter
* @param string $type The type of caching headers to send. One of: 'public', 'private_no_expire', 'private', 'nocache', or ''.
* @return void
*/
public static function cache_limiter($type = 'nocache')
{
$expires = DateTime::create('+' . session_cache_expire() . ' seconds')->format(DateTime::RFC1123);
$last_modified = DateTime::create()->format(DateTime::RFC1123);
switch ($type) {
case 'public':
header('Expires: ' . $expires, true);
header('Cache-Control: public, max-age=' . $expires, true);
header('Last-Modified: ' . $last_modified, true);
break;
case 'private_no_expire':
header('Cache-Control: private, max-age=' . $expires . ', pre-check=' . $expires, true);
header('Last-Modified: ' . $last_modified, true);
break;
case 'private':
header('Expires: Thu, 19 Nov 1981 08:52:00 GMT', true);
header('Cache-Control: private max-age=' . $expires . ', pre-check=' . $expires, true);
header('Last-Modified: ' . $last_modified, true);
break;
case 'nocache':
header('Expires: Thu, 19 Nov 1981 08:52:00 GMT', true);
header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0', true);
header('Pragma: no-cache', true);
break;
case '':
return;
break;
}
}
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
foreach ($post->versions as $v) {
?>
<tr>
<td><?php
echo $v->term_display;
?>
</td>
<td><?php
echo DateTime::create($v->info->release)->format(Options::get("plugin_directory__date_format", "F j, Y"));
?>
</td>
<td><a href="<?php
echo $v->download_url;
?>
">Download <?php
echo $v->info->version;
?>
</a></td>
<?php
if (count($permitted_versions) > 0) {
?>
<td>
<?php
if (in_array($v->term, $permitted_versions)) {
public static function handle_addon($info = array(), $versions = array())
{
// Allow plugins to modify a new addon before it is created.
Plugins::act('handle_addon_before', $info, $versions);
$main_fields = array('user_id' => 'user_id', 'name' => 'title', 'description' => 'content', 'tags' => 'tags');
$post_fields = array('content_type' => Post::type('addon'), 'status' => Post::status('published'), 'pubdate' => DateTime::create());
$post = self::get_addon(strtoupper($info['guid']));
// strtoupper might not be necessary
if (!$post) {
/* There is no addon already with the guid. Create a new one. */
foreach ($main_fields as $k => $v) {
$post_fields[$v] = $info[$k];
}
unset($post);
$post = Post::create($post_fields);
$post->info->hoster = $info['hoster'];
$post->update();
EventLog::log(_t('Created post #%s - %s', array($post->id, $post->title)), 'info');
} else {
/* Update the existing addon. */
$post->modify(array('title' => $info['name'], 'content' => $info['description'], 'slug' => Utils::slugify($info['name']), 'pubdate' => DateTime::date_create()));
$post->update();
EventLog::log(_t('Edited post #%s - %s', array($post->id, $post->title)), 'info');
$info = array_diff_key($info, array('original_repo' => 'should be removed for updates'));
}
// remove the fields that should not become postinfo.
$info_fields = array_diff_key($info, $main_fields);
foreach ($info_fields as $k => $v) {
switch ($k) {
case 'guid':
$post->info->{$k} = strtoupper($v);
break;
default:
$post->info->{$k} = $v;
break;
}
}
$post->info->commit();
self::save_versions($post, $versions);
// Allow plugins to act after a new addon has been created.
Plugins::act('handle_addon_after', $info, $versions);
}
/**
* Save a new user to the users table
*/
public function insert()
{
$allow = true;
$allow = Plugins::filter('user_insert_allow', $allow, $this);
if (!$allow) {
return;
}
Plugins::act('user_insert_before', $this);
$this->exclude_fields('id');
$result = parent::insertRecord(DB::table('users'));
$this->fields['id'] = DB::last_insert_id();
// Make sure the id is set in the user object to match the row id
$this->info->set_key($this->id);
/* If a new user is being created and inserted into the db, info is only safe to use _after_ this set_key call. */
// $this->info->option_default = "saved";
// Set the default timezone, date format, and time format
$this->info->locale_tz = Options::get('timezone');
$this->info->locale_date_format = Options::get('dateformat');
$this->info->locale_time_format = Options::get('timeformat');
$this->info->locale_lang = Options::get('locale', 'en-us');
// Save when this user was created
$this->info->creation_time = DateTime::create()->format('Y-m-d H:i:s');
$this->info->commit();
if ($result) {
// Add the user to the default authenticated group if it exists
if (UserGroup::exists('authenticated')) {
$this->add_to_group('authenticated');
}
}
EventLog::log(_t('New user created: %s', array($this->username)), 'info', 'default', 'habari');
Plugins::act('user_insert_after', $this);
return $result;
}
/**
* Overrides QueryRecord __set to implement custom object properties
* @param string $name Name of property to set
* @param mixed $value Value of the property
* @return mixed The set field value
*/
public function __set($name, $value)
{
switch ($name) {
case 'status':
$value = self::status($value);
break;
case 'date':
if (!$value instanceof DateTime) {
$value = DateTime::create($value);
}
break;
case 'post':
if (is_int($value)) {
// a post ID was passed
$p = Post::get(array('id' => $value));
$this->post_id = $p->id;
$this->post_object = $p;
} elseif (is_string($value)) {
// a post Slug was passed
$p = Post::get(array('slug' => $value));
$this->post_id = $p->id;
$this->post_object = $p;
} elseif (is_object($value)) {
// a Post object was passed, so just use it directly
$this->post_id = $value->id;
$this->post_object = $value;
}
return $value;
}
return parent::__set($name, $value);
}
/**
* Add a comment to the site
*
* @param mixed $post A Post object instance or Post object id
* @param string $name The commenter's name
* @param string $email The commenter's email address
* @param string $url The commenter's website URL
* @param string $content The comment content
* @param array $extra An associative array of extra values that should be considered
*/
function add_comment($post, $name = null, $email = null, $url = null, $content = null, $extra = null)
{
if (is_numeric($post)) {
$post = Post::get(array('id' => $post));
}
if (!$post instanceof Post) {
// Not sure what you're trying to pull here, but that's no good
header('HTTP/1.1 403 Forbidden', true, 403);
die;
}
/* Sanitize data */
foreach (array('name', 'url', 'email', 'content') as $k) {
${$k} = InputFilter::filter(${$k});
}
// there should never be any HTML in the name, so do some extra filtering on it
$name = strip_tags(html_entity_decode($name, ENT_QUOTES, 'UTF-8'));
/* Sanitize the URL */
if (!empty($url)) {
$parsed = InputFilter::parse_url($url);
if ($parsed['is_relative']) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url('http://' . $url);
if (!$parsed['is_error']) {
$url = InputFilter::glue_url($parsed);
} else {
// disallow relative URLs
$url = '';
}
}
if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
// allow only http(s) URLs
$url = '';
} else {
// reconstruct the URL from the error-tolerant parsing
// http:moeffju.net/blog/ -> http://moeffju.net/blog/
$url = InputFilter::glue_url($parsed);
}
}
/* Create comment object*/
$comment = new Comment(array('post_id' => $post->id, 'name' => $name, 'email' => $email, 'url' => $url, 'ip' => Utils::get_ip(), 'content' => $content, 'status' => Comment::status('approved'), 'date' => DateTime::create(), 'type' => Comment::type('comment')));
// Should this really be here or in a default filter?
// In any case, we should let plugins modify the status after we set it here.
$user = User::identify();
if ($user->loggedin && $comment->email == $user->email) {
$comment->status = 'approved';
}
// Allow themes to work with comment hooks
Themes::create();
// Allow plugins to change comment data and add commentinfo based on plugin-added form fields
Plugins::act('comment_accepted', $comment, $this->handler_vars, $extra);
$spam_rating = 0;
$spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars, $extra);
if ($spam_rating >= Options::get('spam_percentage', 100)) {
$comment->status = 'spam';
}
$comment->insert();
$anchor = '';
// If the comment was saved
if ($comment->id && $comment->status != 'spam') {
$anchor = '#comment-' . $comment->id;
// store in the user's session that this comment is pending moderation
if ($comment->status == 'unapproved') {
Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id);
}
// if no cookie exists, we should set one
// but only if the user provided some details
$cookie_name = 'comment_' . Options::get('public-GUID');
// build the string we store for the cookie
$cookie_content = implode('#', array($comment->name, $comment->email, $comment->url));
// if the user is not logged in and there is no cookie OR the cookie differs from the current set
if (User::identify()->loggedin == false && (!isset($_COOKIE[$cookie_name]) || $_COOKIE[$cookie_name] != $cookie_content)) {
// update the cookie
setcookie($cookie_name, $cookie_content, time() + DateTime::YEAR, Site::get_path('base', true));
}
}
// Return the commenter to the original page.
Utils::redirect($post->permalink . $anchor);
}
