/**
* Handles a comment view request
*
* @copyright Vincent Furia 2005
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @param string $format 'threaded', 'nested', or 'flat'
* @param string $order 'ASC' or 'DESC' or blank
* @param int $page Page number of comments to display
* @param boolean $view View or display (true for view)
* @return string HTML (possibly a refresh)
*/
function CMT_handleView($format, $order, $page, $view = true)
{
global $_CONF, $_TABLES, $_USER;
$display = '';
$cid = 0;
if ($view) {
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
} else {
if (isset($_REQUEST[CMT_PID])) {
$cid = COM_applyFilter($_REQUEST[CMT_PID], true);
}
}
if ($cid <= 0) {
COM_handle404();
}
$sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = {$cid}";
$A = DB_fetchArray(DB_query($sql));
$sid = $A['sid'];
$title = $A['title'];
$type = $A['type'];
$display = PLG_displayComment($type, $sid, $cid, $title, $order, $format, $page, $view);
if (!$display) {
COM_handle404();
}
$display = COM_showMessageFromParameter() . $display;
$display = COM_createHTMLDocument($display, array('pagetitle' => $title));
return $display;
}
/**
* Handles a comment view request
*
* @copyright Vincent Furia 2005
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @param boolean $view View or display (true for view)
* @return string HTML (possibly a refresh)
*/
function handleView($view = true)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS;
$display = '';
if ($view) {
$cid = COM_applyFilter($_REQUEST['cid'], true);
} else {
$cid = COM_applyFilter($_REQUEST['pid'], true);
}
if ($cid <= 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = {$cid}";
$A = DB_fetchArray(DB_query($sql));
$sid = $A['sid'];
$title = $A['title'];
$type = $A['type'];
$format = $_CONF['comment_mode'];
if (isset($_REQUEST['format'])) {
$format = COM_applyFilter($_REQUEST['format']);
}
if ($format != 'threaded' && $format != 'nested' && $format != 'flat') {
if (COM_isAnonUser()) {
$format = $_CONF['comment_mode'];
} else {
$format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
}
}
switch ($type) {
case 'article':
$sql = 'SELECT COUNT(*) AS count, commentcode, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']} WHERE (sid = '{$sid}') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND') . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon ';
$result = DB_query($sql);
$B = DB_fetchArray($result);
$allowed = $B['count'];
if ($allowed == 1) {
$delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($B['owner_id'], $B['group_id'], $B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']) == 3;
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$page = 0;
if (isset($_REQUEST['page'])) {
$page = COM_applyFilter($_REQUEST['page'], true);
}
$display .= CMT_userComments($sid, $title, $type, $order, $format, $cid, $page, $view, $delete_option, $B['commentcode']);
} else {
$display .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_ACCESS['storydenialmsg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
break;
default:
// assume plugin
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$page = 0;
if (isset($_REQUEST['page'])) {
$page = COM_applyFilter($_REQUEST['page'], true);
}
if (!($display = PLG_displayComment($type, $sid, $cid, $title, $order, $format, $page, $view))) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
}
return COM_siteHeader('menu', $title) . COM_showMessageFromParameter() . $display . COM_siteFooter();
}
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd <wenerd87 AT gmail DOT com>
* @return string HTML (possibly a refresh)
*/
function handleEdit()
{
global $_TABLES, $LANG03, $_USER, $_CONF, $_PLUGINS;
if (isset($_POST['cid'])) {
$cid = COM_applyFilter($_POST['cid'], true);
} else {
if (isset($_GET['cid'])) {
$cid = COM_applyFilter($_GET['cid'], true);
} else {
$cid = -1;
}
}
if (isset($_POST['sid'])) {
$sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
} else {
if (isset($_GET['sid'])) {
$sid = COM_sanitizeID(COM_applyFilter($_GET['sid']));
} else {
$sid = '';
}
}
if (isset($_POST['type'])) {
$type = COM_applyFilter($_POST['type']);
} else {
if (isset($_GET['type'])) {
$type = COM_applyFilter($_GET['type']);
} else {
$type = '';
}
}
if ($type != 'article') {
if (!in_array($type, $_PLUGINS)) {
$type = '';
}
}
if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$result = DB_query("SELECT title,comment FROM {$_TABLES['comments']} " . "WHERE cid = " . (int) $cid . " AND sid = '" . DB_escapeString($sid) . "' AND type = '" . DB_escapeString($type) . "'");
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$title = $A['title'];
$commenttext = COM_undoSpecialChars($A['comment']);
//remove signature
$pos = strpos($commenttext, '<!-- COMMENTSIG --><div class="comment-sig">');
if ($pos > 0) {
$commenttext = substr($commenttext, 0, $pos);
}
//get format mode
if (preg_match('/<.*>/', $commenttext) != 0) {
$postmode = 'html';
} else {
$postmode = 'plaintext';
}
} else {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$pid = isset($_REQUEST['pid']) ? COM_applyFilter($_REQUEST['pid'], true) : 0;
return PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0) . CMT_commentForm($title, $commenttext, $sid, $pid, $type, 'edit', $postmode);
}
