} break; case 'delete_comment': check_pwg_token(); include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id($_GET['comment_to_delete']); if (can_manage_comment('delete', $author_id)) { delete_user_comment($_GET['comment_to_delete']); } redirect($url_self); case 'validate_comment': check_pwg_token(); include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id($_GET['comment_to_validate']); if (can_manage_comment('validate', $author_id)) { validate_user_comment($_GET['comment_to_validate']); } redirect($url_self); } } //---------- incrementation of the number of hits $inc_hit_count = !isset($_POST['content']); // don't increment counter if in the Mozilla Firefox prefetch if (isset($_SERVER['HTTP_X_MOZ']) and $_SERVER['HTTP_X_MOZ'] == 'prefetch') { $inc_hit_count = false; } else { // don't increment counter if comming from the same picture (actions) if (pwg_get_session_var('referer_image_id', 0) == $page['image_id']) { $inc_hit_count = false;
// +-----------------------------------------------------------------------+ // | comments management | // +-----------------------------------------------------------------------+ $comment_id = null; $action = null; $actions = array('delete', 'validate', 'edit'); foreach ($actions as $loop_action) { if (isset($_GET[$loop_action])) { $action = $loop_action; check_input_parameter($action, $_GET, false, PATTERN_ID); $comment_id = $_GET[$action]; break; } } if (isset($action)) { $comment_author_id = get_comment_author_id($comment_id); if (can_manage_comment($action, $comment_author_id)) { $perform_redirect = false; if ('delete' == $action) { check_pwg_token(); delete_user_comment($comment_id); $perform_redirect = true; } if ('validate' == $action) { check_pwg_token(); validate_user_comment($comment_id); $perform_redirect = true; } if ('edit' == $action) { if (!empty($_POST['content'])) { check_pwg_token();