/** * Check if a comment token was submitted to the serendipity main framework. * This function can kill the workflow completely, if moderation was wanted. * * @param string The current base URI * @access public * @return null */ function serendipity_checkCommentTokenModeration($uri) { global $serendipity; // token based comment moderation starts here if ($serendipity['useCommentTokens'] === true && preg_match(PAT_DELETE, $uri, $res)) { $return_msg = "Error.\n"; $tokenparse = explode("_", $res[1]); // check that we got a 32 char token if (is_array($tokenparse)) { if (strlen($tokenparse[2]) == 32) { if ($tokenparse[0] == 'comment') { if (serendipity_deleteComment($res[2], $res[3], 'comments', $tokenparse[2])) { $return_msg = sprintf(COMMENT_DELETED, $res[2]) . "\n"; } else { $return_msg = sprintf(COMMENT_NOTOKENMATCH, $res[2]) . "\n"; } } elseif ($tokenparse[0] == 'trackback') { if (serendipity_deleteComment($res[2], $res[3], 'trackbacks', $tokenparse[2])) { $return_msg = sprintf(TRACKBACK_DELETED, $res[2]) . "\n"; } else { $return_msg = sprintf(TRACKBACK_NOTOKENMATCH, $res[2]) . "\n"; } } } else { $return_msg = sprintf(BADTOKEN) . "\n"; } header('Content-Type: text/plain; charset=' . LANG_CHARSET); die($return_msg); } } if ($serendipity['useCommentTokens'] === true && preg_match(PAT_APPROVE, $uri, $res)) { $return_msg = "Error.\n"; $tokenparse = explode("_", $res[1]); // check that we got a 32 char token if (is_array($tokenparse)) { if (strlen($tokenparse[2]) == 32) { if ($tokenparse[0] == 'comment') { if (serendipity_approveComment($res[2], $res[3], false, false, $tokenparse[2])) { $return_msg = sprintf(COMMENT_APPROVED, $res[2]) . "\n"; } else { $return_msg = sprintf(COMMENT_NOTOKENMATCH, $res[2]) . "\n"; } } elseif ($tokenparse[0] == 'trackback') { if (serendipity_approveComment($res[2], $res[3], false, false, $tokenparse[2])) { $return_msg = sprintf(TRACKBACK_APPROVED, $res[2]) . "\n"; } else { $return_msg = sprintf(TRACKBACK_NOTOKENMATCH, $res[2]) . "\n"; } } } else { $return_msg = sprintf(BADTOKEN) . "\n"; } header('Content-Type: text/plain; charset=' . LANG_CHARSET); die($return_msg); } } }
<?php # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details #if ($_REQUEST['type'] == 'trackback') die('Disabled'); include 'serendipity_config.inc.php'; include S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php'; header('Content-Type: text/html; charset=' . LANG_CHARSET); if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type'])) { serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']); if (serendipity_isResponseClean($_SERVER['HTTP_REFERER'])) { header('Status: 302 Found'); header('Location: ' . $_SERVER['HTTP_REFERER']); exit; } } if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry'])) { serendipity_allowCommentsToggle($serendipity['GET']['entry'], $serendipity['GET']['switch']); } if (!empty($_REQUEST['c']) && !empty($_REQUEST['hash'])) { $res = serendipity_confirmMail($_REQUEST['c'], $_REQUEST['hash']); $serendipity['view'] = 'notification'; $serendipity['GET']['action'] = 'custom'; $serendipity['smarty_custom_vars'] = array('content_message' => $res ? NOTIFICATION_CONFIRM_MAIL : NOTIFICATION_CONFIRM_MAIL_FAIL, 'subscribe_confirm_error' => !$res, 'subscribe_confirm_success' => $res); include S9Y_INCLUDE_PATH . 'include/genpage.inc.php'; $serendipity['smarty']->display(serendipity_getTemplateFile('index.tpl', 'serendipityPath')); exit; } if (!empty($_REQUEST['optin'])) { $res = serendipity_commentSubscriptionConfirm($_REQUEST['optin']); $serendipity['view'] = 'notification';
function wp_deleteComment($message) { global $serendipity; $val = $message->params[1]; $username = $val->getval(); $val = $message->params[2]; $password = $val->getval(); if (!serendipity_authenticate_author($username, $password)) { return new XML_RPC_Response('', XMLRPC_ERR_CODE_AUTHFAILED, XMLRPC_ERR_NAME_AUTHFAILED); } $val = $message->params[3]; $comment_id = $val->getval(); if (!empty($comment_id)) { // We need the entryid, so fetch it: $sql = serendipity_db_query("SELECT entry_id FROM {$serendipity['dbPrefix']}comments WHERE id = " . $comment_id, true); $entry_id = $sql['entry_id']; $result = serendipity_deleteComment($comment_id, $entry_id); } else { $result = false; } return new XML_RPC_Response(new XML_RPC_Value($result, 'boolean')); }
if (isset($_SERVER['HTTP_REFERER']) && empty($_SESSION['HTTP_REFERER'])) { $_SESSION['HTTP_REFERER'] = $_SERVER['HTTP_REFERER']; } if (preg_match(PAT_UNSUBSCRIBE, $uri, $res)) { if (serendipity_cancelSubscription(urldecode($res[1]), $res[2])) { define('DATA_UNSUBSCRIBED', sprintf(UNSUBSCRIBE_OK, urldecode($res[1]))); } $uri = '/' . PATH_UNSUBSCRIBE . '/' . $res[2] . '-untitled.html'; } else { define('DATA_UNSUBSCRIBED', false); } serendipity_checkCommentTokenModeration($uri); if (preg_match(PAT_DELETE, $uri, $res) && $serendipity['serendipityAuthedUser'] === true) { if ($res[1] == 'comment' && serendipity_deleteComment($res[2], $res[3], 'comments')) { define('DATA_COMMENT_DELETED', sprintf(COMMENT_DELETED, $res[2])); } elseif ($res[1] == 'trackback' && serendipity_deleteComment($res[2], $res[3], 'trackbacks')) { define('DATA_TRACKBACK_DELETED', sprintf(TRACKBACK_DELETED, $res[2])); } } else { define('DATA_COMMENT_DELETED', false); define('DATA_TRACKBACK_DELETED', false); } if (preg_match(PAT_APPROVE, $uri, $res) && $serendipity['serendipityAuthedUser'] === true) { if ($res[1] == 'comment' && serendipity_approveComment($res[2], $res[3])) { define('DATA_COMMENT_APPROVED', sprintf(COMMENT_APPROVED, $res[2])); define('DATA_TRACKBACK_APPROVED', false); } elseif ($res[1] == 'trackback' && serendipity_approveComment($res[2], $res[3])) { define('DATA_COMMENT_APPROVED', false); define('DATA_TRACKBACK_APPROVED', sprintf(TRACKBACK_APPROVED, $res[2])); } } else {
$msg .= DONE . ': ' . sprintf(COMMENT_APPROVED, (int) $serendipity['GET']['id']); } } if (isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'pending' && serendipity_checkFormToken()) { $sql = "SELECT c.*, e.title, a.email as authoremail, a.mail_comments\n FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid)\n WHERE c.id = " . (int) $serendipity['GET']['id'] . " AND status = 'approved'"; $rs = serendipity_db_query($sql, true); if ($rs === false) { $errormsg .= ERROR . ': ' . sprintf(COMMENT_ALREADY_APPROVED, (int) $serendipity['GET']['id']); } else { serendipity_approveComment((int) $serendipity['GET']['id'], (int) $rs['entry_id'], true, true); $msg .= DONE . ': ' . sprintf(COMMENT_MODERATED, (int) $serendipity['GET']['id']); } } /* We are asked to delete a comment */ if (isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'delete' && serendipity_checkFormToken()) { serendipity_deleteComment($serendipity['GET']['id'], $serendipity['GET']['entry_id']); $msg .= DONE . ': ' . sprintf(COMMENT_DELETED, (int) $serendipity['GET']['id']); } /* We are either in edit mode, or preview mode */ if (isset($serendipity['GET']['adminAction']) && ($serendipity['GET']['adminAction'] == 'edit' || $serendipity['GET']['adminAction'] == 'reply') || isset($serendipity['POST']['preview'])) { $serendipity['smarty_raw_mode'] = true; // Force output of Smarty stuff in the backend serendipity_smarty_init(); if ($serendipity['GET']['adminAction'] == 'reply' || $serendipity['GET']['adminAction'] == 'doReply') { $c = serendipity_fetchComments($serendipity['GET']['entry_id'], 1, 'co.id', false, 'NORMAL', ' AND co.id=' . (int) $serendipity['GET']['id']); if (isset($serendipity['POST']['preview'])) { $c[] = array('email' => $serendipity['POST']['email'], 'author' => $serendipity['POST']['name'], 'body' => $serendipity['POST']['comment'], 'url' => $serendipity['POST']['url'], 'timestamp' => time(), 'parent_id' => $serendipity['GET']['id']); } $target_url = '?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=doReply&serendipity[id]=' . (int) $serendipity['GET']['id'] . '&serendipity[entry_id]=' . (int) $serendipity['GET']['entry_id'] . '&serendipity[noBanner]=true&serendipity[noSidebar]=true&' . serendipity_setFormToken('url'); $codata = $serendipity['POST']; $codata['replyTo'] = (int) $serendipity['GET']['id'];
function learnAction($id, $category, $action, $entry_id) { $comment = $this->getComment($id); if (is_array($comment)) { $comment = $comment['0']; } $this->startLearn($comment, $category); if ($action == 'delete') { serendipity_deleteComment($id, $entry_id); } else { if ($action == 'approve') { serendipity_approveComment($id, $entry_id); } } }