/**
* Check if a comment token was submitted to the serendipity main framework.
* This function can kill the workflow completely, if moderation was wanted.
*
* @param string The current base URI
* @access public
* @return null
*/
function serendipity_checkCommentTokenModeration($uri)
{
global $serendipity;
// token based comment moderation starts here
if ($serendipity['useCommentTokens'] === true && preg_match(PAT_DELETE, $uri, $res)) {
$return_msg = "Error.\n";
$tokenparse = explode("_", $res[1]);
// check that we got a 32 char token
if (is_array($tokenparse)) {
if (strlen($tokenparse[2]) == 32) {
if ($tokenparse[0] == 'comment') {
if (serendipity_deleteComment($res[2], $res[3], 'comments', $tokenparse[2])) {
$return_msg = sprintf(COMMENT_DELETED, $res[2]) . "\n";
} else {
$return_msg = sprintf(COMMENT_NOTOKENMATCH, $res[2]) . "\n";
}
} elseif ($tokenparse[0] == 'trackback') {
if (serendipity_deleteComment($res[2], $res[3], 'trackbacks', $tokenparse[2])) {
$return_msg = sprintf(TRACKBACK_DELETED, $res[2]) . "\n";
} else {
$return_msg = sprintf(TRACKBACK_NOTOKENMATCH, $res[2]) . "\n";
}
}
} else {
$return_msg = sprintf(BADTOKEN) . "\n";
}
header('Content-Type: text/plain; charset=' . LANG_CHARSET);
die($return_msg);
}
}
if ($serendipity['useCommentTokens'] === true && preg_match(PAT_APPROVE, $uri, $res)) {
$return_msg = "Error.\n";
$tokenparse = explode("_", $res[1]);
// check that we got a 32 char token
if (is_array($tokenparse)) {
if (strlen($tokenparse[2]) == 32) {
if ($tokenparse[0] == 'comment') {
if (serendipity_approveComment($res[2], $res[3], false, false, $tokenparse[2])) {
$return_msg = sprintf(COMMENT_APPROVED, $res[2]) . "\n";
} else {
$return_msg = sprintf(COMMENT_NOTOKENMATCH, $res[2]) . "\n";
}
} elseif ($tokenparse[0] == 'trackback') {
if (serendipity_approveComment($res[2], $res[3], false, false, $tokenparse[2])) {
$return_msg = sprintf(TRACKBACK_APPROVED, $res[2]) . "\n";
} else {
$return_msg = sprintf(TRACKBACK_NOTOKENMATCH, $res[2]) . "\n";
}
}
} else {
$return_msg = sprintf(BADTOKEN) . "\n";
}
header('Content-Type: text/plain; charset=' . LANG_CHARSET);
die($return_msg);
}
}
}
<?php
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
#if ($_REQUEST['type'] == 'trackback') die('Disabled');
include 'serendipity_config.inc.php';
include S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php';
header('Content-Type: text/html; charset=' . LANG_CHARSET);
if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type'])) {
serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']);
if (serendipity_isResponseClean($_SERVER['HTTP_REFERER'])) {
header('Status: 302 Found');
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
}
if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry'])) {
serendipity_allowCommentsToggle($serendipity['GET']['entry'], $serendipity['GET']['switch']);
}
if (!empty($_REQUEST['c']) && !empty($_REQUEST['hash'])) {
$res = serendipity_confirmMail($_REQUEST['c'], $_REQUEST['hash']);
$serendipity['view'] = 'notification';
$serendipity['GET']['action'] = 'custom';
$serendipity['smarty_custom_vars'] = array('content_message' => $res ? NOTIFICATION_CONFIRM_MAIL : NOTIFICATION_CONFIRM_MAIL_FAIL, 'subscribe_confirm_error' => !$res, 'subscribe_confirm_success' => $res);
include S9Y_INCLUDE_PATH . 'include/genpage.inc.php';
$serendipity['smarty']->display(serendipity_getTemplateFile('index.tpl', 'serendipityPath'));
exit;
}
if (!empty($_REQUEST['optin'])) {
$res = serendipity_commentSubscriptionConfirm($_REQUEST['optin']);
$serendipity['view'] = 'notification';
function wp_deleteComment($message)
{
global $serendipity;
$val = $message->params[1];
$username = $val->getval();
$val = $message->params[2];
$password = $val->getval();
if (!serendipity_authenticate_author($username, $password)) {
return new XML_RPC_Response('', XMLRPC_ERR_CODE_AUTHFAILED, XMLRPC_ERR_NAME_AUTHFAILED);
}
$val = $message->params[3];
$comment_id = $val->getval();
if (!empty($comment_id)) {
// We need the entryid, so fetch it:
$sql = serendipity_db_query("SELECT entry_id FROM {$serendipity['dbPrefix']}comments WHERE id = " . $comment_id, true);
$entry_id = $sql['entry_id'];
$result = serendipity_deleteComment($comment_id, $entry_id);
} else {
$result = false;
}
return new XML_RPC_Response(new XML_RPC_Value($result, 'boolean'));
}
if (isset($_SERVER['HTTP_REFERER']) && empty($_SESSION['HTTP_REFERER'])) {
$_SESSION['HTTP_REFERER'] = $_SERVER['HTTP_REFERER'];
}
if (preg_match(PAT_UNSUBSCRIBE, $uri, $res)) {
if (serendipity_cancelSubscription(urldecode($res[1]), $res[2])) {
define('DATA_UNSUBSCRIBED', sprintf(UNSUBSCRIBE_OK, urldecode($res[1])));
}
$uri = '/' . PATH_UNSUBSCRIBE . '/' . $res[2] . '-untitled.html';
} else {
define('DATA_UNSUBSCRIBED', false);
}
serendipity_checkCommentTokenModeration($uri);
if (preg_match(PAT_DELETE, $uri, $res) && $serendipity['serendipityAuthedUser'] === true) {
if ($res[1] == 'comment' && serendipity_deleteComment($res[2], $res[3], 'comments')) {
define('DATA_COMMENT_DELETED', sprintf(COMMENT_DELETED, $res[2]));
} elseif ($res[1] == 'trackback' && serendipity_deleteComment($res[2], $res[3], 'trackbacks')) {
define('DATA_TRACKBACK_DELETED', sprintf(TRACKBACK_DELETED, $res[2]));
}
} else {
define('DATA_COMMENT_DELETED', false);
define('DATA_TRACKBACK_DELETED', false);
}
if (preg_match(PAT_APPROVE, $uri, $res) && $serendipity['serendipityAuthedUser'] === true) {
if ($res[1] == 'comment' && serendipity_approveComment($res[2], $res[3])) {
define('DATA_COMMENT_APPROVED', sprintf(COMMENT_APPROVED, $res[2]));
define('DATA_TRACKBACK_APPROVED', false);
} elseif ($res[1] == 'trackback' && serendipity_approveComment($res[2], $res[3])) {
define('DATA_COMMENT_APPROVED', false);
define('DATA_TRACKBACK_APPROVED', sprintf(TRACKBACK_APPROVED, $res[2]));
}
} else {
$msg .= DONE . ': ' . sprintf(COMMENT_APPROVED, (int) $serendipity['GET']['id']);
}
}
if (isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'pending' && serendipity_checkFormToken()) {
$sql = "SELECT c.*, e.title, a.email as authoremail, a.mail_comments\n FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid)\n WHERE c.id = " . (int) $serendipity['GET']['id'] . " AND status = 'approved'";
$rs = serendipity_db_query($sql, true);
if ($rs === false) {
$errormsg .= ERROR . ': ' . sprintf(COMMENT_ALREADY_APPROVED, (int) $serendipity['GET']['id']);
} else {
serendipity_approveComment((int) $serendipity['GET']['id'], (int) $rs['entry_id'], true, true);
$msg .= DONE . ': ' . sprintf(COMMENT_MODERATED, (int) $serendipity['GET']['id']);
}
}
/* We are asked to delete a comment */
if (isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'delete' && serendipity_checkFormToken()) {
serendipity_deleteComment($serendipity['GET']['id'], $serendipity['GET']['entry_id']);
$msg .= DONE . ': ' . sprintf(COMMENT_DELETED, (int) $serendipity['GET']['id']);
}
/* We are either in edit mode, or preview mode */
if (isset($serendipity['GET']['adminAction']) && ($serendipity['GET']['adminAction'] == 'edit' || $serendipity['GET']['adminAction'] == 'reply') || isset($serendipity['POST']['preview'])) {
$serendipity['smarty_raw_mode'] = true;
// Force output of Smarty stuff in the backend
serendipity_smarty_init();
if ($serendipity['GET']['adminAction'] == 'reply' || $serendipity['GET']['adminAction'] == 'doReply') {
$c = serendipity_fetchComments($serendipity['GET']['entry_id'], 1, 'co.id', false, 'NORMAL', ' AND co.id=' . (int) $serendipity['GET']['id']);
if (isset($serendipity['POST']['preview'])) {
$c[] = array('email' => $serendipity['POST']['email'], 'author' => $serendipity['POST']['name'], 'body' => $serendipity['POST']['comment'], 'url' => $serendipity['POST']['url'], 'timestamp' => time(), 'parent_id' => $serendipity['GET']['id']);
}
$target_url = '?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=doReply&serendipity[id]=' . (int) $serendipity['GET']['id'] . '&serendipity[entry_id]=' . (int) $serendipity['GET']['entry_id'] . '&serendipity[noBanner]=true&serendipity[noSidebar]=true&' . serendipity_setFormToken('url');
$codata = $serendipity['POST'];
$codata['replyTo'] = (int) $serendipity['GET']['id'];
function learnAction($id, $category, $action, $entry_id)
{
$comment = $this->getComment($id);
if (is_array($comment)) {
$comment = $comment['0'];
}
$this->startLearn($comment, $category);
if ($action == 'delete') {
serendipity_deleteComment($id, $entry_id);
} else {
if ($action == 'approve') {
serendipity_approveComment($id, $entry_id);
}
}
}
