// // Found a session ID in _GET or _COOKIE? // $sid = null; $sid_get = PMF_Filter::filterInput(INPUT_GET, PMF_GET_KEY_NAME_SESSIONID, FILTER_VALIDATE_INT); $sid_cookie = PMF_Filter::filterInput(INPUT_COOKIE, PMF_COOKIE_NAME_SESSIONID, FILTER_VALIDATE_INT); $faqsession = new PMF_Session(); // Note: do not track internal calls $internal = false; if (isset($_SERVER['HTTP_USER_AGENT'])) { $internal = strpos($_SERVER['HTTP_USER_AGENT'], 'phpMyFAQ%2F') === 0; } if (!$internal) { if (is_null($sid_get) && is_null($sid_cookie)) { // Create a per-site unique SID $faqsession->userTracking('new_session', 0); } else { if (!is_null($sid_cookie)) { $faqsession->checkSessionId($sid_cookie, $_SERVER['REMOTE_ADDR']); } else { $faqsession->checkSessionId($sid_get, $_SERVER['REMOTE_ADDR']); } } } // // Is user tracking activated? // $sids = ''; if ($faqconfig->get('main.enableUserTracking')) { if (isset($sid)) { PMF_Session::setCookie($sid);
$mail = PMF_Filter::filterInput(INPUT_POST, 'mail', FILTER_VALIDATE_EMAIL); $comment = PMF_Filter::filterInput(INPUT_POST, 'comment_text', FILTER_SANITIZE_SPECIAL_CHARS); switch ($type) { case 'news': $id = $newsid; break; case 'faq': $id = $faqid; break; } // If e-mail address is set to optional if (!PMF_Configuration::getInstance()->get('main.optionalMailAddress') && is_null($mail)) { $mail = PMF_Configuration::getInstance()->get('main.administrationMail'); } if (!is_null($username) && !empty($username) && !empty($mail) && !is_null($mail) && !is_null($comment) && !empty($comment) && checkBannedWord($comment) && !$faq->commentDisabled($id, $languageCode, $type)) { $faqsession->userTracking("save_comment", $id); $commentData = array('record_id' => $id, 'type' => $type, 'username' => $username, 'usermail' => $mail, 'comment' => nl2br($comment), 'date' => $_SERVER['REQUEST_TIME'], 'helped' => ''); if ($faq->addComment($commentData)) { $emailTo = $faqconfig->get('main.administrationMail'); $urlToContent = ''; if ('faq' == $type) { $faq->getRecord($id); if ($faq->faqRecord['email'] != '') { $emailTo = $faq->faqRecord['email']; } $_faqUrl = sprintf('?action=artikel&cat=%d&id=%d&artlang=%s', 0, $faq->faqRecord['id'], $faq->faqRecord['lang']); $oLink = new PMF_Link(PMF_Link::getSystemUri('/ajaxservice.php') . $_faqUrl); $oLink->itemTitle = $faq->faqRecord['title']; $urlToContent = $oLink->toString(); } else { $oNews = new PMF_News($db, $Language);