/** * * checks if comments are allowed and then processes them if so * @param string $error */ function comment_form_postcomment($error) { global $_zp_current_album, $_zp_current_image, $_zp_current_article, $_zp_current_page; if (commentsAllowed('comment_form_albums') && in_context(ZP_ALBUM) && !in_context(ZP_IMAGE) && $_zp_current_album->getCommentsAllowed() || commentsAllowed('comment_form_images') && in_context(ZP_IMAGE) && $_zp_current_image->getCommentsAllowed() || commentsAllowed('comment_form_articles') && in_context(ZP_ZENPAGE_NEWS_ARTICLE) && $_zp_current_article->getCommentsAllowed() || commentsAllowed('comment_form_pages') && in_context(ZP_ZENPAGE_PAGE) && $_zp_current_page->getCommentsAllowed()) { $error = comment_form_handle_comment(); } return $error; }
/** * Prints the code to auto receive and add tracksbacks from external clients * for the root trackback.php file * */ function printTrackbackReceiver() { global $_zp_gallery; // Set page header to XML header('Content-Type: text/xml'); // MUST be the 1st line // Get trackback information $tb_id = $this->id; // The id of the item being trackbacked $tb_type = $this->type; // The type of the item being trackbacked $tb_url = $this->url; // The URL from which we got the trackback. $tb_title = $this->title; // Subject/title send by trackback $tb_blogname = $this->blog_name; // Name of the blog/site that sends the trackback; // Following trackback spec only $tb_url is mandatory, so throw error if missing. Also if comments are not allowed at all if (empty($tb_url) || empty($tb_id) || empty($tb_type)) { echo $this->receive(false, "Trackbacks are not allowed"); exit; } if (empty($tb_blogname)) { $tb_blogname = "[Trackback] " . $tb_url; // if there is no name sent, use the url as name. } else { $tb_blogname = "[Trackback] " . $tb_blogname; } $tb_excerpt = truncate_string($this->excerpt, 255, "[...]"); // Short text send by trackback if too long $tb_excerpt = "<strong>" . $tb_title . "</strong><br />" . $tb_excerpt; // add trackback title to trackback content to show them togehter // getting the item "name" so that we can setup an receiver object for postComment() $gallery = new Gallery(); //$_zp_gallery; $query = ""; switch ($tb_type) { case "albums": $query = query_single_row('SELECT `folder` FROM ' . prefix('albums') . ' WHERE `id`="' . zp_escape_string($tb_id) . '"', true); $object = new Album($gallery, $query['folder']); $allowed = commentsAllowed('comment_form_albums'); break; case "images": $query = query_single_row('SELECT `filename`,`albumid` FROM ' . prefix('images') . ' WHERE `id`="' . zp_escape_string($tb_id) . '"', true); $albumid = $query['albumid']; $query2 = query_single_row('SELECT `folder` FROM ' . prefix('albums') . ' WHERE `id`="' . zp_escape_string($albumid) . '"', true); $albobject = new Album($gallery, $query2['folder']); $object = newImage($albobject, $query['filename']); $allowed = commentsAllowed('comment_form_images'); break; case "pages": $query = query_single_row('SELECT `titlelink` FROM ' . prefix('zenpage_pages') . ' WHERE `id`="' . zp_escape_string($tb_id) . '"', true); $object = new ZenpagePage($query['titlelink']); $allowed = commentsAllowed('comment_form_pages'); break; case "news": $query = query_single_row('SELECT `titlelink` FROM ' . prefix('zenpage_news') . ' WHERE `id`="' . zp_escape_string($tb_id) . '"', true); $object = new ZenpageNews($query['titlelink']); $allowed = commentsAllowed('comment_form_articles'); break; } // Check if the url being sent really includes a link to us. $our_url = $this->getPermalinkURL($object); if (!$this->validateTrackbackSender($tb_url, $our_url)) { echo $this->receive(false, "Not a valid trackback!"); exit; } // I realized that we should only send one final receive(true) at the end // and only receive(false) inbetween if it fails a precheck. if (!(getOption('zp_plugin_comment_form') && $allowed && $object->getCommentsAllowed())) { echo $this->receive(false, gettext("Sorry, comments are closed for this item.")); exit; } $sql = 'SELECT `id` FROM ' . prefix('comments') . ' WHERE `ownerid`=' . $tb_id . ' AND `comment`="' . zp_escape_string($tb_excerpt) . '" AND `website`="' . zp_escape_string($tb_url) . '" AND `type`="' . zp_escape_string($tb_type) . '" AND `name`="' . zp_escape_string($tb_blogname) . '"'; $dbcheck = query_single_row($sql); if ($dbcheck) { echo $this->receive(false, gettext("This trackback already exists!")); exit; } else { $commentobj = postComment($tb_blogname, "", $tb_url, $tb_excerpt, "", "", $object, "", "", "", COMMENT_WEB_REQUIRED | COMMENT_SEND_EMAIL); if ($commentobj->getInModeration() >= 0) { echo $this->receive(true); } else { echo $this->receive(false); } } }
$_zp_post_date = NULL; $_zp_pre_authorization = array(); /*** Request Handler ********************** ******************************************/ // This is the main top-level action handler for user requests. It parses a // request, validates the input, loads the appropriate objects, and sets // the context. All that is done in functions-controller.php. zp_load_gallery(); // load the gallery and set the context to be on the front-end $zp_request = zp_load_request(); // handle any passwords that might have been posted if (!zp_loggedin()) { zp_handle_password(); } // Handle any comments that might be posted. if (getOption('zp_plugin_comment_form') && (commentsAllowed('comment_form_albums') && in_context(ZP_ALBUM) && !in_context(ZP_IMAGE) && $_zp_current_album->getCommentsAllowed() || commentsAllowed('comment_form_images') && in_context(ZP_IMAGE) && $_zp_current_image->getCommentsAllowed() || commentsAllowed('comment_form_articles') && in_context(ZP_ZENPAGE_NEWS_ARTICLE) && $_zp_current_zenpage_news->getCommentsAllowed() || commentsAllowed('comment_form_pages') && in_context(ZP_ZENPAGE_PAGE) && $_zp_current_zenpage_page->getCommentsAllowed())) { $_zp_comment_error = zp_handle_comment(); } /*** Server-side AJAX Handling *********** ******************************************/ if (zp_loggedin() && getOption('edit_in_place')) { if (!empty($_POST["eip_context"]) && !empty($_POST["eip_field"])) { editInPlace_handle_request($_POST["eip_context"], $_POST["eip_field"], $_POST["new_value"], $_POST["orig_value"]); } } /*** Consistent URL redirection *********** ******************************************/ // Check to see if we use mod_rewrite, but got a query-string request for a page. // If so, redirect with a 301 to the correct URL. This must come AFTER the Ajax init above, // and is mostly helpful for SEO, but also for users. Consistent URLs are a Good Thing. fix_path_redirect();