/**
* Tests the controller function that expects slashed data
*
*/
function test_edit_comment()
{
$post_id = self::factory()->post->create();
$comment_id = self::factory()->comment->create(array('comment_post_ID' => $post_id));
// not testing comment_author_email or comment_author_url
// as slashes are not permitted in that data
$_POST = array();
$_POST['comment_ID'] = $comment_id;
$_POST['comment_status'] = '';
$_POST['newcomment_author'] = $this->slash_1;
$_POST['newcomment_author_url'] = '';
$_POST['newcomment_author_email'] = '';
$_POST['content'] = $this->slash_7;
$_POST = add_magic_quotes($_POST);
edit_comment();
$comment = get_comment($comment_id);
$this->assertEquals($this->slash_1, $comment->comment_author);
$this->assertEquals($this->slash_7, $comment->comment_content);
$_POST = array();
$_POST['comment_ID'] = $comment_id;
$_POST['comment_status'] = '';
$_POST['newcomment_author'] = $this->slash_2;
$_POST['newcomment_author_url'] = '';
$_POST['newcomment_author_email'] = '';
$_POST['content'] = $this->slash_4;
$_POST = add_magic_quotes($_POST);
edit_comment();
$comment = get_comment($comment_id);
$this->assertEquals($this->slash_2, $comment->comment_author);
$this->assertEquals($this->slash_4, $comment->comment_content);
}
/**
* Ajax handler for editing a comment.
*
* @since 3.1.0
*
* @global WP_List_Table $wp_list_table
*/
function wp_ajax_edit_comment()
{
global $wp_list_table;
check_ajax_referer('replyto-comment', '_ajax_nonce-replyto-comment');
$comment_id = (int) $_POST['comment_ID'];
if (!current_user_can('edit_comment', $comment_id)) {
wp_die(-1);
}
if ('' == $_POST['content']) {
wp_die(__('ERROR: please type a comment.'));
}
if (isset($_POST['status'])) {
$_POST['comment_status'] = $_POST['status'];
}
edit_comment();
$position = isset($_POST['position']) && (int) $_POST['position'] ? (int) $_POST['position'] : '-1';
$checkbox = isset($_POST['checkbox']) && true == $_POST['checkbox'] ? 1 : 0;
$wp_list_table = _get_list_table($checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table', array('screen' => 'edit-comments'));
$comment = get_comment($comment_id);
if (empty($comment->comment_ID)) {
wp_die(-1);
}
ob_start();
$wp_list_table->single_row($comment);
$comment_list_item = ob_get_clean();
$x = new WP_Ajax_Response();
$x->add(array('what' => 'edit_comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position));
$x->send();
}
if ((wp_get_referer() != "") && (false == $noredir)) {
wp_redirect(wp_get_referer());
} else {
wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
}
break;
case 'editedcomment':
$comment_ID = (int) $_POST['comment_ID'];
$comment_post_ID = (int) $_POST['comment_post_ID'];
check_admin_referer('update-comment_' . $comment_ID);
edit_comment();
$location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID;
$location = apply_filters('comment_edit_redirect', $location, $comment_ID);
wp_redirect($location);
exit();
break;
default:
$title = __('Create New Post');
require_once ('./admin-header.php');
?>
<?php if ( isset($_GET['posted']) ) : ?>
<div id="message" class="updated fade"><p><strong><?php _e('Post saved.'); ?></strong> <a href="<?php echo get_permalink( $_GET['posted'] ); ?>"><?php _e('View post'); ?> »</a></p></div>
<?php endif; ?>
<?php
"; disasm hexdump strings comment notes plain\n")))));
?> <div class="hexdump"><pre><? strings(); ?></pre></div> <?
} else
if (!strcmp($tab,"comment")) {
print str_replace("hexdump",
"<a href=\"?offset=$offset&tab=hexdump\">hexdump</a>",
str_replace("disasm",
"<a href=\"?offset=$offset\">disasm</a>",
str_replace("strings",
"<a href=\"?offset=$offset&tab=strings\">strings</a>",
str_replace("notes",
"<a href=\"?offset=$offset&tab=notes\">notes</a>",
str_replace("plain",
"<a href=\"?offset=$offset&tab=plain\">plain</a>",
"; disasm hexdump strings comment notes plain\n")))));
?> <div class="hexdump"><pre><? edit_comment(); ?></pre></div> <?
} else
if (!strcmp($tab,"notes")) {
print str_replace("hexdump",
"<a href=\"?offset=$offset&tab=hexdump\">hexdump</a>",
str_replace("disasm",
"<a href=\"?offset=$offset\">disasm</a>",
str_replace("strings",
"<a href=\"?offset=$offset&tab=strings\">strings</a>",
str_replace("comment",
"<a href=\"?offset=$offset&tab=comment\">comment</a>",
str_replace("plain",
"<a href=\"?offset=$offset&tab=plain\">plain</a>",
"; disasm hexdump strings comment notes plain\n")))));
?> <div class="hexdump"><pre><? edit_notes(); ?></pre></div> <?
} else {
function center()
{
// fatal session produced on failed login, and will display error message.
if (isset($_SESSION[_SITE . 'fatal'])) {
echo $_SESSION[_SITE . 'fatal'];
unset($_SESSION[_SITE . 'fatal']);
} else {
global $categorySEF, $subcatSEF, $articleSEF;
switch (true) {
case isset($_GET['category']):
$action = $categorySEF;
break;
case isset($_GET['action']):
$action = $categorySEF == '404' ? $categorySEF : clean(cleanXSS($_GET['action']));
break;
}
switch (true) {
case isset($_POST['search_query']):
search();
return;
break;
case isset($_POST['comment']):
comment('comment_posted');
return;
break;
case isset($_POST['contactform']):
contact();
return;
break;
case isset($_POST['Loginform']):
administration();
return;
break;
case isset($_POST['submit_text']):
processing();
return;
break;
}
if (_ADMIN) {
switch ($action) {
case 'administration':
administration();
return;
break;
case 'snews_settings':
settings();
return;
break;
case 'snews_categories':
admin_categories();
return;
break;
case 'admin_category':
form_categories();
return;
break;
case 'admin_subcategory':
form_categories('sub');
return;
break;
case 'groupings':
admin_groupings();
return;
break;
case 'admin_groupings':
form_groupings();
return;
break;
case 'snews_articles':
admin_articles('article_view');
return;
break;
case 'extra_contents':
admin_articles('extra_view');
return;
break;
case 'snews_pages':
admin_articles('page_view');
return;
break;
case 'admin_article':
form_articles('');
return;
break;
case 'article_new':
form_articles('article_new');
return;
break;
case 'extra_new':
form_articles('extra_new');
return;
break;
case 'page_new':
form_articles('page_new');
return;
break;
case 'editcomment':
edit_comment();
return;
break;
case 'snews_files':
files();
return;
break;
case 'process':
processing();
return;
break;
case 'logout':
session_destroy();
echo '<meta http-equiv="refresh" content="2; url=' . _SITE . '">';
echo '<h2>' . l('log_out') . '</h2>';
return;
break;
}
}
switch ($action) {
case 'archive':
archive();
break;
case 'sitemap':
sitemap();
break;
case 'contact':
contact();
break;
case 'login':
login();
break;
case '404':
echo l('error_404');
break;
default:
articles();
break;
}
}
}
case "delete_comment":
$valid = delete_comment($_REQUEST['comment_id'], $_REQUEST['uid']);
$response = '{"success":"1","message":"success"}';
if (!$valid) {
$response = '{"success":"0","message":"failed"}';
}
//$callback = trim(@$_REQUEST['callback']);
/* $json = $callback . '({
"proposals":
'; */
$json .= $response;
/* $json .= '})'; */
echo $json;
break;
case "edit_comment":
$valid = edit_comment($_REQUEST['id'], $_REQUEST['uid'], $_REQUEST['comment']);
$response = '{"success":"1","message":"success"}';
if (!$valid) {
$response = '{"success":"0","message":"failed"}';
}
// $callback = trim(@$_REQUEST['callback']);
/* $json = $callback . '({
"proposals":
'; */
$json .= $response;
/* $json .= '})'; */
echo $json;
break;
case "comment_abuse":
comment_abuse($_REQUEST['comment_id']);
$response = '{"success":"1","message":"success"}';
function center($article_limit)
{
if (isset($_GET['category'])) {
$id = $_GET['category'];
}
if (isset($_GET['articleid'])) {
$articleid = $_GET['articleid'];
}
if (isset($_POST['submit_text'])) {
processing();
$processed = True;
}
if (isset($_POST['contactform'])) {
contact();
$processed = True;
}
if (isset($_GET['category'])) {
$action = $_GET['category'];
} else {
if (isset($_GET['action'])) {
$action = $_GET['action'];
}
}
if (isset($processed) and $processed == True) {
unset($action);
}
switch ($action) {
case "archives":
archives();
break;
case "contact":
contact();
break;
case "rss":
rss();
break;
case "login":
login();
break;
case "categories":
if (isset($_SESSION['Logged_In'])) {
view_categories();
}
break;
case "editcategory":
if (isset($_SESSION['Logged_In'])) {
edit_category();
}
break;
case "new":
if (isset($_SESSION['Logged_In'])) {
new_article();
}
break;
case "unpublished":
if (isset($_SESSION['Logged_In'])) {
unpublished_articles();
}
break;
case "simpleedit":
if (isset($_SESSION['Logged_In'])) {
edit_article(simple);
}
break;
case "advancededit":
if (isset($_SESSION['Logged_In'])) {
edit_article(advanced);
}
break;
case "editcomment":
if (isset($_SESSION['Logged_In'])) {
edit_comment();
}
break;
case "images":
if (isset($_SESSION['Logged_In'])) {
images();
}
break;
case "process":
if (isset($_SESSION['Logged_In']) and $display_further != "NO") {
processing();
}
break;
case "logout":
session_start();
$_SESSION = array();
session_destroy();
echo "<META HTTP-EQUIV='refresh' content='1; URL=" . $_SERVER['PHP_SELF'] . "'>";
echo "<h2>" . l('log_out') . "</h2>";
break;
default:
if (isset($_POST['search'])) {
search();
} else {
if (isset($_POST['comment'])) {
comment("comment_posted");
} else {
if ($processed == False) {
$article = get_id('article');
$category = get_id('category');
if ($article != "") {
$query = "SELECT * FROM " . s('prefix') . "articles WHERE seftitle = '{$article}'";
$shorten = 99990000;
} else {
if (isset($category)) {
$query_catname = "SELECT * FROM " . s('prefix') . "categories";
$result_catname = mysql_query($query_catname);
while ($r_catname = mysql_fetch_array($result_catname)) {
if (isset($num_cat)) {
$num_cat++;
}
if ($r_catname['seftitle'] == $category) {
$use_cat_id = $r_catname['id'];
}
}
if ($category == "") {
$use_cat_id = 0;
$category = 0;
}
if (s('display_new_on_home') == True) {
if ($use_cat_id != 0) {
$query = "SELECT * FROM " . s('prefix') . "articles WHERE position = 1 AND published = 1 AND category = {$use_cat_id} ORDER BY date DESC LIMIT {$article_limit}";
} else {
$query = "SELECT * FROM " . s('prefix') . "articles WHERE position = 1 AND published = 1 ORDER BY date DESC LIMIT {$article_limit}";
}
} else {
$query = "SELECT * FROM " . s('prefix') . "articles WHERE position = 1 AND published = 1 AND category = {$use_cat_id} ORDER BY date DESC LIMIT {$article_limit}";
}
if (isset($r['textlimit'])) {
$shorten = $r['textlimit'];
}
if (isset($shorten) == 0) {
$shorten = 9999000;
}
}
}
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
if ($article == "") {
$shorten = $r['textlimit'];
if ($shorten == 0) {
$shorten = 99990000;
}
}
$comments_num = 0;
$comment_query = "SELECT * FROM " . s('prefix') . "comments WHERE articleid = {$r['id']}";
$comment_result = mysql_query($comment_query);
while ($comment_r = mysql_fetch_array($comment_result)) {
$comments_num++;
}
$date = date(s('date_format'), strtotime($r['date']));
$fp_date_format = date(s('fp_date_format'), strtotime($r['date']));
$position = $r['position'];
if ($category == "0") {
$category = s('home');
}
if ($r['displaytitle'] == "YES" and $article == "") {
echo "<h2><a href='" . s('website') . find_cat_sef($r['category']) . "/" . $r['seftitle'] . "/'>" . $r['title'] . "</a></h2>";
} else {
if ($r['displaytitle'] == "YES") {
echo "<h2>" . $r['title'] . "</h2>";
}
}
if ($r['image'] != "") {
?>
<div class="image">
<img src="<?php
echo s('website') . s('image_folder');
?>
/<?php
echo $r['image'];
?>
" alt="<?php
echo $r['title'];
?>
" />
</div><?php
}
// PHP files inclusion routine
$fulltext = $r['text'];
$findme = "[include]";
$pos = strpos($fulltext, $findme);
$findme = "[/include]";
$pos2 = strpos($fulltext, $findme);
$file = substr($fulltext, $pos + 9, $pos2 - 9);
if ($pos2 > 0) {
$text = str_replace("[include]", "|&|", $fulltext);
$text = str_replace("[/include]", "|&|", $text);
$text = explode("|&|", $text);
$num = count($text);
for ($i = 0;; $i++) {
if ($i == $num) {
break;
}
if (strpos($text[$i], '.php') === false and strpos($text[$i], '.txt') === false and strpos($text[$i], '.inc') === false) {
echo substr(stripslashes($text[$i]), 0, $shorten);
} else {
include $text[$i];
}
}
} else {
echo substr(stripslashes($fulltext), 0, $shorten);
}
if (isset($numrows)) {
$numrows++;
}
if ($article == "" and strlen($r['text']) > $shorten) {
echo "...</p>";
}
$commentable = $r['commentable'];
if ($r['position'] != 3 and $r['position'] != 4 or isset($_SESSION['Username'])) {
if ($article == "") {
if ($r['displayinfo'] == "YES") {
echo "<p class='" . s('date_class') . "'>";
if (strlen($r['text']) > $shorten) {
echo "<img src='" . s('website') . "images/more.gif' alt='' /> <a href='" . s('website') . $category . "/" . $r['seftitle'] . "/'>" . l('read_more') . "</a> ";
}
if ($commentable == "YES" or $commentable == "FREEZ") {
echo "<img src='" . s('website') . "images/comment.gif' alt='' /> <a href='" . s('website') . $category . "/" . $r['seftitle'] . "/'>" . l('comments') . "(" . $comments_num . ")</a> ";
}
echo "<img src='" . s('website') . "images/timeicon.gif' alt='' /> " . $fp_date_format . "</p>";
}
} else {
echo "<p class='" . s('date_class') . "'>";
if (isset($_SESSION['Logged_In'])) {
echo l('edit_article') . " [ <a href='" . s('website') . "index.php?action=simpleedit&id={$r['id']}'>" . l('simple') . "</a> <img src='" . s('website') . "images/arrow.gif' alt='|' /> <a href='" . s('website') . "index.php?action=advancededit&id={$r['id']}'>" . l('advanced') . " </a> ] <img src='" . s('website') . "images/arrow.gif' alt='|' /> <a href='" . s('website') . "index.php?action=process&task=delete&id={$r['id']}'" . if_javascript_on(" onclick='return confirm(\"" . l('warning_delete') . "\");'", 'return') . ">" . l('delete_article') . "</a> <img src='" . s('website') . "images/arrow.gif' alt='|' /> ";
if ($r['commentable'] == "FREEZ") {
echo "<a href='" . s('website') . "index.php?action=process&task=unfreezecomments&id={$r['id']}'>" . l('unfreeze_comments') . "</a> <img src='" . s('website') . "images/arrow.gif' alt='|' /> ";
} else {
if ($r['commentable'] != "NO") {
echo "<a href='" . s('website') . "index.php?action=process&task=freezecomments&id={$r['id']}'>" . l('freeze_comments') . "</a> <img src='" . s('website') . "images/arrow.gif' alt='|' /> ";
}
}
}
if ($category != s('home')) {
$category = $category . "/";
}
echo "<a href='" . s('website');
if ($category != s('home')) {
echo $category . "'>";
} else {
echo "'>";
}
echo l('back') . "</a> <img src='" . s('website') . "images/timeicon.gif' alt='' /> " . $date . "</p>";
}
}
}
}
}
}
if ($article != "" and $commentable == "YES") {
comment("unfreezed");
} else {
if ($article != "" and $commentable == "FREEZ") {
comment("freezed");
}
}
}
}
<?php require_once '../includes/functions.inc.php'; $comid = isset($_POST['comid']) ? $_POST['comid'] : ''; $body = isset($_POST['body']) ? $_POST['body'] : ''; edit_comment($comid, $body);
header('Location: ?action=viewDestination&destinationID=' . $destinationID);
}
} else {
if ($action == 'editComment') {
//loads the edit comment page
$commentID = $_POST['commentID'];
$comment = get_comment_By_ID($commentID);
include 'views/edit.php';
} else {
if ($action == 'commentEdited') {
//Edits the desired comment and saves it to the databse then reloads the vacation spots page
$newContent = nl2br($_POST['content']);
$cleanHTML = sanitize_html_string($newContent);
$commentID = $_POST['commentID'];
$destinationID = $_POST['destinationID'];
edit_comment($cleanHTML, $commentID);
header('Location: ?action=viewDestination&destinationID=' . $destinationID);
} else {
if ($action == 'deleteComment') {
//Deletes the desired comment
$commentID = $_POST['commentID'];
$destinationID = $_POST['destinationID'];
delete_comment($commentID);
header('Location: ?action=viewDestination&destinationID=' . $destinationID);
} else {
if ($action == 'logIn') {
//loads the log in page
if (isset($_POST['action'])) {
$logUserName = $_POST['logUserName'];
$logPassword = $_POST['logPassword'];
$num = clarify($logUserName, $logPassword);