function discuss_save() { extract(doSlash(gpsa(array('email', 'name', 'web', 'message', 'discussid', 'ip', 'visible', 'parentid')))); safe_update("txp_discuss", "email = '{$email}',\n\t\t\t name = '{$name}',\n\t\t\t web = '{$web}',\n\t\t\t message = '{$message}',\n\t\t\t visible = '{$visible}'", "discussid = {$discussid}"); update_comments_count($parentid); discuss_list(messenger('message', $discussid, 'updated')); }
function discuss_save() { extract(doSlash(gpsa(array('email', 'name', 'web', 'message', 'ip')))); extract(array_map('assert_int', gpsa(array('discussid', 'visible', 'parentid')))); safe_update("txp_discuss", "email = '{$email}',\n\t\t\t name = '{$name}',\n\t\t\t web = '{$web}',\n\t\t\t message = '{$message}',\n\t\t\t visible = {$visible}", "discussid = {$discussid}"); update_comments_count($parentid); update_lastmod(); $message = gTxt('comment_updated', array('{id}' => $discussid)); discuss_list($message); }
function discuss_save() { $varray = array_map('assert_string', gpsa(array('email', 'name', 'web', 'message', 'ip'))); $varray = $varray + array_map('assert_int', gpsa(array('discussid', 'visible', 'parentid'))); extract(doSlash($varray)); $message = $varray['message'] = preg_replace('#<(/?txp:.+?)>#', '<$1>', $message); $constraints = array('status' => new ChoiceConstraint($visible, array('choices' => array(SPAM, MODERATE, VISIBLE), 'message' => 'invalid_status'))); callback_event_ref('discuss_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); if ($validator->validate() && safe_update("txp_discuss", "email = '{$email}',\n\t\t\t name = '{$name}',\n\t\t\t web = '{$web}',\n\t\t\t message = '{$message}',\n\t\t\t visible = {$visible}", "discussid = {$discussid}")) { update_comments_count($parentid); update_lastmod(); $message = gTxt('comment_updated', array('{id}' => $discussid)); } else { $message = array(gTxt('comment_save_failed'), E_ERROR); } discuss_list($message); }
/** * Inserts a parsed item to the database. * * This import code is untested. * * @param array $item * @param string $section * @param int $status * @param string $invite * @return string A feedback message * @access private */ function import_mt_item($item, $section, $status, $invite) { global $prefs; if (empty($item)) { return; } include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $title = $textile->TextileThis($item['TITLE'], 1); // Nice non-English permlinks. $url_title = stripSpace($title, 1); $body = isset($item['BODY'][0]['content']) ? $item['BODY'][0]['content'] : ''; if (isset($item['EXTENDED BODY'][0]['content'])) { $body .= "\n <!-- more -->\n\n" . $item['EXTENDED BODY'][0]['content']; } $body_html = $textile->textileThis($body); $excerpt = isset($item['EXCERPT'][0]['content']) ? $item['EXCERPT'][0]['content'] : ''; $excerpt_html = $textile->textileThis($excerpt); $date = safe_strtotime($item['DATE']); $date = strftime('%Y-%m-%d %H:%M:%S', $date); if (isset($item['STATUS'])) { $post_status = $item['STATUS'] == 'Draft' ? 1 : 4; } else { $post_status = $status; } $category1 = @$item['PRIMARY CATEGORY']; if ($category1 and !safe_field("name", "txp_category", "name = '{$category1}'")) { safe_insert('txp_category', "name='" . doSlash($category1) . "', type='article', parent='root'"); } $category2 = @$item['CATEGORY']; if ($category2 == $category1) { $category2 = ''; } if ($category2 and !safe_field("name", "txp_category", "name = '{$category2}'")) { safe_insert('txp_category', "name='" . doSlash($category2) . "', type='article', parent='root'"); } $keywords = isset($item['KEYWORDS'][0]['content']) ? $item['KEYWORDS'][0]['content'] : ''; $annotate = !empty($item['ALLOW COMMENTS']); if (isset($item['ALLOW COMMENTS'])) { $annotate = intval($item['ALLOW COMMENTS']); } else { $annotate = (!empty($item['COMMENT']) or $prefs['comments_on_default']); } $authorid = safe_field('user_id', 'txp_users', "name = '" . doSlash($item['AUTHOR']) . "'"); if (!$authorid) { // $authorid = safe_field('user_id', 'txp_users', 'order by user_id asc limit 1'); // Add new authors. safe_insert('txp_users', "name='" . doSlash($item['AUTHOR']) . "'"); } if (!safe_field("ID", "textpattern", "Title = '" . doSlash($title) . "' AND Posted = '" . doSlash($date) . "'")) { $parentid = safe_insert('textpattern', "Posted='" . doSlash($date) . "'," . "LastMod='" . doSlash($date) . "'," . "AuthorID='" . doSlash($item['AUTHOR']) . "'," . "LastModID='" . doSlash($item['AUTHOR']) . "'," . "Title='" . doSlash($title) . "'," . "Body='" . doSlash($body) . "'," . "Body_html='" . doSlash($body_html) . "'," . "Excerpt='" . doSlash($excerpt) . "'," . "Excerpt_html='" . doSlash($excerpt_html) . "'," . "Category1='" . doSlash($category1) . "'," . "Category2='" . doSlash($category2) . "'," . "Annotate='" . doSlash($annotate) . "'," . "AnnotateInvite='" . doSlash($invite) . "'," . "Status='" . doSlash($post_status) . "'," . "Section='" . doSlash($section) . "'," . "Keywords='" . doSlash($keywords) . "'," . "uid='" . md5(uniqid(rand(), true)) . "'," . "feed_time='" . substr($date, 0, 10) . "'," . "url_title='" . doSlash($url_title) . "'"); if (!empty($item['COMMENT']) and is_array($item['COMMENT'])) { foreach ($item['COMMENT'] as $comment) { $comment_date = strftime('%Y-%m-%d %H:%M:%S', safe_strtotime(@$comment['DATE'])); $comment_content = $textile->TextileThis(nl2br(@$comment['content']), 1); if (!safe_field("discussid", "txp_discuss", "posted = '" . doSlash($comment_date) . "' AND message = '" . doSlash($comment_content) . "'")) { safe_insert('txp_discuss', "parentid='" . doSlash($parentid) . "'," . "name='" . doSlash(@$comment['AUTHOR']) . "'," . "email='" . doSlash(@$comment['EMAIL']) . "'," . "web='" . doSlash(@$comment['URL']) . "'," . "ip='" . doSlash(@$comment['IP']) . "'," . "posted='" . doSlash($comment_date) . "'," . "message='" . doSlash($comment_content) . "'," . "visible='1'"); } } update_comments_count($parentid); } return $title; } return $title . ' already imported'; }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = getComment(); $evaluator =& get_comment_evaluator(); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } $ip = serverset('REMOTE_ADDR'); if (!checkBan($ip)) { txp_die(gTxt('you_have_been_banned'), '403'); } $blacklisted = is_blacklisted($ip); if ($blacklisted) { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } $web = clean_url($web); $email = clean_url($email); if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) { setCookies($name, $email, $web); } else { destroyCookies(); } $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(strip_tags(deEntBrackets($web))); $email = doSlash(strip_tags(deEntBrackets($email))); $message = substr(trim($message), 0, 65535); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'"); if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) { $evaluator->add_estimate(RELOAD, 1); // The error-messages are added in the preview-code } if ($isdup) { $evaluator->add_estimate(RELOAD, 1); } // FIXME? Tell the user about dupe? if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) { callback_event('comment.save'); $visible = $evaluator->get_result(); if ($visible != RELOAD) { $parentid = assert_int($parentid); $rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { update_lastmod(); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid, $rs); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage; if (defined('PARTLY_MESSY') and PARTLY_MESSY) { $backpage = permlinkurl_id($parentid); } $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0'); txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } log_hit('302'); $evaluator->write_trace(); exit; } } } // Force another Preview $_POST['preview'] = RELOAD; //$evaluator->write_trace(); }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember')); extract($in); if (!checkCommentsAllowed($parentid)) { exit(graf(gTxt('comments_closed'))); } if ($prefs['comments_require_name']) { if (!trim($name)) { exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } } if ($prefs['comments_require_email']) { if (!trim($email)) { exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } } if (!trim($message)) { exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } $ip = serverset('REMOTE_ADDR'); $message = trim($message); $blacklisted = is_blacklisted($ip); $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(clean_url(strip_tags(deEntBrackets($web)))); $email = doSlash(clean_url(strip_tags(deEntBrackets($email)))); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'"); if (checkBan($ip)) { if ($blacklisted == false) { if (!$isdup) { if (checkNonce($nonce)) { $visible = $comments_moderate ? 0 : 1; $rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'"); if ($prefs['comment_means_site_updated']) { safe_update("txp_prefs", "val=now()", "name='lastmod'"); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid); } $updated = update_comments_count($parentid); ob_start(); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1'; if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } } } // end check nonce } // end check dup } else { exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted)); } // end check blacklist } else { exit(gTxt('you_have_been_banned')); } // end check site ban }
/** * _cbe_rndc_pop_com - Admin-side: Generate comments * * See "Rules for comments" in the helpfile * * @return array */ function _cbe_rndc_pop_com(&$message, &$html) { global $event, $use_comments, $comments_disabled_after; $next_step = NULL; $out = array(); $globerrlevel = ''; $aIds = safe_rows("ID, Title, unix_timestamp(Posted) as uPosted", "textpattern", "`Posted`<=now() AND\n (`Expires`>now() OR `Expires`=" . NULLDATETIME . ") AND\n `Status`=" . STATUS_LIVE . " AND\n `Annotate`='1'\n ORDER BY ID"); if (!$use_comments) { $globerrlevel = E_ERROR; $message = gTxt(CBE_RNDC_LPFX . 'no_comm_allowed'); } else { $message = gTxt(CBE_RNDC_LPFX . 'populate_end'); if (($lifespan = $comments_disabled_after * 86400) > 0) { array_walk($aIds, create_function('&$v, $k, $p', '$v[ "ID" ] = (time()-$v["uPosted"] < $p) ? $v["ID"] : false ;'), $lifespan); $aIds = array_filter($aIds, create_function('$v', 'return( $v[ "ID" ] ) ;')); } foreach ($aIds as $article) { if (rand(0, 99) == 50) { continue; } $rndnb = rand(3, 10); $aCids = array(); $errlevel = "success"; for ($i = 0; $i < $rndnb; $i++) { $comm = ''; $parag = rand(2, 5); for ($j = 0; $j < $parag; $j++) { $comm .= '<p>' . _cbe_rndc_text(6, 10, 2, 8) . '</p>'; } if ($insertd = safe_insert("txp_discuss", "`parentid`='{$article['ID']}',\n `name`='" . doSlash(_cbe_rndc_name(4, 7) . ' ' . _cbe_rndc_name(4, 9)) . "',\n `email`='" . doSlash(_cbe_rndc(false, ALPHAMINUS, 4, 7) . '@' . _cbe_rndc(false, ALPHAMINUS, 4, 9) . '.' . _cbe_rndc(false, ALPHAMINUS, 3)) . "',\n `web`='" . doSlash('http://' . _cbe_rndc(false, ALPHAMINUS, 4, 7) . '.' . _cbe_rndc(false, ALPHAMINUS, 3)) . "',\n `ip`='" . doSlash(_cbe_rndc_ip()) . "',\n `message`='" . doSlash($comm) . "',\n `posted`='" . doSlash(date("Y-m-d H:i:s", rand($article["uPosted"], time()))) . "'")) { $aCids[] = $insertd; } else { $errlevel = "warning"; $globerrlevel = E_ERROR; } } update_comments_count($article["ID"]); $out[] = graf(tag($article['Title'], 'span', ' class="' . $errlevel . '"') . ': ' . join(", ", $aCids)); } if (!empty($globerrlevel)) { $message .= ' ' . gTxt(CBE_RNDC_LPFX . 'with_errors'); } } $back = tag(fInput('submit', 'submit', gTxt(CBE_RNDC_LPFX . 'go_back'), 'publish') . n . sInput(CBE_RNDC_SPFX . 'initiate') . n . eInput($event), 'div'); $html = join(n, $out) . form($back); return $next_step; }
function sed_comments($atts) { global $thisarticle, $prefs, $comment_preview, $pretext; extract($prefs); extract(lAtts(array('id' => @$pretext['id'], 'form' => 'comments', 'wraptag' => $comments_are_ol ? 'ol' : '', 'break' => $comments_are_ol ? 'li' : 'div', 'class' => __FUNCTION__, 'breakclass' => '', 'sort' => 'posted ASC'), $atts)); assert_article(); if (is_array($thisarticle)) { extract($thisarticle); } if (@$thisid) { $id = $thisid; } # # Extract the sed article overrides... # Access the custom field that houses the vars and explode the string on ';' boundaries. # $sed_vars = _sed_cp_get_sed_vars(@$thisarticle['sed per-article vars']); $sed_vars = lAtts(array('sed_delay' => '0', 'sed_ttl' => '', 'sed_on_cull' => 'hide', 'sed_ttl_grace' => ''), $sed_vars); extract($sed_vars); if (!empty($comment_preview)) { $preview = psas(array('name', 'email', 'web', 'message', 'parentid', 'remember')); $preview['time'] = time(); $preview['discussid'] = 0; $preview['message'] = markup_comment($preview['message']); $GLOBALS['thiscomment'] = $preview; $comments[] = parse_form($form) . n; unset($GLOBALS['thiscomment']); $out = doWrap($comments, $wraptag, $break, $class, $breakclass); } else { $rs = safe_rows_start("*, unix_timestamp(posted) as time", "txp_discuss", 'parentid=' . intval($id) . ' and visible=' . VISIBLE . ' order by ' . doSlash($sort)); $out = ''; if ($rs) { $comments = array(); $culled_comments = array(); while ($vars = nextRow($rs)) { $culled = false; $show = true; $extra = ''; $now = time(); $remaining = ''; # # If the comment is in a deleting page then check if it is to be culled... # if (!empty($sed_ttl)) { $do_cull_check = true; # # Are we in any grace period??? # if (!empty($sed_ttl_grace) && 0 != $sed_ttl_grace) { $do_cull_check = _sed_cp_if_outside_period($thisarticle['posted'], $sed_ttl_grace, $vars['time'], $remaining); } # # If not then do the cull checking... # if ($do_cull_check) { $culled = _sed_cp_if_outside_period($vars['time'], $sed_ttl, $now, $remaining); } # # Display how long to go before culling. # if ($do_cull_check && !$culled) { $vars['message'] .= "<br/><br/><strong>[MARKED FOR DELETION IN {$remaining}.]</strong>"; } } if ($culled) { $extra .= ' culled'; $culled_comments[] = $vars; $vars['time'] = $now; $vars['message'] .= "<br/><br/><strong>[DELETED.]</strong>"; } else { # # See if the comment is in its "hidden" period. # This is to try and discourage spam-robots that immediately see if their posts appear live. # if (!empty($sed_delay) && $sed_delay > '0') { $show = _sed_cp_if_outside_period($vars['time'], $sed_delay, $now, $remaining); } # # Still hidden so show a place-holder comment instead. # if (!$show) { $extra .= ' delay_queue'; $vars['name'] = "[DELAYED]"; $vars['time'] = $now; $vars['message'] = "A comment has been recorded and is in the delay queue."; $vars['message'] .= "<br/><br/><strong>[REVEALED IN {$remaining}.]</strong>"; } } # # Save the additional css class markup for this comment in the vars before parsing the comment form. # $vars['sed_class_extra'] = $extra; $GLOBALS['thiscomment'] = $vars; $comments[] = parse_form($form) . n; unset($GLOBALS['thiscomment']); } $out .= doWrap($comments, $wraptag, $break, $class, $breakclass); # # Process the culled list... # if (!empty($culled_comments)) { foreach ($culled_comments as $comment) { if ('delete' == $sed_on_cull) { _sed_cp_delete_comment($comment); } else { _sed_cp_update_comment($comment, $sed_on_cull); } } update_comments_count($id); } } } return $out; }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = getComment(); $evaluator =& get_comment_evaluator(); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } $ip = serverset('REMOTE_ADDR'); if (!checkBan($ip)) { txp_die(gTxt('you_have_been_banned'), '403'); } $blacklisted = is_blacklisted($ip); if ($blacklisted) { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(clean_url(strip_tags(deEntBrackets($web)))); $email = doSlash(clean_url(strip_tags(deEntBrackets($email)))); $message = trim($message); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'"); if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) { $evaluator->add_estimate(RELOAD, 1); // The error-messages are added in the preview-code } if ($isdup) { $evaluator->add_estimate(RELOAD, 1); } // FIXME? Tell the user about dupe? if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) { callback_event('comment.save'); $visible = $evaluator->get_result(); if ($visible != RELOAD) { $rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { safe_update("txp_prefs", "val=now()", "name='lastmod'"); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid, $rs); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0'); txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } if ($prefs['logging'] == 'refer') { logit('refer'); } elseif ($prefs['logging'] == 'all') { logit(); } $evaluator->write_trace(); exit; } } } // Force another Preview $_POST['preview'] = RELOAD; //$evaluator->write_trace(); }