$fields = $item;
// else process the contribution as a new comment
} else {
$fields = array();
$fields['anchor'] = $anchor->get_reference();
$fields['description'] = $_REQUEST['message'];
}
// actual database update
if (!($fields['id'] = Comments::post($fields))) {
Safe::header('Status: 500 Internal Error', TRUE, 500);
die(i18n::s('Your contribution has not been posted.'));
}
// touch the related anchor, but don't notify watchers
$anchor->touch('comment:thread', $fields['id']);
// clear cache
Comments::clear($fields);
// thread update will trigger screen repaint through separate pending call of this script
die('OK');
// get some updates
} else {
// we are running
global $pending;
$pending = TRUE;
// invoked on shutdown
function on_shutdown()
{
global $pending;
// we were waiting for changes, and this is an internal error
if ($pending && !headers_sent()) {
http::no_content();
}
/**
* post a new comment or an updated comment
*
* The surfer signature is also appended to the comment, if any.
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new comment, or FALSE on error
*
* @see agents/messages.php
* @see comments/edit.php
* @see comments/post.php
**/
public static function post(&$fields)
{
global $context;
// ensure this item has a type
if (!isset($fields['type'])) {
$fields['type'] = 'attention';
}
// comment is mandatory, except for approvals
if (!$fields['description'] && $fields['type'] != 'approval') {
Logger::error(i18n::s('No comment has been transmitted.'));
return FALSE;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// get the anchor
if (!($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
if (!isset($fields['edit_date']) || $fields['edit_date'] <= NULL_DATE) {
$fields['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S');
}
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('comments') . " SET " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "'";
// maybe another anchor
if ($fields['anchor']) {
$query .= ", anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
// insert a new record
} else {
$query = "INSERT INTO " . SQL::table_name('comments') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1), " . "previous_id='" . SQL::escape(isset($fields['previous_id']) ? $fields['previous_id'] : 0) . "', " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "create_name='" . SQL::escape($fields['edit_name']) . "', " . "create_id=" . SQL::escape($fields['edit_id']) . ", " . "create_address='" . SQL::escape($fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:create', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!isset($fields['id'])) {
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for comments
Comments::clear($fields);
// end of job
return $fields['id'];
}
// not found
} elseif (!isset($item['id'])) {
include '../error.php';
// permission denied
} elseif (!Comments::allow_modification($anchor, $item)) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// deletion is confirmed
} elseif (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 'yes') {
// touch the related anchor before actual deletion, since the item has to be accessible at that time
if (is_object($anchor)) {
$anchor->touch('comment:delete', $item['id']);
}
// if no error, back to the anchor or to the index page
if (Comments::delete($item['id'])) {
Comments::clear($item);
if ($render_overlaid && isset($_REQUEST['follow_up']) && $_REQUEST['follow_up'] == 'close') {
echo "deleting done";
finalize_page(true);
} elseif (is_object($anchor)) {
Safe::redirect($anchor->get_url('comments'));
} else {
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'comments/');
}
}
// deletion has to be confirmed
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
Logger::error(i18n::s('The action has not been confirmed.'));
} else {
// commands
$menu = array();
Safe::redirect($anchor->get_url('comments'));
} elseif ($_REQUEST['follow_up'] === 'json') {
// provide a json version of the new comment.
Comments::render_json($_REQUEST['id'], $anchor);
}
// update of an existing comment
} else {
// remember the previous version
if ($item['id']) {
include_once '../versions/versions.php';
Versions::save($item, 'comment:' . $item['id']);
}
// touch the related anchor
$anchor->touch('comment:update', $item['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y');
// clear cache
Comments::clear($_REQUEST);
// forward to the updated thread
if (!isset($_REQUEST['follow_up'])) {
Safe::redirect($anchor->get_url('comments'));
} else {
switch ($_REQUEST['follow_up']) {
case 'json':
// provide a json version of the new comment.
Comments::render_json($_REQUEST['id'], $anchor);
break;
case 'close':
echo "edit done";
finalize_page(true);
default:
}
}
