$fields = $item; // else process the contribution as a new comment } else { $fields = array(); $fields['anchor'] = $anchor->get_reference(); $fields['description'] = $_REQUEST['message']; } // actual database update if (!($fields['id'] = Comments::post($fields))) { Safe::header('Status: 500 Internal Error', TRUE, 500); die(i18n::s('Your contribution has not been posted.')); } // touch the related anchor, but don't notify watchers $anchor->touch('comment:thread', $fields['id']); // clear cache Comments::clear($fields); // thread update will trigger screen repaint through separate pending call of this script die('OK'); // get some updates } else { // we are running global $pending; $pending = TRUE; // invoked on shutdown function on_shutdown() { global $pending; // we were waiting for changes, and this is an internal error if ($pending && !headers_sent()) { http::no_content(); }
/** * post a new comment or an updated comment * * The surfer signature is also appended to the comment, if any. * * This function populates the error context, where applicable. * * @param array an array of fields * @return the id of the new comment, or FALSE on error * * @see agents/messages.php * @see comments/edit.php * @see comments/post.php **/ public static function post(&$fields) { global $context; // ensure this item has a type if (!isset($fields['type'])) { $fields['type'] = 'attention'; } // comment is mandatory, except for approvals if (!$fields['description'] && $fields['type'] != 'approval') { Logger::error(i18n::s('No comment has been transmitted.')); return FALSE; } // no anchor reference if (!$fields['anchor']) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // get the anchor if (!($anchor = Anchors::get($fields['anchor']))) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); if (!isset($fields['edit_date']) || $fields['edit_date'] <= NULL_DATE) { $fields['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S'); } // reinforce date formats if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) { $fields['create_date'] = $fields['edit_date']; } // update the existing record if (isset($fields['id'])) { // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // update the existing record $query = "UPDATE " . SQL::table_name('comments') . " SET " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "'"; // maybe another anchor if ($fields['anchor']) { $query .= ", anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)"; } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } $query .= " WHERE id = " . SQL::escape($fields['id']); // insert a new record } else { $query = "INSERT INTO " . SQL::table_name('comments') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1), " . "previous_id='" . SQL::escape(isset($fields['previous_id']) ? $fields['previous_id'] : 0) . "', " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "create_name='" . SQL::escape($fields['edit_name']) . "', " . "create_id=" . SQL::escape($fields['edit_id']) . ", " . "create_address='" . SQL::escape($fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:create', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query if (SQL::query($query) === FALSE) { return FALSE; } // remember the id of the new item if (!isset($fields['id'])) { $fields['id'] = SQL::get_last_id($context['connection']); } // clear the cache for comments Comments::clear($fields); // end of job return $fields['id']; }
// not found } elseif (!isset($item['id'])) { include '../error.php'; // permission denied } elseif (!Comments::allow_modification($anchor, $item)) { Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('You are not allowed to perform this operation.')); // deletion is confirmed } elseif (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 'yes') { // touch the related anchor before actual deletion, since the item has to be accessible at that time if (is_object($anchor)) { $anchor->touch('comment:delete', $item['id']); } // if no error, back to the anchor or to the index page if (Comments::delete($item['id'])) { Comments::clear($item); if ($render_overlaid && isset($_REQUEST['follow_up']) && $_REQUEST['follow_up'] == 'close') { echo "deleting done"; finalize_page(true); } elseif (is_object($anchor)) { Safe::redirect($anchor->get_url('comments')); } else { Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'comments/'); } } // deletion has to be confirmed } elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') { Logger::error(i18n::s('The action has not been confirmed.')); } else { // commands $menu = array();
Safe::redirect($anchor->get_url('comments')); } elseif ($_REQUEST['follow_up'] === 'json') { // provide a json version of the new comment. Comments::render_json($_REQUEST['id'], $anchor); } // update of an existing comment } else { // remember the previous version if ($item['id']) { include_once '../versions/versions.php'; Versions::save($item, 'comment:' . $item['id']); } // touch the related anchor $anchor->touch('comment:update', $item['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y'); // clear cache Comments::clear($_REQUEST); // forward to the updated thread if (!isset($_REQUEST['follow_up'])) { Safe::redirect($anchor->get_url('comments')); } else { switch ($_REQUEST['follow_up']) { case 'json': // provide a json version of the new comment. Comments::render_json($_REQUEST['id'], $anchor); break; case 'close': echo "edit done"; finalize_page(true); default: } }