Esempio n. 1
0
File: thread.php Progetto: rair/yacs
        $fields = $item;
        // else process the contribution as a new comment
    } else {
        $fields = array();
        $fields['anchor'] = $anchor->get_reference();
        $fields['description'] = $_REQUEST['message'];
    }
    // actual database update
    if (!($fields['id'] = Comments::post($fields))) {
        Safe::header('Status: 500 Internal Error', TRUE, 500);
        die(i18n::s('Your contribution has not been posted.'));
    }
    // touch the related anchor, but don't notify watchers
    $anchor->touch('comment:thread', $fields['id']);
    // clear cache
    Comments::clear($fields);
    // thread update will trigger screen repaint through separate pending call of this script
    die('OK');
    // get some updates
} else {
    // we are running
    global $pending;
    $pending = TRUE;
    // invoked on shutdown
    function on_shutdown()
    {
        global $pending;
        // we were waiting for changes, and this is an internal error
        if ($pending && !headers_sent()) {
            http::no_content();
        }
Esempio n. 2
0
 /**
  * post a new comment or an updated comment
  *
  * The surfer signature is also appended to the comment, if any.
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the new comment, or FALSE on error
  *
  * @see agents/messages.php
  * @see comments/edit.php
  * @see comments/post.php
  **/
 public static function post(&$fields)
 {
     global $context;
     // ensure this item has a type
     if (!isset($fields['type'])) {
         $fields['type'] = 'attention';
     }
     // comment is mandatory, except for approvals
     if (!$fields['description'] && $fields['type'] != 'approval') {
         Logger::error(i18n::s('No comment has been transmitted.'));
         return FALSE;
     }
     // no anchor reference
     if (!$fields['anchor']) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // get the anchor
     if (!($anchor = Anchors::get($fields['anchor']))) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // set default values for this editor
     Surfer::check_default_editor($fields);
     if (!isset($fields['edit_date']) || $fields['edit_date'] <= NULL_DATE) {
         $fields['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S');
     }
     // reinforce date formats
     if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
         $fields['create_date'] = $fields['edit_date'];
     }
     // update the existing record
     if (isset($fields['id'])) {
         // id cannot be empty
         if (!isset($fields['id']) || !is_numeric($fields['id'])) {
             Logger::error(i18n::s('No item has the provided id.'));
             return FALSE;
         }
         // update the existing record
         $query = "UPDATE " . SQL::table_name('comments') . " SET " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "'";
         // maybe another anchor
         if ($fields['anchor']) {
             $query .= ", anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
         }
         // maybe a silent update
         if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
             $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
         }
         $query .= " WHERE id = " . SQL::escape($fields['id']);
         // insert a new record
     } else {
         $query = "INSERT INTO " . SQL::table_name('comments') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1), " . "previous_id='" . SQL::escape(isset($fields['previous_id']) ? $fields['previous_id'] : 0) . "', " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "create_name='" . SQL::escape($fields['edit_name']) . "', " . "create_id=" . SQL::escape($fields['edit_id']) . ", " . "create_address='" . SQL::escape($fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:create', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
     }
     // actual update query
     if (SQL::query($query) === FALSE) {
         return FALSE;
     }
     // remember the id of the new item
     if (!isset($fields['id'])) {
         $fields['id'] = SQL::get_last_id($context['connection']);
     }
     // clear the cache for comments
     Comments::clear($fields);
     // end of job
     return $fields['id'];
 }
Esempio n. 3
0
File: delete.php Progetto: rair/yacs
    // not found
} elseif (!isset($item['id'])) {
    include '../error.php';
    // permission denied
} elseif (!Comments::allow_modification($anchor, $item)) {
    Safe::header('Status: 401 Unauthorized', TRUE, 401);
    Logger::error(i18n::s('You are not allowed to perform this operation.'));
    // deletion is confirmed
} elseif (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 'yes') {
    // touch the related anchor before actual deletion, since the item has to be accessible at that time
    if (is_object($anchor)) {
        $anchor->touch('comment:delete', $item['id']);
    }
    // if no error, back to the anchor or to the index page
    if (Comments::delete($item['id'])) {
        Comments::clear($item);
        if ($render_overlaid && isset($_REQUEST['follow_up']) && $_REQUEST['follow_up'] == 'close') {
            echo "deleting done";
            finalize_page(true);
        } elseif (is_object($anchor)) {
            Safe::redirect($anchor->get_url('comments'));
        } else {
            Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'comments/');
        }
    }
    // deletion has to be confirmed
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
    Logger::error(i18n::s('The action has not been confirmed.'));
} else {
    // commands
    $menu = array();
Esempio n. 4
0
File: edit.php Progetto: rair/yacs
         Safe::redirect($anchor->get_url('comments'));
     } elseif ($_REQUEST['follow_up'] === 'json') {
         // provide a json version of the new comment.
         Comments::render_json($_REQUEST['id'], $anchor);
     }
     // update of an existing comment
 } else {
     // remember the previous version
     if ($item['id']) {
         include_once '../versions/versions.php';
         Versions::save($item, 'comment:' . $item['id']);
     }
     // touch the related anchor
     $anchor->touch('comment:update', $item['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y');
     // clear cache
     Comments::clear($_REQUEST);
     // forward to the updated thread
     if (!isset($_REQUEST['follow_up'])) {
         Safe::redirect($anchor->get_url('comments'));
     } else {
         switch ($_REQUEST['follow_up']) {
             case 'json':
                 // provide a json version of the new comment.
                 Comments::render_json($_REQUEST['id'], $anchor);
                 break;
             case 'close':
                 echo "edit done";
                 finalize_page(true);
             default:
         }
     }