コード例 #1
0
ファイル: submit.php プロジェクト: mystralkk/geeklog
// MAIN
$display = '';
// note that 'type' _may_ come in through $_GET even when the
// other parameters are in $_POST
$type = '';
if (isset($_POST['type'])) {
    $type = COM_applyFilter($_POST['type']);
} elseif (isset($_GET['type'])) {
    $type = COM_applyFilter($_GET['type']);
}
$mode = '';
if (isset($_REQUEST['mode'])) {
    $mode = COM_applyFilter($_REQUEST['mode']);
}
// Get last topic
TOPIC_getTopic();
if ($mode == $LANG12[8] && !empty($LANG12[8])) {
    // submit
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['submitloginrequired'] == 1)) {
        COM_redirect($_CONF['site_url'] . '/index.php');
    } else {
        if ($type === 'story') {
            $msg = PLG_itemPreSave($type, $_POST);
            if (!empty($msg)) {
                $_POST['mode'] = $LANG12[32];
                $display = COM_errorLog($msg, 2) . submitstory();
                $display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle));
                COM_output($display);
                exit;
            }
        }
コード例 #2
0
ファイル: lib-comment.php プロジェクト: ivywe/geeklog
/**
 * Handles comment processing
 *
 * @param    string   $mode    Mode of comment processing
 * @param    string   $type    Type of item (article, polls, etc.)
 * @param    string   $title   Title of item
 * @param    string   $sid     ID for item to show comments for
 * @param    string   $format  'threaded', 'nested', or 'flat'
 * @return   string            HTML formated
 */
function CMT_handleComment($mode = '', $type = '', $title = '', $sid = '', $format = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN, $topic, $_PLUGINS;
    $commentmode = '';
    if (!empty($_REQUEST[CMT_MODE])) {
        $commentmode = COM_applyFilter($_REQUEST[CMT_MODE]);
    }
    if (empty($mode)) {
        $mode = COM_applyFilter(COM_getArgument(CMT_MODE));
    }
    if (empty($commentmode) && !empty($mode)) {
        $commentmode = $mode;
    }
    if (empty($sid) && !empty($_REQUEST[CMT_SID])) {
        $sid = COM_applyFilter($_REQUEST[CMT_SID]);
    }
    $pid = 0;
    if (!empty($_REQUEST[CMT_PID])) {
        $pid = COM_applyFilter($_REQUEST[CMT_PID], true);
    }
    if (empty($type) && !empty($_REQUEST[CMT_TYPE])) {
        $type = COM_applyFilter($_REQUEST[CMT_TYPE]);
    }
    if (!empty($_REQUEST['title'])) {
        $title = $_REQUEST['title'];
        // apply filters later in CMT_commentForm or CMT_saveComment
    }
    if (!empty($_REQUEST[CMT_UID])) {
        $uid = COM_applyFilter($_REQUEST[CMT_UID]);
    } else {
        $uid = 1;
        if (!empty($_USER['uid'])) {
            $uid = $_USER['uid'];
        }
    }
    $postmode = $_CONF['postmode'];
    if (isset($_REQUEST['postmode'])) {
        $postmode = COM_applyFilter($_REQUEST['postmode']);
    }
    $formtype = '';
    if (!empty($_REQUEST['formtype'])) {
        $formtype = COM_applyFilter($_REQUEST['formtype']);
    }
    // Get comment id, may not be there...will handle in function
    $cid = 0;
    if (isset($_REQUEST[CMT_CID])) {
        $cid = COM_applyFilter($_REQUEST[CMT_CID], true);
    }
    TOPIC_getTopic('comment', $cid);
    if (empty($format) && isset($_REQUEST['format'])) {
        $format = COM_applyFilter($_REQUEST['format']);
    }
    if (!in_array($format, array('threaded', 'nested', 'flat', 'nocomment'))) {
        if (COM_isAnonUser()) {
            $format = $_CONF['comment_mode'];
        } else {
            $format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
        }
    }
    $order = '';
    if (isset($_REQUEST['order'])) {
        $order = COM_applyFilter($_REQUEST['order']);
    }
    $cpage = 1;
    if (!empty($_REQUEST['cpage'])) {
        $cpage = COM_applyFilter($_REQUEST['cpage'], true);
        if (empty($cpage)) {
            $cpage = 1;
        }
    }
    $is_comment_page = CMT_isCommentPage();
    $retval = '';
    if ($_CONF['show_comments_at_replying'] && $is_comment_page && !empty($sid) && !empty($type) && in_array($commentmode, array('', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) {
        if ($commentmode == 'edit') {
            $cid = 0;
            if (isset($_REQUEST[CMT_CID])) {
                $cid = COM_applyFilter($_REQUEST[CMT_CID], true);
            }
            if ($cid <= 0) {
                COM_errorLog("CMT_handleComment(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
                return COM_refresh($_CONF['site_url'] . '/index.php');
            }
            $pid = $cid;
        }
        if ($pid > 0 && empty($title)) {
            $atype = DB_escapeString($type);
            $title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
        }
        if (empty($title)) {
            $title = PLG_getItemInfo($type, $sid, 'title');
            $title = str_replace('$', '&#36;', $title);
            // CMT_userComments expects non-htmlspecial chars for title...
            $title = str_replace('&amp;', '&', $title);
            $title = str_replace('&quot;', '"', $title);
            $title = str_replace('&lt;', '<', $title);
            $title = str_replace('&gt;', '>', $title);
        }
        $retval .= CMT_userComments($sid, $title, $type, $order, $format, $pid, $cpage, $pid > 0, false, 0);
    }
    switch ($commentmode) {
        case $LANG03[28]:
            // Preview Changes (for edit)
        // Preview Changes (for edit)
        case $LANG03[34]:
            // Preview Submission changes (for edit)
        // Preview Submission changes (for edit)
        case $LANG03[14]:
            // Preview
            $retval .= CMT_commentForm($title, $_POST['comment'], $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
            if ($is_comment_page) {
                $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[14]));
            }
            break;
        case $LANG03[35]:
            // Submit Changes to Moderation table
        // Submit Changes to Moderation table
        case $LANG03[29]:
            // Submit Changes
            if (SEC_checkToken()) {
                $retval .= CMT_handleEditSubmit($commentmode);
            } else {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
                exit;
            }
            break;
        case $LANG03[11]:
            // Submit comment
            $retval .= CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid);
            break;
        case $LANG_ADMIN['delete']:
        case 'delete':
            // Delete comment
            if (SEC_checkToken()) {
                $retval .= CMT_handleDelete($sid, $type, $formtype);
            } else {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
                exit;
            }
            break;
        case 'view':
            // View comment by $cid
            $retval .= CMT_handleView($format, $order, $cpage, true);
            break;
        case 'display':
            // View comment by $pid
            $retval .= CMT_handleView($format, $order, $cpage, false);
            break;
        case 'report':
            if ($is_comment_page) {
                $cid = 0;
                if (isset($_GET[CMT_CID])) {
                    $cid = COM_applyFilter($_GET[CMT_CID], true);
                }
                $type = '';
                if (isset($_GET[CMT_TYPE])) {
                    $type = COM_applyFilter($_GET[CMT_TYPE]);
                }
                if ($cid <= 0 || empty($type)) {
                    echo COM_refresh($_CONF['site_url'] . '/index.php');
                    exit;
                }
                $retval .= CMT_reportAbusiveComment($cid, $type);
                $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27]));
            }
            break;
        case 'sendreport':
            if (SEC_checkToken()) {
                $cid = 0;
                if (isset($_POST[CMT_CID])) {
                    $cid = COM_applyFilter($_POST[CMT_CID], true);
                }
                $type = '';
                if (isset($_POST[CMT_TYPE])) {
                    $type = COM_applyFilter($_POST[CMT_TYPE]);
                }
                if ($cid <= 0 || empty($type)) {
                    echo COM_refresh($_CONF['site_url'] . '/index.php');
                    exit;
                }
                $retval .= CMT_sendReport($cid, $type);
            } else {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
                exit;
            }
            break;
        case 'editsubmission':
            if (!SEC_hasRights('comment.moderate')) {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
                exit;
            }
            // deliberate fall-through
        // deliberate fall-through
        case 'edit':
            $retval .= CMT_handleEdit($commentmode, $postmode, $format, $order, $cpage);
            if ($is_comment_page) {
                $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1]));
            }
            break;
        case 'unsubscribe':
            $cid = 0;
            $key = COM_applyFilter($_GET['key']);
            if (!empty($key)) {
                $key = DB_escapeString($key);
                $cid = DB_getItem($_TABLES['commentnotifications'], 'cid', "deletehash = '{$key}'");
                if (!empty($cid)) {
                    $redirecturl = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $cid . '&amp;format=nested&amp;msg=16';
                    DB_delete($_TABLES['commentnotifications'], 'deletehash', $key, $redirecturl);
                    exit;
                }
            }
            echo COM_refresh($_CONF['site_url'] . '/index.php');
            exit;
            break;
        case $LANG_ADMIN['cancel']:
            if ($formtype == 'editsubmission') {
                echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
                exit;
            } else {
                $retval .= CMT_handleCancel();
                // moved to function for readibility
            }
            break;
        default:
            // New Comment or Reply Comment
            $abort = false;
            // Check to make sure comment type exists
            if ($type != 'article' && !in_array($type, $_PLUGINS)) {
                $abort = true;
            }
            // Check article permissions
            if (!$abort && $type == 'article' && !empty($sid)) {
                $dbTitle = DB_getItem($_TABLES['stories'], 'title', "(sid = '{$sid}') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)" . COM_getPermSQL('AND'));
                // if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid) < 2) { // Make sure have at least read access to topics to post comment
                if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid, $topic) < 2) {
                    // Make sure have at least read access to current topic of article to post comment
                    // no permissions, or no story of that title
                    $abort = true;
                }
            }
            if (!$abort && !empty($sid) && !empty($type)) {
                if ($pid > 0 && empty($title)) {
                    $atype = DB_escapeString($type);
                    $title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
                }
                if (empty($title)) {
                    $title = PLG_getItemInfo($type, $sid, 'title');
                    // Check title, if for some reason blank assume no access allowed to plugin item (therefore cannot add comment) so return to homepage
                    if (is_array($title) || empty($title) || $title == false) {
                        echo COM_refresh($_CONF['site_url'] . '/index.php');
                        exit;
                    }
                    $title = str_replace('$', '&#36;', $title);
                    // CMT_commentForm expects non-htmlspecial chars for title...
                    $title = str_replace('&amp;', '&', $title);
                    $title = str_replace('&quot;', '"', $title);
                    $title = str_replace('&lt;', '<', $title);
                    $title = str_replace('&gt;', '>', $title);
                }
                $retval .= CMT_commentForm($title, '', $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
            } else {
                if (COMMENT_ON_SAME_PAGE) {
                    // Do nothing and do not show comment form (happens most likely when admin viewing draft article)
                } else {
                    // For comments not displayed on same page (probably owner pushed the post comment button on a draft article)
                    echo COM_refresh($_CONF['site_url'] . '/index.php');
                    exit;
                }
            }
            if ($is_comment_page) {
                $noindex = '<meta name="robots" content="noindex"' . XHTML . '>';
                $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1], 'headercode' => $noindex));
            }
            break;
    }
    return $retval;
}
コード例 #3
0
ファイル: index.php プロジェクト: milk54/geeklog-japan
* Geeklog common function library
*/
require_once '../lib-common.php';
if (!in_array('staticpages', $_PLUGINS)) {
    COM_handle404();
    exit;
}
// MAIN
COM_setArgNames(array('page', 'disp_mode'));
$page = COM_applyFilter(COM_getArgument('page'));
$display_mode = COM_applyFilter(COM_getArgument('disp_mode'));
$query = '';
if (isset($_REQUEST['query'])) {
    $query = COM_applyfilter($_GET['query']);
}
TOPIC_getTopic('staticpages', $page);
// from comments display refresh:
if (isset($_REQUEST['order'])) {
    $comment_order = COM_applyFilter($_REQUEST['order']);
    $comment_mode = COM_applyFilter($_REQUEST['mode']);
    if (isset($_REQUEST['cpage'])) {
        $comment_page = COM_applyFilter($_REQUEST['cpage']);
    }
    if (strcasecmp($comment_order, 'ASC') != 0 && strcasecmp($comment_order, 'DESC') != 0) {
        $comment_order = '';
    }
} else {
    $comment_order = '';
    $comment_mode = '';
    $comment_page = 1;
}
コード例 #4
0
ファイル: article.php プロジェクト: Geeklog-Core/geeklog
    }
    if (isset($_GET['cpage'])) {
        $page = COM_applyFilter($_GET['cpage'], true);
    }
}
if (!empty($_REQUEST['sid'])) {
    $sid = COM_applyFilter($_REQUEST['sid']);
}
if (empty($sid) && !empty($_POST['cmt_sid'])) {
    $sid = COM_applyFilter($_POST['cmt_sid']);
}
if (empty($sid)) {
    COM_handle404();
}
// Get topic
TOPIC_getTopic('article', $sid);
if (strcasecmp($order, 'ASC') !== 0 && strcasecmp($order, 'DESC') !== 0) {
    $order = '';
}
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '{$sid}'" . COM_getPermSql('AND'));
$A = DB_fetchArray($result);
if ($A['count'] > 0) {
    $story = new Story();
    $args = array('sid' => $sid, 'mode' => 'view');
    $output = STORY_LOADED_OK;
    $result = PLG_invokeService('story', 'get', $args, $output, $svc_msg);
    if ($result == PLG_RET_OK) {
        // loadFromArray cannot be used, since it overwrites the timestamp
        reset($story->_dbFields);
        while (list($fieldname, $save) = each($story->_dbFields)) {
            $varname = '_' . $fieldname;