function updateComment($blogid, $comment, $password) { global $database, $user; $openid = Acl::getIdentity('openid'); if (!doesHaveOwnership()) { // if filtered, only block and not send to trash if (!Filter::isAllowed($comment['homepage'])) { if (Filter::isFiltered('ip', $comment['ip'])) { return 'blocked'; } if (Filter::isFiltered('name', $comment['name'])) { return 'blocked'; } if (Filter::isFiltered('url', $comment['homepage'])) { return 'blocked'; } if (Filter::isFiltered('content', $comment['comment'])) { return 'blocked'; } if (!fireEvent('ModifyingComment', true, $comment)) { return 'blocked'; } } } $comment['homepage'] = stripHTML($comment['homepage']); $comment['name'] = UTF8::lessenAsEncoding($comment['name'], 80); $comment['homepage'] = UTF8::lessenAsEncoding($comment['homepage'], 80); $comment['comment'] = UTF8::lessenAsEncoding($comment['comment'], 65535); $setPassword = ''; if ($user !== null) { $comment['replier'] = getUserId(); $name = POD::escapeString($user['name']); $setPassword = '******'\','; $homepage = POD::escapeString($user['homepage']); if (empty($homepage) && $openid) { $homepage = POD::escapeString($openid); } } else { $name = POD::escapeString($comment['name']); if ($comment['password'] !== true) { $setPassword = '******'' . (empty($comment['password']) ? '' : md5($comment['password'])) . '\', '; } $homepage = POD::escapeString($comment['homepage']); } $comment0 = POD::escapeString($comment['comment']); $guestcomment = false; if (POD::queryExistence("SELECT *\n\t\tFROM {$database['prefix']}Comments\n\t\tWHERE blogid = {$blogid}\n\t\t\tAND id = {$comment['id']}\n\t\t\tAND replier IS NULL")) { $guestcomment = true; } $wherePassword = ''; if (!doesHaveOwnership()) { if ($guestcomment == false) { if (!doesHaveMembership()) { return false; } $wherePassword = '******' . getUserId(); } else { if (empty($password) && $openid) { $wherePassword = '******'' . $openid . '\''; } else { $wherePassword = '******'' . md5($password) . '\''; } } } $replier = is_null($comment['replier']) ? 'NULL' : "'{$comment['replier']}'"; $result = POD::query("UPDATE {$database['prefix']}Comments\n\t\t\t\tSET\n\t\t\t\t\tname = '{$name}',\n\t\t\t\t\t{$setPassword}\n\t\t\t\t\thomepage = '{$homepage}',\n\t\t\t\t\tsecret = {$comment['secret']},\n\t\t\t\t\tcomment = '{$comment0}',\n\t\t\t\t\tip = '{$comment['ip']}',\n\t\t\t\t\twritten = UNIX_TIMESTAMP(),\n\t\t\t\t\tisfiltered = {$comment['isfiltered']},\n\t\t\t\t\treplier = {$replier}\n\t\t\t\tWHERE blogid = {$blogid}\n\t\t\t\t\tAND id = {$comment['id']} {$wherePassword}"); if ($result) { CacheControl::flushCommentRSS($comment['entry']); // Assume blogid = current blogid. CacheControl::flushDBCache('comment'); return true; } else { return false; } }
function receiveTrackback($blogid, $entry, $title, $url, $excerpt, $site) { global $database, $blog, $defaultURL; if (empty($url)) { return 5; } $post = new Post(); if (!$post->doesAcceptTrackback($entry)) { return 3; } $filtered = 0; if (!Filter::isAllowed($url)) { if (Filter::isFiltered('ip', $_SERVER['REMOTE_ADDR']) || Filter::isFiltered('url', $url)) { $filtered = 1; } else { if (Filter::isFiltered('content', $excerpt)) { $filtered = 1; } else { if (!fireEvent('AddingTrackback', true, array('entry' => $entry, 'url' => $url, 'site' => $site, 'title' => $title, 'excerpt' => $excerpt))) { $filtered = 1; } } } } $title = correctTTForXmlText($title); $excerpt = correctTTForXmlText($excerpt); $url = UTF8::lessenAsEncoding($url); $site = UTF8::lessenAsEncoding($site); $title = UTF8::lessenAsEncoding($title); $excerpt = UTF8::lessenAsEncoding($excerpt); $trackback = new Trackback(); $trackback->entry = $entry; $trackback->url = $url; $trackback->site = $site; $trackback->title = $title; $trackback->excerpt = $excerpt; if ($filtered > 0) { $trackback->isfiltered = true; } if ($trackback->add()) { if ($filtered == 0) { CacheControl::flushDBCache('trackback'); } return $filtered == 0 ? 0 : 3; } else { return 4; } return 0; }
function updateComment($blogid, $comment, $password) { $openid = Acl::getIdentity('openid'); if (!doesHaveOwnership()) { // if filtered, only block and not send to trash if (!Filter::isAllowed($comment['homepage'])) { if (Filter::isFiltered('ip', $comment['ip'])) { return 'blocked'; } if (Filter::isFiltered('name', $comment['name'])) { return 'blocked'; } if (Filter::isFiltered('url', $comment['homepage'])) { return 'blocked'; } if (Filter::isFiltered('content', $comment['comment'])) { return 'blocked'; } if (!fireEvent('ModifyingComment', true, $comment)) { return 'blocked'; } } } $pool = DBModel::getInstance(); $comment['homepage'] = stripHTML($comment['homepage']); $comment['name'] = Utils_Unicode::lessenAsEncoding($comment['name'], 80); $comment['homepage'] = Utils_Unicode::lessenAsEncoding($comment['homepage'], 80); $comment['comment'] = Utils_Unicode::lessenAsEncoding($comment['comment'], 65535); $guestcomment = false; $pool->reset('Comments'); $pool->setQualifier('blogid', 'eq', $blogid); $pool->setQualifier('id', 'eq', $comment['id']); $pool->setQualifier('replier', 'eq', NULL); if ($pool->doesExist()) { $guestcomment = true; } $pool->reset('Comments'); $setPassword = ''; $userid = getUserId(); if (!empty($userid)) { $comment['replier'] = $userid; $name = User::getName($userid); $homepage = User::getHomepage($userid); $pool->setAttribute('password', '', true); if (empty($homepage) && $openid) { $homepage = $openid; } } else { $name = $comment['name']; if ($comment['password'] !== true) { $pool->setAttribute('password', empty($comment['password']) ? '' : md5($comment['password']), true); } $homepage = $comment['homepage']; } $comment0 = $comment['comment']; $wherePassword = ''; if (!doesHaveOwnership()) { if ($guestcomment == false) { if (!doesHaveMembership()) { return false; } $pool->setQualifier('replier', 'eq', $userid); } else { if (empty($password) && $openid) { $pool->setQualifier('openid', 'eq', $openid, true); } else { $pool->setQualifier('password', 'eq', md5($password), true); } } } $replier = is_null($comment['replier']) ? NULL : $comment['replier']; $pool->setAttribute('name', $name, true); $pool->setAttribute('homepage', $homepage, true); $pool->setAttribute('secret', $comment['secret']); $pool->setAttribute('comment', $comment0, true); $pool->setAttribute('ip', $comment['ip'], true); $pool->setAttribute('written', Timestamp::getUNIXtime()); $pool->setAttribute('isfiltered', $comment['isfiltered']); $pool->setAttribute('replier', $replier); $pool->setQualifier('blogid', 'eq', $blogid); $pool->setQualifier('id', 'eq', $comment['id']); $result = $pool->update(); if ($result) { CacheControl::flushCommentRSS($comment['entry']); // Assume blogid = current blogid. CacheControl::flushDBCache('comment'); return true; } else { return false; } }