}
XSRFdefender('savecomment');
$id = sanitize_numeric($_POST['id']);
$comment = new Comment($id);
if (isset($_POST['name'])) {
$comment->setName(sanitize($_POST['name'], 3));
}
if (isset($_POST['email'])) {
$comment->setEmail(sanitize($_POST['email'], 3));
}
if (isset($_POST['website'])) {
$comment->setWebsite(sanitize($_POST['website'], 3));
}
$comment->setDateTime(sanitize($_POST['date'], 3));
$comment->setComment(sanitize($_POST['comment'], 1));
$comment->setCustomData($_comment_form_save_post = serialize(getCommentAddress(0)));
$comment->save();
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?saved&page=editcomment&id=' . $comment->getID());
exitZP();
}
}
printAdminHeader('comments');
zp_apply_filter('texteditor_config', 'admin_comments');
?>
<script type="text/javascript">
//<!-- <![CDATA[
function confirmAction() {
if ($('#checkallaction').val() == 'deleteall') {
return confirm('<?php
echo js_encode(gettext("Are you sure you want to delete the checked items?"));
?>
/**
*
* Handles the POSTing of a comment
* @return NULL|boolean
*/
function comment_form_handle_comment()
{
global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_article, $_zp_current_page, $_zp_HTML_cache;
$comment_error = 0;
$cookie = zp_getCookie('zenphoto_comment');
if (isset($_POST['comment']) && (!isset($_POST['username']) || empty($_POST['username']))) {
// 'username' is a honey-pot trap
/*
* do not save the post page in the cache
* Also the cache should be cleared so that a new page is saved at the first non-comment posting viewing.
* But this has to wait until processing is finished to avoid race conditions.
*/
$_zp_HTML_cache->disable();
if (in_context(ZP_IMAGE)) {
$commentobject = $_zp_current_image;
$redirectTo = $_zp_current_image->getLink();
} else {
if (in_context(ZP_ALBUM)) {
$commentobject = $_zp_current_album;
$redirectTo = $_zp_current_album->getLink();
} else {
if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
$commentobject = $_zp_current_article;
$redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_article->getTitlelink();
} else {
if (in_context(ZP_ZENPAGE_PAGE)) {
$commentobject = $_zp_current_page;
$redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_page->getTitlelink();
} else {
$commentobject = NULL;
$error = gettext('Comment posted on unknown page!');
}
}
}
}
if (is_object($commentobject)) {
if (isset($_POST['name'])) {
$p_name = sanitize($_POST['name'], 3);
} else {
$p_name = NULL;
}
if (isset($_POST['email'])) {
$p_email = sanitize($_POST['email'], 3);
if (!is_valid_email_zp($p_email)) {
$p_email = NULL;
}
} else {
$p_email = NULL;
}
if (isset($_POST['website'])) {
$p_website = sanitize($_POST['website'], 3);
if ($p_website && strpos($p_website, 'http') !== 0) {
$p_website = 'http://' . $p_website;
}
if (!isValidURL($p_website)) {
$p_website = NULL;
}
} else {
$p_website = NULL;
}
if (isset($_POST['comment'])) {
$p_comment = sanitize($_POST['comment'], 1);
} else {
$p_comment = '';
}
$p_server = getUserIP();
if (isset($_POST['code'])) {
$code1 = sanitize($_POST['code'], 3);
$code2 = sanitize($_POST['code_h'], 3);
} else {
$code1 = '';
$code2 = '';
}
$p_private = isset($_POST['private']);
$p_anon = isset($_POST['anon']);
$commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon, serialize(getCommentAddress(0)));
$comment_error = $commentadded->getInModeration();
$_zp_comment_stored = array('name' => $commentadded->getName(), 'email' => $commentadded->getEmail(), 'website' => $commentadded->getWebsite(), 'comment' => $commentadded->getComment(), 'saved' => isset($_POST['remember']), 'private' => $commentadded->getPrivate(), 'anon' => $commentadded->getAnon(), 'custom' => $commentadded->getCustomData());
if ($comment_error) {
$error = $commentadded->comment_error_text;
$comment_error++;
} else {
$_zp_HTML_cache->clearHtmlCache();
$error = NULL;
if (isset($_POST['remember'])) {
// Should always re-cookie to update info in case it's changed...
$_zp_comment_stored['comment'] = '';
// clear the comment itself
zp_setCookie('zenphoto_comment', serialize($_zp_comment_stored));
} else {
zp_clearCookie('zenphoto_comment');
}
//use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour)
if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) {
// but not for Microsoft IIS because that server fails if we redirect!
header('Location: ' . $redirectTo . '#zp_comment_id_' . $commentadded->getId());
exitZP();
}
}
}
return $error;
} else {
if (!empty($cookie)) {
$cookiedata = getSerializedArray($cookie);
if (count($cookiedata) > 1) {
$_zp_comment_stored = $cookiedata;
}
}
}
return false;
}
