function executeCmd() { global $mainframe; $cmd = strtolower(JCommentsInput::getVar('cmd', '')); $hash = JCommentsInput::getVar('hash', ''); $id = (int) JCommentsInput::getVar('id', 0); $error = ''; $link = $mainframe->getCfg('live_site') . '/index.php'; $checkHash = JCommentsFactory::getCmdHash($cmd, $id); if ($hash == $checkHash) { $config =& JCommentsFactory::getConfig(); if ($config->getInt('enable_quick_moderation') == 1) { $dbo =& JCommentsFactory::getDBO(); $comment = new JCommentsDB($dbo); if ($comment->load($id)) { $link = JCommentsObjectHelper::getLink($comment->object_id, $comment->object_group); $link = str_replace('&', '&', $link); switch ($cmd) { case 'publish': $comment->published = 1; $comment->store(); $link .= '#comment-' . $comment->id; break; case 'unpublish': $comment->published = 0; $comment->store(); $acl =& JCommentsFactory::getACL(); if ($acl->canPublish()) { $link .= '#comment-' . $comment->id; } else { $link .= '#comments'; } break; case 'delete': $comment->delete(); $link .= '#comments'; break; } } } else { $error = JText::_('Quick moderation function is disabled by administrator!'); } } else { $error = JText::_('Incorrect hash for this operation!'); } JCommentsRedirect($link, $error); }
function reportComment() { if (JCommentsSecurity::badRequest() == 1) { JCommentsSecurity::notAuth(); } $acl =& JCommentsFactory::getACL(); $db =& JCommentsFactory::getDBO(); $config =& JCommentsFactory::getConfig(); $response =& JCommentsFactory::getAjaxResponse(); $values = JCommentsAJAX::prepareValues($_POST); $id = (int) $values['commentid']; $reason = trim(strip_tags($values['reason'])); $name = trim(strip_tags($values['name'])); $ip = $acl->getUserIP(); if ($reason == '') { JCommentsAJAX::showErrorMessage(JText::_('Please enter the reason for your report!'), '', 'comments-report-form'); return $response; } $query = 'SELECT COUNT(*) FROM `#__jcomments_reports` WHERE commentid = ' . $id; if ($acl->getUserId()) { $query .= ' AND userid = ' . $acl->getUserId(); } else { $query .= ' AND ip = "' . $ip . '"'; } $db->setQuery($query); $reported = $db->loadResult(); if (!$reported) { $query = 'SELECT COUNT(*) FROM `#__jcomments_reports` WHERE commentid = ' . $id; $db->setQuery($query); $reported = $db->loadResult(); if (!$reported) { $comment = new JCommentsDB($db); if ($comment->load($id)) { if ($acl->canReport($comment)) { $allowed = true; if ($config->getInt('enable_mambots') == 1) { require_once JCOMMENTS_HELPERS . DS . 'plugin.php'; JCommentsPluginHelper::importPlugin('jcomments'); JCommentsPluginHelper::trigger('onReportComment', array(&$comment, &$response, &$allowed, &$value)); } if ($allowed !== false) { if ($acl->getUserId()) { $user = JCommentsFactory::getUser(); $name = $user->name; } else { if ($name == '') { $name = JText::_('Guest'); } } $query = "INSERT INTO `#__jcomments_reports`(`commentid`,`userid`, `name`,`ip`,`date`,`reason`)" . "VALUES('" . $comment->id . "', '" . $acl->getUserId() . "', '" . $db->getEscaped($name) . "', '" . $db->getEscaped($ip) . "', now(), '" . $db->getEscaped($reason) . "')"; $db->setQuery($query); $db->query(); if ($config->getInt('enable_notification') == 1) { if ($config->check('notification_type', 2)) { $comment->datetime = $comment->date; if (is_string($comment->datetime)) { $comment->datetime = strtotime($comment->datetime); } JComments::sendReport($comment, $name, $reason); } } $html = JText::_('Report successfully sent!'); $html = str_replace("\n", '\\n', $html); $html = str_replace('\\n', '<br />', $html); $html = JCommentsText::jsEscape($html); $response->addScript("jcomments.closeReport('{$html}');"); } } else { JCommentsAJAX::showErrorMessage(JText::_('You have no rights to report comment!'), '', 'comments-report-form'); } } else { $response->addAlert(JText::_('ERROR_NOT_FOUND')); } unset($comment); } else { JCommentsAJAX::showErrorMessage(JText::_('Comment already reported to the site administrator'), '', 'comments-report-form'); } } else { JCommentsAJAX::showErrorMessage(JText::_('You can\'t report the same comment more than once!'), '', 'comments-report-form'); } return $response; }
function save() { $task = JCommentsInput::getVar('task'); $id = (int) JCommentsInput::getVar('id', 0); $bbcode =& JCommentsFactory::getBBCode(); $db =& JCommentsFactory::getDBO(); $row = new JCommentsDB($db); if ($row->load($id)) { $row->homepage = trim(strip_tags(JCommentsInput::getVar('homepage'))); $row->email = trim(strip_tags(JCommentsInput::getVar('email'))); $row->title = trim(strip_tags(JCommentsInput::getVar('title'))); $row->comment = JCommentsInput::getVar('comment'); $row->published = (int) JCommentsInput::getVar('published'); if ($row->userid == 0) { $row->name = strip_tags(JCommentsInput::getVar('name')); $row->name = preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $row->name); if ($row->username != $row->name) { $row->username = $row->name; } $row->username = preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $row->username); } else { if ($row->name == '' || $row->username == '' || $row->email == '') { $user = JCommentsFactory::getUser($row->userid); $row->name = $row->name == '' ? $user->name : $row->name; $row->username = $row->username == '' ? $user->username : $row->username; $row->email = $row->email == '' ? $user->email : $row->email; } } // handle magic quotes compatibility if (get_magic_quotes_gpc() == 1) { $row->title = stripslashes($row->title); $row->comment = stripslashes($row->comment); } $row->comment = JCommentsText::nl2br($row->comment); $row->comment = $bbcode->filter($row->comment); $row->store(); $row->checkin(); JCommentsCache::cleanCache('com_jcomments'); JCommentsCache::cleanCache($row->object_group); } switch ($task) { case 'apply': JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=edit&hidemainmenu=1&cid[]=' . $row->id); break; case 'save': default: JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=comments'); break; } }