private function addComments($mediaItem) { $noUsers = SiteUser::count(); if ($noUsers <= 0) { $this->command->info("Can't add comments. No users!"); return; } $comments = array("This is a random comment.", "Another completley different random commment.", "Blah blah blah blah blah blah blah blah blah blah something interesting.", "<script>alert('xss');</script> some <strong>xss</strong>"); $noToCreate = rand(0, 20); if ($noToCreate > 0) { $users = SiteUser::take($noToCreate)->get(); for ($i = 0; $i < $noToCreate; $i++) { $comment = new MediaItemComment(array("msg" => $comments[rand(0, count($comments) - 1)])); $user = $users[rand(0, count($users) - 1)]; $comment->siteUser()->associate($user); $comment->mediaItem()->associate($mediaItem); $comment->save(); } } }
public function postPostComment($mediaItemId) { $mediaItem = MediaItem::accessible()->find($mediaItemId); if (is_null($mediaItem)) { App::abort(404); } if (!$mediaItem->comments_enabled) { App::abort(403); // forbidden } // true if a user is logged into the cms and has permission to manage comments and post as station. $userHasCommentsPermission = Auth::isLoggedIn() && Auth::getUser()->hasPermission(Config::get("permissions.siteComments"), 0); if ((!Facebook::isLoggedIn() || Facebook::getUserState() !== 0) && !$userHasCommentsPermission) { App::abort(403); } $response = array("success" => false); // check if user posted a comment recently $noRecentComments = MediaItemComment::where("site_user_id", $userHasCommentsPermission ? null : Facebook::getUser()->id)->where("updated_at", ">=", Carbon::now()->subSeconds(Config::get("comments.number_allowed_reset_interval")))->count(); if ($noRecentComments <= Config::get("comments.number_allowed")) { $msg = FormHelpers::getValue("msg"); $postAsStation = FormHelpers::getValue("post_as_station") === "1"; if (is_null($msg)) { throw new Exception("No message supplied."); } else { if (strlen($msg) > 500) { throw new Exception("Message length must be <= 500 characters."); } else { if ($postAsStation && !$userHasCommentsPermission) { App::abort(403); } else { if (!$postAsStation && !Facebook::isLoggedIn()) { throw new Exception("Cannot post as a facebook user as not logged in as one."); } } } } $msg = trim($msg); // remove leading and trailing whitespace. if ($msg === "") { throw new Exception("The message cannot be blank."); } $comment = new MediaItemComment(array("msg" => $msg)); if (!$postAsStation) { $comment->siteUser()->associate(Facebook::getUser()); } $comment->mediaItem()->associate($mediaItem); $comment->save(); $response['success'] = true; $response['id'] = intval($comment->id); } return Response::json($response); }