function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = getComment(); $evaluator =& get_comment_evaluator(); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } $ip = serverset('REMOTE_ADDR'); if (!checkBan($ip)) { txp_die(gTxt('you_have_been_banned'), '403'); } $blacklisted = is_blacklisted($ip); if ($blacklisted) { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } $web = clean_url($web); $email = clean_url($email); if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) { setCookies($name, $email, $web); } else { destroyCookies(); } $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(strip_tags(deEntBrackets($web))); $email = doSlash(strip_tags(deEntBrackets($email))); $message = substr(trim($message), 0, 65535); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'"); if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) { $evaluator->add_estimate(RELOAD, 1); // The error-messages are added in the preview-code } if ($isdup) { $evaluator->add_estimate(RELOAD, 1); } // FIXME? Tell the user about dupe? if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) { callback_event('comment.save'); $visible = $evaluator->get_result(); if ($visible != RELOAD) { $parentid = assert_int($parentid); $rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { update_lastmod(); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid, $rs); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage; if (defined('PARTLY_MESSY') and PARTLY_MESSY) { $backpage = permlinkurl_id($parentid); } $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0'); txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } log_hit('302'); $evaluator->write_trace(); exit; } } } // Force another Preview $_POST['preview'] = RELOAD; //$evaluator->write_trace(); }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember')); extract($in); if (!checkCommentsAllowed($parentid)) { exit(graf(gTxt('comments_closed'))); } if ($prefs['comments_require_name']) { if (!trim($name)) { exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } } if ($prefs['comments_require_email']) { if (!trim($email)) { exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } } if (!trim($message)) { exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } $ip = serverset('REMOTE_ADDR'); $message = trim($message); $blacklisted = is_blacklisted($ip); $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(clean_url(strip_tags(deEntBrackets($web)))); $email = doSlash(clean_url(strip_tags(deEntBrackets($email)))); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'"); if (checkBan($ip)) { if ($blacklisted == false) { if (!$isdup) { if (checkNonce($nonce)) { $visible = $comments_moderate ? 0 : 1; $rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'"); if ($prefs['comment_means_site_updated']) { safe_update("txp_prefs", "val=now()", "name='lastmod'"); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid); } $updated = update_comments_count($parentid); ob_start(); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1'; if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } } } // end check nonce } // end check dup } else { exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted)); } // end check blacklist } else { exit(gTxt('you_have_been_banned')); } // end check site ban }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = getComment(); $evaluator =& get_comment_evaluator(); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } $ip = serverset('REMOTE_ADDR'); if (!checkBan($ip)) { txp_die(gTxt('you_have_been_banned'), '403'); } $blacklisted = is_blacklisted($ip); if ($blacklisted) { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(clean_url(strip_tags(deEntBrackets($web)))); $email = doSlash(clean_url(strip_tags(deEntBrackets($email)))); $message = trim($message); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'"); if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) { $evaluator->add_estimate(RELOAD, 1); // The error-messages are added in the preview-code } if ($isdup) { $evaluator->add_estimate(RELOAD, 1); } // FIXME? Tell the user about dupe? if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) { callback_event('comment.save'); $visible = $evaluator->get_result(); if ($visible != RELOAD) { $rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { safe_update("txp_prefs", "val=now()", "name='lastmod'"); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid, $rs); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0'); txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } if ($prefs['logging'] == 'refer') { logit('refer'); } elseif ($prefs['logging'] == 'all') { logit(); } $evaluator->write_trace(); exit; } } } // Force another Preview $_POST['preview'] = RELOAD; //$evaluator->write_trace(); }
function comments_form($atts) { global $thisarticle, $has_comments_preview; extract(lAtts(array('class' => __FUNCTION__, 'form' => 'comment_form', 'isize' => '25', 'msgcols' => '25', 'msgrows' => '5', 'msgstyle' => '', 'show_preview' => empty($has_comments_preview), 'wraptag' => '', 'previewlabel' => gTxt('preview'), 'submitlabel' => gTxt('submit'), 'rememberlabel' => gTxt('remember'), 'forgetlabel' => gTxt('forget')), $atts)); assert_article(); extract($thisarticle); $out = ''; $ip = serverset('REMOTE_ADDR'); $blacklisted = is_blacklisted($ip); if (!checkCommentsAllowed($thisid)) { $out = graf(gTxt("comments_closed"), ' id="comments_closed"'); } elseif (!checkBan($ip)) { $out = graf(gTxt('you_have_been_banned'), ' id="comments_banned"'); } elseif ($blacklisted) { $out = graf(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), ' id="comments_blacklisted"'); } elseif (gps('commented') !== '') { $out = gTxt("comment_posted"); if (gps('commented') === '0') { $out .= " " . gTxt("comment_moderated"); } $out = graf($out, ' id="txpCommentInputForm"'); } else { # display a comment preview if required if (ps('preview') and $show_preview) { $out = comments_preview(array()); } $out .= commentForm($thisid, $atts); } return !$wraptag ? $out : doTag($out, $wraptag, $class); }
function comments_form($atts, $thing = null) { global $thisarticle, $has_comments_preview; global $thiscommentsform; // TODO: Remove any uses of $thiscommentsform when removing deprecated attributes from below. // deprecated attributes since TXP 4.6. Most of these (except msgstyle) // were moved to the tags that occur within a comments_form, although // some of the names changed. $deprecated = array('isize', 'msgrows', 'msgcols', 'msgstyle', 'previewlabel', 'submitlabel', 'rememberlabel', 'forgetlabel'); foreach ($deprecated as $att) { if (isset($atts[$att])) { trigger_error(gTxt('deprecated_attribute', array('{name}' => $att)), E_USER_NOTICE); } } $atts = lAtts(array('class' => __FUNCTION__, 'form' => 'comment_form', 'isize' => '25', 'msgcols' => '25', 'msgrows' => '5', 'msgstyle' => '', 'show_preview' => empty($has_comments_preview), 'wraptag' => '', 'previewlabel' => gTxt('preview'), 'submitlabel' => gTxt('submit'), 'rememberlabel' => gTxt('remember'), 'forgetlabel' => gTxt('forget')), $atts); extract($atts); $thiscommentsform = array_intersect_key($atts, array_flip($deprecated)); assert_article(); extract($thisarticle); $out = ''; $ip = serverset('REMOTE_ADDR'); $blacklisted = is_blacklisted($ip); if (!checkCommentsAllowed($thisid)) { $out = graf(gTxt("comments_closed"), ' id="comments_closed"'); } elseif ($blacklisted) { $out = graf(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), ' id="comments_blacklisted"'); } elseif (gps('commented') !== '') { $out = gTxt("comment_posted"); if (gps('commented') === '0') { $out .= " " . gTxt("comment_moderated"); } $out = graf($out, ' id="txpCommentInputForm"'); } else { // Display a comment preview if required. if (ps('preview') and $show_preview) { $out = comments_preview(array()); } extract(doDeEnt(psa(array('parentid', 'backpage')))); // If the form fields are filled (anything other than blank), pages really // should not be saved by a public cache (rfc2616/14.9.1). if (pcs('name') || pcs('email') || pcs('web')) { header('Cache-Control: private'); } $url = $GLOBALS['pretext']['request_uri']; // Experimental clean URLs with only 404-error-document on Apache possibly // requires messy URLs for POST requests. if (defined('PARTLY_MESSY') and PARTLY_MESSY) { $url = hu . '?id=' . intval($parentid); } $out .= '<form id="txpCommentInputForm" method="post" action="' . txpspecialchars($url) . '#cpreview">' . n . '<div class="comments-wrapper">' . n . ($thing === null ? parse_form($form) : parse($thing)) . n . hInput('parentid', $parentid ? $parentid : $thisid) . n . hInput('backpage', ps('preview') ? $backpage : $url) . n . '</div>' . n . '</form>'; } return !$wraptag ? $out : doTag($out, $wraptag, $class); }