Exemplo n.º 1
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $web = clean_url($web);
    $email = clean_url($email);
    if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
        setCookies($name, $email, $web);
    } else {
        destroyCookies();
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(strip_tags(deEntBrackets($web)));
    $email = doSlash(strip_tags(deEntBrackets($email)));
    $message = substr(trim($message), 0, 65535);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $parentid = assert_int($parentid);
            $rs = safe_insert("txp_discuss", "parentid  = {$parentid},\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '" . doSlash($ip) . "',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = " . intval($visible) . ",\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    update_lastmod();
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
                if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
                    $backpage = permlinkurl_id($parentid);
                }
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                log_hit('302');
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
Exemplo n.º 2
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        exit(graf(gTxt('comments_closed')));
    }
    if ($prefs['comments_require_name']) {
        if (!trim($name)) {
            exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if ($prefs['comments_require_email']) {
        if (!trim($email)) {
            exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if (!trim($message)) {
        exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
    }
    $ip = serverset('REMOTE_ADDR');
    $message = trim($message);
    $blacklisted = is_blacklisted($ip);
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if (checkBan($ip)) {
        if ($blacklisted == false) {
            if (!$isdup) {
                if (checkNonce($nonce)) {
                    $visible = $comments_moderate ? 0 : 1;
                    $rs = safe_insert("txp_discuss", "parentid  = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t\t\t posted\t  = now()");
                    if ($rs) {
                        safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
                        if ($prefs['comment_means_site_updated']) {
                            safe_update("txp_prefs", "val=now()", "name='lastmod'");
                        }
                        if ($comments_sendmail) {
                            mail_comment($message, $name, $email, $web, $parentid);
                        }
                        $updated = update_comments_count($parentid);
                        ob_start();
                        $backpage = substr($backpage, 0, $prefs['max_url_len']);
                        $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                        $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
                        if ($comments_moderate) {
                            header('Location: ' . $backpage . '#txpCommentInputForm');
                        } else {
                            header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                        }
                    }
                }
                // end check nonce
            }
            // end check dup
        } else {
            exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
        }
        // end check blacklist
    } else {
        exit(gTxt('you_have_been_banned'));
    }
    // end check site ban
}
Exemplo n.º 3
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message = trim($message);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $rs = safe_insert("txp_discuss", "parentid  = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    safe_update("txp_prefs", "val=now()", "name='lastmod'");
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                if ($prefs['logging'] == 'refer') {
                    logit('refer');
                } elseif ($prefs['logging'] == 'all') {
                    logit();
                }
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
Exemplo n.º 4
0
function comments_form($atts)
{
    global $thisarticle, $has_comments_preview;
    extract(lAtts(array('class' => __FUNCTION__, 'form' => 'comment_form', 'isize' => '25', 'msgcols' => '25', 'msgrows' => '5', 'msgstyle' => '', 'show_preview' => empty($has_comments_preview), 'wraptag' => '', 'previewlabel' => gTxt('preview'), 'submitlabel' => gTxt('submit'), 'rememberlabel' => gTxt('remember'), 'forgetlabel' => gTxt('forget')), $atts));
    assert_article();
    extract($thisarticle);
    $out = '';
    $ip = serverset('REMOTE_ADDR');
    $blacklisted = is_blacklisted($ip);
    if (!checkCommentsAllowed($thisid)) {
        $out = graf(gTxt("comments_closed"), ' id="comments_closed"');
    } elseif (!checkBan($ip)) {
        $out = graf(gTxt('you_have_been_banned'), ' id="comments_banned"');
    } elseif ($blacklisted) {
        $out = graf(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), ' id="comments_blacklisted"');
    } elseif (gps('commented') !== '') {
        $out = gTxt("comment_posted");
        if (gps('commented') === '0') {
            $out .= " " . gTxt("comment_moderated");
        }
        $out = graf($out, ' id="txpCommentInputForm"');
    } else {
        # display a comment preview if required
        if (ps('preview') and $show_preview) {
            $out = comments_preview(array());
        }
        $out .= commentForm($thisid, $atts);
    }
    return !$wraptag ? $out : doTag($out, $wraptag, $class);
}
Exemplo n.º 5
0
function comments_form($atts, $thing = null)
{
    global $thisarticle, $has_comments_preview;
    global $thiscommentsform;
    // TODO: Remove any uses of $thiscommentsform when removing deprecated attributes from below.
    // deprecated attributes since TXP 4.6. Most of these (except msgstyle)
    // were moved to the tags that occur within a comments_form, although
    // some of the names changed.
    $deprecated = array('isize', 'msgrows', 'msgcols', 'msgstyle', 'previewlabel', 'submitlabel', 'rememberlabel', 'forgetlabel');
    foreach ($deprecated as $att) {
        if (isset($atts[$att])) {
            trigger_error(gTxt('deprecated_attribute', array('{name}' => $att)), E_USER_NOTICE);
        }
    }
    $atts = lAtts(array('class' => __FUNCTION__, 'form' => 'comment_form', 'isize' => '25', 'msgcols' => '25', 'msgrows' => '5', 'msgstyle' => '', 'show_preview' => empty($has_comments_preview), 'wraptag' => '', 'previewlabel' => gTxt('preview'), 'submitlabel' => gTxt('submit'), 'rememberlabel' => gTxt('remember'), 'forgetlabel' => gTxt('forget')), $atts);
    extract($atts);
    $thiscommentsform = array_intersect_key($atts, array_flip($deprecated));
    assert_article();
    extract($thisarticle);
    $out = '';
    $ip = serverset('REMOTE_ADDR');
    $blacklisted = is_blacklisted($ip);
    if (!checkCommentsAllowed($thisid)) {
        $out = graf(gTxt("comments_closed"), ' id="comments_closed"');
    } elseif ($blacklisted) {
        $out = graf(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), ' id="comments_blacklisted"');
    } elseif (gps('commented') !== '') {
        $out = gTxt("comment_posted");
        if (gps('commented') === '0') {
            $out .= " " . gTxt("comment_moderated");
        }
        $out = graf($out, ' id="txpCommentInputForm"');
    } else {
        // Display a comment preview if required.
        if (ps('preview') and $show_preview) {
            $out = comments_preview(array());
        }
        extract(doDeEnt(psa(array('parentid', 'backpage'))));
        // If the form fields are filled (anything other than blank), pages really
        // should not be saved by a public cache (rfc2616/14.9.1).
        if (pcs('name') || pcs('email') || pcs('web')) {
            header('Cache-Control: private');
        }
        $url = $GLOBALS['pretext']['request_uri'];
        // Experimental clean URLs with only 404-error-document on Apache possibly
        // requires messy URLs for POST requests.
        if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
            $url = hu . '?id=' . intval($parentid);
        }
        $out .= '<form id="txpCommentInputForm" method="post" action="' . txpspecialchars($url) . '#cpreview">' . n . '<div class="comments-wrapper">' . n . ($thing === null ? parse_form($form) : parse($thing)) . n . hInput('parentid', $parentid ? $parentid : $thisid) . n . hInput('backpage', ps('preview') ? $backpage : $url) . n . '</div>' . n . '</form>';
    }
    return !$wraptag ? $out : doTag($out, $wraptag, $class);
}