/**
* article: saves a comment
*
* @param string $title comment title
* @param string $comment comment text
* @param string $id Item id to which $cid belongs
* @param int $pid comment parent
* @param string $postmode 'html' or 'text'
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_savecomment_article($title, $comment, $id, $pid, $postmode)
{
global $_CONF, $_TABLES, $LANG03, $_USER;
$retval = '';
$commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '{$id}') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'));
if (!isset($commentcode) || ($commentcode != 0 || TOPIC_hasMultiTopicAccess('article', $id) < 2)) {
// Need read access of topics to post comment
COM_redirect($_CONF['site_url'] . '/index.php');
}
$ret = CMT_saveComment($title, $comment, $id, $pid, 'article', $postmode);
if ($ret == -1) {
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $id);
$url .= (strpos($url, '?') ? '&' : '?') . 'msg=15';
COM_redirect($url);
} elseif ($ret > 0) {
// failure
// FIXME: some failures should not return to comment form
$retval .= CMT_commentForm($title, $comment, $id, $pid, 'article', $LANG03[14], $postmode);
if (!defined('COMMENT_ON_SAME_PAGE')) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1]));
} else {
if (!COMMENT_ON_SAME_PAGE) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1]));
}
}
} else {
// success
$comments = DB_count($_TABLES['comments'], array('type', 'sid'), array('article', $id));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
// Comment count in Older Stories block may have changed so delete cache
$cacheInstance = 'olderarticles__';
// remove all olderarticles instances
CACHE_remove_instance($cacheInstance);
COM_redirect(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}"));
}
return $retval;
}
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
* @param string $mode 'edit' or 'editsubmission'
* @return string HTML (possibly a refresh)
*/
function handleEdit($mode)
{
global $_TABLES, $LANG03;
//get needed data
$cid = COM_applyFilter($_REQUEST['cid']);
if ($mode == 'editsubmission') {
$table = $_TABLES['commentsubmissions'];
$result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}");
list($type, $sid) = DB_fetchArray($result);
} else {
$sid = COM_applyFilter($_REQUEST['sid']);
$type = COM_applyFilter($_REQUEST['type']);
$table = $_TABLES['comments'];
}
//check for bad data
if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'");
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$title = COM_stripslashes($A['title']);
$commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment']));
//remove signature
$pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">');
if ($pos > 0) {
$commenttext = substr($commenttext, 0, $pos);
}
//get format mode
if (preg_match('/<.*>/', $commenttext) != 0) {
$postmode = 'html';
} else {
$postmode = 'plaintext';
}
} else {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
return COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode) . COM_siteFooter();
}
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd <wenerd87 AT gmail DOT com>
* @return string HTML (possibly a refresh)
*/
function handleEdit()
{
global $_TABLES, $LANG03, $_USER, $_CONF, $_PLUGINS;
if (isset($_POST['cid'])) {
$cid = COM_applyFilter($_POST['cid'], true);
} else {
if (isset($_GET['cid'])) {
$cid = COM_applyFilter($_GET['cid'], true);
} else {
$cid = -1;
}
}
if (isset($_POST['sid'])) {
$sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
} else {
if (isset($_GET['sid'])) {
$sid = COM_sanitizeID(COM_applyFilter($_GET['sid']));
} else {
$sid = '';
}
}
if (isset($_POST['type'])) {
$type = COM_applyFilter($_POST['type']);
} else {
if (isset($_GET['type'])) {
$type = COM_applyFilter($_GET['type']);
} else {
$type = '';
}
}
if ($type != 'article') {
if (!in_array($type, $_PLUGINS)) {
$type = '';
}
}
if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$result = DB_query("SELECT title,comment FROM {$_TABLES['comments']} " . "WHERE cid = " . (int) $cid . " AND sid = '" . DB_escapeString($sid) . "' AND type = '" . DB_escapeString($type) . "'");
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$title = $A['title'];
$commenttext = COM_undoSpecialChars($A['comment']);
//remove signature
$pos = strpos($commenttext, '<!-- COMMENTSIG --><div class="comment-sig">');
if ($pos > 0) {
$commenttext = substr($commenttext, 0, $pos);
}
//get format mode
if (preg_match('/<.*>/', $commenttext) != 0) {
$postmode = 'html';
} else {
$postmode = 'plaintext';
}
} else {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$pid = isset($_REQUEST['pid']) ? COM_applyFilter($_REQUEST['pid'], true) : 0;
return PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0) . CMT_commentForm($title, $commenttext, $sid, $pid, $type, 'edit', $postmode);
}
/**
* Handles comment processing
*
* @param string $mode Mode of comment processing
* @param string $type Type of item (article, polls, etc.)
* @param string $title Title of item
* @param string $sid ID for item to show comments for
* @param string $format 'threaded', 'nested', or 'flat'
* @return string HTML formated
*/
function CMT_handleComment($mode = '', $type = '', $title = '', $sid = '', $format = '')
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN, $topic, $_PLUGINS;
$commentmode = '';
if (!empty($_REQUEST[CMT_MODE])) {
$commentmode = COM_applyFilter($_REQUEST[CMT_MODE]);
}
if (empty($mode)) {
$mode = COM_applyFilter(COM_getArgument(CMT_MODE));
}
if (empty($commentmode) && !empty($mode)) {
$commentmode = $mode;
}
if (empty($sid) && !empty($_REQUEST[CMT_SID])) {
$sid = COM_applyFilter($_REQUEST[CMT_SID]);
}
$pid = 0;
if (!empty($_REQUEST[CMT_PID])) {
$pid = COM_applyFilter($_REQUEST[CMT_PID], true);
}
if (empty($type) && !empty($_REQUEST[CMT_TYPE])) {
$type = COM_applyFilter($_REQUEST[CMT_TYPE]);
}
if (!empty($_REQUEST['title'])) {
$title = $_REQUEST['title'];
// apply filters later in CMT_commentForm or CMT_saveComment
}
if (!empty($_REQUEST[CMT_UID])) {
$uid = COM_applyFilter($_REQUEST[CMT_UID]);
} else {
$uid = 1;
if (!empty($_USER['uid'])) {
$uid = $_USER['uid'];
}
}
$postmode = $_CONF['postmode'];
if (isset($_REQUEST['postmode'])) {
$postmode = COM_applyFilter($_REQUEST['postmode']);
}
$formtype = '';
if (!empty($_REQUEST['formtype'])) {
$formtype = COM_applyFilter($_REQUEST['formtype']);
}
// Get comment id, may not be there...will handle in function
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
TOPIC_getTopic('comment', $cid);
if (empty($format) && isset($_REQUEST['format'])) {
$format = COM_applyFilter($_REQUEST['format']);
}
if (!in_array($format, array('threaded', 'nested', 'flat', 'nocomment'))) {
if (COM_isAnonUser()) {
$format = $_CONF['comment_mode'];
} else {
$format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
}
}
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$cpage = 1;
if (!empty($_REQUEST['cpage'])) {
$cpage = COM_applyFilter($_REQUEST['cpage'], true);
if (empty($cpage)) {
$cpage = 1;
}
}
$is_comment_page = CMT_isCommentPage();
$retval = '';
if ($_CONF['show_comments_at_replying'] && $is_comment_page && !empty($sid) && !empty($type) && in_array($commentmode, array('', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) {
if ($commentmode == 'edit') {
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
if ($cid <= 0) {
COM_errorLog("CMT_handleComment(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$pid = $cid;
}
if ($pid > 0 && empty($title)) {
$atype = DB_escapeString($type);
$title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
$title = str_replace('$', '$', $title);
// CMT_userComments expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
$retval .= CMT_userComments($sid, $title, $type, $order, $format, $pid, $cpage, $pid > 0, false, 0);
}
switch ($commentmode) {
case $LANG03[28]:
// Preview Changes (for edit)
// Preview Changes (for edit)
case $LANG03[34]:
// Preview Submission changes (for edit)
// Preview Submission changes (for edit)
case $LANG03[14]:
// Preview
$retval .= CMT_commentForm($title, $_POST['comment'], $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
if ($is_comment_page) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[14]));
}
break;
case $LANG03[35]:
// Submit Changes to Moderation table
// Submit Changes to Moderation table
case $LANG03[29]:
// Submit Changes
if (SEC_checkToken()) {
$retval .= CMT_handleEditSubmit($commentmode);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case $LANG03[11]:
// Submit comment
$retval .= CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid);
break;
case $LANG_ADMIN['delete']:
case 'delete':
// Delete comment
if (SEC_checkToken()) {
$retval .= CMT_handleDelete($sid, $type, $formtype);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case 'view':
// View comment by $cid
$retval .= CMT_handleView($format, $order, $cpage, true);
break;
case 'display':
// View comment by $pid
$retval .= CMT_handleView($format, $order, $cpage, false);
break;
case 'report':
if ($is_comment_page) {
$cid = 0;
if (isset($_GET[CMT_CID])) {
$cid = COM_applyFilter($_GET[CMT_CID], true);
}
$type = '';
if (isset($_GET[CMT_TYPE])) {
$type = COM_applyFilter($_GET[CMT_TYPE]);
}
if ($cid <= 0 || empty($type)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$retval .= CMT_reportAbusiveComment($cid, $type);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27]));
}
break;
case 'sendreport':
if (SEC_checkToken()) {
$cid = 0;
if (isset($_POST[CMT_CID])) {
$cid = COM_applyFilter($_POST[CMT_CID], true);
}
$type = '';
if (isset($_POST[CMT_TYPE])) {
$type = COM_applyFilter($_POST[CMT_TYPE]);
}
if ($cid <= 0 || empty($type)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$retval .= CMT_sendReport($cid, $type);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case 'editsubmission':
if (!SEC_hasRights('comment.moderate')) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
// deliberate fall-through
// deliberate fall-through
case 'edit':
$retval .= CMT_handleEdit($commentmode, $postmode, $format, $order, $cpage);
if ($is_comment_page) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1]));
}
break;
case 'unsubscribe':
$cid = 0;
$key = COM_applyFilter($_GET['key']);
if (!empty($key)) {
$key = DB_escapeString($key);
$cid = DB_getItem($_TABLES['commentnotifications'], 'cid', "deletehash = '{$key}'");
if (!empty($cid)) {
$redirecturl = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . '&format=nested&msg=16';
DB_delete($_TABLES['commentnotifications'], 'deletehash', $key, $redirecturl);
exit;
}
}
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
break;
case $LANG_ADMIN['cancel']:
if ($formtype == 'editsubmission') {
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
exit;
} else {
$retval .= CMT_handleCancel();
// moved to function for readibility
}
break;
default:
// New Comment or Reply Comment
$abort = false;
// Check to make sure comment type exists
if ($type != 'article' && !in_array($type, $_PLUGINS)) {
$abort = true;
}
// Check article permissions
if (!$abort && $type == 'article' && !empty($sid)) {
$dbTitle = DB_getItem($_TABLES['stories'], 'title', "(sid = '{$sid}') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)" . COM_getPermSQL('AND'));
// if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid) < 2) { // Make sure have at least read access to topics to post comment
if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid, $topic) < 2) {
// Make sure have at least read access to current topic of article to post comment
// no permissions, or no story of that title
$abort = true;
}
}
if (!$abort && !empty($sid) && !empty($type)) {
if ($pid > 0 && empty($title)) {
$atype = DB_escapeString($type);
$title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
// Check title, if for some reason blank assume no access allowed to plugin item (therefore cannot add comment) so return to homepage
if (is_array($title) || empty($title) || $title == false) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$title = str_replace('$', '$', $title);
// CMT_commentForm expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
$retval .= CMT_commentForm($title, '', $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
} else {
if (COMMENT_ON_SAME_PAGE) {
// Do nothing and do not show comment form (happens most likely when admin viewing draft article)
} else {
// For comments not displayed on same page (probably owner pushed the post comment button on a draft article)
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
}
if ($is_comment_page) {
$noindex = '<meta name="robots" content="noindex"' . XHTML . '>';
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1], 'headercode' => $noindex));
}
break;
}
return $retval;
}
/**
* article: saves a comment
*
* @param string $title comment title
* @param string $comment comment text
* @param string $id Item id to which $cid belongs
* @param int $pid comment parent
* @param string $postmode 'html' or 'text'
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_savecomment_article($title, $comment, $id, $pid, $postmode)
{
global $_CONF, $_TABLES, $LANG03, $_USER;
$retval = '';
$commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '" . DB_escapeString($id) . "') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'));
if (!isset($commentcode) || $commentcode != 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$ret = CMT_saveComment($title, $comment, $id, $pid, 'article', $postmode);
if ($ret > 0) {
// failure
$msg = '';
if (SESS_isSet('glfusion.commentpresave.error')) {
$msg = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', 1, 'error');
SESS_unSet('glfusion.commentpresave.error');
} else {
if (empty($title) || empty($comment)) {
$msg = COM_showMessageText($LANG03[12], '', 1, 'error');
}
}
$retval .= $msg . CMT_commentForm($title, $comment, $id, $pid, 'article', $LANG03[14], $postmode);
} else {
// success
$comments = DB_count($_TABLES['comments'], array('type', 'sid'), array('article', $id));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
COM_olderStuff();
// update comment count in Older Stories block
$retval = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}#comments"));
}
return $retval;
}
