/**
* @var UserSettings
*/
global $UserSettings;
param('action', 'string', 'list');
/*
* Init the objects we want to work on.
*/
switch ($action) {
case 'edit':
case 'update':
case 'publish':
case 'deprecate':
case 'delete':
param('comment_ID', 'integer', true);
$edited_Comment = Comment_get_by_ID($comment_ID);
$edited_Comment_Item =& $edited_Comment->get_Item();
set_working_blog($edited_Comment_Item->blog_ID);
$BlogCache =& get_Cache('BlogCache');
$Blog =& $BlogCache->get_by_ID($blog);
// Check permission:
$current_User->check_perm('blog_comments', 'edit', true, $blog);
// Where are we going to redirect to?
param('redirect_to', 'string', url_add_param($admin_url, 'ctrl=items&blog=' . $blog . '&p=' . $edited_Comment->item_ID, '&'));
break;
case 'list':
// Check permission:
$selected = autoselect_blog('blog_comments', 'edit');
if (!$selected) {
// No blog could be selected
$Messages->add(T_('You have no permission to edit comments.'), 'error');
case 'set_comment_status':
// Used for quick moderation of comments in dashboard, item list full view, comment list and front-office screens
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('comment');
$result_success = false;
if (is_logged_in()) {
// Only logged in users can moderate comments
// Check comment moderate permission below after we have the $edited_Comment object
$request_from = param('request_from', 'string', NULL);
$is_admin_page = $request_from != 'front';
$blog = param('blogid', 'integer');
$moderation = param('moderation', 'string', NULL);
$status = param('status', 'string');
$expiry_status = param('expiry_status', 'string', 'active');
$limit = param('limit', 'integer', 0);
$edited_Comment =& Comment_get_by_ID(param('commentid', 'integer'), false);
if ($edited_Comment !== false) {
// The comment still exists
// Check permission:
$current_User->check_perm('comment!' . $status, 'moderate', true, $edited_Comment);
$redirect_to = param('redirect_to', 'url', NULL);
$edited_Comment->set('status', $status);
// Comment moderation is done, handle moderation "secret"
$edited_Comment->handle_qm_secret();
$result_success = $edited_Comment->dbupdate();
if ($result_success !== false) {
if ($status == 'published') {
$edited_Comment->handle_notifications(false, $current_User->ID);
}
}
}
* @package htsrv
*
* @version $Id: comment_review.php 3328 2013-03-26 11:44:11Z yura $
*/
/**
* Initialize everything:
*/
require_once dirname(__FILE__) . '/../conf/_config.php';
require_once $inc_path . '/_main.inc.php';
param('cmt_ID', 'integer', '');
param('secret', 'string', '');
param_action();
$to_dashboard = $admin_url . '?ctrl=dashboard';
$to_comment_edit = $admin_url . '?ctrl=comments&action=edit&comment_ID=' . $cmt_ID;
if ($cmt_ID != null) {
$posted_Comment =& Comment_get_by_ID($cmt_ID);
} else {
$Messages->add('Requested comment does not exist!');
header_redirect($to_dashboard);
}
$comment_Item =& $posted_Comment->get_Item();
$comment_Blog = $comment_Item->get_Blog();
if ($comment_Blog->get_setting('comment_quick_moderation') == 'never') {
// comment quick moderation setting was set to 'never' after this comment quick moderation link was created
// don't allow quick moderation
$Messages->add(T_('Quick moderation not available.'));
}
// Check the secret parameter (This doubles as a CRUMB)
if ($secret != $posted_Comment->get('secret') || empty($secret)) {
// Invalid secret, no moderation allowed here, go to regular form with regular login requirements:
$Messages->add(T_('Invalid secret key. Quick moderation not available.'));
