/**
* Insert the document
* @param object $obj
* @param bool $manual_inserted
* @param bool $isRestore
* @return object
*/
function insertDocument($obj, $manual_inserted = false, $isRestore = false, $isLatest = true)
{
if (!$manual_inserted && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
// List variables
if ($obj->comment_status) {
$obj->commentStatus = $obj->comment_status;
}
if (!$obj->commentStatus) {
$obj->commentStatus = 'DENY';
}
if ($obj->commentStatus == 'DENY') {
$this->_checkCommentStatusForOldVersion($obj);
}
if ($obj->allow_trackback != 'Y') {
$obj->allow_trackback = 'N';
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
if ($obj->notify_message != 'Y') {
$obj->notify_message = 'N';
}
if (!$obj->email_address) {
$obj->email_address = '';
}
if (!$isRestore) {
$obj->ipaddress = $_SERVER['REMOTE_ADDR'];
}
// can modify regdate only manager
$grant = Context::get('grant');
if (!$grant->manager) {
unset($obj->regdate);
}
// Serialize the $extra_vars, check the extra_vars type, because duplicate serialized avoid
if (!is_string($obj->extra_vars)) {
$obj->extra_vars = serialize($obj->extra_vars);
}
// Remove the columns for automatic saving
unset($obj->_saved_doc_srl);
unset($obj->_saved_doc_title);
unset($obj->_saved_doc_content);
unset($obj->_saved_doc_message);
// Call a trigger (before)
$output = ModuleHandler::triggerCall('document.insertDocument', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// Register it if no given document_srl exists
if (!$obj->document_srl) {
$obj->document_srl = getNextSequence();
} elseif (!$manual_inserted && !$isRestore && !checkUserSequence($obj->document_srl)) {
return new Object(-1, 'msg_not_permitted');
}
$oDocumentModel = getModel('document');
// Set to 0 if the category_srl doesn't exist
if ($obj->category_srl) {
$category_list = $oDocumentModel->getCategoryList($obj->module_srl);
if (count($category_list) > 0 && !$category_list[$obj->category_srl]->grant) {
return new Object(-1, 'msg_not_permitted');
}
if (count($category_list) > 0 && !$category_list[$obj->category_srl]) {
$obj->category_srl = 0;
}
}
// Set the read counts and update order.
if (!$obj->readed_count) {
$obj->readed_count = 0;
}
if ($isLatest) {
$obj->update_order = $obj->list_order = $obj->document_srl * -1;
} else {
$obj->update_order = $obj->list_order;
}
// Check the status of password hash for manually inserting. Apply hashing for otherwise.
if ($obj->password && !$obj->password_is_hashed) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
// Insert member's information only if the member is logged-in and not manually registered.
$logged_info = Context::get('logged_info');
if (Context::get('is_logged') && !$manual_inserted && !$isRestore) {
$obj->member_srl = $logged_info->member_srl;
// user_id, user_name and nick_name already encoded
$obj->user_id = htmlspecialchars_decode($logged_info->user_id);
$obj->user_name = htmlspecialchars_decode($logged_info->user_name);
$obj->nick_name = htmlspecialchars_decode($logged_info->nick_name);
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
// If the tile is empty, extract string from the contents.
$obj->title = htmlspecialchars($obj->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
settype($obj->title, "string");
if ($obj->title == '') {
$obj->title = cut_str(trim(strip_tags(nl2br($obj->content))), 20, '...');
}
// If no tile extracted from the contents, leave it untitled.
if ($obj->title == '') {
$obj->title = 'Untitled';
}
// Remove XE's own tags from the contents.
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// if use editor of nohtml, Remove HTML tags from the contents.
if (!$manual_inserted) {
if (Mobile::isFromMobilePhone() && $obj->use_editor != 'Y') {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
} else {
$oEditorModel = getModel('editor');
$editor_config = $oEditorModel->getEditorConfig($obj->module_srl);
if (strpos($editor_config->sel_editor_colorset, 'nohtml') !== FALSE) {
$obj->content = preg_replace('/\\<br(\\s*)?\\/?\\>/i', PHP_EOL, $obj->content);
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$obj->content = str_replace(array("\r\n", "\r", "\n"), '<br />', $obj->content);
}
}
}
// Remove iframe and script if not a top adminisrator in the session.
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// An error appears if both log-in info and user name don't exist.
if (!$logged_info->member_srl && !$obj->nick_name) {
return new Object(-1, 'msg_invalid_request');
}
// Fix encoding of non-BMP UTF-8 characters.
$obj->title = utf8_mbencode($obj->title);
$obj->content = utf8_mbencode($obj->content);
$obj->lang_code = Context::getLangType();
// Insert data into the DB
if (!$obj->status) {
$this->_checkDocumentStatusForOldVersion($obj);
}
$output = executeQuery('document.insertDocument', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// Insert extra variables if the document successfully inserted.
$extra_vars = array();
$extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl);
if (count($extra_keys)) {
foreach ($extra_keys as $idx => $extra_item) {
$value = NULL;
if (isset($obj->{'extra_vars' . $idx})) {
$tmp = $obj->{'extra_vars' . $idx};
if (is_array($tmp)) {
$value = implode('|@|', $tmp);
} else {
$value = trim($tmp);
}
} else {
if (isset($obj->{$extra_item->name})) {
$value = trim($obj->{$extra_item->name});
}
}
if ($value == NULL) {
continue;
}
$extra_vars[$extra_item->name] = $value;
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid);
}
}
// Update the category if the category_srl exists.
if ($obj->category_srl) {
$this->updateCategoryCount($obj->module_srl, $obj->category_srl);
}
// Call a trigger (after)
if ($obj->update_log_setting === 'Y') {
$obj->extra_vars = serialize($extra_vars);
$update_output = $this->insertDocumentUpdateLog($obj);
if (!$update_output->toBool()) {
$oDB->rollback();
return $update_output;
}
}
ModuleHandler::triggerCall('document.insertDocument', 'after', $obj);
// commit
$oDB->commit();
// return
if (!$manual_inserted) {
$this->addGrant($obj->document_srl);
}
$output->add('document_srl', $obj->document_srl);
$output->add('category_srl', $obj->category_srl);
return $output;
}
/**
* Enter comments
* @param object $obj
* @param bool $manual_inserted
* @return object
*/
function insertComment($obj, $manual_inserted = FALSE)
{
if (!$manual_inserted && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!is_object($obj)) {
$obj = new stdClass();
}
// check if comment's module is using comment validation and set the publish status to 0 (false)
// for inserting query, otherwise default is 1 (true - means comment is published)
$using_validation = $this->isModuleUsingPublishValidation($obj->module_srl);
if (!$manual_inserted) {
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin == 'Y') {
$is_admin = TRUE;
} else {
$is_admin = FALSE;
}
}
} else {
$is_admin = FALSE;
}
if (!$using_validation) {
$obj->status = 1;
} else {
if ($is_admin) {
$obj->status = 1;
} else {
$obj->status = 0;
}
}
$obj->__isupdate = FALSE;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.insertComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// check if a posting of the corresponding document_srl exists
$document_srl = $obj->document_srl;
if (!$document_srl) {
return new Object(-1, 'msg_invalid_document');
}
// get a object of document model
$oDocumentModel = getModel('document');
// even for manual_inserted if password exists, hash it.
if ($obj->password) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
// get the original posting
if (!$manual_inserted) {
$oDocument = $oDocumentModel->getDocument($document_srl);
if ($document_srl != $oDocument->document_srl) {
return new Object(-1, 'msg_invalid_document');
}
if ($oDocument->isLocked()) {
return new Object(-1, 'msg_invalid_request');
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
// input the member's information if logged-in
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
$obj->member_srl = $logged_info->member_srl;
// user_id, user_name and nick_name already encoded
$obj->user_id = htmlspecialchars_decode($logged_info->user_id);
$obj->user_name = htmlspecialchars_decode($logged_info->user_name);
$obj->nick_name = htmlspecialchars_decode($logged_info->nick_name);
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// error display if neither of log-in info and user name exist.
if (!$logged_info->member_srl && !$obj->nick_name) {
return new Object(-1, 'msg_invalid_request');
}
if (!$obj->comment_srl) {
$obj->comment_srl = getNextSequence();
} elseif (!$is_admin && !$manual_inserted && !checkUserSequence($obj->comment_srl)) {
return new Object(-1, 'msg_not_permitted');
}
// determine the order
$obj->list_order = getNextSequence() * -1;
// remove XE's own tags from the contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
if (Mobile::isFromMobilePhone()) {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
}
if (!$obj->regdate) {
$obj->regdate = date("YmdHis");
}
// remove iframe and script if not a top administrator on the session.
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
if (!$obj->notify_message) {
$obj->notify_message = 'N';
}
if (!$obj->is_secret) {
$obj->is_secret = 'N';
}
// begin transaction
$oDB = DB::getInstance();
$oDB->begin();
// Enter a list of comments first
$list_args = new stdClass();
$list_args->comment_srl = $obj->comment_srl;
$list_args->document_srl = $obj->document_srl;
$list_args->module_srl = $obj->module_srl;
$list_args->regdate = $obj->regdate;
// If parent comment doesn't exist, set data directly
if (!$obj->parent_srl) {
$list_args->head = $list_args->arrange = $obj->comment_srl;
$list_args->depth = 0;
// If parent comment exists, get information of the parent comment
} else {
// get information of the parent comment posting
$parent_args = new stdClass();
$parent_args->comment_srl = $obj->parent_srl;
$parent_output = executeQuery('comment.getCommentListItem', $parent_args);
// return if no parent comment exists
if (!$parent_output->toBool() || !$parent_output->data) {
return;
}
$parent = $parent_output->data;
$list_args->head = $parent->head;
$list_args->depth = $parent->depth + 1;
// if the depth of comments is less than 2, execute insert.
if ($list_args->depth < 2) {
$list_args->arrange = $obj->comment_srl;
// if the depth of comments is greater than 2, execute update.
} else {
// get the top listed comment among those in lower depth and same head with parent's.
$p_args = new stdClass();
$p_args->head = $parent->head;
$p_args->arrange = $parent->arrange;
$p_args->depth = $parent->depth;
$output = executeQuery('comment.getCommentParentNextSibling', $p_args);
if ($output->data->arrange) {
$list_args->arrange = $output->data->arrange;
$output = executeQuery('comment.updateCommentListArrange', $list_args);
} else {
$list_args->arrange = $obj->comment_srl;
}
}
}
$output = executeQuery('comment.insertCommentList', $list_args);
if (!$output->toBool()) {
return $output;
}
// insert comment
$output = executeQuery('comment.insertComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// creat the comment model object
$oCommentModel = getModel('comment');
// get the number of all comments in the posting
$comment_count = $oCommentModel->getCommentCount($document_srl);
// create the controller object of the document
$oDocumentController = getController('document');
// Update the number of comments in the post
if (!$using_validation) {
$output = $oDocumentController->updateCommentCount($document_srl, $comment_count, $obj->nick_name, TRUE);
} else {
if ($is_admin) {
$output = $oDocumentController->updateCommentCount($document_srl, $comment_count, $obj->nick_name, TRUE);
}
}
// grant autority of the comment
if (!$manual_inserted) {
$this->addGrant($obj->comment_srl);
}
// call a trigger(after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.insertComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
if (!$manual_inserted) {
// send a message if notify_message option in enabled in the original article
$oDocument->notify(Context::getLang('comment'), $obj->content);
// send a message if notify_message option in enabled in the original comment
if ($obj->parent_srl) {
$oParent = $oCommentModel->getComment($obj->parent_srl);
if ($oParent->get('member_srl') != $oDocument->get('member_srl')) {
$oParent->notify(Context::getLang('comment'), $obj->content);
}
}
}
$this->sendEmailToAdminAfterInsertComment($obj);
$output->add('comment_srl', $obj->comment_srl);
return $output;
}
