} XSRFdefender('savecomment'); $id = sanitize_numeric($_POST['id']); $comment = new Comment($id); if (isset($_POST['name'])) { $comment->setName(sanitize($_POST['name'], 3)); } if (isset($_POST['email'])) { $comment->setEmail(sanitize($_POST['email'], 3)); } if (isset($_POST['website'])) { $comment->setWebsite(sanitize($_POST['website'], 3)); } $comment->setDateTime(sanitize($_POST['date'], 3)); $comment->setComment(sanitize($_POST['comment'], 1)); $comment->setCustomData($_comment_form_save_post = serialize(getCommentAddress(0))); $comment->save(); header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?saved&page=editcomment&id=' . $comment->getID()); exitZP(); } } printAdminHeader('comments'); zp_apply_filter('texteditor_config', 'admin_comments'); ?> <script type="text/javascript"> //<!-- <![CDATA[ function confirmAction() { if ($('#checkallaction').val() == 'deleteall') { return confirm('<?php echo js_encode(gettext("Are you sure you want to delete the checked items?")); ?>
/** * * Handles the POSTing of a comment * @return NULL|boolean */ function comment_form_handle_comment() { global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_article, $_zp_current_page, $_zp_HTML_cache; $comment_error = 0; $cookie = zp_getCookie('zenphoto_comment'); if (isset($_POST['comment']) && (!isset($_POST['username']) || empty($_POST['username']))) { // 'username' is a honey-pot trap /* * do not save the post page in the cache * Also the cache should be cleared so that a new page is saved at the first non-comment posting viewing. * But this has to wait until processing is finished to avoid race conditions. */ $_zp_HTML_cache->disable(); if (in_context(ZP_IMAGE)) { $commentobject = $_zp_current_image; $redirectTo = $_zp_current_image->getLink(); } else { if (in_context(ZP_ALBUM)) { $commentobject = $_zp_current_album; $redirectTo = $_zp_current_album->getLink(); } else { if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) { $commentobject = $_zp_current_article; $redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_article->getTitlelink(); } else { if (in_context(ZP_ZENPAGE_PAGE)) { $commentobject = $_zp_current_page; $redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_page->getTitlelink(); } else { $commentobject = NULL; $error = gettext('Comment posted on unknown page!'); } } } } if (is_object($commentobject)) { if (isset($_POST['name'])) { $p_name = sanitize($_POST['name'], 3); } else { $p_name = NULL; } if (isset($_POST['email'])) { $p_email = sanitize($_POST['email'], 3); if (!is_valid_email_zp($p_email)) { $p_email = NULL; } } else { $p_email = NULL; } if (isset($_POST['website'])) { $p_website = sanitize($_POST['website'], 3); if ($p_website && strpos($p_website, 'http') !== 0) { $p_website = 'http://' . $p_website; } if (!isValidURL($p_website)) { $p_website = NULL; } } else { $p_website = NULL; } if (isset($_POST['comment'])) { $p_comment = sanitize($_POST['comment'], 1); } else { $p_comment = ''; } $p_server = getUserIP(); if (isset($_POST['code'])) { $code1 = sanitize($_POST['code'], 3); $code2 = sanitize($_POST['code_h'], 3); } else { $code1 = ''; $code2 = ''; } $p_private = isset($_POST['private']); $p_anon = isset($_POST['anon']); $commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon, serialize(getCommentAddress(0))); $comment_error = $commentadded->getInModeration(); $_zp_comment_stored = array('name' => $commentadded->getName(), 'email' => $commentadded->getEmail(), 'website' => $commentadded->getWebsite(), 'comment' => $commentadded->getComment(), 'saved' => isset($_POST['remember']), 'private' => $commentadded->getPrivate(), 'anon' => $commentadded->getAnon(), 'custom' => $commentadded->getCustomData()); if ($comment_error) { $error = $commentadded->comment_error_text; $comment_error++; } else { $_zp_HTML_cache->clearHtmlCache(); $error = NULL; if (isset($_POST['remember'])) { // Should always re-cookie to update info in case it's changed... $_zp_comment_stored['comment'] = ''; // clear the comment itself zp_setCookie('zenphoto_comment', serialize($_zp_comment_stored)); } else { zp_clearCookie('zenphoto_comment'); } //use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour) if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) { // but not for Microsoft IIS because that server fails if we redirect! header('Location: ' . $redirectTo . '#zp_comment_id_' . $commentadded->getId()); exitZP(); } } } return $error; } else { if (!empty($cookie)) { $cookiedata = getSerializedArray($cookie); if (count($cookiedata) > 1) { $_zp_comment_stored = $cookiedata; } } } return false; }