Пример #1
0
function commentForm($id, $atts = NULL)
{
    global $prefs;
    extract($prefs);
    extract(lAtts(array('isize' => '25', 'msgrows' => '5', 'msgcols' => '25', 'msgstyle' => '', 'form' => 'comment_form'), $atts));
    $namewarn = false;
    $emailwarn = false;
    $commentwarn = false;
    $name = pcs('name');
    $email = clean_url(pcs('email'));
    $web = clean_url(pcs('web'));
    extract(doStripTags(doDeEnt(psa(array('remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage')))));
    if ($preview) {
        $name = ps('name');
        $email = clean_url(ps('email'));
        $web = clean_url(ps('web'));
        $nonce = getNextNonce();
        $secret = getNextSecret();
        safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='{$nonce}', secret='{$secret}'");
        $namewarn = $comments_require_name && !trim($name);
        $emailwarn = $comments_require_email && !trim($email);
        $commentwarn = !trim($message);
        $evaluator =& get_comment_evaluator();
        if ($namewarn) {
            $evaluator->add_estimate(RELOAD, 1, gTxt('comment_name_required'));
        }
        if ($emailwarn) {
            $evaluator->add_estimate(RELOAD, 1, gTxt('comment_email_required'));
        }
        if ($commentwarn) {
            $evaluator->add_estimate(RELOAD, 1, gTxt('comment_required'));
        }
    }
    // If the form fields are filled (anything other than blank), pages
    // really should not be saved by a public cache. rfc2616/14.9.1
    if ($name || $email || $web) {
        header('Cache-Control: private');
    }
    $parentid = !$parentid ? $id : $parentid;
    if (pcs('name') || pcs('email') || pcs('web')) {
        // Form-input different from Cookie, let's update the Cookie.
        if (cs('name') != ps('name') or cs('email') != ps('email') or cs('web') != ps('web')) {
        }
        $remember = 1;
    }
    if ($remember == 1) {
        setCookies($name, $email, $web);
    }
    if ($forget == 1) {
        destroyCookies();
    }
    $url = $GLOBALS['pretext']['request_uri'];
    // Experimental clean urls with only 404-error-document on apache
    // possibly requires messy urls for POST requests.
    if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
        $url = hu . '?id=' . intval($parentid);
    }
    $out = '<form method="post" action="' . $url . '#cpreview" id="txpCommentInputForm">';
    $Form = fetch('Form', 'txp_form', 'name', $form);
    $msgstyle = $msgstyle ? ' style="' . $msgstyle . '"' : '';
    $msgrows = ($msgrows and is_numeric($msgrows)) ? ' rows="' . intval($msgrows) . '"' : '';
    $msgcols = ($msgcols and is_numeric($msgcols)) ? ' cols="' . intval($msgcols) . '"' : '';
    $textarea = '<textarea class="txpCommentInputMessage' . ($commentwarn ? ' comments_error"' : '"') . ' name="message" id="message" ' . $msgcols . $msgrows . $msgstyle . '>' . htmlspecialchars($message) . '</textarea>';
    $comment_submit_button = $preview ? fInput('submit', 'submit', gTxt('submit'), 'button') : '';
    $checkbox = !empty($_COOKIE['txp_name']) ? checkbox('forget', 1, 0) . tag(gTxt('forget'), 'label', ' for="forget"') : checkbox('remember', 1, 1) . tag(gTxt('remember'), 'label', ' for="remember"');
    $vals = array('comment_name_input' => input('text', 'name', htmlspecialchars($name), $isize, 'comment_name_input' . ($namewarn ? ' comments_error' : ''), ""), 'comment_email_input' => input('text', 'email', htmlspecialchars($email), $isize, 'comment_email_input' . ($emailwarn ? ' comments_error' : ''), ""), 'comment_web_input' => input('text', 'web', htmlspecialchars($web), $isize, 'comment_web_input', ""), 'comment_message_input' => $textarea . '<!-- plugin-place-holder -->', 'comment_remember' => $checkbox, 'comment_preview' => input('submit', 'preview', gTxt('preview'), '', 'button'), 'comment_submit' => $comment_submit_button);
    foreach ($vals as $a => $b) {
        $Form = str_replace('<txp:' . $a . ' />', $b, $Form);
    }
    $form = parse($Form);
    $out .= $form;
    $out .= fInput('hidden', 'parentid', $parentid);
    $split = rand(1, 31);
    $out .= $preview ? hInput(substr($nonce, 0, $split), substr($nonce, $split)) : '';
    $out .= !$preview ? fInput('hidden', 'backpage', serverset("REQUEST_URI")) : fInput('hidden', 'backpage', $backpage);
    $out = substr_replace($out, callback_event('comment.form'), strpos($out, '<!-- plugin-place-holder -->'), strlen('<!-- plugin-place-holder -->'));
    $out .= '</form>';
    return $out;
}
Пример #2
0
function commentForm($id, $atts = NULL)
{
    global $prefs;
    extract($prefs);
    extract(lAtts(array('isize' => '25', 'msgrows' => '5', 'msgcols' => '25', 'msgstyle' => '', 'form' => 'comment_form'), $atts, 0));
    $namewarn = false;
    $emailwarn = false;
    $commentwarn = false;
    $name = pcs('name');
    $email = clean_url(pcs('email'));
    $web = clean_url(pcs('web'));
    $n_message = 'message';
    extract(doDeEnt(psa(array('checkbox_type', 'remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage'))));
    if ($message == '') {
        //Second or later preview will have randomized message-field name
        $in = getComment();
        $message = doDeEnt($in['message']);
    }
    if ($preview) {
        $name = ps('name');
        $email = clean_url(ps('email'));
        $web = clean_url(ps('web'));
        $nonce = getNextNonce();
        $secret = getNextSecret();
        safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='" . doSlash($nonce) . "', secret='" . doSlash($secret) . "'");
        $n_message = md5('message' . $secret);
        $namewarn = $comments_require_name && !trim($name);
        $emailwarn = $comments_require_email && !trim($email);
        $commentwarn = !trim($message);
        $evaluator =& get_comment_evaluator();
        if ($namewarn) {
            $evaluator->add_estimate(RELOAD, 1, gTxt('comment_name_required'));
        }
        if ($emailwarn) {
            $evaluator->add_estimate(RELOAD, 1, gTxt('comment_email_required'));
        }
        if ($commentwarn) {
            $evaluator->add_estimate(RELOAD, 1, gTxt('comment_required'));
        }
    } else {
        $rememberCookie = cs('txp_remember');
        if ($rememberCookie === '') {
            $checkbox_type = 'remember';
            $remember = 1;
        } else {
            if ($rememberCookie == 1) {
                $checkbox_type = 'forget';
            } else {
                $checkbox_type = 'remember';
            }
        }
    }
    // If the form fields are filled (anything other than blank), pages
    // really should not be saved by a public cache. rfc2616/14.9.1
    if ($name || $email || $web) {
        header('Cache-Control: private');
    }
    $parentid = !$parentid ? $id : $parentid;
    $url = $GLOBALS['pretext']['request_uri'];
    // Experimental clean urls with only 404-error-document on apache
    // possibly requires messy urls for POST requests.
    if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
        $url = hu . '?id=' . intval($parentid);
    }
    $out = '<form id="txpCommentInputForm" method="post" action="' . htmlspecialchars($url) . '#cpreview">' . n . '<div class="comments-wrapper">' . n . n;
    $Form = fetch('Form', 'txp_form', 'name', $form);
    $msgstyle = $msgstyle ? ' style="' . $msgstyle . '"' : '';
    $msgrows = ($msgrows and is_numeric($msgrows)) ? ' rows="' . intval($msgrows) . '"' : '';
    $msgcols = ($msgcols and is_numeric($msgcols)) ? ' cols="' . intval($msgcols) . '"' : '';
    $textarea = '<textarea id="message" name="' . $n_message . '"' . $msgcols . $msgrows . $msgstyle . ' class="txpCommentInputMessage' . ($commentwarn ? ' comments_error"' : '"') . '>' . htmlspecialchars(substr(trim($message), 0, 65535)) . '</textarea>';
    // by default, the submit button is visible but disabled
    $comment_submit_button = fInput('submit', 'submit', gTxt('submit'), 'button disabled', '', '', '', '', 'txpCommentSubmit', true);
    // if all fields checkout, the submit button is active/clickable
    if ($preview) {
        $comment_submit_button = fInput('submit', 'submit', gTxt('submit'), 'button', '', '', '', '', 'txpCommentSubmit', false);
    }
    if ($checkbox_type == 'forget') {
        // inhibit default remember
        if ($forget == 1) {
            destroyCookies();
        }
        $checkbox = checkbox('forget', 1, $forget, '', 'forget') . ' ' . tag(gTxt('forget'), 'label', ' for="forget"');
    } else {
        // inhibit default remember
        if ($remember != 1) {
            destroyCookies();
        }
        $checkbox = checkbox('remember', 1, $remember, '', 'remember') . ' ' . tag(gTxt('remember'), 'label', ' for="remember"');
    }
    $checkbox .= ' ' . hInput('checkbox_type', $checkbox_type);
    $vals = array('comment_name_input' => fInput('text', 'name', htmlspecialchars($name), 'comment_name_input' . ($namewarn ? ' comments_error' : ''), '', '', $isize, '', 'name'), 'comment_email_input' => fInput('text', 'email', htmlspecialchars($email), 'comment_email_input' . ($emailwarn ? ' comments_error' : ''), '', '', $isize, '', 'email'), 'comment_web_input' => fInput('text', 'web', htmlspecialchars($web), 'comment_web_input', '', '', $isize, '', 'web'), 'comment_message_input' => $textarea . '<!-- plugin-place-holder -->', 'comment_remember' => $checkbox, 'comment_preview' => fInput('submit', 'preview', gTxt('preview'), 'button', '', '', '', '', 'txpCommentPreview', false), 'comment_submit' => $comment_submit_button);
    foreach ($vals as $a => $b) {
        $Form = str_replace('<txp:' . $a . ' />', $b, $Form);
    }
    $form = parse($Form);
    $out .= $form . n . hInput('parentid', $parentid);
    $split = rand(1, 31);
    $out .= $preview ? n . hInput(substr($nonce, 0, $split), substr($nonce, $split)) : '';
    $out .= !$preview ? n . hInput('backpage', htmlspecialchars($url)) : n . hInput('backpage', htmlspecialchars($backpage));
    $out = str_replace('<!-- plugin-place-holder -->', callback_event('comment.form'), $out);
    $out .= n . n . '</div>' . n . '</form>';
    return $out;
}
Пример #3
0
function comment_message_input($atts)
{
    global $prefs, $thiscommentsform;
    extract(lAtts(array('rows' => $thiscommentsform['msgrows'], 'cols' => $thiscommentsform['msgcols']), $atts));
    $style = $thiscommentsform['msgstyle'];
    $commentwarn = false;
    $n_message = 'message';
    $formnonce = '';
    $message = doDeEnt(ps('message'));
    if ($message == '') {
        // Second or later preview will have randomised message-field name.
        $in = getComment();
        $message = doDeEnt($in['message']);
    }
    if (ps('preview')) {
        $split = rand(1, 31);
        $nonce = getNextNonce();
        $secret = getNextSecret();
        safe_insert('txp_discuss_nonce', "issue_time = NOW(), nonce = '" . doSlash($nonce) . "', secret = '" . doSlash($secret) . "'");
        $n_message = md5('message' . $secret);
        $formnonce = n . hInput(substr($nonce, 0, $split), substr($nonce, $split));
        $commentwarn = !trim($message);
        if ($commentwarn) {
            $evaluator =& get_comment_evaluator();
            $evaluator->add_estimate(RELOAD, 1, gTxt('comment_required'));
        }
    }
    $required = $prefs['doctype'] == 'html5' ? ' required' : '';
    $cols = ($cols and is_numeric($cols)) ? ' cols="' . intval($cols) . '"' : '';
    $rows = ($rows and is_numeric($rows)) ? ' rows="' . intval($rows) . '"' : '';
    $style = $style ? ' style="' . $style . '"' : '';
    return '<textarea class="txpCommentInputMessage' . ($commentwarn ? ' comments_error"' : '"') . ' id="message" name="' . $n_message . '"' . $cols . $rows . $style . $required . '>' . txpspecialchars(substr(trim($message), 0, 65535)) . '</textarea>' . callback_event('comment.form') . $formnonce;
}