$_GET = sanitize($_GET);
}
//NULLバイト除去//
if (isset($_POST)) {
$_POST = sanitize($_POST);
}
//NULLバイト除去//
if (isset($_COOKIE)) {
$_COOKIE = sanitize($_COOKIE);
}
//NULLバイト除去//
if ($encode == 'SJIS') {
$_POST = sjisReplace($_POST, $encode);
}
//Shift-JISの場合に誤変換文字の置換実行
$funcRefererCheck = refererCheck($Referer_check, $Referer_check_domain);
//リファラチェック実行
//変数初期化
$sendmail = 0;
$empty_flag = 0;
$post_mail = '';
$errm = '';
$header = '';
if ($requireCheck == 1) {
$requireResArray = requireCheck($require);
//必須チェック実行し返り値を受け取る
$errm = $requireResArray['errm'];
$empty_flag = $requireResArray['empty_flag'];
}
//メールアドレスチェック
if (empty($errm)) {
function commentAdd()
{
$db = JFactory::getDBO();
$user = JFactory::getUser();
$post = JRequest::get('post');
$post = array_map('addslashes', $post);
$cmtip = getIpAddress();
jimport('joomla.mail.helper');
require JPATH_COMPONENT_ADMINISTRATOR . DS . 'config.datsogallery.php';
if ($post) {
if (refererCheck()) {
echo '<li class="dg_body_error_message"><div>' . refererCheck() . '</div></li>';
} elseif (blacklistCheck($cmtip)) {
echo '<li class="dg_body_error_message"><div>' . blacklistCheck($cmtip) . '</div></li>';
} elseif (empty($post['cmtname'])) {
echo '<li class="dg_body_error_message"><div>' . JText::_('COM_DATSOGALLERY_ENTER_NAME') . '</div></li>';
} elseif (empty($post['cmtmail'])) {
echo '<li class="dg_body_error_message"><div>' . JText::_('COM_DATSOGALLERY_ENTER_EMAIL') . '</div></li>';
} elseif (JMailHelper::isEmailAddress($post['cmtmail']) == false) {
echo '<li class="dg_body_error_message"><div>' . JText::_('COM_DATSOGALLERY_INVALID_EMAIL') . '</div></li>';
} elseif (empty($post['cmttext'])) {
echo '<li class="dg_body_error_message"><div>' . JText::_('COM_DATSOGALLERY_ENTER_COMMENT') . '</div></li>';
} elseif (empty($post['dgcaptchaval'])) {
echo '<li class="dg_body_error_message"><div>' . JText::_('COM_DATSOGALLERY_ENTER_CODE') . '</div></li>';
} else {
if (!$user->id && strlen($post['cmtname']) < 4) {
echo '<li class="dg_body_error_message"><div>' . JText::_('COM_DATSOGALLERY_NAME_IS_TOO_SHORT') . '</div></li>';
} elseif (empty($_SESSION['CAPTCHA']) || strtolower($post['dgcaptchaval']) != $_SESSION['CAPTCHA']) {
echo '<li class="dg_body_error_message"><div>' . JText::_('COM_DATSOGALLERY_SECURITY_NOT_VALUE') . '</div></li>';
} else {
$db->setQuery("INSERT INTO #__datsogallery_comments SET cmtpic='" . $post['cmtpic'] . "', cmtip='" . $cmtip . "', cmtname='" . $post['cmtname'] . "', cmtmail='" . $post['cmtmail'] . "', cmttext='" . $post['cmttext'] . "', cmtdate ='" . time() . "', published = 1");
$db->query();
echo "<li class=\"pane\">\n";
echo "<div class=\"imgblock\">";
if ($ad_js || $ad_cb || $ad_kunena) {
$avatar = $user->id ? getUserAvatar($user->id) : getUserAvatar(0);
} else {
$avatar = getGravatar($post['cmtmail']);
}
echo $avatar;
echo "</div>";
echo '<div style="display:block;min-height:60px;margin-left:70px;padding-bottom:20px">' . stripslashes(nl2br($post['cmttext'])) . '</div>';
echo '<div class="date">' . sprintf(JText::_('COM_DATSOGALLERY_ON'), $post['cmtname'], strftime($ad_datef, time())) . '</div>';
echo "</li>\n";
$db->setQuery('SELECT notify' . ' FROM #__datsogallery' . ' WHERE id = ' . $post['cmtpic']);
$unotify = $db->loadResult();
if ($ad_comment_notify && $unotify != 0) {
commentNotify($post['cmtpic'], $post['cmtname'], $post['cmtmail'], stripslashes(dgwordlimiter($post['cmttext'], $ad_comment_wl)));
}
}
}
exit;
}
}
