protected function runBeforeTemplateParsing($objTemplate, $arrItem)
 {
     $objTemplate->ago = DateUtil::getTimeElapsed($arrItem['raw']['date']);
     $objTemplate->commentCount = \CommentsModel::countPublishedBySourceAndParent('tl_news', $arrItem['fields']['id']);
     $objTemplate->isAuthor = $arrItem['raw']['memberAuthor'] == \FrontendUser::getInstance()->id;
     $this->imgSize = deserialize($this->imgSize, true);
     if ($objTemplate->isAuthor && !$arrItem['raw']['published']) {
         $objTemplate->unpublished = true;
     }
     // media
     $strMedia = '';
     if ($arrItem['raw']['mediaType'] == 'video') {
         $arrItem['fields']['addYouTube'] = true;
         $arrItem['fields']['youtube'] = preg_replace('@.*watch\\?v=([^&]+).*@i', '$1', $arrItem['fields']['pinBoardYouTube']);
         $objYouTube = YouTubeVideo::getInstance()->setData($arrItem['fields']);
         $strMedia = $objYouTube->getCachedYouTubePreviewImage();
     } elseif ($arrItem['fields']['pinBoardImage']) {
         $strMedia = $arrItem['fields']['pinBoardImage'];
     }
     if ($strMedia) {
         $objTemplate->media = \Image::get($strMedia, $this->imgSize[0], $this->imgSize[1], $this->imgSize[2]);
         $arrSize = getimagesize(urldecode(TL_ROOT . '/' . $objTemplate->media));
         if (count($arrSize) > 1) {
             $objTemplate->imgSizeParsed = 'width="' . $arrSize[0] . '" height="' . $arrSize[1] . '"';
         }
     }
 }
 /**
  * Return the meta fields of a news article as array
  * @param object
  * @return array
  */
 public static function getMetaFields($objModule, $objArticle)
 {
     $meta = deserialize($objModule->news_metaFields);
     if (!is_array($meta)) {
         return array();
     }
     global $objPage;
     $return = array();
     foreach ($meta as $field) {
         switch ($field) {
             case 'date':
                 $return['date'] = \Date::parse($objPage->datimFormat, $objArticle->date);
                 break;
             case 'author':
                 if (($objAuthor = $objArticle->getRelated('author')) !== null) {
                     if ($objAuthor->google != '') {
                         $return['author'] = $GLOBALS['TL_LANG']['MSC']['by'] . ' <a href="https://plus.google.com/' . $objAuthor->google . '" rel="author" target="_blank">' . $objAuthor->name . '</a>';
                     } else {
                         $return['author'] = $GLOBALS['TL_LANG']['MSC']['by'] . ' ' . $objAuthor->name;
                     }
                 }
                 break;
             case 'comments':
                 if ($objArticle->noComments || $objArticle->source != 'default') {
                     break;
                 }
                 $intTotal = \CommentsModel::countPublishedBySourceAndParent('tl_news', $objArticle->id);
                 $return['ccount'] = $intTotal;
                 $return['comments'] = sprintf($GLOBALS['TL_LANG']['MSC']['commentCount'], $intTotal);
                 break;
         }
     }
     return $return;
 }
Пример #3
0
 public static function getInstance()
 {
     if (!self::$instance) {
         self::$instance = new CommentsModel();
     }
     return self::$instance;
 }
Пример #4
0
 protected function post_comment($r)
 {
     Input::ensureRequest($r, array("id"));
     $id = $r["id"];
     $posts = $this->jsonPost();
     Input::ensureRequest($posts, array("username", "mail", "content"));
     $comments = new CommentsModel();
     $comment = $comments->newRow();
     $comment->set(CommentsModel::POST_ID, $id);
     $comment->set(CommentsModel::USERNAME, $posts["username"]);
     $comment->set(CommentsModel::MAIL, $posts["mail"]);
     $comment->set(CommentsModel::CONTENT, $posts["content"]);
     $comment->save();
     $ret = $comment->getValues();
     $ret["gid"] = md5($ret[CommentsModel::MAIL]);
     unset($ret[CommentsModel::ID]);
     unset($ret[CommentsModel::POST_ID]);
     unset($ret[CommentsModel::MAIL]);
     Output::success($ret);
 }
Пример #5
0
 /**
  * ondelete_callback
  * Delete related items in tl_comments
  * @param DataContainer $dc
  */
 public function deleteRelatedComments(DataContainer $dc)
 {
     // Return if there is no ID
     if (!$dc->activeRecord->id || Input::get('act') == 'copy') {
         return;
     }
     $objComments = $this->Database->prepare('SELECT * FROM tl_comments WHERE source = ? AND (owner = ? OR parent = ?)')->execute('tl_member', $dc->activeRecord->id, $dc->activeRecord->id);
     while ($objComments->next()) {
         $objDb = CommentsModel::findByPk($objComments->id);
         $objDb->delete();
         $this->log('DELETE FROM tl_comments WHERE id=' . $objComments->id, __METHOD__, TL_GENERAL);
     }
 }
Пример #6
0
 /**
  * Send out the new comment notifications
  *
  * @param mixed $varValue
  *
  * @return mixed
  */
 public function sendNotifications($varValue)
 {
     if ($varValue) {
         Comments::notifyCommentsSubscribers(CommentsModel::findByPk(Input::get('id')));
     }
     return $varValue;
 }
Пример #7
0
 /**
  * Notify the subscribers of new comments
  *
  * @param \CommentsModel $objComment
  */
 public static function notifyCommentsSubscribers(\CommentsModel $objComment)
 {
     // Notified already
     if ($objComment->notified) {
         return;
     }
     $objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent);
     // No subscriptions
     if ($objNotify === null) {
         return;
     }
     while ($objNotify->next()) {
         // Don't notify the commentor about his own comment
         if ($objNotify->email == $objComment->email) {
             continue;
         }
         // Prepare the URL
         $strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url;
         $objEmail = new \Email();
         $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
         $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
         $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host')));
         $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove);
         $objEmail->sendTo($objNotify->email);
     }
     $objComment->notified = 1;
     $objComment->save();
 }
Пример #8
0
 /**
  * Return the meta fields of a news article as array
  *
  * @param \NewsModel $objArticle
  *
  * @return array
  */
 protected function getMetaFields($objArticle)
 {
     $meta = deserialize($this->news_metaFields);
     if (!is_array($meta)) {
         return array();
     }
     /** @var \PageModel $objPage */
     global $objPage;
     $return = array();
     foreach ($meta as $field) {
         switch ($field) {
             case 'date':
                 $return['date'] = \Date::parse($objPage->datimFormat, $objArticle->date);
                 break;
             case 'author':
                 /** @var \UserModel $objAuthor */
                 if (($objAuthor = $objArticle->getRelated('author')) !== null) {
                     $return['author'] = $GLOBALS['TL_LANG']['MSC']['by'] . ' ' . $objAuthor->name;
                 }
                 break;
             case 'comments':
                 if ($objArticle->noComments || !in_array('comments', \ModuleLoader::getActive()) || $objArticle->source != 'default') {
                     break;
                 }
                 $intTotal = \CommentsModel::countPublishedBySourceAndParent('tl_news', $objArticle->id);
                 $return['ccount'] = $intTotal;
                 $return['comments'] = sprintf($GLOBALS['TL_LANG']['MSC']['commentCount'], $intTotal);
                 break;
         }
     }
     return $return;
 }
Пример #9
0
 public function leaveComment($args)
 {
     $dat = new CommentsModel();
     $dat->leaveComment($args[0]);
 }
Пример #10
0
 /**
  * Neueintag bearbeiten
  *
  * Neueingetragenen Eintrag bearbeiten,
  * speichern und Benachrichtigungsmail senden
  *
  * @param int    $intId       ID des neu eingetragenen Gästebucheintrages
  * @param array  $arrComment  Array mit neuem Gästebucheintrag     *
  * @return void
  */
 public function nlshAddComment($intId, $arrComment)
 {
     $this->import('Input');
     /* Step by step
              $tl_article = $this->Database
                         ->prepare("SELECT   *
                                    FROM     tl_article
                                    WHERE    `pid` = ? "
                         )
                         ->execute($arrComment['parent']);
     
              $tl_content = $this->Database
                         ->prepare("SELECT   *
                                    FROM     tl_content
                                    WHERE    `pid` = ?
                                    AND      `type` = 'module'"
                         )
                         ->execute($tl_article->id);
     
              $tlModule = $this->Database
                         ->prepare("SELECT   *
                                    FROM     tl_module
                                    WHERE    `id` = ?"
                         )
                         ->execute($tl_content->module);
              End Step by step */
     // Dank an thkuhn #23
     $this->tlModule = $this->Database->prepare("SELECT     m.*\n                           FROM       tl_module m\n                           INNER JOIN tl_content c ON (m.id=c.`module`)\n                           INNER JOIN tl_article a ON (c.pid=a.id)\n                           WHERE c.`type`=? AND m.`type`=? AND a.pid=?")->limit(1)->execute('module', 'nlsh_guestbook', $arrComment['parent']);
     // nur wenn Eintrag vom Modul 'nlsh_guestbook'
     if ($this->tlModule->type == 'nlsh_guestbook') {
         // Löschen, da es Probleme beim purem Update des Eintrages gab
         // es ging weder über die Models, noch über ein einfaches
         // UPDATE des SQL- Eintrages, diese wurden ignoriert
         // siehe #20
         $this->Database->prepare("DELETE FROM `tl_comments` WHERE `tl_comments` . `id` = ?")->execute($intId);
         // Smilies außerhalb der Extension hinzufügen
         $source = 'system/modules/nlsh_guestbook/html/smilies/';
         $arrSmilies = $this->arrSmilies;
         $arrSmilies[] = array(':-)', '', 'smile.gif');
         $arrSmilies[] = array(':-(', '', 'sad.gif');
         $arrSmilies[] = array(';-)', '', 'wink.gif');
         // Smilies ersetzen
         for ($b = 0, $count = count($arrSmilies); $b < $count; $b++) {
             $imageTag = sprintf('<img src="%s%s" title="%s" alt="Smile" />', $source, $arrSmilies[$b][2], $arrSmilies[$b][0]);
             $arrComment['comment'] = str_replace($arrSmilies[$b][0], $imageTag, $arrComment['comment']);
         }
         // Überschrift zum Kommentar hinzufügen
         if ($this->Input->post('headline')) {
             $headline = $this->checkString($this->Input->post('headline'));
             $arrComment['comment'] = '[h]' . $headline . '[/h]' . $arrComment['comment'];
         }
         // Datensatz in Datenbank eintragen
         $objComment = new \CommentsModel();
         $objComment->setRow($arrComment)->save();
         // Benachrichtigungs- Mail erstellen und senden, wenn gewünscht
         if ($this->tlModule->com_nlsh_gb_bolMail == TRUE) {
             $this->import('Email');
             $email = new \email();
             $email->subject = $GLOBALS['TL_LANG']['nlsh_guestbook']['email_subject'];
             $email->html = str_replace('[h]', '<h1>', $arrComment['comment']);
             $email->html = str_replace('[/h]', '</h1>', $email->html);
             $email->sendTo($this->tlModule->com_nlsh_gb_email);
         }
     }
 }
Пример #11
0
 public function hiddenAction()
 {
     $this->isAjax = true;
     if ($this->_hasParam('id')) {
         Zend_Loader::loadClass('Zend_Json');
         $id = $this->_getParam('id');
         $comments = new CommentsModel();
         $result = $comments->hiddenComment($id);
         echo Zend_Json::encode($result);
     }
 }
 /**
  * generate voting-form
  */
 protected function generateVotingForm()
 {
     if (!$this->loggedInUser || $this->loggedInUser->id == $this->ratedUser->id) {
         return;
     }
     $strFields = '';
     $scoreError = false;
     $this->Template->formId = 'tl_comments_' . $this->id;
     $this->Template->action = \Environment::get('indexFreeRequest');
     $this->Template->enctype = 'application/x-www-form-urlencoded';
     $arrFields = array();
     $objComment = new \CommentsModel();
     // Build the form
     $arrFF = array('comment', 'score', 'captcha');
     foreach ($arrFF as $field) {
         $arrData =& $GLOBALS['TL_DCA']['tl_comments']['fields'][$field];
         $strClass = $GLOBALS['TL_FFL'][$arrData['inputType']];
         $arrData['eval']['tableless'] = 'true';
         $arrData['label'] = $GLOBALS['TL_LANG']['tl_comments'][$field][0];
         $varValue = '';
         $objWidget = new $strClass($strClass::getAttributesFromDca($arrData, $field, $varValue, '', '', $this));
         $objWidget->storeValues = true;
         // Validate the form data
         if (\Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) {
             $objWidget->validate();
             $varValue = $objWidget->value;
             // check vor valid score interval
             if ($field == 'score') {
                 if (!mberegi('^(1|2|3|4|5)\\d{0}$', $varValue)) {
                     $doNotSubmit = true;
                     $scoreError = true;
                 }
             }
             // Do not submit the field if there are errors
             if ($objWidget->hasErrors()) {
                 $doNotSubmit = true;
             } elseif ($objWidget->submitInput()) {
                 $blnModified = true;
                 // Store the form data
                 $_SESSION['FORM_DATA'][$field] = $varValue;
                 // Set the correct empty value (see #6284, #6373)
                 if ($varValue === '') {
                     $varValue = $objWidget->getEmptyValue();
                 }
                 // Set the new value
                 if ($field !== 'captcha') {
                     $objComment->{$field} = $varValue;
                 }
             }
         }
         $temp = $objWidget->parse();
         // add a hidden field for the starrating
         if ($field == 'score') {
             $temp = '<input type="hidden" name="score" id="ctrl_score" value="">';
         }
         $strFields .= $temp;
         $arrFields[$field] = $temp;
     }
     // Save the model
     if ($doNotSubmit !== true && $blnModified && \Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) {
         $objComment->owner = $this->loggedInUser->id;
         $objComment->dateOfCreation = time();
         $objComment->source = 'tl_member';
         $objComment->ip = \Environment::get('ip');
         $objComment->activation_token = md5(session_id() . time() . $this->loggedInUser->id);
         $objComment->parent = $this->ratedUser->id;
         $objComment->published = 0;
         $objComment->save();
         $this->log('A new entry "tl_comments.id=' . $objComment->id . '" has been created', __METHOD__, TL_GENERAL);
         // notify rated member
         if ($this->notifyRatedUser && $objComment->id > 0 && $objComment->comment != '') {
             $this->notifyUser($objComment);
         }
         $this->jumpToOrReload($this->jumpTo);
     }
     if ($scoreError) {
         $strFields = '<p class="error">Bitte eine g&uuml;ltige Punktzahl vergeben.</p>' . $strFields;
     }
     $this->Template->slabel = specialchars($GLOBALS['TL_LANG']['MSC']['saveData']);
     $this->Template->fields = $strFields;
     $this->Template->arrFields = $arrFields;
     // shit storm protection
     if ($this->blockingTime > 0) {
         $objRatings = $this->Database->prepare("SELECT * FROM tl_comments WHERE source = ? AND parent = ? AND owner = ? AND dateOfCreation > ? ORDER BY dateOfCreation DESC")->limit(1)->execute('tl_member', $this->ratedUser->id, $this->loggedInUser->id, time() - $this->blockingTime);
         if ($objRatings->numRows > 0) {
             $this->Template->commentFormLocked = true;
             $time = $this->blockingTime - (time() - $objRatings->dateOfCreation);
             $h = floor($time / 3600);
             $min = floor(($time / 3600 - $h) * 60);
             if ($time <= 60) {
                 $this->Template->commentFormLockedTime = $time . ' s';
             } else {
                 $this->Template->commentFormLockedTime = ($h > 0 ? $h . ' h  ' : '') . $min . ' min';
             }
         }
     }
 }
Пример #13
0
 /**
  * Add comments to a template
  * @param \FrontendTemplate
  * @param \stdClass
  * @param string
  * @param integer
  * @param array
  */
 public function addCommentsToTemplate(\FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $arrNotifies)
 {
     global $objPage;
     $limit = 0;
     $offset = 0;
     $total = 0;
     $gtotal = 0;
     $arrComments = array();
     $objTemplate->comments = array();
     // see #4064
     // Pagination
     if ($objConfig->perPage > 0) {
         // Get the total number of comments
         $intTotal = \CommentsModel::countPublishedBySourceAndParent($strSource, $intParent);
         $total = $gtotal = $intTotal;
         // Get the current page
         $id = 'page_c' . $this->id;
         $page = \Input::get($id) ?: 1;
         // Do not index or cache the page if the page number is outside the range
         if ($page < 1 || $page > max(ceil($total / $objConfig->perPage), 1)) {
             global $objPage;
             $objPage->noSearch = 1;
             $objPage->cache = 0;
             // Send a 404 header
             header('HTTP/1.1 404 Not Found');
             $objTemplate->allowComments = false;
             return;
         }
         // Set limit and offset
         $limit = $objConfig->perPage;
         $offset = ($page - 1) * $objConfig->perPage;
         // Initialize the pagination menu
         $objPagination = new \Pagination($total, $objConfig->perPage, 7, $id);
         $objTemplate->pagination = $objPagination->generate("\n  ");
     }
     $objTemplate->allowComments = true;
     // Get all published comments
     if ($limit) {
         $objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent, $limit, $offset);
     } else {
         $objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent);
     }
     if ($objComments !== null && ($total = $objComments->count()) > 0) {
         $count = 0;
         if ($objConfig->template == '') {
             $objConfig->template = 'com_default';
         }
         $objPartial = new \FrontendTemplate($objConfig->template);
         while ($objComments->next()) {
             $objPartial->setData($objComments->row());
             // Clean the RTE output
             if ($objPage->outputFormat == 'xhtml') {
                 $objComments->comment = \String::toXhtml($objComments->comment);
             } else {
                 $objComments->comment = \String::toHtml5($objComments->comment);
             }
             $objPartial->comment = trim(str_replace(array('{{', '}}'), array('&#123;&#123;', '&#125;&#125;'), $objComments->comment));
             $objPartial->datim = $this->parseDate($objPage->datimFormat, $objComments->date);
             $objPartial->date = $this->parseDate($objPage->dateFormat, $objComments->date);
             $objPartial->class = ($count < 1 ? ' first' : '') . ($count >= $total - 1 ? ' last' : '') . ($count % 2 == 0 ? ' even' : ' odd');
             $objPartial->by = $GLOBALS['TL_LANG']['MSC']['comment_by'];
             $objPartial->id = 'c' . $objComments->id;
             $objPartial->timestamp = $objComments->date;
             $objPartial->datetime = date('Y-m-d\\TH:i:sP', $objComments->date);
             $objPartial->addReply = false;
             // Reply
             if ($objComments->addReply && $objComments->reply != '') {
                 if (($objAuthor = $objComments->getRelated('author')) !== null) {
                     $objPartial->addReply = true;
                     $objPartial->rby = $GLOBALS['TL_LANG']['MSC']['reply_by'];
                     $objPartial->reply = $this->replaceInsertTags($objComments->reply);
                     $objPartial->author = $objAuthor;
                     // Clean the RTE output
                     if ($objPage->outputFormat == 'xhtml') {
                         $objPartial->reply = \String::toXhtml($objPartial->reply);
                     } else {
                         $objPartial->reply = \String::toHtml5($objPartial->reply);
                     }
                 }
             }
             $arrComments[] = $objPartial->parse();
             ++$count;
         }
     }
     $objTemplate->comments = $arrComments;
     $objTemplate->addComment = $GLOBALS['TL_LANG']['MSC']['addComment'];
     $objTemplate->name = $GLOBALS['TL_LANG']['MSC']['com_name'];
     $objTemplate->email = $GLOBALS['TL_LANG']['MSC']['com_email'];
     $objTemplate->website = $GLOBALS['TL_LANG']['MSC']['com_website'];
     $objTemplate->commentsTotal = $limit ? $gtotal : $total;
     // Get the front end user object
     $this->import('FrontendUser', 'User');
     // Access control
     if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
         $objTemplate->requireLogin = true;
         return;
     }
     // Form fields
     $arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true)));
     // Captcha
     if (!$objConfig->disableCaptcha) {
         $arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
     }
     // Comment field
     $arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true));
     $doNotSubmit = false;
     $arrWidgets = array();
     $strFormId = 'com_' . $strSource . '_' . $intParent;
     // Initialize widgets
     foreach ($arrFields as $arrField) {
         $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
         // Continue if the class is not defined
         if (!$this->classFileExists($strClass)) {
             continue;
         }
         $arrField['eval']['required'] = $arrField['eval']['mandatory'];
         $objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value']));
         // Validate the widget
         if (\Input::post('FORM_SUBMIT') == $strFormId) {
             $objWidget->validate();
             if ($objWidget->hasErrors()) {
                 $doNotSubmit = true;
             }
         }
         $arrWidgets[$arrField['name']] = $objWidget;
     }
     $objTemplate->fields = $arrWidgets;
     $objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
     $objTemplate->action = ampersand(\Environment::get('request'));
     $objTemplate->messages = '';
     // Backwards compatibility
     $objTemplate->formId = $strFormId;
     $objTemplate->hasError = $doNotSubmit;
     // Do not index or cache the page with the confirmation message
     if ($_SESSION['TL_COMMENT_ADDED']) {
         global $objPage;
         $objPage->noSearch = 1;
         $objPage->cache = 0;
         $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
         $_SESSION['TL_COMMENT_ADDED'] = false;
     }
     // Add the comment
     if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
         $strWebsite = $arrWidgets['website']->value;
         // Add http:// to the website
         if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
             $strWebsite = 'http://' . $strWebsite;
         }
         // Do not parse any tags in the comment
         $strComment = htmlspecialchars(trim($arrWidgets['comment']->value));
         $strComment = str_replace(array('&amp;', '&lt;', '&gt;'), array('[&]', '[lt]', '[gt]'), $strComment);
         // Remove multiple line feeds
         $strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment);
         // Parse BBCode
         if ($objConfig->bbcode) {
             $strComment = $this->parseBbCode($strComment);
         }
         // Prevent cross-site request forgeries
         $strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment);
         $time = time();
         // Prepare the record
         $arrSet = array('source' => $strSource, 'parent' => $intParent, 'tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1);
         $objComment = new \CommentsModel();
         $objComment->setRow($arrSet);
         $objComment->save();
         $insertId = $objComment->id;
         // HOOK: add custom logic
         if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) {
             foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) {
                 $this->import($callback[0]);
                 $this->{$callback}[0]->{$callback}[1]($insertId, $arrSet, $this);
             }
         }
         // Notification
         $objEmail = new \Email();
         $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
         $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
         $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Environment::get('host'));
         // Convert the comment to plain text
         $strComment = strip_tags($strComment);
         $strComment = \String::decodeEntities($strComment);
         $strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
         // Add comment details
         $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Environment::get('base') . \Environment::get('request'), \Environment::get('base') . 'contao/main.php?do=comments&act=edit&id=' . $insertId);
         // Do not send notifications twice
         if (is_array($arrNotifies)) {
             $arrNotifies = array_unique($arrNotifies);
         }
         $objEmail->sendTo($arrNotifies);
         // Pending for approval
         if ($objConfig->moderate) {
             $_SESSION['TL_COMMENT_ADDED'] = true;
         }
         $this->reload();
     }
 }
Пример #14
0
 protected function getComment($id)
 {
     $tmpArr = array();
     $news = \NewsModel::findByPk($id);
     if ($news->noComments) {
         $tmpArr['commentStatus'] = "closed";
     } else {
         $result = \CommentsModel::findPublishedBySourceAndParent("tl_news", $id);
         $tmpArr['commentStatus'] = "open";
         $tmpArr['commentsCount'] = count($result);
         if (count($result) > 0) {
             while ($result->next()) {
                 $tmpArr['items'] = $result;
             }
         }
     }
     return $tmpArr;
 }
 /**
  * removes $this->reload(); call (last line) of core method \Comments::renderCommentForm()
  */
 protected function renderCommentForm(\FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $varNotifies)
 {
     $this->import('FrontendUser', 'User');
     // Access control
     if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
         $objTemplate->requireLogin = true;
         $objTemplate->login = $GLOBALS['TL_LANG']['MSC']['com_login'];
         return;
     }
     // Confirm or remove a subscription
     if (\Input::get('token')) {
         static::changeSubscriptionStatus($objTemplate);
         return;
     }
     // Form fields
     $arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true)));
     // Captcha
     if (!$objConfig->disableCaptcha) {
         $arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
     }
     // Comment field
     $arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true));
     // Notify me of new comments
     $arrFields['notify'] = array('name' => 'notify', 'label' => '', 'inputType' => 'checkbox', 'options' => array(1 => $GLOBALS['TL_LANG']['MSC']['com_notify']));
     $doNotSubmit = false;
     $arrWidgets = array();
     $strFormId = 'com_' . $strSource . '_' . $intParent;
     // Initialize the widgets
     foreach ($arrFields as $arrField) {
         /** @var \Widget $strClass */
         $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
         // Continue if the class is not defined
         if (!class_exists($strClass)) {
             continue;
         }
         $arrField['eval']['required'] = $arrField['eval']['mandatory'];
         /** @var \Widget $objWidget */
         $objWidget = new $strClass($strClass::getAttributesFromDca($arrField, $arrField['name'], $arrField['value']));
         // Validate the widget
         if (\Input::post('FORM_SUBMIT') == $strFormId) {
             $objWidget->validate();
             if ($objWidget->hasErrors()) {
                 $doNotSubmit = true;
             }
         }
         $arrWidgets[$arrField['name']] = $objWidget;
     }
     $objTemplate->fields = $arrWidgets;
     $objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
     $objTemplate->action = ampersand(\Environment::get('request'));
     $objTemplate->messages = '';
     // Backwards compatibility
     $objTemplate->formId = $strFormId;
     $objTemplate->hasError = $doNotSubmit;
     // Do not index or cache the page with the confirmation message
     if ($_SESSION['TL_COMMENT_ADDED']) {
         /** @var \PageModel $objPage */
         global $objPage;
         $objPage->noSearch = 1;
         $objPage->cache = 0;
         $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
         $_SESSION['TL_COMMENT_ADDED'] = false;
     }
     // Store the comment
     if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
         $strWebsite = $arrWidgets['website']->value;
         // Add http:// to the website
         if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
             $strWebsite = 'http://' . $strWebsite;
         }
         // Do not parse any tags in the comment
         $strComment = specialchars(trim($arrWidgets['comment']->value));
         $strComment = str_replace(array('&amp;', '&lt;', '&gt;'), array('[&]', '[lt]', '[gt]'), $strComment);
         // Remove multiple line feeds
         $strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment);
         // Parse BBCode
         if ($objConfig->bbcode) {
             $strComment = $this->parseBbCode($strComment);
         }
         // Prevent cross-site request forgeries
         $strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment);
         $time = time();
         // Prepare the record
         $arrSet = array('tstamp' => $time, 'source' => $strSource, 'parent' => $intParent, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1);
         // Store the comment
         $objComment = new \CommentsModel();
         $objComment->setRow($arrSet)->save();
         // Store the subscription
         if ($arrWidgets['notify']->value) {
             static::addCommentsSubscription($objComment);
         }
         // HOOK: add custom logic
         if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) {
             foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) {
                 $this->import($callback[0]);
                 $this->{$callback[0]}->{$callback[1]}($objComment->id, $arrSet, $this);
             }
         }
         // Prepare the notification mail
         $objEmail = new \Email();
         $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
         $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
         $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Idna::decode(\Environment::get('host')));
         // Convert the comment to plain text
         $strComment = strip_tags($strComment);
         $strComment = \StringUtil::decodeEntities($strComment);
         $strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
         // Add the comment details
         $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=comments&act=edit&id=' . $objComment->id);
         // Do not send notifications twice
         if (is_array($varNotifies)) {
             $objEmail->sendTo(array_unique($varNotifies));
         } elseif ($varNotifies != '') {
             $objEmail->sendTo($varNotifies);
             // see #5443
         }
         // Pending for approval
         if ($objConfig->moderate) {
             $_SESSION['TL_COMMENT_ADDED'] = true;
         } else {
             static::notifyCommentsSubscribers($objComment);
         }
     }
 }
Пример #16
0
 /**
  * handle ajax requests
  */
 protected function handleAjax()
 {
     // delete socialmedia links
     if (\Input::get('act') == 'delSocialmediaLink' && \Input::post('type')) {
         if (FE_USER_LOGGED_IN) {
             $arrSocialmediaLinks = deserialize($this->loggedInUser->socialmediaLinks);
             if (array_search(\Input::post('type'), $arrSocialmediaLinks) !== false) {
                 $key = array_search(\Input::post('type'), $arrSocialmediaLinks);
                 unset($arrSocialmediaLinks[$key]);
             }
             $this->loggedInUser->socialmediaLinks = serialize(array_values($arrSocialmediaLinks));
             $this->loggedInUser->save();
             $this->log('A new version of tl_member ID ' . $this->loggedInUser->id . ' has been created', __METHOD__, TL_GENERAL);
         }
     }
     // toggle visibility (publish or unpublish)
     if (\Input::get('act') == 'toggleVisibility' && \Input::get('id')) {
         if (FE_USER_LOGGED_IN) {
             $objComment = \CommentsModel::findByPk(\Input::get('id'));
             if ($objComment !== NULL) {
                 if ($this->loggedInUser->id == $objComment->parent) {
                     $isPublished = $objComment->published ? 0 : 1;
                     $objComment->published = $isPublished;
                     $objComment->save();
                     $this->log('A new version of tl_comments ID ' . $objComment->id . ' has been created', __METHOD__, TL_GENERAL);
                     $strReturn = $isPublished == 0 ? 'invisible' : 'visible';
                     echo $strReturn;
                 }
             }
         }
     }
     exit;
 }