protected function runBeforeTemplateParsing($objTemplate, $arrItem)
{
$objTemplate->ago = DateUtil::getTimeElapsed($arrItem['raw']['date']);
$objTemplate->commentCount = \CommentsModel::countPublishedBySourceAndParent('tl_news', $arrItem['fields']['id']);
$objTemplate->isAuthor = $arrItem['raw']['memberAuthor'] == \FrontendUser::getInstance()->id;
$this->imgSize = deserialize($this->imgSize, true);
if ($objTemplate->isAuthor && !$arrItem['raw']['published']) {
$objTemplate->unpublished = true;
}
// media
$strMedia = '';
if ($arrItem['raw']['mediaType'] == 'video') {
$arrItem['fields']['addYouTube'] = true;
$arrItem['fields']['youtube'] = preg_replace('@.*watch\\?v=([^&]+).*@i', '$1', $arrItem['fields']['pinBoardYouTube']);
$objYouTube = YouTubeVideo::getInstance()->setData($arrItem['fields']);
$strMedia = $objYouTube->getCachedYouTubePreviewImage();
} elseif ($arrItem['fields']['pinBoardImage']) {
$strMedia = $arrItem['fields']['pinBoardImage'];
}
if ($strMedia) {
$objTemplate->media = \Image::get($strMedia, $this->imgSize[0], $this->imgSize[1], $this->imgSize[2]);
$arrSize = getimagesize(urldecode(TL_ROOT . '/' . $objTemplate->media));
if (count($arrSize) > 1) {
$objTemplate->imgSizeParsed = 'width="' . $arrSize[0] . '" height="' . $arrSize[1] . '"';
}
}
}
/**
* Return the meta fields of a news article as array
* @param object
* @return array
*/
public static function getMetaFields($objModule, $objArticle)
{
$meta = deserialize($objModule->news_metaFields);
if (!is_array($meta)) {
return array();
}
global $objPage;
$return = array();
foreach ($meta as $field) {
switch ($field) {
case 'date':
$return['date'] = \Date::parse($objPage->datimFormat, $objArticle->date);
break;
case 'author':
if (($objAuthor = $objArticle->getRelated('author')) !== null) {
if ($objAuthor->google != '') {
$return['author'] = $GLOBALS['TL_LANG']['MSC']['by'] . ' <a href="https://plus.google.com/' . $objAuthor->google . '" rel="author" target="_blank">' . $objAuthor->name . '</a>';
} else {
$return['author'] = $GLOBALS['TL_LANG']['MSC']['by'] . ' ' . $objAuthor->name;
}
}
break;
case 'comments':
if ($objArticle->noComments || $objArticle->source != 'default') {
break;
}
$intTotal = \CommentsModel::countPublishedBySourceAndParent('tl_news', $objArticle->id);
$return['ccount'] = $intTotal;
$return['comments'] = sprintf($GLOBALS['TL_LANG']['MSC']['commentCount'], $intTotal);
break;
}
}
return $return;
}
public static function getInstance()
{
if (!self::$instance) {
self::$instance = new CommentsModel();
}
return self::$instance;
}
protected function post_comment($r)
{
Input::ensureRequest($r, array("id"));
$id = $r["id"];
$posts = $this->jsonPost();
Input::ensureRequest($posts, array("username", "mail", "content"));
$comments = new CommentsModel();
$comment = $comments->newRow();
$comment->set(CommentsModel::POST_ID, $id);
$comment->set(CommentsModel::USERNAME, $posts["username"]);
$comment->set(CommentsModel::MAIL, $posts["mail"]);
$comment->set(CommentsModel::CONTENT, $posts["content"]);
$comment->save();
$ret = $comment->getValues();
$ret["gid"] = md5($ret[CommentsModel::MAIL]);
unset($ret[CommentsModel::ID]);
unset($ret[CommentsModel::POST_ID]);
unset($ret[CommentsModel::MAIL]);
Output::success($ret);
}
/**
* ondelete_callback
* Delete related items in tl_comments
* @param DataContainer $dc
*/
public function deleteRelatedComments(DataContainer $dc)
{
// Return if there is no ID
if (!$dc->activeRecord->id || Input::get('act') == 'copy') {
return;
}
$objComments = $this->Database->prepare('SELECT * FROM tl_comments WHERE source = ? AND (owner = ? OR parent = ?)')->execute('tl_member', $dc->activeRecord->id, $dc->activeRecord->id);
while ($objComments->next()) {
$objDb = CommentsModel::findByPk($objComments->id);
$objDb->delete();
$this->log('DELETE FROM tl_comments WHERE id=' . $objComments->id, __METHOD__, TL_GENERAL);
}
}
/**
* Send out the new comment notifications
*
* @param mixed $varValue
*
* @return mixed
*/
public function sendNotifications($varValue)
{
if ($varValue) {
Comments::notifyCommentsSubscribers(CommentsModel::findByPk(Input::get('id')));
}
return $varValue;
}
/**
* Notify the subscribers of new comments
*
* @param \CommentsModel $objComment
*/
public static function notifyCommentsSubscribers(\CommentsModel $objComment)
{
// Notified already
if ($objComment->notified) {
return;
}
$objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent);
// No subscriptions
if ($objNotify === null) {
return;
}
while ($objNotify->next()) {
// Don't notify the commentor about his own comment
if ($objNotify->email == $objComment->email) {
continue;
}
// Prepare the URL
$strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url;
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove);
$objEmail->sendTo($objNotify->email);
}
$objComment->notified = 1;
$objComment->save();
}
/**
* Return the meta fields of a news article as array
*
* @param \NewsModel $objArticle
*
* @return array
*/
protected function getMetaFields($objArticle)
{
$meta = deserialize($this->news_metaFields);
if (!is_array($meta)) {
return array();
}
/** @var \PageModel $objPage */
global $objPage;
$return = array();
foreach ($meta as $field) {
switch ($field) {
case 'date':
$return['date'] = \Date::parse($objPage->datimFormat, $objArticle->date);
break;
case 'author':
/** @var \UserModel $objAuthor */
if (($objAuthor = $objArticle->getRelated('author')) !== null) {
$return['author'] = $GLOBALS['TL_LANG']['MSC']['by'] . ' ' . $objAuthor->name;
}
break;
case 'comments':
if ($objArticle->noComments || !in_array('comments', \ModuleLoader::getActive()) || $objArticle->source != 'default') {
break;
}
$intTotal = \CommentsModel::countPublishedBySourceAndParent('tl_news', $objArticle->id);
$return['ccount'] = $intTotal;
$return['comments'] = sprintf($GLOBALS['TL_LANG']['MSC']['commentCount'], $intTotal);
break;
}
}
return $return;
}
public function leaveComment($args)
{
$dat = new CommentsModel();
$dat->leaveComment($args[0]);
}
/**
* Neueintag bearbeiten
*
* Neueingetragenen Eintrag bearbeiten,
* speichern und Benachrichtigungsmail senden
*
* @param int $intId ID des neu eingetragenen Gästebucheintrages
* @param array $arrComment Array mit neuem Gästebucheintrag *
* @return void
*/
public function nlshAddComment($intId, $arrComment)
{
$this->import('Input');
/* Step by step
$tl_article = $this->Database
->prepare("SELECT *
FROM tl_article
WHERE `pid` = ? "
)
->execute($arrComment['parent']);
$tl_content = $this->Database
->prepare("SELECT *
FROM tl_content
WHERE `pid` = ?
AND `type` = 'module'"
)
->execute($tl_article->id);
$tlModule = $this->Database
->prepare("SELECT *
FROM tl_module
WHERE `id` = ?"
)
->execute($tl_content->module);
End Step by step */
// Dank an thkuhn #23
$this->tlModule = $this->Database->prepare("SELECT m.*\n FROM tl_module m\n INNER JOIN tl_content c ON (m.id=c.`module`)\n INNER JOIN tl_article a ON (c.pid=a.id)\n WHERE c.`type`=? AND m.`type`=? AND a.pid=?")->limit(1)->execute('module', 'nlsh_guestbook', $arrComment['parent']);
// nur wenn Eintrag vom Modul 'nlsh_guestbook'
if ($this->tlModule->type == 'nlsh_guestbook') {
// Löschen, da es Probleme beim purem Update des Eintrages gab
// es ging weder über die Models, noch über ein einfaches
// UPDATE des SQL- Eintrages, diese wurden ignoriert
// siehe #20
$this->Database->prepare("DELETE FROM `tl_comments` WHERE `tl_comments` . `id` = ?")->execute($intId);
// Smilies außerhalb der Extension hinzufügen
$source = 'system/modules/nlsh_guestbook/html/smilies/';
$arrSmilies = $this->arrSmilies;
$arrSmilies[] = array(':-)', '', 'smile.gif');
$arrSmilies[] = array(':-(', '', 'sad.gif');
$arrSmilies[] = array(';-)', '', 'wink.gif');
// Smilies ersetzen
for ($b = 0, $count = count($arrSmilies); $b < $count; $b++) {
$imageTag = sprintf('<img src="%s%s" title="%s" alt="Smile" />', $source, $arrSmilies[$b][2], $arrSmilies[$b][0]);
$arrComment['comment'] = str_replace($arrSmilies[$b][0], $imageTag, $arrComment['comment']);
}
// Überschrift zum Kommentar hinzufügen
if ($this->Input->post('headline')) {
$headline = $this->checkString($this->Input->post('headline'));
$arrComment['comment'] = '[h]' . $headline . '[/h]' . $arrComment['comment'];
}
// Datensatz in Datenbank eintragen
$objComment = new \CommentsModel();
$objComment->setRow($arrComment)->save();
// Benachrichtigungs- Mail erstellen und senden, wenn gewünscht
if ($this->tlModule->com_nlsh_gb_bolMail == TRUE) {
$this->import('Email');
$email = new \email();
$email->subject = $GLOBALS['TL_LANG']['nlsh_guestbook']['email_subject'];
$email->html = str_replace('[h]', '<h1>', $arrComment['comment']);
$email->html = str_replace('[/h]', '</h1>', $email->html);
$email->sendTo($this->tlModule->com_nlsh_gb_email);
}
}
}
public function hiddenAction()
{
$this->isAjax = true;
if ($this->_hasParam('id')) {
Zend_Loader::loadClass('Zend_Json');
$id = $this->_getParam('id');
$comments = new CommentsModel();
$result = $comments->hiddenComment($id);
echo Zend_Json::encode($result);
}
}
/**
* generate voting-form
*/
protected function generateVotingForm()
{
if (!$this->loggedInUser || $this->loggedInUser->id == $this->ratedUser->id) {
return;
}
$strFields = '';
$scoreError = false;
$this->Template->formId = 'tl_comments_' . $this->id;
$this->Template->action = \Environment::get('indexFreeRequest');
$this->Template->enctype = 'application/x-www-form-urlencoded';
$arrFields = array();
$objComment = new \CommentsModel();
// Build the form
$arrFF = array('comment', 'score', 'captcha');
foreach ($arrFF as $field) {
$arrData =& $GLOBALS['TL_DCA']['tl_comments']['fields'][$field];
$strClass = $GLOBALS['TL_FFL'][$arrData['inputType']];
$arrData['eval']['tableless'] = 'true';
$arrData['label'] = $GLOBALS['TL_LANG']['tl_comments'][$field][0];
$varValue = '';
$objWidget = new $strClass($strClass::getAttributesFromDca($arrData, $field, $varValue, '', '', $this));
$objWidget->storeValues = true;
// Validate the form data
if (\Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) {
$objWidget->validate();
$varValue = $objWidget->value;
// check vor valid score interval
if ($field == 'score') {
if (!mberegi('^(1|2|3|4|5)\\d{0}$', $varValue)) {
$doNotSubmit = true;
$scoreError = true;
}
}
// Do not submit the field if there are errors
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
} elseif ($objWidget->submitInput()) {
$blnModified = true;
// Store the form data
$_SESSION['FORM_DATA'][$field] = $varValue;
// Set the correct empty value (see #6284, #6373)
if ($varValue === '') {
$varValue = $objWidget->getEmptyValue();
}
// Set the new value
if ($field !== 'captcha') {
$objComment->{$field} = $varValue;
}
}
}
$temp = $objWidget->parse();
// add a hidden field for the starrating
if ($field == 'score') {
$temp = '<input type="hidden" name="score" id="ctrl_score" value="">';
}
$strFields .= $temp;
$arrFields[$field] = $temp;
}
// Save the model
if ($doNotSubmit !== true && $blnModified && \Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) {
$objComment->owner = $this->loggedInUser->id;
$objComment->dateOfCreation = time();
$objComment->source = 'tl_member';
$objComment->ip = \Environment::get('ip');
$objComment->activation_token = md5(session_id() . time() . $this->loggedInUser->id);
$objComment->parent = $this->ratedUser->id;
$objComment->published = 0;
$objComment->save();
$this->log('A new entry "tl_comments.id=' . $objComment->id . '" has been created', __METHOD__, TL_GENERAL);
// notify rated member
if ($this->notifyRatedUser && $objComment->id > 0 && $objComment->comment != '') {
$this->notifyUser($objComment);
}
$this->jumpToOrReload($this->jumpTo);
}
if ($scoreError) {
$strFields = '<p class="error">Bitte eine gültige Punktzahl vergeben.</p>' . $strFields;
}
$this->Template->slabel = specialchars($GLOBALS['TL_LANG']['MSC']['saveData']);
$this->Template->fields = $strFields;
$this->Template->arrFields = $arrFields;
// shit storm protection
if ($this->blockingTime > 0) {
$objRatings = $this->Database->prepare("SELECT * FROM tl_comments WHERE source = ? AND parent = ? AND owner = ? AND dateOfCreation > ? ORDER BY dateOfCreation DESC")->limit(1)->execute('tl_member', $this->ratedUser->id, $this->loggedInUser->id, time() - $this->blockingTime);
if ($objRatings->numRows > 0) {
$this->Template->commentFormLocked = true;
$time = $this->blockingTime - (time() - $objRatings->dateOfCreation);
$h = floor($time / 3600);
$min = floor(($time / 3600 - $h) * 60);
if ($time <= 60) {
$this->Template->commentFormLockedTime = $time . ' s';
} else {
$this->Template->commentFormLockedTime = ($h > 0 ? $h . ' h ' : '') . $min . ' min';
}
}
}
}
/**
* Add comments to a template
* @param \FrontendTemplate
* @param \stdClass
* @param string
* @param integer
* @param array
*/
public function addCommentsToTemplate(\FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $arrNotifies)
{
global $objPage;
$limit = 0;
$offset = 0;
$total = 0;
$gtotal = 0;
$arrComments = array();
$objTemplate->comments = array();
// see #4064
// Pagination
if ($objConfig->perPage > 0) {
// Get the total number of comments
$intTotal = \CommentsModel::countPublishedBySourceAndParent($strSource, $intParent);
$total = $gtotal = $intTotal;
// Get the current page
$id = 'page_c' . $this->id;
$page = \Input::get($id) ?: 1;
// Do not index or cache the page if the page number is outside the range
if ($page < 1 || $page > max(ceil($total / $objConfig->perPage), 1)) {
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
// Send a 404 header
header('HTTP/1.1 404 Not Found');
$objTemplate->allowComments = false;
return;
}
// Set limit and offset
$limit = $objConfig->perPage;
$offset = ($page - 1) * $objConfig->perPage;
// Initialize the pagination menu
$objPagination = new \Pagination($total, $objConfig->perPage, 7, $id);
$objTemplate->pagination = $objPagination->generate("\n ");
}
$objTemplate->allowComments = true;
// Get all published comments
if ($limit) {
$objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent, $limit, $offset);
} else {
$objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent);
}
if ($objComments !== null && ($total = $objComments->count()) > 0) {
$count = 0;
if ($objConfig->template == '') {
$objConfig->template = 'com_default';
}
$objPartial = new \FrontendTemplate($objConfig->template);
while ($objComments->next()) {
$objPartial->setData($objComments->row());
// Clean the RTE output
if ($objPage->outputFormat == 'xhtml') {
$objComments->comment = \String::toXhtml($objComments->comment);
} else {
$objComments->comment = \String::toHtml5($objComments->comment);
}
$objPartial->comment = trim(str_replace(array('{{', '}}'), array('{{', '}}'), $objComments->comment));
$objPartial->datim = $this->parseDate($objPage->datimFormat, $objComments->date);
$objPartial->date = $this->parseDate($objPage->dateFormat, $objComments->date);
$objPartial->class = ($count < 1 ? ' first' : '') . ($count >= $total - 1 ? ' last' : '') . ($count % 2 == 0 ? ' even' : ' odd');
$objPartial->by = $GLOBALS['TL_LANG']['MSC']['comment_by'];
$objPartial->id = 'c' . $objComments->id;
$objPartial->timestamp = $objComments->date;
$objPartial->datetime = date('Y-m-d\\TH:i:sP', $objComments->date);
$objPartial->addReply = false;
// Reply
if ($objComments->addReply && $objComments->reply != '') {
if (($objAuthor = $objComments->getRelated('author')) !== null) {
$objPartial->addReply = true;
$objPartial->rby = $GLOBALS['TL_LANG']['MSC']['reply_by'];
$objPartial->reply = $this->replaceInsertTags($objComments->reply);
$objPartial->author = $objAuthor;
// Clean the RTE output
if ($objPage->outputFormat == 'xhtml') {
$objPartial->reply = \String::toXhtml($objPartial->reply);
} else {
$objPartial->reply = \String::toHtml5($objPartial->reply);
}
}
}
$arrComments[] = $objPartial->parse();
++$count;
}
}
$objTemplate->comments = $arrComments;
$objTemplate->addComment = $GLOBALS['TL_LANG']['MSC']['addComment'];
$objTemplate->name = $GLOBALS['TL_LANG']['MSC']['com_name'];
$objTemplate->email = $GLOBALS['TL_LANG']['MSC']['com_email'];
$objTemplate->website = $GLOBALS['TL_LANG']['MSC']['com_website'];
$objTemplate->commentsTotal = $limit ? $gtotal : $total;
// Get the front end user object
$this->import('FrontendUser', 'User');
// Access control
if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
$objTemplate->requireLogin = true;
return;
}
// Form fields
$arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true)));
// Captcha
if (!$objConfig->disableCaptcha) {
$arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
}
// Comment field
$arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true));
$doNotSubmit = false;
$arrWidgets = array();
$strFormId = 'com_' . $strSource . '_' . $intParent;
// Initialize widgets
foreach ($arrFields as $arrField) {
$strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
// Continue if the class is not defined
if (!$this->classFileExists($strClass)) {
continue;
}
$arrField['eval']['required'] = $arrField['eval']['mandatory'];
$objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value']));
// Validate the widget
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
}
}
$arrWidgets[$arrField['name']] = $objWidget;
}
$objTemplate->fields = $arrWidgets;
$objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->messages = '';
// Backwards compatibility
$objTemplate->formId = $strFormId;
$objTemplate->hasError = $doNotSubmit;
// Do not index or cache the page with the confirmation message
if ($_SESSION['TL_COMMENT_ADDED']) {
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
$_SESSION['TL_COMMENT_ADDED'] = false;
}
// Add the comment
if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
$strWebsite = $arrWidgets['website']->value;
// Add http:// to the website
if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
$strWebsite = 'http://' . $strWebsite;
}
// Do not parse any tags in the comment
$strComment = htmlspecialchars(trim($arrWidgets['comment']->value));
$strComment = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strComment);
// Remove multiple line feeds
$strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment);
// Parse BBCode
if ($objConfig->bbcode) {
$strComment = $this->parseBbCode($strComment);
}
// Prevent cross-site request forgeries
$strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment);
$time = time();
// Prepare the record
$arrSet = array('source' => $strSource, 'parent' => $intParent, 'tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1);
$objComment = new \CommentsModel();
$objComment->setRow($arrSet);
$objComment->save();
$insertId = $objComment->id;
// HOOK: add custom logic
if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) {
foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($insertId, $arrSet, $this);
}
}
// Notification
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Environment::get('host'));
// Convert the comment to plain text
$strComment = strip_tags($strComment);
$strComment = \String::decodeEntities($strComment);
$strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
// Add comment details
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Environment::get('base') . \Environment::get('request'), \Environment::get('base') . 'contao/main.php?do=comments&act=edit&id=' . $insertId);
// Do not send notifications twice
if (is_array($arrNotifies)) {
$arrNotifies = array_unique($arrNotifies);
}
$objEmail->sendTo($arrNotifies);
// Pending for approval
if ($objConfig->moderate) {
$_SESSION['TL_COMMENT_ADDED'] = true;
}
$this->reload();
}
}
protected function getComment($id)
{
$tmpArr = array();
$news = \NewsModel::findByPk($id);
if ($news->noComments) {
$tmpArr['commentStatus'] = "closed";
} else {
$result = \CommentsModel::findPublishedBySourceAndParent("tl_news", $id);
$tmpArr['commentStatus'] = "open";
$tmpArr['commentsCount'] = count($result);
if (count($result) > 0) {
while ($result->next()) {
$tmpArr['items'] = $result;
}
}
}
return $tmpArr;
}
/**
* removes $this->reload(); call (last line) of core method \Comments::renderCommentForm()
*/
protected function renderCommentForm(\FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $varNotifies)
{
$this->import('FrontendUser', 'User');
// Access control
if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
$objTemplate->requireLogin = true;
$objTemplate->login = $GLOBALS['TL_LANG']['MSC']['com_login'];
return;
}
// Confirm or remove a subscription
if (\Input::get('token')) {
static::changeSubscriptionStatus($objTemplate);
return;
}
// Form fields
$arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true)));
// Captcha
if (!$objConfig->disableCaptcha) {
$arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
}
// Comment field
$arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true));
// Notify me of new comments
$arrFields['notify'] = array('name' => 'notify', 'label' => '', 'inputType' => 'checkbox', 'options' => array(1 => $GLOBALS['TL_LANG']['MSC']['com_notify']));
$doNotSubmit = false;
$arrWidgets = array();
$strFormId = 'com_' . $strSource . '_' . $intParent;
// Initialize the widgets
foreach ($arrFields as $arrField) {
/** @var \Widget $strClass */
$strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
// Continue if the class is not defined
if (!class_exists($strClass)) {
continue;
}
$arrField['eval']['required'] = $arrField['eval']['mandatory'];
/** @var \Widget $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($arrField, $arrField['name'], $arrField['value']));
// Validate the widget
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
}
}
$arrWidgets[$arrField['name']] = $objWidget;
}
$objTemplate->fields = $arrWidgets;
$objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->messages = '';
// Backwards compatibility
$objTemplate->formId = $strFormId;
$objTemplate->hasError = $doNotSubmit;
// Do not index or cache the page with the confirmation message
if ($_SESSION['TL_COMMENT_ADDED']) {
/** @var \PageModel $objPage */
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
$_SESSION['TL_COMMENT_ADDED'] = false;
}
// Store the comment
if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
$strWebsite = $arrWidgets['website']->value;
// Add http:// to the website
if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
$strWebsite = 'http://' . $strWebsite;
}
// Do not parse any tags in the comment
$strComment = specialchars(trim($arrWidgets['comment']->value));
$strComment = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strComment);
// Remove multiple line feeds
$strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment);
// Parse BBCode
if ($objConfig->bbcode) {
$strComment = $this->parseBbCode($strComment);
}
// Prevent cross-site request forgeries
$strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment);
$time = time();
// Prepare the record
$arrSet = array('tstamp' => $time, 'source' => $strSource, 'parent' => $intParent, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1);
// Store the comment
$objComment = new \CommentsModel();
$objComment->setRow($arrSet)->save();
// Store the subscription
if ($arrWidgets['notify']->value) {
static::addCommentsSubscription($objComment);
}
// HOOK: add custom logic
if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) {
foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($objComment->id, $arrSet, $this);
}
}
// Prepare the notification mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Idna::decode(\Environment::get('host')));
// Convert the comment to plain text
$strComment = strip_tags($strComment);
$strComment = \StringUtil::decodeEntities($strComment);
$strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
// Add the comment details
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=comments&act=edit&id=' . $objComment->id);
// Do not send notifications twice
if (is_array($varNotifies)) {
$objEmail->sendTo(array_unique($varNotifies));
} elseif ($varNotifies != '') {
$objEmail->sendTo($varNotifies);
// see #5443
}
// Pending for approval
if ($objConfig->moderate) {
$_SESSION['TL_COMMENT_ADDED'] = true;
} else {
static::notifyCommentsSubscribers($objComment);
}
}
}
/**
* handle ajax requests
*/
protected function handleAjax()
{
// delete socialmedia links
if (\Input::get('act') == 'delSocialmediaLink' && \Input::post('type')) {
if (FE_USER_LOGGED_IN) {
$arrSocialmediaLinks = deserialize($this->loggedInUser->socialmediaLinks);
if (array_search(\Input::post('type'), $arrSocialmediaLinks) !== false) {
$key = array_search(\Input::post('type'), $arrSocialmediaLinks);
unset($arrSocialmediaLinks[$key]);
}
$this->loggedInUser->socialmediaLinks = serialize(array_values($arrSocialmediaLinks));
$this->loggedInUser->save();
$this->log('A new version of tl_member ID ' . $this->loggedInUser->id . ' has been created', __METHOD__, TL_GENERAL);
}
}
// toggle visibility (publish or unpublish)
if (\Input::get('act') == 'toggleVisibility' && \Input::get('id')) {
if (FE_USER_LOGGED_IN) {
$objComment = \CommentsModel::findByPk(\Input::get('id'));
if ($objComment !== NULL) {
if ($this->loggedInUser->id == $objComment->parent) {
$isPublished = $objComment->published ? 0 : 1;
$objComment->published = $isPublished;
$objComment->save();
$this->log('A new version of tl_comments ID ' . $objComment->id . ' has been created', __METHOD__, TL_GENERAL);
$strReturn = $isPublished == 0 ? 'invisible' : 'visible';
echo $strReturn;
}
}
}
}
exit;
}