public function save() { // check for request forgeries JRequest::checkToken() or jexit('Invalid Token'); // init vars $post = YRequest::get('post'); $cid = YRequest::getArray('cid.0', '', 'int'); $pid = YRequest::getInt('parent_id', 0); $now = JFactory::getDate(); try { // get content as raw and filter it $post['content'] = YRequest::getVar('content', null, '', 'string', JREQUEST_ALLOWRAW); $post['content'] = CommentHelper::filterContentInput($post['content']); // get comment table $table = YTable::getInstance('comment'); // get comment or create reply if ($cid) { $comment = $table->get($cid); } else { $parent = $table->get($pid); $comment = new Comment(); $comment->item_id = $parent->getItem()->id; $comment->user_id = $this->user->id; $comment->author = $this->user->name; $comment->email = $this->user->email; $comment->ip = CommentHelper::getClientIP(); $comment->created = $now->toMySQL(); $comment->state = Comment::STATE_APPROVED; } // bind post data $comment->bind($post); // save comment $table->save($comment); // get view $view = $this->getView(); // set view vars $view->option = $this->option; $view->comment = $comment; // display view $view->setLayout('_row'); $view->display(); } catch (YException $e) { // raise error on exception echo json_encode(array('group' => 'error', 'title' => JText::_('Error Saving Comment'), 'text' => (string) $e)); } }
public function save() { // check for request forgeries YRequest::checkToken() or jexit('Invalid Token'); // set currently active author $this->author = CommentHelper::activeAuthor(); // init vars $redirect = YRequest::getString('redirect'); $login = YRequest::getString(CommentHelper::COOKIE_PREFIX . 'login', '', 'cookie'); if ($this->author->getUserType() == $login) { if ($this->params->get('enable_comments', false)) { // init vars $content = YRequest::getVar('content', null, '', 'string', JREQUEST_ALLOWRAW); $item_id = YRequest::getInt('item_id', 0); $parent_id = YRequest::getInt('parent_id', 0); // filter content $content = CommentHelper::filterContentInput($content); // set content in session $this->session->set('com_zoo.comment.content', $content); // set author name, email and url, if author is guest if ($this->author->isGuest()) { $this->author->name = YRequest::getString('author'); $this->author->email = YRequest::getString('email'); $this->author->url = YRequest::getString('url'); // save cookies CommentHelper::saveCookies($this->author->name, $this->author->email, $this->author->url); } try { // get comment table $table = YTable::getInstance('comment'); // get parent $parent = $table->get($parent_id); $parent_id = $parent && $parent->item_id == $item_id ? $parent->id : 0; // create comment $comment = new Comment(); $comment->parent_id = $parent_id; $comment->item_id = $item_id; $comment->ip = CommentHelper::getClientIP(); $comment->created = JFactory::getDate()->toMySQL(); $comment->content = $content; $comment->state = Comment::STATE_UNAPPROVED; // auto approve comment $approved = $this->params->get('approved', 0); if ($this->author->isJoomlaAdmin()) { $comment->state = Comment::STATE_APPROVED; } else { if ($approved == 1) { $comment->state = Comment::STATE_APPROVED; } else { if ($approved == 2 && $table->getApprovedCommentCount($this->author)) { $comment->state = Comment::STATE_APPROVED; } } } // bind Author $comment->bindAuthor($this->author); // validate comment, if not an administrator if (!$this->author->isJoomlaAdmin()) { $this->_validate($comment); } // save comment $table->save($comment); // remove content from session, if comment was saved $this->session->set('com_zoo.comment.content', ''); } catch (CommentControllerException $e) { // raise warning on exception JError::raiseWarning(0, (string) $e); } catch (YException $e) { // raise warning on exception JError::raiseWarning(0, JText::_('ERROR_SAVING_COMMENT')); // add exception details, for super administrators only if ($this->user->superadmin) { JError::raiseWarning(0, (string) $e); } } // add anchor to redirect, if comment was saved if ($comment->id) { $redirect .= '#comment-' . $comment->id; } } else { // raise warning on comments not enabled JError::raiseWarning(0, JText::_('Comments are not enabled.')); } } else { // raise warning on exception JError::raiseWarning(0, JText::_('ERROR_SAVING_COMMENT')); // add exception details, for super administrators only if ($this->user->superadmin) { JError::raiseWarning(0, JText::_('User types didn\'t match.')); } } $this->setRedirect($redirect); }