| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | comment.php | 8 // | | 9 // | Let user comment on a story or plugin. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony@tonybibbs.com | 14 // | Mark Limburg - mlimburg@users.sourceforge.net | 15 // | Jason Whittenburg - jwhitten@securitygeeks.com | 16 // | Dirk Haun - dirk@haun-online.de | 17 // | Vincent Furia - vinny01 AT users DOT sourceforge DOT net | 18 // +---------------------------------------------------------------------------+ 19 // | | 20 // | This program is free software; you can redistribute it and/or | 21 // | modify it under the terms of the GNU General Public License | 22 // | as published by the Free Software Foundation; either version 2 | 23 // | of the License, or (at your option) any later version. | 24 // | | 25 // | This program is distributed in the hope that it will be useful, | 26 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 27 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 28 // | GNU General Public License for more details. | 29 // | | 30 // | You should have received a copy of the GNU General Public License | 31 // | along with this program; if not, write to the Free Software Foundation, | 32 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 33 // | | 34 // +---------------------------------------------------------------------------+ 35 // 36 // $Id: comment.php,v 1.112 2006/12/11 11:49:17 dhaun Exp $ 37 38 /** 39 * This file is responsible for letting user enter a comment and saving the 40 * comments to the DB. All comment display stuff is in lib-common.php 41 * 42 * @author Jason Whittenburg 43 * @author Tony Bibbs <tony@tonybibbs.com> 44 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> 45 * 46 */ 47 48 /** 49 * Geeklog common function library 50 */ 51 require_once ('lib-common.php'); 52 53 /** 54 * Geeklog comment function library 55 */ 56 require_once( $_CONF['path_system'] . 'lib-comment.php' ); 57 58 // Uncomment the line below if you need to debug the HTTP variables being passed 59 // to the script. This will sometimes cause errors but it will allow you to see 60 // the data being passed in a POST operation 61 // echo COM_debug($_POST); 62 63 /** 64 * Handles a comment submission 65 * 66 * @copyright Vincent Furia 2005 67 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> 68 * @return string HTML (possibly a refresh) 69 */ 70 function handleSubmit() 71 { 72 global $_CONF, $_TABLES, $_USER, $LANG03; 73 74 $display = ''; 75 76 $type = COM_applyFilter ($_POST['type']); 77 $sid = COM_applyFilter ($_POST['sid']); 78 switch ( $type ) { 79 case 'article': 80 $commentcode = DB_getItem ($_TABLES['stories'], 'commentcode', 81 "sid = '$sid'" . COM_getPermSQL('AND') . COM_getTopicSQL('AND')); 82 if (!isset($commentcode) || $commentcode < 0) { 83 return COM_refresh ($_CONF['site_url'] . '/index.php'); 84 } 85 86 $ret = CMT_saveComment ( strip_tags ($_POST['title']), 87 $_POST['comment'], $sid, COM_applyFilter ($_POST['pid'], true), 88 'article', COM_applyFilter ($_POST['postmode'])); 89 90 if ( $ret > 0 ) { // failure //FIXME: some failures should not return to comment form 91 $display .= COM_siteHeader ('menu', $LANG03[1]) 92 . CMT_commentForm ($_POST['title'], $_POST['comment'], 93 $sid, COM_applyFilter($_POST['pid']), $type, 94 $LANG03[14], COM_applyFilter($_POST['postmode'])) 95 . COM_siteFooter(); 96 } else { // success 97 $comments = DB_count ($_TABLES['comments'], 'sid', $sid); 98 DB_change ($_TABLES['stories'], 'comments', $comments, 'sid', $sid); 99 COM_olderStuff (); // update comment count in Older Stories block 100 $display = COM_refresh (COM_buildUrl ($_CONF['site_url'] 101 . "/article.php?story=$sid")); 102 } 103 break; 104 default: // assume plugin 105 if ( !($display = PLG_commentSave($type, strip_tags ($_POST['title']), 106 $_POST['comment'], $sid, COM_applyFilter ($_POST['pid'], true), 107 COM_applyFilter ($_POST['postmode']))) ) { 108 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 109 } 110 break; 111 } 112 113 return $display; 114 } 115 116 /** 117 * Hanldes a comment submission 118 * 119 * @copyright Vincent Furia 2005 120 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> 121 * @return string HTML (possibly a refresh) 122 */ 123 function handleDelete() 124 { 125 global $_CONF, $_TABLES; 126 127 $type = COM_applyFilter ($_REQUEST['type']); 128 $sid = COM_applyFilter ($_REQUEST['sid']); 129 switch ( $type ) { 130 case 'article': 131 $has_editPermissions = SEC_hasRights ('story.edit'); 132 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '$sid'"); 133 $A = DB_fetchArray ($result); 134 135 if ($has_editPermissions && SEC_hasAccess ($A['owner_id'], 136 $A['group_id'], $A['perm_owner'], $A['perm_group'], 137 $A['perm_members'], $A['perm_anon']) == 3) { 138 CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid, 'article'); 139 $comments = DB_count ($_TABLES['comments'], 'sid', $sid); 140 DB_change ($_TABLES['stories'], 'comments', $comments, 141 'sid', $sid); 142 $display .= COM_refresh (COM_buildUrl ($_CONF['site_url'] 143 . "/article.php?story=$sid") . '#comments'); 144 } else { 145 COM_errorLog ("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) " 146 . "tried to illegally delete comment $cid from $type $sid"); 147 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 148 } 149 break; 150 default: //assume plugin 151 if ( !($display = PLG_commentDelete($type, 152 COM_applyFilter($_REQUEST['cid'], true), $sid)) ) { 153 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 154 } 155 break; 156 } 157 158 return $display; 159 } 160 161 /** 162 * Handles a comment view request 163 * 164 * @copyright Vincent Furia 2005 165 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> 166 * @param boolean $view View or display (true for view) 167 * @return string HTML (possibly a refresh) 168 */ 169 function handleView($view = true) 170 { 171 global $_CONF, $_TABLES, $_USER, $LANG_ACCESS; 172 173 $display = ''; 174 175 if ($view) { 176 $cid = COM_applyFilter ($_REQUEST['cid'], true); 177 } else { 178 $cid = COM_applyFilter ($_REQUEST['pid'], true); 179 } 180 181 if ($cid <= 0) { 182 return COM_refresh($_CONF['site_url'] . '/index.php'); 183 } 184 185 $sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = $cid"; 186 $A = DB_fetchArray( DB_query($sql) ); 187 $sid = $A['sid']; 188 $title = $A['title']; 189 $type = $A['type']; 190 191 $format = $_CONF['comment_mode']; 192 if( isset( $_REQUEST['format'] )) { 193 $format = COM_applyFilter( $_REQUEST['format'] ); 194 } 195 if ( $format != 'threaded' && $format != 'nested' && $format != 'flat' ) { 196 if ( $_USER['uid'] > 1 ) { 197 $format = DB_getItem( $_TABLES['usercomment'], 'commentmode', 198 "uid = {$_USER['uid']}" ); 199 } else { 200 $format = $_CONF['comment_mode']; 201 } 202 } 203 204 switch ( $type ) { 205 case 'article': 206 $sql = 'SELECT COUNT(*) AS count, owner_id, group_id, perm_owner, perm_group, ' 207 . "perm_members, perm_anon FROM {$_TABLES['stories']} WHERE (sid = '$sid') " 208 . 'AND (draft_flag = 0) AND (commentcode = 0) AND (date <= NOW())' . COM_getPermSQL('AND') 209 . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon '; 210 $result = DB_query ($sql); 211 $B = DB_fetchArray ($result); 212 $allowed = $B['count']; 213 214 if ( $allowed == 1 ) { 215 $delete_option = ( SEC_hasRights( 'story.edit' ) && 216 ( SEC_hasAccess( $B['owner_id'], $B['group_id'], 217 $B['perm_owner'], $B['perm_group'], $B['perm_members'], 218 $B['perm_anon'] ) == 3 ) ); 219 $order = ''; 220 if (isset ( $_REQUEST['order'])) { 221 $order = COM_applyFilter ($_REQUEST['order']); 222 } 223 $page = 0; 224 if (isset ($_REQUEST['page'])) { 225 $page = COM_applyFilter ($_REQUEST['page'], true); 226 } 227 $display .= CMT_userComments ($sid, $title, $type, $order, 228 $format, $cid, $page, $view, $delete_option); 229 } else { 230 $display .= COM_startBlock ($LANG_ACCESS['accessdenied'], '', 231 COM_getBlockTemplate ('_msg_block', 'header')) 232 . $LANG_ACCESS['storydenialmsg'] 233 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 234 } 235 break; 236 237 default: // assume plugin 238 if ( !($display = PLG_displayComment($type, $sid, $cid, $title, 239 COM_applyFilter ($_REQUEST['order']), $format, 240 COM_applyFilter ($_REQUEST['page'], true), $view)) ) { 241 return COM_refresh($_CONF['site_url'] . '/index.php'); 242 } 243 break; 244 } 245 246 return COM_siteHeader() . $display . COM_siteFooter(); 247 } 248 249 // MAIN 250 $display = ''; 251 252 // If reply specified, force comment submission form 253 if (isset ($_REQUEST['reply'])) { 254 $_REQUEST['mode'] = ''; 255 } 256 257 $mode = ''; 258 if (!empty ($_REQUEST['mode'])) { 259 $mode = COM_applyFilter ($_REQUEST['mode']); 260 } 261 switch ($mode) { 262 case $LANG03[14]: // Preview 263 $display .= COM_siteHeader('menu', $LANG03[14]) 264 . CMT_commentForm (strip_tags ($_POST['title']), $_POST['comment'], 265 COM_applyFilter ($_POST['sid']), 266 COM_applyFilter ($_POST['pid'], true), 267 COM_applyFilter ($_POST['type']), $mode, 268 COM_applyFilter ($_POST['postmode'])) 269 . COM_siteFooter(); 270 break; 271 272 case $LANG03[11]: // Submit Comment 273 $display .= handleSubmit(); // moved to function for readibility 274 break; 275 276 case 'delete': 277 $display .= handleDelete(); // moved to function for readibility 278 break; 279 280 case 'view': 281 $display .= handleView(true); // moved to function for readibility 282 break; 283 284 case 'display': 285 $display .= handleView(false); // moved to function for readibility 286 break; 287 288 case 'report': 289 $display .= COM_siteHeader ('menu', $LANG03[27]) 290 . CMT_reportAbusiveComment (COM_applyFilter ($_GET['cid'], true), 291 COM_applyFilter ($_GET['type'])) 292 . COM_siteFooter (); 293 break; 294 295 case 'sendreport': 296 $display .= CMT_sendReport (COM_applyFilter ($_POST['cid'], true), 297 COM_applyFilter ($_POST['type'])); 298 break; 299 300 default: // New Comment 301 $sid = COM_applyFilter ($_REQUEST['sid']); 302 $type = COM_applyFilter ($_REQUEST['type']); 303 $title = ''; 304 if (isset ($_REQUEST['title'])) { 305 $title = strip_tags ($_REQUEST['title']); 306 } 307 $postmode = $_CONF['postmode']; 308 if (isset ($_REQUEST['postmode'])) { 309 $postmode = COM_applyFilter ($_REQUEST['postmode']); 310 } 311 312 if (!empty ($sid) && !empty ($type)) { 313 if (empty ($title)) { 314 if ($type == 'article') { 315 $title = DB_getItem ($_TABLES['stories'], 'title', 316 "sid = '{$sid}'" . COM_getPermSQL('AND') . COM_getTopicSQL('AND')); 317 } 318 $title = str_replace ('$', '$', $title); 319 // CMT_commentForm expects non-htmlspecial chars for title... 320 $title = str_replace ( '&', '&', $title ); 321 $title = str_replace ( '"', '"', $title ); 322 $title = str_replace ( '<', '<', $title ); 323 $title = str_replace ( '>', '>', $title ); 324 } 325 $display .= COM_siteHeader('menu', $LANG03[1]) 326 . CMT_commentForm ($title, '', $sid, 327 COM_applyFilter ($_REQUEST['pid'], true), $type, $mode, 328 $postmode) 329 . COM_siteFooter(); 330 } else { 331 $display .= COM_refresh($_CONF['site_url'] . '/index.php'); 332 } 333 break; 334 } 335 336 echo $display; 337 338 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|