Context Navigation

source: extensions/CommentEditor/classes/ce_plugin.class.php @ 3434

Last change on this file since 3434 was 3434, checked in by Criss, 15 years ago
Improve sanity checking
Property svn:eol-style set to `LF`
File size: 10.0 KB

Line
1	<?php
2	/* $Id: ce_plugin.class.php,v 1.6 2009/06/18 21:02:12 Criss Exp $ */
3	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
4
5	ce_require_class("CE_Comment");
6
7	/**
8	* CE_Plugin class
9	*/
10	class CE_Plugin {
11
12	private static $url_prefix = null;
13
14
15	function CE_Plugin() {
16	if (null == self::$url_prefix) {
17	self::$url_prefix = get_root_url() . 'index.php?' . CE_ACTION . '=';
18	}
19	}
20
21	/* ************************ */
22	/* Trigger management */
23	/* ************************ */
24
25	/**
26	* Check whether the page contains comments.
27	* Add an edit link if user is allowed to edit comment
28	*/
29	function loc_begin_page_header() {
30	global $template;
31	$all_comments = &$template->get_template_vars('comments');
32	for ($i=0; $i < count($all_comments) ; $i++) {
33	if (isset($all_comments[$i]) and is_array($all_comments[$i])) {
34	$comment = &$all_comments[$i];
35	if (isset($comment['U_DELETE'])) {
36	$comment['U_ID'] = $this->getCommentId($comment['U_DELETE']);
37	$comment['DATE'] .= ' - <a href="' . $this->getEditUrlPrefix();
38	$comment['DATE'] .= $comment['U_ID'] . '">';
39	$comment['DATE'] .= 'Edit';
40	$comment['DATE'] .= '</a>';
41	}
42	}
43	}
44	}
45
46	/**
47	* Check whether a comment edit or update is requested.
48	*/
49	function loc_end_index() {
50	$comment_id = "";
51	$action = $this->isCommentEdit($_SERVER['QUERY_STRING'], $comment_id);
52	switch ($action) {
53	case CE_ACTION_EDIT:
54	// Edit
55	$this->editComment($comment_id);
56	break;
57	case CE_ACTION_UPDATE:
58	$this->updateComment();
59	break;
60	case CE_ACTION_ERROR:
61	$infos = array('comment_edit_forbidden');
62	$this->displayError($infos);
63	break;
64	case CE_ACTION_NONE:
65	// Not an edit mode
66	break;
67	}
68	}
69
70	/* ************************ */
71	/* Private functions */
72	/* ************************ */
73
74	function getTemplate($p_template = 'edit.tpl') {
75	return realpath(CE_TEMPLATE . $p_template);
76	}
77
78	function isCommentEdit($p_query_string, &$p_comment_id) {
79	$params = split('\&', $p_query_string);
80	$action = CE_ACTION_NONE;
81	$comment_id = "";
82	foreach ($params as $current_param) {
83	$key_value = split('=', $current_param);
84	if (isset($key_value[1])) {
85	if (CE_ACTION == $key_value[0] && CE_ACTION_NONE == $action) {
86	//CE_ACTION_EDIT == $lKeyVal[1]
87	switch ($key_value[1]) {
88	case CE_ACTION_EDIT:
89	case CE_ACTION_UPDATE:
90	$action = $key_value[1];
91	break;
92	}
93	}
94	if (CE_ID == $key_value[0]) {
95	$comment_id = $key_value[1];
96	}
97	}
98	}
99	if (CE_ACTION_EDIT == $action) {
100	if (is_numeric($comment_id)) {
101	$p_comment_id = intval($comment_id);
102	} else {
103	$action = CE_ACTION_ERROR;
104	}
105	}
106	return $action;
107	}
108
109	function isEditAllowed($p_comment) {
110	if (FALSE == $p_comment->getInfo()) {
111	return false;
112	}
113	if (is_admin()) {
114	return true;
115	}
116	global $user;
117	return $p_comment->isAuthor($user['username']);
118	}
119
120	function editComment($p_comment_id) {
121	// Include language advices
122	load_language('plugin.lang', CE_PATH);
123
124	$comment = new CE_Comment($p_comment_id);
125	$infos = array();
126	if (!$this->isEditAllowed($comment)) {
127	// Not allowed
128	array_push($infos, 'comment_edit_forbidden');
129	$this->displayError($infos);
130	return;
131	}
132	$this->displayComment($comment);
133	}
134
135	function updateComment() {
136	// Include language advices
137	load_language('plugin.lang', CE_PATH);
138
139	$infos = array();
140	if ((!isset($_POST['commentid'])) or
141	(!isset($_POST['imageid']))) {
142	array_push($infos, 'comment_access_invalid');
143	$this->displayError($infos);
144	return;
145	}
146	if (!is_numeric($_POST['imageid'])) {
147	array_push($infos, 'comment_access_invalid');
148	$this->displayError($infos);
149	return;
150	}
151	$comment = new CE_Comment($_POST['commentid']);
152
153	if (!$this->isEditAllowed($comment)) {
154	array_push($infos, 'comment_edit_forbidden');
155	$this->displayError($infos);
156	return;
157	}
158	$image_id = $comment->getInfo('image_id');
159	if (intval($_POST['imageid']) != intval($image_id)) {
160	array_push($infos, 'comment_access_invalid');
161	$this->displayError($infos);
162	return;
163	}
164	if (isset($_POST['author'])) {
165	$comment->setInfo('author', $_POST['author']);
166	} else if ((isset($_POST['freeauthorck'])) and
167	(isset($_POST['freeauthor']))) {
168	// Free author
169	$new_author = trim(stripslashes($_POST['freeauthor']));
170	$new_author = $comment->validateAuthor($new_author);
171	$comment->setInfo('author', $new_author);
172	}
173
174	$comment_array = array(
175	'author' => trim( stripslashes($comment->getInfo('author')) ),
176	'content' => trim( stripslashes($_POST['content']) ),
177	'image_id' => $image_id,
178	'comment_id' => $comment->getInfo('comment_id'),
179	);
180	$comment_action = update_user_comment($comment_array, @$_POST['key'], $infos );
181
182	switch ($comment_action) {
183	case 'moderate':
184	array_push( $infos, 'comment_to_validate' );
185	case 'validate':
186	array_push( $infos, 'comment_added');
187	break;
188	case 'reject':
189	set_status_header(403);
190	array_push($infos, 'comment_not_added' );
191	break;
192	default:
193	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
194	}
195	// allow plugins to notify what's going on
196	trigger_action( 'user_comment_insertion',
197	array_merge($comment_array, array('action'=>$comment_action)));
198	if ($comment_action=='reject') {
199	$this->displayError($infos);
200	} else {
201	$this->displayInfo($infos);
202	}
203	}
204
205	function getCommentId($p_string_delete) {
206	$comment_id = "";
207	$elements = split('\?', $p_string_delete);
208	if (count($elements) > 1) {
209	$elem_var = split('\&', $elements[1]);
210	foreach ($elem_var as $var) {
211	$key_value = split('=', $var);
212	if (count($key_value) > 1) {
213	switch ($key_value[0]) {
214	case 'comment_to_delete':
215	case 'delete':
216	$comment_id = $key_value[1];
217	break;
218	default:
219	// No ID
220	}
221	}
222	}
223	}
224	return $comment_id;
225	}
226
227	function displayError($p_error) {
228	$this->displayMessage($p_error, CE_TYPE_ERROR, CE_ERRORS);
229	}
230
231	function displayInfo($p_info) {
232	$this->displayMessage($p_info, CE_TYPE_INFO, CE_INFOS);
233	}
234
235	function displayMessage($p_message, $p_type, $p_image) {
236	// Include language advices
237	load_language('plugin.lang', CE_PATH);
238
239	$messages = array();
240	foreach ($p_message as $message) {
241	array_push($messages, l10n($message));
242	}
243	$message_array = array(
244	'TYPE' => $p_type,
245	'IMG' => $p_image,
246	'TITLE' => l10n($p_type),
247	'MSG' => $messages
248	);
249
250	global $template;
251	$template->set_filenames(array('ce_message'=>$this->getTemplate('message.tpl')));
252	$template->block_html_head( '',
253	'<link rel="stylesheet" type="text/css" href="'.CE_STYLE.'">',
254	$smarty, $repeat);
255	$begin = 'PLUGIN_INDEX_CONTENT_BEFORE';
256	$template->assign('message', $message_array);
257	$old_begin = $template->get_template_vars($begin);
258	$template->assign($begin, $template->parse('ce_message', true));
259	$template->concat($begin, $old_begin);
260	}
261
262	function displayComment($p_comment) {
263	global $template;
264
265	$template->set_filenames(array('ce_edit'=>$this->getTemplate()));
266	$template->block_html_head( '',
267	'<link rel="stylesheet" type="text/css" href="'.CE_STYLE.'">',
268	$smarty, $repeat);
269	$begin = 'PLUGIN_INDEX_CONTENT_BEFORE';
270	$end = 'PLUGIN_INDEX_CONTENT_AFTER';
271	$template->assign($begin, null);
272	$template->assign($end, null);
273	$tplComment = array(
274	'CONTENT' => $p_comment->getInfo('content'),
275	'KEY' => $p_comment->getInfo('comment_id'),
276	'AUTHOR' => $p_comment->getInfo('author'),
277	'IMAGE' => $p_comment->getInfo('image_id'),
278	'DISABLED' => !is_admin(),
279	'USERS' => CE_Comment::getUsers(),
280	'F_ACTION' => $this->getUpdateUrlPrefix(),
281	'FREEAUTHOR'=> ($p_comment->isKnownAuthor())?'':'checked="checked"'
282	);
283	$template->assign('comment', $tplComment);
284	$template->concat($begin, $template->parse('ce_edit', true));
285	}
286
287	function getEditUrlPrefix() {
288	return self::$url_prefix . CE_ACTION_EDIT . '&' . CE_ID . '=';
289	}
290
291	function getUpdateUrlPrefix() {
292	return self::$url_prefix . CE_ACTION_UPDATE;
293	}
294
295	}
296	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: