source: trunk/include/picture_comment.inc.php @ 3452

Last change on this file since 3452 was 3452, checked in by nikrou, 15 years ago

Fix two problem with Feature 1026 :
use of $confuser_fieldsusername and $confuser_fieldsid instead of username and id
escape comment content before editing it.

  • Property svn:eol-style set to LF
File size: 6.3 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24/**
25 * This file is included by the picture page to manage user comments
26 *
27 */
28
29// the picture is commentable if it belongs at least to one category which
30// is commentable
31$page['show_comments'] = false;
32foreach ($related_categories as $category)
33{
34  if ($category['commentable'] == 'true')
35  {
36    $page['show_comments'] = true;
37    break;
38  }
39}
40
41if ( $page['show_comments'] and isset( $_POST['content'] ) )
42{
43  if ( is_a_guest() and !$conf['comments_forall'] )
44  {
45    die ('Session expired');
46  }
47
48  $comm = array(
49    'author' => trim( stripslashes(@$_POST['author']) ),
50    'content' => trim( stripslashes($_POST['content']) ),
51    'image_id' => $page['image_id'],
52   );
53
54  include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
55
56  $comment_action = insert_user_comment($comm, @$_POST['key'], $infos );
57
58  switch ($comment_action)
59  {
60    case 'moderate':
61      array_push( $infos, l10n('comment_to_validate') );
62    case 'validate':
63      array_push( $infos, l10n('comment_added'));
64      break;
65    case 'reject':
66      set_status_header(403);
67      array_push($infos, l10n('comment_not_added') );
68      break;
69    default:
70      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
71  }
72
73  $template->assign(
74      ($comment_action=='reject') ? 'errors' : 'infos',
75      $infos
76    );
77
78  // allow plugins to notify what's going on
79  trigger_action( 'user_comment_insertion',
80      array_merge($comm, array('action'=>$comment_action) )
81    );
82}
83elseif ( isset($_POST['content']) )
84{
85  set_status_header(403);
86  die('ugly spammer');
87}
88
89if ($page['show_comments'])
90{
91  // number of comments for this picture
92  $query = '
93SELECT COUNT(*) AS nb_comments
94  FROM '.COMMENTS_TABLE.'
95  WHERE image_id='.$page['image_id']." AND validated = 'true'";
96  $row = mysql_fetch_array( pwg_query( $query ) );
97
98  // navigation bar creation
99  if (!isset($page['start']))
100  {
101    $page['start'] = 0;
102  }
103
104  $navigation_bar = create_navigation_bar(
105    duplicate_picture_url(array(), array('start')),
106    $row['nb_comments'],
107    $page['start'],
108    $conf['nb_comment_page'],
109    true // We want a clean URL
110    );
111
112  $template->assign(
113    array(
114      'COMMENT_COUNT' => $row['nb_comments'],
115      'navbar' => $navigation_bar,
116      )
117    );
118
119  if ($row['nb_comments'] > 0)
120  {
121    if ( !is_admin() )
122    {
123      $validated_clause = '  AND validated = \'true\'';
124    } 
125    else 
126    {
127      $validated_clause = '';
128    }
129
130    $query = '
131SELECT com.id,author,author_id,'.$conf['user_fields']['username'].' AS username,
132  date,image_id,content,validated
133  FROM '.COMMENTS_TABLE.' AS com
134  LEFT JOIN '.USERS_TABLE.' AS u
135    ON u.'.$conf['user_fields']['id'].' = author_id
136  WHERE image_id = '.$page['image_id'].
137$validated_clause.'
138  ORDER BY date ASC
139  LIMIT '.$page['start'].', '.$conf['nb_comment_page'].'
140;';
141    $result = pwg_query( $query );
142
143    while ($row = mysql_fetch_array($result))
144    {
145      if (!empty($row['author'])) 
146      {
147        $author = $row['author'];
148        if ($author == 'guest')
149        {
150          $author = l10n('guest');
151        }
152      }
153      else
154      {
155        $author = $row['username'];
156      }
157
158      $tpl_comment =
159        array(
160          'AUTHOR' => trigger_event('render_comment_author', $author),
161
162          'DATE' => format_date( $row['date'], true),
163
164          'CONTENT' => trigger_event('render_comment_content',$row['content']),
165        );
166
167      if (can_manage_comment('delete', $row['author_id']))
168      {
169        $tpl_comment['U_DELETE'] =
170          add_url_params($url_self,
171                         array(
172                           'action'=>'delete_comment',
173                           'comment_to_delete'=>$row['id']
174                               )
175                         );
176      }
177      if (can_manage_comment('edit', $row['author_id']))
178      {
179        $tpl_comment['U_EDIT'] =
180          add_url_params($url_self,
181                         array(
182                           'action'=>'edit_comment',
183                           'comment_to_edit'=>$row['id']
184                               )
185                         );
186        if (isset($edit_comment) and ($row['id'] == $edit_comment))
187        {
188          $tpl_comment['IN_EDIT'] = true;
189          $key = get_comment_post_key($page['image_id']);
190          $tpl_comment['KEY'] = $key;
191          $tpl_comment['CONTENT'] = $row['content'];
192        }
193      }
194      if (is_admin())
195      {
196        if ($row['validated'] != 'true')
197        {
198          $tpl_comment['U_VALIDATE'] = 
199            add_url_params($url_self,
200                           array('action' => 'validate_comment',
201                                 'comment_to_validate' => $row['id']
202                                 )
203                           );
204        }
205      }
206      $template->append('comments', $tpl_comment);
207    }
208  }
209
210  if (!is_a_guest()
211      or (is_a_guest() and $conf['comments_forall'])
212      or (empty($edit_comment)))
213  {
214    $key = get_comment_post_key($page['image_id']);
215    $content = '';
216    if ('reject'===@$comment_action)
217    {
218      $content = htmlspecialchars($comm['content']);
219    }
220    $template->assign('comment_add',
221        array(
222          'F_ACTION' => $url_self,
223          'KEY' => $key,
224          'CONTENT' => $content,
225          'SHOW_AUTHOR' => !is_classic_user()
226        ));
227  }
228}
229
230?>
Note: See TracBrowser for help on using the repository browser.