Changeset 5195 for trunk/comments.php
- Timestamp:
- Mar 19, 2010, 11:25:39 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/comments.php
r5014 r5195 117 117 } 118 118 119 // search a specific comment (if you're coming directly from an admin 120 // notification email) 121 if (!empty($_GET['comment_id'])) 122 { 123 check_input_parameter('comment_id', $_GET, false, PATTERN_ID); 124 125 // currently, the $_GET['comment_id'] is only used by admins from email 126 // for management purpose (validate/delete) 127 if (!is_admin()) 128 { 129 $login_url = 130 get_root_url().'identification.php?redirect=' 131 .urlencode(urlencode($_SERVER['REQUEST_URI'])) 132 ; 133 redirect($login_url); 134 } 135 136 $page['where_clauses'][] = 'com.id = '.$_GET['comment_id']; 137 } 138 119 139 // search a substring among comments content 120 140 if (!empty($_GET['keyword'])) … … 156 176 // | comments management | 157 177 // +-----------------------------------------------------------------------+ 158 if (isset($_GET['delete']) and is_numeric($_GET['delete']) 159 and (is_admin() || $conf['user_can_delete_comment'])) 160 {// comments deletion 161 delete_user_comment($_GET['delete']); 162 } 163 164 if (isset($_GET['validate']) and is_numeric($_GET['validate']) 165 and !is_adviser() ) 166 { // comments validation 167 check_status(ACCESS_ADMINISTRATOR); 168 $query = ' 169 UPDATE '.COMMENTS_TABLE.' 170 SET validated = \'true\' 171 , validation_date = NOW() 172 WHERE id='.$_GET['validate'].' 173 ;'; 174 pwg_query($query); 175 } 176 177 if (isset($_GET['edit']) and is_numeric($_GET['edit']) 178 and (is_admin() || $conf['user_can_edit_comment'])) 179 { 180 if (!empty($_POST['content'])) 178 179 $comment_id = null; 180 $action = null; 181 182 $actions = array('delete', 'validate', 'edit'); 183 foreach ($actions as $loop_action) 184 { 185 if (isset($_GET[$loop_action])) 181 186 { 182 update_user_comment(array('comment_id' => $_GET['edit'], 183 'image_id' => $_POST['image_id'], 184 'content' => $_POST['content']), 185 $_POST['key'] 186 ); 187 188 $edit_comment = null; 187 $action = $loop_action; 188 check_input_parameter($action, $_GET, false, PATTERN_ID); 189 $comment_id = $_GET[$action]; 190 break; 189 191 } 190 else 192 } 193 194 if (isset($action)) 195 { 196 check_pwg_token(); 197 198 $comment_author_id = get_comment_author_id($comment_id); 199 200 if (can_manage_comment($action, $comment_author_id)) 191 201 { 192 $edit_comment = $_GET['edit']; 202 $perform_redirect = false; 203 204 if ('delete' == $action) 205 { 206 delete_user_comment($comment_id); 207 $perform_redirect = true; 208 } 209 210 if ('validate' == $action) 211 { 212 validate_user_comment($comment_id); 213 $perform_redirect = true; 214 } 215 216 if ('edit' == $action) 217 { 218 if (!empty($_POST['content'])) 219 { 220 update_user_comment( 221 array( 222 'comment_id' => $_GET['edit'], 223 'image_id' => $_POST['image_id'], 224 'content' => $_POST['content'] 225 ), 226 $_POST['key'] 227 ); 228 229 $edit_comment = null; 230 } 231 else 232 { 233 $edit_comment = $_GET['edit']; 234 } 235 } 236 237 if ($perform_redirect) 238 { 239 $redirect_url = 240 PHPWG_ROOT_PATH 241 .'comments.php' 242 .get_query_string_diff(array('delete','validate','pwg_token')); 243 244 redirect($redirect_url); 245 } 193 246 } 194 247 } … … 288 341 $url = PHPWG_ROOT_PATH 289 342 .'comments.php' 290 .get_query_string_diff(array('start','delete','validate'));343 .get_query_string_diff(array('start','delete','validate','pwg_token')); 291 344 292 345 $navbar = create_navigation_bar($url, … … 379 432 // link to the full size picture 380 433 $url = make_picture_url( 381 array(382 'category' => $categories[ $comment['category_id'] ],383 'image_id' => $comment['image_id'],384 'image_file' => $elements[$comment['image_id']]['file'],385 )386 );387 388 $tpl_comment =389 434 array( 390 'U_PICTURE' => $url, 391 'TN_SRC' => $thumbnail_src, 392 'ALT' => $name, 393 'AUTHOR' => trigger_event('render_comment_author', $comment['author']), 394 'DATE'=>format_date($comment['date'], true), 395 'CONTENT'=>trigger_event('render_comment_content',$comment['content']), 435 'category' => $categories[ $comment['category_id'] ], 436 'image_id' => $comment['image_id'], 437 'image_file' => $elements[$comment['image_id']]['file'], 438 ) 439 ); 440 441 $tpl_comment = array( 442 'U_PICTURE' => $url, 443 'TN_SRC' => $thumbnail_src, 444 'ALT' => $name, 445 'AUTHOR' => trigger_event('render_comment_author', $comment['author']), 446 'DATE'=>format_date($comment['date'], true), 447 'CONTENT'=>trigger_event('render_comment_content',$comment['content']), 448 ); 449 450 if (can_manage_comment('delete', $comment['author_id'])) 451 { 452 $url = 453 get_root_url() 454 .'comments.php' 455 .get_query_string_diff(array('delete','validate','edit', 'pwg_token')); 456 457 $tpl_comment['U_DELETE'] = add_url_params( 458 $url, 459 array( 460 'delete' => $comment['comment_id'], 461 'pwg_token' => get_pwg_token(), 462 ) 396 463 ); 397 398 if (can_manage_comment('delete', $comment['author_id'])) 399 { 400 $url = get_root_url().'comments.php' 401 .get_query_string_diff(array('delete','validate','edit')); 402 $tpl_comment['U_DELETE'] = 403 add_url_params($url, 404 array('delete'=>$comment['comment_id']) 405 ); 406 } 464 } 465 407 466 if (can_manage_comment('edit', $comment['author_id'])) 408 467 { 409 $url = get_root_url().'comments.php' 410 .get_query_string_diff(array('edit', 'delete','validate')); 411 $tpl_comment['U_EDIT'] = 412 add_url_params($url, 413 array('edit'=>$comment['comment_id']) 414 ); 468 $url = 469 get_root_url() 470 .'comments.php' 471 .get_query_string_diff(array('edit', 'delete','validate', 'pwg_token')); 472 473 $tpl_comment['U_EDIT'] = add_url_params( 474 $url, 475 array( 476 'edit' => $comment['comment_id'], 477 'pwg_token' => get_pwg_token(), 478 ) 479 ); 480 415 481 if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment)) 416 482 { … … 423 489 } 424 490 425 if ( is_admin() && $comment['validated'] != 'true') 426 { 427 $tpl_comment['U_VALIDATE'] = 428 add_url_params($url, 429 array('validate'=>$comment['comment_id']) 430 ); 491 if (can_manage_comment('validate', $comment['author_id'])) 492 { 493 if ('true' != $comment['validated']) 494 { 495 $tpl_comment['U_VALIDATE'] = add_url_params( 496 $url, 497 array( 498 'validate'=> $comment['comment_id'], 499 'pwg_token' => get_pwg_token(), 500 ) 501 ); 502 } 431 503 } 432 504 $template->append('comments', $tpl_comment);
Note: See TracChangeset
for help on using the changeset viewer.