bug:2152 Comments revalidation when modified

git-svn-id: http://piwigo.org/svn/trunk@10097 68402e56-0260-453c-a942-63ccdbb3a9ee
Piwigo · Apr 6, 2011 · a8b750b · a8b750b
1 parent 5f7328e
commit a8b750b
Show file tree

Hide file tree

Showing 9 changed files with 170 additions and 44 deletions.
diff --git a/admin/configuration.php b/admin/configuration.php
@@ -63,6 +63,7 @@
 $comments_checkboxes = array(
     'comments_forall',
     'comments_validation',
+    'comments_update_validation',
     'email_admin_on_comment',
     'email_admin_on_comment_validation',
     'user_can_delete_comment',

diff --git a/admin/themes/default/template/configuration.tpl b/admin/themes/default/template/configuration.tpl
@@ -143,6 +143,13 @@
         <input type="checkbox" name="comments_validation" {if ($comments.comments_validation)}checked="checked"{/if}>
       </label>
     </li>
+
+    <li>
+      <label>
+        <span class="property">{'Update Validation'|@translate}</span>
+        <input type="checkbox" name="comments_update_validation" {if ($comments.comments_update_validation)}checked="checked"{/if}>
+      </label>
+    </li>
 
     <li>
       <label>

diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
@@ -263,19 +263,59 @@ function update_user_comment($comment, $post_key)
       $user_where_clause = '   AND author_id = \''.
 	$GLOBALS['user']['id'].'\'';
     }
+
+    // should the updated comment must be validated
+    if (!$conf['comments_update_validation'] or is_admin())
+    {
+      $comment_action='validate'; //one of validate, moderate, reject
+    }
+    else
+    {
+      $comment_action='moderate'; //one of validate, moderate, reject
+    }
+
     $query = '
 UPDATE '.COMMENTS_TABLE.'
   SET content = \''.$comment['content'].'\',
-      validation_date = now()
+      validated = \''.($comment_action=='validate' ? 'true':'false').'\',
+      validation_date = '.($comment_action=='validate' ? 'NOW()':'NULL').'
   WHERE id = '.$comment['comment_id'].
 $user_where_clause.'
 ;';
     $result = pwg_query($query);
-    if ($result) {
+
+    // mail admin and ask to validate the comment
+    if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) 
+    {
+      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
+
+      $comment_url = get_absolute_root_url().'comments.php?comment_id='.$comment['comment_id'];
+
+      $keyargs_content = array
+      (
+        get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ),
+        get_l10n_args('Comment: %s', stripslashes($comment['content']) ),
+        get_l10n_args('', ''),
+        get_l10n_args('Manage this user comment: %s', $comment_url),
+        get_l10n_args('', ''),
+        get_l10n_args('(!) This comment requires validation', ''),
+      );
+
+      pwg_mail_notification_admins
+      (
+        get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ),
+        $keyargs_content
+      );
+    }
+    // just mail admin
+    else if ($result)
+    {
       email_admin('edit', array('author' => $GLOBALS['user']['username'],
 				'content' => stripslashes($comment['content'])) );
     }
   }
+
+  return $comment_action;
 }
 
 function email_admin($action, $comment)

diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
@@ -38,52 +38,55 @@
   }
 }
 
-if ( $page['show_comments'] and isset( $_POST['content'] ) )
+if (!isset($comment_action))
 {
-  if ( is_a_guest() and !$conf['comments_forall'] )
+  if ( $page['show_comments'] and isset( $_POST['content'] ) )
   {
-    die ('Session expired');
-  }
+    if ( is_a_guest() and !$conf['comments_forall'] )
+    {
+      die ('Session expired');
+    }
 
-  $comm = array(
-    'author' => trim( @$_POST['author'] ),
-    'content' => trim( $_POST['content'] ),
-    'image_id' => $page['image_id'],
-   );
+    $comm = array(
+      'author' => trim( @$_POST['author'] ),
+      'content' => trim( $_POST['content'] ),
+      'image_id' => $page['image_id'],
+     );
 
-  include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+    include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
 
-  $comment_action = insert_user_comment($comm, @$_POST['key'], $infos );
+    $comment_action = insert_user_comment($comm, @$_POST['key'], $infos );
 
-  switch ($comment_action)
-  {
-    case 'moderate':
-      array_push( $infos, l10n('An administrator must authorize your comment before it is visible.') );
-    case 'validate':
-      array_push( $infos, l10n('Your comment has been registered'));
-      break;
-    case 'reject':
-      set_status_header(403);
-      array_push($infos, l10n('Your comment has NOT been registered because it did not pass the validation rules') );
-      break;
-    default:
-      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
-  }
+    switch ($comment_action)
+    {
+      case 'moderate':
+        array_push( $infos, l10n('An administrator must authorize your comment before it is visible.') );
+      case 'validate':
+        array_push( $infos, l10n('Your comment has been registered'));
+        break;
+      case 'reject':
+        set_status_header(403);
+        array_push($infos, l10n('Your comment has NOT been registered because it did not pass the validation rules') );
+        break;
+      default:
+        trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
+    }
 
-  $template->assign(
-      ($comment_action=='reject') ? 'errors' : 'infos',
-      $infos
-    );
+    $template->assign(
+        ($comment_action=='reject') ? 'errors' : 'infos',
+        $infos
+      );
 
-  // allow plugins to notify what's going on
-  trigger_action( 'user_comment_insertion',
-      array_merge($comm, array('action'=>$comment_action) )
-    );
-}
-elseif ( isset($_POST['content']) )
-{
-  set_status_header(403);
-  die('ugly spammer');
+    // allow plugins to notify what's going on
+    trigger_action( 'user_comment_insertion',
+        array_merge($comm, array('action'=>$comment_action) )
+      );
+  }
+  elseif ( isset($_POST['content']) )
+  {
+    set_status_header(403);
+    die('ugly spammer');
+  }
 }
 
 if ($page['show_comments'])

diff --git a/install/config.sql b/install/config.sql
@@ -3,6 +3,7 @@
 INSERT INTO piwigo_config (param,value,comment) VALUES ('nb_comment_page','10','number of comments to display on each page');
 INSERT INTO piwigo_config (param,value,comment) VALUES ('log','true','keep an history of visits on your website');
 INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_validation','false','administrators validate users comments before becoming visible');
+INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_update_validation','false','administrators validate users updated comments before becoming visible');
 INSERT INTO piwigo_config (param,value,comment) VALUES ('comments_forall','false','even guest not registered can post comments');
 INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_delete_comment','false','administrators can allow user delete their own comments');
 INSERT INTO piwigo_config (param,value,comment) VALUES ('user_can_edit_comment','false','administrators can allow user edit their own comments');

diff --git a/install/db/98-database.php b/install/db/98-database.php
@@ -0,0 +1,52 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | Piwigo - a PHP based photo gallery                                    |
+// +-----------------------------------------------------------------------+
+// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
+// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
+// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify  |
+// | it under the terms of the GNU General Public License as published by  |
+// | the Free Software Foundation                                          |
+// |                                                                       |
+// | This program is distributed in the hope that it will be useful, but   |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
+// | General Public License for more details.                              |
+// |                                                                       |
+// | You should have received a copy of the GNU General Public License     |
+// | along with this program; if not, write to the Free Software           |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA.                                                                  |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+  die('Hacking attempt!');
+}
+
+$upgrade_description = 'add the config parameter comments_update_validation';
+
+$query = '
+INSERT INTO '.CONFIG_TABLE.'
+  (
+    param,
+    value,
+    comment
+  )
+  VALUES (
+    \'comments_update_validation\',
+    false,
+    \'administrators validate users updated comments before becoming visible\'
+   )
+;';
+
+pwg_query($query);
+
+echo
+"\n"
+. $upgrade_description
+."\n"
+;
+?>
diff --git a/language/en_UK/admin.lang.php b/language/en_UK/admin.lang.php
@@ -729,6 +729,7 @@
 $lang['user_status_webmaster'] = "Webmaster";
 $lang['Validate'] = "Validate";
 $lang['Validation'] = "Validation";
+$lang['Update Validation'] = "Validation when a comment is modified";
 $lang['Version of create_listing_file.php on the remote site and Piwigo must be the same'] = "Versions of create_listing_file.php on the remote site and Piwigo must be the same";
 $lang['Version'] = "Version";
 $lang['Virtual album added'] = "Virtual album added";

diff --git a/language/fr_FR/admin.lang.php b/language/fr_FR/admin.lang.php
@@ -169,6 +169,7 @@
 $lang['Users'] = "Utilisateurs";
 $lang['Validate'] = "Valider";
 $lang['Validation'] = "Validation";
+$lang['Update Validation'] = "Validation quand un commentaire est modifié";
 $lang['Version'] = "Version";
 $lang['Virtual albums to move'] = 'Albums virtuels à déplacer';
 $lang['Virtual album name'] = 'Nom de l\'album virtuel';

diff --git a/picture.php b/picture.php
@@ -189,6 +189,8 @@ function default_picture_content($content, $element_info)
 // |                            initialization                             |
 // +-----------------------------------------------------------------------+
 
+$infos = array();
+
 // caching first_rank, last_rank, current_rank in the displayed
 // section. This should also help in readability.
 $page['first_rank']   = 0;
@@ -331,7 +333,7 @@ function default_picture_content($content, $element_info)
       {
         if (!empty($_POST['content']))
         {
-          update_user_comment(
+          $comment_action = update_user_comment(
             array(
               'comment_id' => $_GET['comment_to_edit'],
               'image_id' => $page['image_id'],
@@ -340,7 +342,27 @@ function default_picture_content($content, $element_info)
             $_POST['key']
             );
 
-          redirect($url_self);
+          switch ($comment_action)
+          {
+            case 'moderate':
+              array_push($infos, l10n('An administrator must authorize your comment before it is visible.'));
+            case 'validate':
+              array_push($infos, l10n('Your comment has been registered'));
+              break;
+            case 'reject':
+              set_status_header(403);
+              array_push($infos, l10n('Your comment has NOT been registered because it did not pass the validation rules'));
+              break;
+            default:
+              trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
+          }
+
+          $template->assign(
+              ($comment_action=='reject') ? 'errors' : 'infos',
+              $infos
+            );
+
+          break;
         }
         else
         {
@@ -834,8 +856,6 @@ function default_picture_content($content, $element_info)
       );
 }
 
-$infos = array();
-
 // author
 if (!empty($picture['current']['author']))
 {