source: trunk/comments.php @ 1703

Last change on this file since 1703 was 1696, checked in by rub, 18 years ago

Fixed: HTML vulnerability (Cross Site Scripting)

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 13.9 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $Id: comments.php 1696 2007-01-03 23:28:09Z rub $
9// | last update   : $Date: 2007-01-03 23:28:09 +0000 (Wed, 03 Jan 2007) $
10// | last modifier : $Author: rub $
11// | revision      : $Revision: 1696 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// +-----------------------------------------------------------------------+
29// |                           initialization                              |
30// +-----------------------------------------------------------------------+
31define('PHPWG_ROOT_PATH','./');
32include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
33
34// +-----------------------------------------------------------------------+
35// | Check Access and exit when user status is not ok                      |
36// +-----------------------------------------------------------------------+
37check_status(ACCESS_GUEST);
38
39$sort_order = array(
40  'descending' => 'DESC',
41  'ascending' => 'ASC'
42  );
43
44// sort_by : database fields proposed for sorting comments list
45$sort_by = array(
46  'date' => 'comment date',
47  'image_id' => 'picture'
48  );
49
50// items_number : list of number of items to display per page
51$items_number = array(5,10,20,50,'all');
52
53// since when display comments ?
54//
55$since_options = array(
56  1 => array('label' => l10n('today'),
57             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 1 DAY)'),
58  2 => array('label' => sprintf(l10n('last %d days'), 7),
59             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 7 DAY)'),
60  3 => array('label' => sprintf(l10n('last %d days'), 30),
61             'clause' => 'date > SUBDATE(CURDATE(), INTERVAL 30 DAY)'),
62  4 => array('label' => l10n('the beginning'),
63             'clause' => '1=1') // stupid but generic
64  );
65
66$page['since'] = isset($_GET['since']) ? $_GET['since'] : 3;
67
68// on which field sorting
69//
70$page['sort_by'] = 'date';
71// if the form was submitted, it overloads default behaviour
72if (isset($_GET['sort_by']))
73{
74  $page['sort_by'] = $_GET['sort_by'];
75}
76
77// order to sort
78//
79$page['sort_order'] = $sort_order['descending'];
80// if the form was submitted, it overloads default behaviour
81if (isset($_GET['sort_order']))
82{
83  $page['sort_order'] = $sort_order[$_GET['sort_order']];
84}
85
86// number of items to display
87//
88$page['items_number'] = 5;
89if (isset($_GET['items_number']))
90{
91  $page['items_number'] = $_GET['items_number'];
92}
93
94// which category to filter on ?
95$page['cat_clause'] = '1=1';
96if (isset($_GET['cat']) and 0 != $_GET['cat'])
97{
98  $page['cat_clause'] =
99    'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
100}
101
102// search a particular author
103$page['author_clause'] = '1=1';
104if (isset($_GET['author']) and !empty($_GET['author']))
105{
106  if (function_exists('mysql_real_escape_string'))
107  {
108    $author = mysql_real_escape_string($_GET['author']);
109  }
110  else
111  {
112    $author = mysql_escape_string($_GET['author']);
113  }
114
115  $page['author_clause'] = 'author = \''.$author.'\'';
116}
117
118// search a substring among comments content
119$page['keyword_clause'] = '1=1';
120if (isset($_GET['keyword']) and !empty($_GET['keyword']))
121{
122  if (function_exists('mysql_real_escape_string'))
123  {
124    $keyword = mysql_real_escape_string($_GET['keyword']);
125  }
126  else
127  {
128    $keyword = mysql_escape_string($_GET['keyword']);
129  }
130  $page['keyword_clause'] =
131    '('.
132    implode(' AND ',
133            array_map(
134              create_function(
135                '$s',
136                'return "content LIKE \'%$s%\'";'
137                ),
138              preg_split('/[\s,;]+/', $keyword)
139              )
140      ).
141    ')';
142}
143
144// which status to filter on ?
145if ( is_admin() )
146{
147  $page['status_clause'] = '1=1';
148}
149else
150{
151  $page['status_clause'] = 'validated="true"';
152}
153
154
155// +-----------------------------------------------------------------------+
156// |                         comments management                           |
157// +-----------------------------------------------------------------------+
158if (isset($_GET['delete']) and is_numeric($_GET['delete'])
159      and !is_adviser() )
160{// comments deletion
161  check_status(ACCESS_ADMINISTRATOR);
162  $query = '
163DELETE FROM '.COMMENTS_TABLE.'
164  WHERE id='.$_GET['delete'].'
165;';
166  pwg_query($query);
167}
168
169if (isset($_GET['validate']) and is_numeric($_GET['validate'])
170      and !is_adviser() )
171{  // comments validation
172  check_status(ACCESS_ADMINISTRATOR);
173  $query = '
174UPDATE '.COMMENTS_TABLE.'
175  SET validated = \'true\'
176  , validation_date = NOW()
177  WHERE id='.$_GET['validate'].'
178;';
179  pwg_query($query);
180}
181
182// +-----------------------------------------------------------------------+
183// |                       page header and options                         |
184// +-----------------------------------------------------------------------+
185
186$title= l10n('title_comments');
187$page['body_id'] = 'theCommentsPage';
188include(PHPWG_ROOT_PATH.'include/page_header.php');
189
190$template->set_filenames(array('comments'=>'comments.tpl'));
191$template->assign_vars(
192  array(
193    'L_COMMENT_TITLE' => $title,
194
195    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
196    'F_KEYWORD'=>@htmlentities($_GET['keyword']),
197    'F_AUTHOR'=>@htmlentities($_GET['author']),
198
199    'U_HOME' => make_index_url(),
200    )
201  );
202
203// +-----------------------------------------------------------------------+
204// |                          form construction                            |
205// +-----------------------------------------------------------------------+
206
207// Search in a particular category
208$blockname = 'category';
209
210$template->assign_block_vars(
211  $blockname,
212  array('SELECTED' => '',
213        'VALUE'=> 0,
214        'OPTION' => '------------'
215    ));
216
217$query = '
218SELECT id,name,uppercats,global_rank
219  FROM '.CATEGORIES_TABLE.'
220'.get_sql_condition_FandF
221  (
222    array
223      (
224        'forbidden_categories' => 'id',
225        'visible_categories' => 'id'
226      ),
227    'WHERE'
228  ).'
229;';
230display_select_cat_wrapper($query, array(@$_GET['cat']), $blockname, true);
231
232// Filter on recent comments...
233$blockname = 'since_option';
234
235foreach ($since_options as $id => $option)
236{
237  $selected = ($id == $page['since']) ? 'selected="selected"' : '';
238
239  $template->assign_block_vars(
240    $blockname,
241    array('SELECTED' => $selected,
242          'VALUE'=> $id,
243          'CONTENT' => $option['label']
244      ));
245}
246
247// Sort by
248$blockname = 'sort_by_option';
249
250foreach ($sort_by as $key => $value)
251{
252  $selected = ($key == $page['sort_by']) ? 'selected="selected"' : '';
253
254  $template->assign_block_vars(
255    $blockname,
256    array('SELECTED' => $selected,
257          'VALUE'=> $key,
258          'CONTENT' => l10n($value)
259      ));
260}
261
262// Sorting order
263$blockname = 'sort_order_option';
264
265foreach (array_keys($sort_order) as $option)
266{
267  $selected = ($option == $page['sort_order']) ? 'selected="selected"' : '';
268
269  $template->assign_block_vars(
270    $blockname,
271    array('SELECTED' => $selected,
272          'VALUE'=> $option,
273          'CONTENT' => l10n($option)
274      ));
275}
276
277// Number of items
278$blockname = 'items_number_option';
279
280foreach ($items_number as $option)
281{
282  $selected = ($option == $page['items_number']) ? 'selected="selected"' : '';
283
284  $template->assign_block_vars(
285    $blockname,
286    array('SELECTED' => $selected,
287          'VALUE'=> $option,
288          'CONTENT' => is_numeric($option) ? $option : l10n($option)
289      ));
290}
291
292// +-----------------------------------------------------------------------+
293// |                            navigation bar                             |
294// +-----------------------------------------------------------------------+
295
296if (isset($_GET['start']) and is_numeric($_GET['start']))
297{
298  $start = $_GET['start'];
299}
300else
301{
302  $start = 0;
303}
304
305$query = '
306SELECT COUNT(DISTINCT(id))
307  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
308    INNER JOIN '.COMMENTS_TABLE.' AS com
309    ON ic.image_id = com.image_id
310  WHERE '.$since_options[$page['since']]['clause'].'
311    AND '.$page['cat_clause'].'
312    AND '.$page['author_clause'].'
313    AND '.$page['keyword_clause'].'
314    AND '.$page['status_clause'].'
315'.get_sql_condition_FandF
316  (
317    array
318      (
319        'forbidden_categories' => 'category_id',
320        'visible_categories' => 'category_id',
321        'visible_images' => 'ic.image_id'
322      ),
323    'AND'
324  ).'
325;';
326list($counter) = mysql_fetch_row(pwg_query($query));
327
328$url = PHPWG_ROOT_PATH
329    .'comments.php'
330    .get_query_string_diff(array('start','delete','validate'));
331
332$navbar = create_navigation_bar($url,
333                                $counter,
334                                $start,
335                                $page['items_number'],
336                                '');
337
338$template->assign_vars(array('NAVBAR' => $navbar));
339
340// +-----------------------------------------------------------------------+
341// |                        last comments display                          |
342// +-----------------------------------------------------------------------+
343
344$comments = array();
345$element_ids = array();
346$category_ids = array();
347
348$query = '
349SELECT com.id AS comment_id
350     , com.image_id
351     , ic.category_id
352     , com.author
353     , com.date
354     , com.content
355     , com.id AS comment_id
356     , com.validated
357  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
358    INNER JOIN '.COMMENTS_TABLE.' AS com
359    ON ic.image_id = com.image_id
360  WHERE '.$since_options[$page['since']]['clause'].'
361    AND '.$page['cat_clause'].'
362    AND '.$page['author_clause'].'
363    AND '.$page['keyword_clause'].'
364    AND '.$page['status_clause'].'
365'.get_sql_condition_FandF
366  (
367    array
368      (
369        'forbidden_categories' => 'category_id',
370        'visible_categories' => 'category_id',
371        'visible_images' => 'ic.image_id'
372      ),
373    'AND'
374  ).'
375  GROUP BY comment_id
376  ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
377if ('all' != $page['items_number'])
378{
379  $query.= '
380  LIMIT '.$start.','.$page['items_number'];
381}
382$query.= '
383;';
384$result = pwg_query($query);
385while ($row = mysql_fetch_assoc($result))
386{
387  array_push($comments, $row);
388  array_push($element_ids, $row['image_id']);
389  array_push($category_ids, $row['category_id']);
390}
391
392if (count($comments) > 0)
393{
394  // retrieving element informations
395  $elements = array();
396  $query = '
397SELECT id, name, file, path, tn_ext
398  FROM '.IMAGES_TABLE.'
399  WHERE id IN ('.implode(',', $element_ids).')
400;';
401  $result = pwg_query($query);
402  while ($row = mysql_fetch_assoc($result))
403  {
404    $elements[$row['id']] = $row;
405  }
406
407  // retrieving category informations
408  $categories = array();
409  $query = '
410SELECT id, name, uppercats
411  FROM '.CATEGORIES_TABLE.'
412  WHERE id IN ('.implode(',', $category_ids).')
413;';
414  $result = pwg_query($query);
415  while ($row = mysql_fetch_assoc($result))
416  {
417    $categories[$row['id']] = $row;
418  }
419
420  foreach ($comments as $comment)
421  {
422    if (!empty($elements[$comment['image_id']]['name']))
423    {
424      $name=$elements[$comment['image_id']]['name'];
425    }
426    else
427    {
428      $name=get_name_from_file($elements[$comment['image_id']]['file']);
429    }
430
431    // source of the thumbnail picture
432    $thumbnail_src = get_thumbnail_url( $elements[$comment['image_id']] );
433
434    // link to the full size picture
435    $url = make_picture_url(
436            array(
437              'category' => $comment['category_id'],
438              'cat_name' => $categories[ $comment['category_id']] ['name'],
439              'image_id' => $comment['image_id'],
440              'image_file' => $elements[$comment['image_id']]['file'],
441            )
442          );
443
444    $author = $comment['author'];
445    if (empty($comment['author']))
446    {
447      $author = l10n('guest');
448    }
449
450    $template->assign_block_vars(
451      'comment',
452      array(
453        'U_PICTURE' => $url,
454        'TN_SRC' => $thumbnail_src,
455        'ALT' => $name,
456        'AUTHOR' => $author,
457        'DATE'=>format_date($comment['date'],'mysql_datetime',true),
458        'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
459        ));
460
461    if ( is_admin() )
462    {
463      $url = get_root_url().'comments.php'.get_query_string_diff(array('delete','validate'));
464      $template->assign_block_vars(
465        'comment.action_delete',
466        array(
467          'U_DELETE' => add_url_params($url,
468                          array('delete'=>$comment['comment_id'])
469                         ),
470          ));
471      if ($comment['validated'] != 'true')
472      {
473        $template->assign_block_vars(
474          'comment.action_validate',
475          array(
476            'U_VALIDATE' => add_url_params($url,
477                            array('validate'=>$comment['comment_id'])
478                           ),
479            ));
480      }
481    }
482  }
483}
484// +-----------------------------------------------------------------------+
485// |                           html code display                           |
486// +-----------------------------------------------------------------------+
487$template->assign_block_vars('title',array());
488$template->parse('comments');
489include(PHPWG_ROOT_PATH.'include/page_tail.php');
490?>
Note: See TracBrowser for help on using the repository browser.