Changeset 26065 for extensions/GuestBook/include/functions_comment.inc.php
- Timestamp:
- Dec 21, 2013, 5:33:24 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/GuestBook/include/functions_comment.inc.php
r25786 r26065 1 1 <?php 2 if (!defined('GUESTBOOK_PATH'))die('Hacking attempt!');2 defined('GUESTBOOK_PATH') or die('Hacking attempt!'); 3 3 4 4 include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); 5 add_event_handler('user_comment_check_guestbook', 'user_comment_check', 6 EVENT_HANDLER_PRIORITY_NEUTRAL, 2); 5 7 6 8 7 function insert_user_comment_guestbook( &$comm, $key ) … … 10 9 global $conf, $user, $page; 11 10 12 $comm = array_merge( 11 $comm = array_merge($comm, 13 12 array( 14 13 'ip' => $_SERVER['REMOTE_ADDR'], … … 19 18 if (!$conf['guestbook']['comments_validation'] or is_admin()) 20 19 { 21 $comment_action='validate'; //one of validate, moderate, reject22 } 23 else 24 { 25 $comment_action='moderate'; //one of validate, moderate, reject26 } 27 28 // display author field if the user status is guest or generic20 $comment_action='validate'; 21 } 22 else 23 { 24 $comment_action='moderate'; 25 } 26 27 // author 29 28 if (!is_classic_user()) 30 29 { 31 if ( empty($comm['author']))32 { 33 array_push($page['errors'], l10n('Please enter your username'));30 if (empty($comm['author'])) 31 { 32 $page['errors'][] = l10n('Please enter your username'); 34 33 $comment_action='reject'; 35 34 } … … 37 36 { 38 37 $comm['author_id'] = $conf['guest_id']; 39 // if a guest try to use the name of an already existing user, he must be40 // rejected38 // if a guest try to use the name of an already existing user, 39 // he must be rejected 41 40 $query = ' 42 41 SELECT COUNT(*) AS user_exists 43 42 FROM '.USERS_TABLE.' 44 WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'"; 45 $row = pwg_db_fetch_assoc( pwg_query( $query ) ); 43 WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."' 44 ;"; 45 $row = pwg_db_fetch_assoc(pwg_query($query)); 46 46 47 if ( $row['user_exists'] == 1)47 if ($row['user_exists'] == 1) 48 48 { 49 array_push($page['errors'], l10n('This login is already used by another user'));49 $page['errors'][] = l10n('This login is already used by another user'); 50 50 $comment_action='reject'; 51 51 } … … 58 58 } 59 59 60 if ( empty($comm['content']) ) 61 { // empty comment content 62 $comment_action='reject'; 63 } 64 65 if ( !verify_ephemeral_key(@$key) ) 60 // content 61 if (empty($comm['content'])) 62 { 63 $comment_action='reject'; 64 } 65 66 // key 67 if (!verify_ephemeral_key(@$key)) 66 68 { 67 69 $comment_action='reject'; … … 70 72 71 73 // email 72 if ( empty($comm['email']) and is_classic_user() and !empty($user['email']))74 if (empty($comm['email']) and is_classic_user() and !empty($user['email'])) 73 75 { 74 76 $comm['email'] = $user['email']; 75 77 } 76 else if ( empty($comm['email']) and $conf['comments_email_mandatory'])77 { 78 array_push($page['errors'], l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));79 $comment_action='reject'; 80 } 81 else if ( !empty($comm['email']) and !email_check_format($comm['email']))82 { 83 array_push($page['errors'], l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'));78 else if (empty($comm['email']) and $conf['comments_email_mandatory']) 79 { 80 $page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'); 81 $comment_action='reject'; 82 } 83 else if (!empty($comm['email']) and !email_check_format($comm['email'])) 84 { 85 $page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)'); 84 86 $comment_action='reject'; 85 87 } 86 88 87 89 // website 88 if ( !empty($comm['website']) and !preg_match('/^(https?:\/\/)/i', $comm['website']))90 if (!empty($comm['website']) and !preg_match('/^(https?:\/\/)/i', $comm['website'])) 89 91 { 90 92 $comm['website'] = 'http://'.$comm['website']; 91 93 } 92 if ( !empty($comm['website']) and !url_check_format($comm['website']))93 { 94 array_push($page['errors'], l10n('invalid website address'));94 if (!empty($comm['website']) and !url_check_format($comm['website'])) 95 { 96 $page['errors'][] = l10n('invalid website address'); 95 97 $comment_action='reject'; 96 98 } … … 125 127 if ($counter > 0) 126 128 { 127 array_push($page['errors'], l10n('Anti-flood system : please wait for a moment before trying to post another comment'));129 $page['errors'][] = l10n('Anti-flood system : please wait for a moment before trying to post another comment'); 128 130 $comment_action='reject'; 129 131 } … … 131 133 132 134 // perform more spam check 133 $comment_action = trigger_event('user_comment_check_guestbook', 134 $comment_action, $comm 135 ); 136 137 if ( $comment_action!='reject' ) 135 $comment_action = trigger_event('user_comment_check', $comment_action, $comm); 136 137 if ($comment_action!='reject') 138 138 { 139 139 $query = ' … … 175 175 $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id'])); 176 176 177 $keyargs_content = array 178 ( 177 $keyargs_content = array( 179 178 get_l10n_args('Author: %s', stripslashes($comm['author']) ), 180 179 get_l10n_args('Comment: %s', stripslashes($comm['content']) ), … … 189 188 } 190 189 191 pwg_mail_notification_admins 192 ( 190 pwg_mail_notification_admins( 193 191 get_l10n_args('Comment by %s', stripslashes($comm['author']) ), 194 192 $keyargs_content … … 196 194 } 197 195 } 196 198 197 return $comment_action; 199 198 } … … 205 204 $comment_action = 'validate'; 206 205 207 if ( !verify_ephemeral_key($post_key))208 { 209 $comment_action='reject'; 210 } 211 else if (!$conf['guestbook']['comments_validation'] or is_admin()) // should the updated comment must be validated212 { 213 $comment_action='validate'; //one of validate, moderate, reject214 } 215 else 216 { 217 $comment_action='moderate'; //one of validate, moderate, reject218 } 219 220 if ( $comment_action!='reject')206 if (!verify_ephemeral_key($post_key)) 207 { 208 $comment_action='reject'; 209 } 210 else if (!$conf['guestbook']['comments_validation'] or is_admin()) // should the updated comment must be validated 211 { 212 $comment_action='validate'; 213 } 214 else 215 { 216 $comment_action='moderate'; 217 } 218 219 if ($comment_action!='reject') 221 220 { 222 221 $user_where_clause = ''; … … 244 243 $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id'=>$comm['id'])); 245 244 246 $keyargs_content = array 247 ( 245 $keyargs_content = array( 248 246 get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username']) ), 249 247 get_l10n_args('Comment: %s', stripslashes($comment['content']) ), … … 254 252 ); 255 253 256 pwg_mail_notification_admins 257 ( 254 pwg_mail_notification_admins( 258 255 get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username']) ), 259 256 $keyargs_content … … 274 271 ;'; 275 272 $result = pwg_query($query); 273 276 274 if (pwg_db_num_rows($result) == 0) 277 275 { … … 296 294 if (!is_admin()) 297 295 { 298 $user_where_clause = ' 296 $user_where_clause = ' AND author_id = \''.$GLOBALS['user']['id'].'\''; 299 297 } 300 298 301 299 if (is_array($comment_id)) 300 { 302 301 $where_clause = 'id IN('.implode(',', $comment_id).')'; 303 else 302 } 303 else 304 { 304 305 $where_clause = 'id = '.$comment_id; 306 } 305 307 306 308 $query = ' … … 315 317 { 316 318 if (is_array($comment_id)) 319 { 317 320 $where_clause = 'id IN('.implode(',', $comment_id).')'; 318 else 321 } 322 else 323 { 319 324 $where_clause = 'id = '.$comment_id; 325 } 320 326 321 327 $query = '
Note: See TracChangeset
for help on using the changeset viewer.