[geeklog-cvs] geeklog-1.3/public_html comment.php,1.86,1.87
vinny at iowaoutdoors.org
vinny at iowaoutdoors.org
Mon Jan 24 01:00:11 EST 2005
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv31139/public_html
Modified Files:
comment.php
Log Message:
saveComment and deleteComment overhaul.
Index: comment.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.86
retrieving revision 1.87
diff -C2 -d -r1.86 -r1.87
*** comment.php 21 Jan 2005 23:31:44 -0000 1.86
--- comment.php 24 Jan 2005 06:00:09 -0000 1.87
***************
*** 82,97 ****
case $LANG03[11]: // Submit Comment
! $display .= CMT_saveComment (COM_applyFilter ($_POST['uid'], true),
! strip_tags ($_POST['title']), $_POST['comment'],
! COM_applyFilter ($_POST['sid']),
! COM_applyFilter ($_POST['pid'], true),
! COM_applyFilter ($_POST['type']),
! COM_applyFilter ($_POST['postmode']));
break;
case 'delete':
! $display .= CMT_deleteComment (COM_applyFilter ($_REQUEST['cid'], true),
! COM_applyFilter ($_REQUEST['sid']),
! COM_applyFilter ($_REQUEST['type']));
break;
--- 82,194 ----
case $LANG03[11]: // Submit Comment
! $type = COM_applyFilter ($_POST['type']);
! $sid = COM_applyFilter ($_POST['sid']);
! switch ( $type ) {
! case 'article':
! $commentcode = DB_getItem ($_TABLES['stories'], 'commentcode',
! "sid = '$sid'");
! if ($commentcode < 0) {
! return COM_refresh ($_CONF['site_url'] . '/index.php');
! }
!
! $ret .= CMT_saveComment ( strip_tags ($_POST['title']), $_POST['comment'],
! $sid, COM_applyFilter ($_POST['pid'], true), 'article',
! COM_applyFilter ($_POST['postmode']));
!
! if ( $ret > 0 ) { // failure
! $display .= COM_siteHeader()
! . CMT_commentform ($uid, $title, $comment, $sid, $pid,
! $type, $LANG03[14], $postmode)
! . COM_siteFooter();
! } else { // success
! $comments = DB_count ($_TABLES['comments'], 'sid', $sid);
! DB_change ($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
! COM_olderStuff (); // update comment count in Older Stories block
! $display = COM_refresh (COM_buildUrl ($_CONF['site_url']
! . "/article.php?story=$sid"));
! }
! break;
!
! case 'poll':
! $commentcode = DB_getItem ($_TABLES['pollquestions'], 'commentcode',
! "qid = '$sid'");
! if ($commentcode < 0) {
! return COM_refresh ($_CONF['site_url'] . '/index.php');
! }
!
! $ret .= CMT_saveComment (strip_tags ($_POST['title']), $_POST['comment'],
! $sid, COM_applyFilter ($_POST['pid'], true), 'poll',
! COM_applyFilter ($_POST['postmode']));
!
! if ( $ret > 0 ) { // failure
! $display .= COM_siteHeader()
! . CMT_commentform ($uid, $title, $comment, $sid, $pid,
! $type, $LANG03[14], $postmode)
! . COM_siteFooter();
! } else { // success
! $display = COM_refresh ($_CONF['site_url']
! . "/pollbooth.php?qid=$sid&aid=-1");
! }
! break;
!
! default: // assume plugin
! if ( !($display = PLG_handlePluginComment($type, null, 'save')) ) {
! $display = COM_refresh ($_CONF['site_url'] . '/index.php');
! }
! break;
! }
break;
case 'delete':
! $type = COM_applyFilter ($_REQUEST['type']);
! $sid = COM_applyFilter ($_REQUEST['sid']);
! switch ( $type ) {
! case 'article':
! $has_editPermissions = SEC_hasRights ('story.edit');
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '$sid'");
! $A = DB_fetchArray ($result);
!
! if ($has_editPermissions && SEC_hasAccess ($A['owner_id'],
! $A['group_id'], $A['perm_owner'], $A['perm_group'],
! $A['perm_members'], $A['perm_anon']) == 3) {
! $ret .= CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid, 'article');
! $comments = DB_count ($_TABLES['comments'], 'sid', $sid);
! DB_change ($_TABLES['stories'], 'comments', $comments,
! 'sid', $sid);
! $display .= COM_refresh (COM_buildUrl ($_CONF['site_url']
! . "/article.php?story=$sid") . '#comments');
! } else {
! COM_errorLog ("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) "
! . "tried to illegally delete comment $cid from $type $sid");
! $display .= COM_refresh ($_CONF['site_url'] . '/index.php');
! }
!
! break;
!
! case 'poll':
! $has_editPermissions = SEC_hasRights ('poll.edit');
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['pollquestions']} WHERE qid = '{$sid}'");
! $A = DB_fetchArray ($result);
!
! if ($has_editPermissions && SEC_hasAccess ($A['owner_id'],
! $A['group_id'], $A['perm_owner'], $A['perm_group'],
! $A['perm_members'], $A['perm_anon']) == 3) {
! $ret .= CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid, 'poll');
! $display .= COM_refresh ($_CONF['site_url'] . "/pollbooth.php?qid=$sid&aid=-1");
! } else {
! COM_errorLog ("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) "
! . "tried to illegally delete comment $cid from $type $sid");
! $display .= COM_refresh ($_CONF['site_url'] . '/index.php');
! }
!
! break;
!
! default: //assume plugin
! if ( !($display = PLG_handlePluginComment($type,
! COM_applyFilter($_REQUEST['cid'], true), 'delete')) ) {
! $display = COM_refresh ($_CONF['site_url'] . '/index.php');
! }
! break;
! }
break;
More information about the geeklog-cvs
mailing list