Dotclear

source: admin/comment.php @ 2720:bc400ebfc2e9

Revision 2720:bc400ebfc2e9, 7.4 KB checked in by Dsls, 11 years ago (diff)

One step further towards php hardcoded links annihilation in admin sources, more to come...
RevLine 
[0]1<?php
2# -- BEGIN LICENSE BLOCK ---------------------------------------
3#
4# This file is part of Dotclear 2.
5#
[1179]6# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
[0]7# Licensed under the GPL version 2.0 license.
8# See LICENSE file or
9# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10#
11# -- END LICENSE BLOCK -----------------------------------------
12
13require dirname(__FILE__).'/../inc/admin/prepend.php';
14
15dcPage::check('usage,contentadmin');
16
17$comment_id = null;
18$comment_dt = '';
19$comment_author = '';
20$comment_email = '';
21$comment_site = '';
22$comment_content = '';
23$comment_ip = '';
24$comment_status = '';
25$comment_trackback = 0;
26$comment_spam_status = '';
27
[1719]28
[0]29# Status combo
[1719]30$status_combo = dcAdminCombos::getCommentStatusescombo();
[0]31
32# Adding comment
33if (!empty($_POST['add']) && !empty($_POST['post_id']))
34{
35     try
36     {
37          $rs = $core->blog->getPosts(array('post_id' => $_POST['post_id'], 'post_type' => ''));
[2566]38
[0]39          if ($rs->isEmpty()) {
40               throw new Exception(__('Entry does not exist.'));
41          }
[2566]42
[0]43          $cur = $core->con->openCursor($core->prefix.'comment');
[2566]44
[0]45          $cur->comment_author = $_POST['comment_author'];
46          $cur->comment_email = html::clean($_POST['comment_email']);
47          $cur->comment_site = html::clean($_POST['comment_site']);
48          $cur->comment_content = $core->HTMLfilter($_POST['comment_content']);
49          $cur->post_id = (integer) $_POST['post_id'];
[2566]50
[0]51          # --BEHAVIOR-- adminBeforeCommentCreate
52          $core->callBehavior('adminBeforeCommentCreate',$cur);
[2566]53
[0]54          $comment_id = $core->blog->addComment($cur);
[2566]55
[0]56          # --BEHAVIOR-- adminAfterCommentCreate
57          $core->callBehavior('adminAfterCommentCreate',$cur,$comment_id);
[2566]58
[2256]59          dcPage::addSuccessNotice(__('Comment has been successfully created.'));
60          http::redirect($core->getPostAdminURL($rs->post_type,$rs->post_id,false).'&co=1');
[0]61     } catch (Exception $e) {
62          $core->error->add($e->getMessage());
63     }
64}
65
66if (!empty($_REQUEST['id']))
67{
68     $params['comment_id'] = $_REQUEST['id'];
[2566]69
[0]70     try {
71          $rs = $core->blog->getComments($params);
72          if (!$rs->isEmpty()) {
73               $comment_id = $rs->comment_id;
74               $post_id = $rs->post_id;
75               $post_type = $rs->post_type;
76               $post_title = $rs->post_title;
77               $comment_dt = $rs->comment_dt;
78               $comment_author = $rs->comment_author;
79               $comment_email = $rs->comment_email;
80               $comment_site = $rs->comment_site;
81               $comment_content = $rs->comment_content;
82               $comment_ip = $rs->comment_ip;
83               $comment_status = $rs->comment_status;
84               $comment_trackback = (boolean) $rs->comment_trackback;
85               $comment_spam_status = $rs->comment_spam_status;
86          }
87     } catch (Exception $e) {
88          $core->error->add($e->getMessage());
89     }
90}
91
92if (!$comment_id && !$core->error->flag()) {
[2666]93     $core->error->add(__('No comments'));
[0]94}
95
96if (!$core->error->flag() && isset($rs))
97{
98     $can_edit = $can_delete = $can_publish = $core->auth->check('contentadmin',$core->blog->id);
[2566]99
[0]100     if (!$core->auth->check('contentadmin',$core->blog->id) && $core->auth->userID() == $rs->user_id) {
101          $can_edit = true;
102          if ($core->auth->check('delete',$core->blog->id)) {
103               $can_delete = true;
104          }
105          if ($core->auth->check('publish',$core->blog->id)) {
106               $can_publish = true;
107          }
108     }
[2566]109
[0]110     # update comment
111     if (!empty($_POST['update']) && $can_edit)
112     {
113          $cur = $core->con->openCursor($core->prefix.'comment');
[2566]114
[0]115          $cur->comment_author = $_POST['comment_author'];
116          $cur->comment_email = html::clean($_POST['comment_email']);
117          $cur->comment_site = html::clean($_POST['comment_site']);
118          $cur->comment_content = $core->HTMLfilter($_POST['comment_content']);
[2566]119
[0]120          if (isset($_POST['comment_status'])) {
121               $cur->comment_status = (integer) $_POST['comment_status'];
122          }
[2566]123
[0]124          try
125          {
126               # --BEHAVIOR-- adminBeforeCommentUpdate
127               $core->callBehavior('adminBeforeCommentUpdate',$cur,$comment_id);
[2566]128
[0]129               $core->blog->updComment($comment_id,$cur);
[2566]130
[0]131               # --BEHAVIOR-- adminAfterCommentUpdate
132               $core->callBehavior('adminAfterCommentUpdate',$cur,$comment_id);
[2566]133
[2256]134               dcPage::addSuccessNotice(__('Comment has been successfully updated.'));
[2720]135               http::redirect($core->adminurl->get("admin.comment",array('id' => $comment_id)));
[0]136          }
137          catch (Exception $e)
138          {
139               $core->error->add($e->getMessage());
140          }
141     }
[2566]142
[0]143     if (!empty($_POST['delete']) && $can_delete)
144     {
145          try {
146               # --BEHAVIOR-- adminBeforeCommentDelete
147               $core->callBehavior('adminBeforeCommentDelete',$comment_id);
[2566]148
[0]149               $core->blog->delComment($comment_id);
[2566]150
[2256]151               dcPage::addSuccessNotice(__('Comment has been successfully deleted.'));
152               http::redirect($core->getPostAdminURL($rs->post_type,$rs->post_id).'&co=1',false);
[0]153          } catch (Exception $e) {
154               $core->error->add($e->getMessage());
155          }
156     }
[2566]157
[0]158     if (!$can_edit) {
159          $core->error->add(__("You can't edit this comment."));
160     }
161}
162
163/* DISPLAY
164-------------------------------------------------------- */
[1358]165if ($comment_id) {
166     $breadcrumb = dcPage::breadcrumb(
167          array(
168               html::escapeHTML($core->blog->name) => '',
169               html::escapeHTML($post_title) => $core->getPostAdminURL($post_type,$post_id).'&amp;co=1#c'.$comment_id,
[2166]170               __('Edit comment') => ''
[1358]171          ));
172} else {
173     $breadcrumb = dcPage::breadcrumb(
174          array(
175               html::escapeHTML($core->blog->name) => '',
176               html::escapeHTML($post_title) => $core->getPostAdminURL($post_type,$post_id),
[2166]177               __('Edit comment') => ''
[1358]178          ));
179}
180
[0]181dcPage::open(__('Edit comment'),
182     dcPage::jsConfirmClose('comment-form').
183     dcPage::jsLoad('js/_comment.js').
[2614]184     $core->callBehavior('adminPostEditor').
[0]185     # --BEHAVIOR-- adminCommentHeaders
[1358]186     $core->callBehavior('adminCommentHeaders'),
187     $breadcrumb
[0]188);
189
190if ($comment_id)
191{
192     if (!empty($_GET['upd'])) {
[1553]193          dcPage::success(__('Comment has been successfully updated.'));
[0]194     }
[2566]195
[0]196     $comment_mailto = '';
197     if ($comment_email)
198     {
199          $comment_mailto = '<a href="mailto:'.html::escapeHTML($comment_email)
200          .'?subject='.rawurlencode(sprintf(__('Your comment on my blog %s'),$core->blog->name))
[1972]201          .'&amp;body='
[0]202          .rawurlencode(sprintf(__("Hi!\n\nYou wrote a comment on:\n%s\n\n\n"),$rs->getPostURL()))
203          .'">'.__('Send an e-mail').'</a>';
204     }
[1332]205
[0]206     echo
[2720]207     '<form action="'.$core->adminurl->get("admin.comment").'" method="post" id="comment-form">'.
[1399]208     '<div class="fieldset">'.
209     '<h3>'.__('Information collected').'</h3>'.
210     '<p>'.__('IP address:').' '.
[2720]211     '<a href="'.$core->adminurl->get("admin.comments",array('ip' => $comment_ip)).'">'.$comment_ip.'</a></p>'.
[2566]212
[1399]213     '<p>'.__('Date:').' '.
[0]214     dt::dt2str(__('%Y-%m-%d %H:%M'),$comment_dt).'</p>'.
[1399]215     '</div>'.
216
[2566]217     '<h3>'.__('Comment submitted').'</h3>'.
[1399]218     '<p><label for="comment_author" class="required"><abbr title="'.__('Required field').'">*</abbr>'.__('Author:').'</label>'.
219     form::field('comment_author',30,255,html::escapeHTML($comment_author)).
220     '</p>'.
[2566]221
[1399]222     '<p><label for="comment_email">'.__('Email:').'</label>'.
223     form::field('comment_email',30,255,html::escapeHTML($comment_email)).
224     '<span>'.$comment_mailto.'</span>'.
225     '</p>'.
[2566]226
[1399]227     '<p><label for="comment_site">'.__('Web site:').'</label>'.
228     form::field('comment_site',30,255,html::escapeHTML($comment_site)).
229     '</p>'.
[2566]230
[1399]231     '<p><label for="comment_status">'.__('Status:').'</label>'.
[0]232     form::combo('comment_status',$status_combo,$comment_status,'','',!$can_publish).
[1399]233     '</p>'.
[2566]234
[0]235     # --BEHAVIOR-- adminAfterCommentDesc
236     $core->callBehavior('adminAfterCommentDesc', $rs).
[2566]237
[0]238     '<p class="area"><label for="comment_content">'.__('Comment:').'</label> '.
239     form::textarea('comment_content',50,10,html::escapeHTML($comment_content)).
240     '</p>'.
[2566]241
[0]242     '<p>'.form::hidden('id',$comment_id).
243     $core->formNonce().
[217]244     '<input type="submit" accesskey="s" name="update" value="'.__('Save').'" /> ';
[2566]245
[0]246     if ($can_delete) {
[205]247          echo '<input type="submit" class="delete" name="delete" value="'.__('Delete').'" />';
[0]248     }
249     echo
250     '</p>'.
251     '</form>';
252}
253
254dcPage::helpBlock('core_comments');
255dcPage::close();
Note: See TracBrowser for help on using the repository browser.

Sites map