Require a well-formed email address for all comments.

5 files changed, 56 insertions, 4 deletions

diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 9e0f86d2..465b1bcd 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -58,6 +58,7 @@ class Comments_Controller extends Controller {
               "view" => (string) $view,
               "form" => (string) comment::get_add_form($item)));
     } else {
+      $form = comment::prefill_add_form($form);
       print json_encode(array("result" => "error", "form" => (string) $form));
     }
   }
@@ -69,6 +70,6 @@ class Comments_Controller extends Controller {
     $item = ORM::factory("item", $item_id);
     access::required("view", $item);
 
-    print comment::get_add_form($item);
+    print comment::prefill_add_form(comment::get_add_form($item));
   }
 }
diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php
index e3486e83..94b14d0d 100644
--- a/modules/comment/helpers/comment.php
+++ b/modules/comment/helpers/comment.php
@@ -33,7 +33,9 @@ class comment_Core {
       ->error_messages("required", t("You must enter a name for yourself"));
     $group->input("email")
       ->label(t("Email (hidden)"))
-      ->id("g-email");
+      ->id("g-email")
+      ->error_messages("required", t("You must enter a valid email address"))
+      ->error_messages("invalid", t("You must enter a valid email address"));
     $group->input("url")
       ->label(t("Website (hidden)"))
       ->id("g-url");
@@ -45,13 +47,17 @@ class comment_Core {
     module::event("comment_add_form", $form);
     $group->submit("")->value(t("Add"))->class("ui-state-default ui-corner-all");
 
+    return $form;
+  }
+
+  static function prefill_add_form($form) {
     $active = identity::active_user();
     if (!$active->guest) {
+      $group = $form->add_comment;
       $group->inputs["name"]->value($active->full_name)->disabled("disabled");
       $group->email->value($active->email)->disabled("disabled");
       $group->url->value($active->url)->disabled("disabled");
     }
-
     return $form;
   }
 }
diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php
index 48084340..fb70c79a 100644
--- a/modules/comment/models/comment.php
+++ b/modules/comment/models/comment.php
@@ -61,7 +61,7 @@ class Comment_Model extends ORM {
     if (!$array) {
       $this->rules = array(
         "guest_name"  => array("callbacks" => array(array($this, "valid_author"))),
-        "guest_email" => array("rules"     => array("email")),
+        "guest_email" => array("callbacks" => array(array($this, "valid_email"))),
         "guest_url"   => array("rules"     => array("url")),
         "item_id"     => array("callbacks" => array(array($this, "valid_item"))),
         "state"       => array("rules"     => array("Comment_Model::valid_state")),
@@ -145,6 +145,19 @@ class Comment_Model extends ORM {
   }
 
   /**
+   * Make sure that the email address is legal.
+   */
+  public function valid_email(Validation $v, $field) {
+    if ($this->author_id == identity::guest()->id) {
+      if (empty($v->guest_email)) {
+        $v->add_error("guest_email", "required");
+      } else if (!valid::email($v->guest_email)) {
+        $v->add_error("guest_email", "invalid");
+      }
+    }
+  }
+
+  /**
    * Make sure we have a valid associated item id.
    */
   public function valid_item(Validation $v, $field) {
diff --git a/modules/comment/tests/Comment_Event_Test.php b/modules/comment/tests/Comment_Event_Test.php
index 62ffec2f..7cae9297 100644
--- a/modules/comment/tests/Comment_Event_Test.php
+++ b/modules/comment/tests/Comment_Event_Test.php
@@ -25,6 +25,7 @@ class Comment_Event_Test extends Gallery_Unit_Test_Case {
     $comment->item_id = $album->id;
     $comment->author_id = identity::guest()->id;
     $comment->guest_name = "test";
+    $comment->guest_email = "test@test.com";
     $comment->text = "text";
     $comment->save();
 
diff --git a/modules/comment/tests/Comment_Model_Test.php b/modules/comment/tests/Comment_Model_Test.php
index f4e944f0..ee4d3d3c 100644
--- a/modules/comment/tests/Comment_Model_Test.php
+++ b/modules/comment/tests/Comment_Model_Test.php
@@ -22,6 +22,37 @@ class Comment_Model_Test extends Gallery_Unit_Test_Case {
     identity::set_active_user(identity::admin_user());
   }
 
+  public function guest_name_and_email_is_required_test() {
+    try {
+      $comment = ORM::factory("comment");
+      $comment->item_id = item::root()->id;
+      $comment->author_id = identity::guest()->id;
+      $comment->text = "text";
+      $comment->save();
+    } catch (ORM_Validation_Exception $e) {
+      $this->assert_equal(array("guest_name" => "required",
+                                "guest_email" => "required"),
+                          $e->validation->errors());
+      return;
+    }
+  }
+
+  public function guest_email_must_be_well_formed_test() {
+    try {
+      $comment = ORM::factory("comment");
+      $comment->item_id = item::root()->id;
+      $comment->author_id = identity::guest()->id;
+      $comment->guest_name = "guest";
+      $comment->guest_email = "bogus";
+      $comment->text = "text";
+      $comment->save();
+    } catch (ORM_Validation_Exception $e) {
+      $this->assert_equal(array("guest_email" => "invalid"),
+                          $e->validation->errors());
+      return;
+    }
+  }
+
   public function cant_view_comments_for_unviewable_items_test() {
     $album = test::random_album();