1 files changed, 79 insertions, 11 deletions
diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php
index e0b82039..69b8505e 100644
--- a/modules/comment/models/comment.php
+++ b/modules/comment/models/comment.php
@@ -54,24 +54,62 @@ class Comment_Model extends ORM {
   }
 
   /**
+   * Add some custom per-instance rules.
+   */
+  public function validate($array=null) {
+    // validate() is recursive, only modify the rules on the outermost call.
+    if (!$array) {
+      $this->rules = array(
+        "guest_name"  => array("callbacks" => array(array($this, "valid_author"))),
+        "guest_email" => array("rules"     => array("email")),
+        "guest_url"   => array("rules"     => array("url")),
+        "item_id"     => array("callbacks" => array(array($this, "valid_item"))),
+        "state"       => array("rules"     => array("Comment_Model::valid_state")),
+        "text"        => array("rules"     => array("required")),
+      );
+    }
+
+    parent::validate($array);
+  }
+
+  /**
    * @see ORM::save()
    */
   public function save() {
-    if (!empty($this->changed)) {
-      $this->updated = time();
-      if (!$this->loaded() && empty($this->created)) {
-        $this->created = $this->updated;
-        $created = true;
+    $this->updated = time();
+    if (!$this->loaded()) {
+      // New comment
+      $this->created = $this->updated;
+      if (empty($this->state)) {
+        $this->state = "published";
       }
-    }
-    $visible_change = $this->original()->state == "published" || $this->state == "published";
-
-    $original = clone $this->original();
-    parent::save();
 
-    if (isset($created)) {
+      // These values are useful for spam fighting, so save them with the comment.  It's painful to
+      // check each one to see if it already exists before setting it, so just use server_http_host
+      // as a semaphore for now (we use that in g2_import.php)
+      if (empty($this->server_http_host)) {
+        $input = Input::instance();
+        $this->server_http_accept = substr($input->server("HTTP_ACCEPT"), 0, 128);
+        $this->server_http_accept_charset = substr($input->server("HTTP_ACCEPT_CHARSET"), 0, 64);
+        $this->server_http_accept_encoding = substr($input->server("HTTP_ACCEPT_ENCODING"), 0, 64);
+        $this->server_http_accept_language = substr($input->server("HTTP_ACCEPT_LANGUAGE"), 0, 64);
+        $this->server_http_connection = substr($input->server("HTTP_CONNECTION"), 0, 64);
+        $this->server_http_host = substr($input->server("HTTP_HOST"), 0, 64);
+        $this->server_http_referer = substr($input->server("HTTP_REFERER"), 0, 255);
+        $this->server_http_user_agent = substr($input->server("HTTP_USER_AGENT"), 0, 128);
+        $this->server_query_string = substr($input->server("QUERY_STRING"), 0, 64);
+        $this->server_remote_addr = substr($input->server("REMOTE_ADDR"), 0, 32);
+        $this->server_remote_host = substr($input->server("REMOTE_HOST"), 0, 64);
+        $this->server_remote_port = substr($input->server("REMOTE_PORT"), 0, 16);
+      }
+      $visible_change = $this->original()->state == "published" || $this->state == "published";
+      parent::save();
       module::event("comment_created", $this);
     } else {
+      // Updated comment
+      $visible_change = $this->original()->state == "published" || $this->state == "published";
+      $original = clone $this->original();
+      parent::save();
       module::event("comment_updated", $original, $this);
     }
 
@@ -92,4 +130,34 @@ class Comment_Model extends ORM {
     $this->join("items", "items.id", "comments.item_id");
     return item::viewable($this);
   }
+
+  /**
+   * Make sure we have an appropriate author id set, or a guest name.
+   */
+  public function valid_author(Validation $v, $field) {
+    if (empty($this->author_id)) {
+      $v->add_error("author_id", "required");
+    } else if ($this->author_id == identity::guest()->id && empty($this->guest_name)) {
+      $v->add_error("guest_name", "required");
+    }
+  }
+
+  /**
+   * Make sure we have a valid associated item id.
+   */
+  public function valid_item(Validation $v, $field) {
+    if (db::build()
+        ->from("items")
+        ->where("id", "=", $this->item_id)
+        ->count_records() != 1) {
+      $v->add_error("item_id", "invalid");
+    }
+  }
+
+  /**
+   * Make sure that the state is legal.
+   */
+  static function valid_state($value) {
+    return in_array($value, array("published", "unpublished", "spam", "deleted"));
+  }
 }