summaryrefslogtreecommitdiff
path: root/modules/comment
diff options
context:
space:
mode:
Diffstat (limited to 'modules/comment')
-rw-r--r--modules/comment/controllers/comments.php57
-rw-r--r--modules/comment/helpers/comment.php40
-rw-r--r--modules/comment/models/comment.php87
3 files changed, 99 insertions, 85 deletions
diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 068152a2..6c546321 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -26,50 +26,39 @@ class Comments_Controller extends Controller {
access::required("view", $item);
$form = comment::get_add_form($item);
- $valid = $form->validate();
- if ($valid) {
- if (identity::active_user()->guest && !$form->add_comment->inputs["name"]->value) {
- $form->add_comment->inputs["name"]->add_error("missing", 1);
- $valid = false;
- }
-
- if (!$form->add_comment->text->value) {
- $form->add_comment->text->add_error("missing", 1);
- $valid = false;
+ try {
+ $valid = $form->validate();
+ $comment = ORM::factory("comment");
+ $comment->item_id = $id;
+ $comment->author_id = identity::active_user()->id;
+ $comment->text = $form->add_comment->text->value;
+ $comment->guest_name = $form->add_comment->inputs["name"]->value;
+ $comment->guest_email = $form->add_comment->email->value;
+ $comment->guest_url = $form->add_comment->url->value;
+ $comment->validate();
+ } catch (ORM_Validation_Exception $e) {
+ // Translate ORM validation errors into form error messages
+ foreach ($e->validation->errors() as $key => $error) {
+ switch ($key) {
+ case "guest_name": $key = "name"; break;
+ case "guest_email": $key = "email"; break;
+ }
+ $form->add_comment->inputs[$key]->add_error($error, 1);
}
+ $valid = false;
}
if ($valid) {
- $comment = comment::create(
- $item, identity::active_user(),
- $form->add_comment->text->value,
- $form->add_comment->inputs["name"]->value,
- $form->add_comment->email->value,
- $form->add_comment->url->value);
-
- $active = identity::active_user();
- if ($active->guest) {
- $form->add_comment->inputs["name"]->value("");
- $form->add_comment->email->value("");
- $form->add_comment->url->value("");
- } else {
- $form->add_comment->inputs["name"]->value($active->full_name);
- $form->add_comment->email->value($active->email);
- $form->add_comment->url->value($active->url);
- }
-
- $form->add_comment->text->value("");
+ $comment->save();
$view = new Theme_View("comment.html", "other", "comment-fragment");
$view->comment = $comment;
print json_encode(
array("result" => "success",
- "view" => $view->__toString(),
- "form" => $form->__toString()));
+ "view" => (string) $view,
+ "form" => (string) comment::get_add_form($item)));
} else {
- print json_encode(
- array("result" => "error",
- "form" => $form->__toString()));
+ print json_encode(array("result" => "error", "form" => (string) $form));
}
}
diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php
index 1e1e7d2f..389c8922 100644
--- a/modules/comment/helpers/comment.php
+++ b/modules/comment/helpers/comment.php
@@ -24,46 +24,6 @@
* Note: by design, this class does not do any permission checking.
*/
class comment_Core {
- /**
- * Create a new comment.
- * @param Item_MOdel $item the parent item
- * @param User_Model $author the author User_Model
- * @param string $text comment body
- * @param string $guest_name guest's name (if the author is a guest user, default empty)
- * @param string $guest_email guest's email (if the author is a guest user, default empty)
- * @param string $guest_url guest's url (if the author is a guest user, default empty)
- * @return Comment_Model
- */
- static function create($item, $author, $text, $guest_name=null,
- $guest_email=null, $guest_url=null) {
- $comment = ORM::factory("comment");
- $comment->author_id = $author->id;
- $comment->guest_email = $guest_email;
- $comment->guest_name = $guest_name;
- $comment->guest_url = $guest_url;
- $comment->item_id = $item->id;
- $comment->text = $text;
- $comment->state = "published";
-
- // These values are useful for spam fighting, so save them with the comment.
- $input = Input::instance();
- $comment->server_http_accept = substr($input->server("HTTP_ACCEPT"), 0, 128);
- $comment->server_http_accept_charset = substr($input->server("HTTP_ACCEPT_CHARSET"), 0, 64);
- $comment->server_http_accept_encoding = substr($input->server("HTTP_ACCEPT_ENCODING"), 0, 64);
- $comment->server_http_accept_language = substr($input->server("HTTP_ACCEPT_LANGUAGE"), 0, 64);
- $comment->server_http_connection = substr($input->server("HTTP_CONNECTION"), 0, 64);
- $comment->server_http_host = substr($input->server("HTTP_HOST"), 0, 64);
- $comment->server_http_referer = substr($input->server("HTTP_REFERER"), 0, 255);
- $comment->server_http_user_agent = substr($input->server("HTTP_USER_AGENT"), 0, 128);
- $comment->server_query_string = substr($input->server("QUERY_STRING"), 0, 64);
- $comment->server_remote_addr = substr($input->server("REMOTE_ADDR"), 0, 32);
- $comment->server_remote_host = substr($input->server("REMOTE_HOST"), 0, 64);
- $comment->server_remote_port = substr($input->server("REMOTE_PORT"), 0, 16);
- $comment->save();
-
- return $comment;
- }
-
static function get_add_form($item) {
$form = new Forge("comments/create/{$item->id}", "", "post", array("id" => "g-comment-form"));
$group = $form->group("add_comment")->label(t("Add comment"));
diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php
index e0b82039..7ad47c6d 100644
--- a/modules/comment/models/comment.php
+++ b/modules/comment/models/comment.php
@@ -18,6 +18,11 @@
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Comment_Model extends ORM {
+ var $rules = array(
+ "text" => array("rules" => array("required")),
+ "state" => array("rules" => array("Comment_Model::valid_state"))
+ );
+
function item() {
return ORM::factory("item", $this->item_id);
}
@@ -54,24 +59,56 @@ class Comment_Model extends ORM {
}
/**
+ * Add some custom per-instance rules.
+ */
+ public function validate($array=null) {
+ // validate() is recursive, only modify the rules on the outermost call.
+ if (!$array) {
+ $this->rules["item_id"]["callbacks"] = array(array($this, "valid_item"));
+ $this->rules["guest_name"]["callbacks"] = array(array($this, "valid_author"));
+ }
+
+ parent::validate($array);
+ }
+
+ /**
* @see ORM::save()
*/
public function save() {
- if (!empty($this->changed)) {
- $this->updated = time();
- if (!$this->loaded() && empty($this->created)) {
- $this->created = $this->updated;
- $created = true;
+ $this->updated = time();
+ if (!$this->loaded()) {
+ // New comment
+ $this->created = $this->updated;
+ if (empty($this->state)) {
+ $this->state = "published";
}
- }
- $visible_change = $this->original()->state == "published" || $this->state == "published";
-
- $original = clone $this->original();
- parent::save();
- if (isset($created)) {
+ // These values are useful for spam fighting, so save them with the comment. It's painful to
+ // check each one to see if it already exists before setting it, so just use server_http_host
+ // as a semaphore for now (we use that in g2_import.php)
+ if (empty($this->server_http_host)) {
+ $input = Input::instance();
+ $this->server_http_accept = substr($input->server("HTTP_ACCEPT"), 0, 128);
+ $this->server_http_accept_charset = substr($input->server("HTTP_ACCEPT_CHARSET"), 0, 64);
+ $this->server_http_accept_encoding = substr($input->server("HTTP_ACCEPT_ENCODING"), 0, 64);
+ $this->server_http_accept_language = substr($input->server("HTTP_ACCEPT_LANGUAGE"), 0, 64);
+ $this->server_http_connection = substr($input->server("HTTP_CONNECTION"), 0, 64);
+ $this->server_http_host = substr($input->server("HTTP_HOST"), 0, 64);
+ $this->server_http_referer = substr($input->server("HTTP_REFERER"), 0, 255);
+ $this->server_http_user_agent = substr($input->server("HTTP_USER_AGENT"), 0, 128);
+ $this->server_query_string = substr($input->server("QUERY_STRING"), 0, 64);
+ $this->server_remote_addr = substr($input->server("REMOTE_ADDR"), 0, 32);
+ $this->server_remote_host = substr($input->server("REMOTE_HOST"), 0, 64);
+ $this->server_remote_port = substr($input->server("REMOTE_PORT"), 0, 16);
+ }
+ $visible_change = $this->original()->state == "published" || $this->state == "published";
+ parent::save();
module::event("comment_created", $this);
} else {
+ // Updated comment
+ $visible_change = $this->original()->state == "published" || $this->state == "published";
+ $original = clone $this->original();
+ parent::save();
module::event("comment_updated", $original, $this);
}
@@ -92,4 +129,32 @@ class Comment_Model extends ORM {
$this->join("items", "items.id", "comments.item_id");
return item::viewable($this);
}
+
+ /**
+ * Make sure we have an appropriate author id set, or a guest name.
+ */
+ public function valid_author(Validation $v, $field) {
+ if ($this->author_id == identity::guest()->id && empty($this->guest_name)) {
+ $v->add_error("guest_name", "required");
+ }
+ }
+
+ /**
+ * Make sure we have a valid associated item id.
+ */
+ public function valid_item(Validation $v, $field) {
+ if (db::build()
+ ->from("items")
+ ->where("id", "=", $this->item_id)
+ ->count_records() != 1) {
+ $v->add_error("item_id", "invalid");
+ }
+ }
+
+ /**
+ * Make sure that the state is legal.
+ */
+ static function valid_state($value) {
+ return in_array($value, array("published", "unpublished", "spam", "deleted"));
+ }
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 13:38:51 +0000