diff options
Diffstat (limited to 'modules/comment')
| -rw-r--r-- | modules/comment/controllers/admin_comments.php | 4 | ||||
| -rw-r--r-- | modules/comment/controllers/comments.php | 9 | ||||
| -rw-r--r-- | modules/comment/helpers/comment.php | 7 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_event.php | 30 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_installer.php | 15 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_rss.php | 52 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_search.php | 34 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_theme.php | 4 | ||||
| -rw-r--r-- | modules/comment/js/comment.js | 10 | ||||
| -rw-r--r-- | modules/comment/models/comment.php | 29 | ||||
| -rw-r--r-- | modules/comment/tests/Comment_Model_Test.php (renamed from modules/comment/helpers/comment_menu.php) | 33 | ||||
| -rw-r--r-- | modules/comment/views/admin_block_recent_comments.html.php | 8 | ||||
| -rw-r--r-- | modules/comment/views/admin_comments.html.php | 20 | ||||
| -rw-r--r-- | modules/comment/views/comment.html.php | 8 | ||||
| -rw-r--r-- | modules/comment/views/comment.mrss.php | 12 | ||||
| -rw-r--r-- | modules/comment/views/comments.html.php | 20 |
16 files changed, 160 insertions, 135 deletions
diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php index 3e8d3c46..a164f79f 100644 --- a/modules/comment/controllers/admin_comments.php +++ b/modules/comment/controllers/admin_comments.php @@ -113,10 +113,6 @@ class Admin_Comments_Controller extends Admin_Controller { if ($comment->loaded) { $comment->state = $state; $comment->save(); - module::event("comment_updated", $orig, $comment); - if ($orig->state == "published" || $comment->state == "published") { - module::event("item_related_update", $comment->item()); - } } } diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 02c38491..82b12893 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller { foreach ($comments as $comment) { $data[] = array( "id" => $comment->id, - "author_name" => p::clean($comment->author_name()), + "author_name" => html::clean($comment->author_name()), "created" => $comment->created, - "text" => nl2br(p::purify($comment->text))); + "text" => nl2br(html::purify($comment->text))); } print json_encode($data); break; @@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller { array("result" => "success", "data" => array( "id" => $comment->id, - "author_name" => p::clean($comment->author_name()), + "author_name" => html::clean($comment->author_name()), "created" => $comment->created, - "text" => nl2br(p::purify($comment->text))))); + "text" => nl2br(html::purify($comment->text))))); } else { $view = new Theme_View("comment.html", "fragment"); $view->comment = $comment; @@ -152,7 +152,6 @@ class Comments_Controller extends REST_Controller { $comment->url = $form->edit_comment->url->value; $comment->text = $form->edit_comment->text->value; $comment->save(); - module::event("comment_updated", $comment); print json_encode( array("result" => "success", diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index 08cba096..f74a8644 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -35,7 +35,7 @@ class comment_Core { * @return Comment_Model */ static function create($item, $author, $text, $guest_name=null, - $guest_email=ull, $guest_url=null) { + $guest_email=null, $guest_url=null) { $comment = ORM::factory("comment"); $comment->author_id = $author->id; $comment->guest_email = $guest_email; @@ -61,11 +61,6 @@ class comment_Core { $comment->server_remote_port = substr($input->server("REMOTE_PORT"), 0, 16); $comment->save(); - module::event("comment_created", $comment); - if ($comment->state == "published") { - module::event("item_related_update", $comment->item()); - } - return $comment; } diff --git a/modules/comment/helpers/comment_event.php b/modules/comment/helpers/comment_event.php index a3beb27a..0234aea9 100644 --- a/modules/comment/helpers/comment_event.php +++ b/modules/comment/helpers/comment_event.php @@ -18,7 +18,35 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class comment_event_Core { - static function item_before_delete($item) { + static function item_deleted($item) { Database::instance()->delete("comments", array("item_id" => $item->id)); } + + static function admin_menu($menu, $theme) { + $menu->get("content_menu") + ->append(Menu::factory("link") + ->id("comments") + ->label(t("Comments")) + ->url(url::site("admin/comments"))); + } + + static function photo_menu($menu, $theme) { + $menu + ->append(Menu::factory("link") + ->id("comments") + ->label(t("View comments on this item")) + ->url("#comments") + ->css_id("gCommentsLink")); + } + + static function item_index_data($item, $data) { + foreach (Database::instance() + ->select("text") + ->from("comments") + ->where("item_id", $item->id) + ->get() + ->as_array() as $row) { + $data[] = $row->text; + } + } } diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index f54913c3..80594c16 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -44,7 +44,7 @@ class comment_installer { `text` text, `updated` int(9) NOT NULL, PRIMARY KEY (`id`)) - ENGINE=InnoDB DEFAULT CHARSET=utf8;"); + DEFAULT CHARSET=utf8;"); block_manager::add("dashboard_center", "comment", "recent_comments"); module::set_var("comment", "spam_caught", 0); @@ -52,8 +52,8 @@ class comment_installer { } static function upgrade($version) { + $db = Database::instance(); if ($version == 1) { - $db = Database::instance(); $db->query("ALTER TABLE {comments} CHANGE `state` `state` varchar(15) default 'unpublished'"); module::set_version("comment", 2); } @@ -61,9 +61,16 @@ class comment_installer { static function uninstall() { $db = Database::instance(); - $sql = "SELECT `item_id` FROM {comments}"; - module::event("item_related_update_batch", $sql); + // Notify listeners that we're deleting some data. This is probably going to be very + // inefficient for large uninstalls, and we could make it better by doing things like passing + // a SQL fragment through so that the listeners could use subselects. But by using a single, + // simple event API we lighten the load on module developers. + foreach (ORM::factory("item") + ->join("comments", "items.id", "comments.item_id") + ->find_all() as $item) { + module::event("item_related_update", $item); + } $db->query("DROP TABLE IF EXISTS {comments};"); } } diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index ab3d2283..4424981d 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -23,7 +23,7 @@ class comment_rss_Core { $feeds["comment/newest"] = t("All new comments"); if ($item) { $feeds["comment/item/$item->id"] = - t("Comments on %title", array("title" => p::purify($item->title))); + t("Comments on %title", array("title" => html::purify($item->title))); } return $feeds; } @@ -34,41 +34,35 @@ class comment_rss_Core { } $comments = ORM::factory("comment") - ->where("state", "published") - ->orderby("created", "DESC"); - $all_comments = ORM::factory("comment") + ->viewable() ->where("state", "published") ->orderby("created", "DESC"); if ($feed_id == "item") { $comments->where("item_id", $id); - $all_comments->where("item_id", $id); } - if (!empty($comments)) { - $feed->view = "comment.mrss"; - $comments = $comments->find_all($limit, $offset); - $feed->children = array(); - foreach ($comments as $comment) { - $item = $comment->item(); - $feed->children[] = new ArrayObject( - array("pub_date" => date("D, d M Y H:i:s T", $comment->created), - "text" => nl2br(p::purify($comment->text)), - "thumb_url" => $item->thumb_url(), - "thumb_height" => $item->thumb_height, - "thumb_width" => $item->thumb_width, - "item_uri" => url::abs_site("{$item->type}s/$item->id"), - "title" => p::purify($item->title), - "author" => p::clean($comment->author_name())), - ArrayObject::ARRAY_AS_PROPS); - } + $feed->view = "comment.mrss"; + $feed->children = array(); + foreach ($comments->find_all($limit, $offset) as $comment) { + $item = $comment->item(); + $feed->children[] = new ArrayObject( + array("pub_date" => date("D, d M Y H:i:s T", $comment->created), + "text" => nl2br(html::purify($comment->text)), + "thumb_url" => $item->thumb_url(), + "thumb_height" => $item->thumb_height, + "thumb_width" => $item->thumb_width, + "item_uri" => url::abs_site("{$item->type}s/$item->id"), + "title" => html::purify($item->title), + "author" => html::clean($comment->author_name())), + ArrayObject::ARRAY_AS_PROPS); + } - $feed->max_pages = ceil($all_comments->find_all()->count() / $limit); - $feed->title = htmlspecialchars(t("Recent Comments")); - $feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id)); - $feed->description = t("Recent Comments"); + $feed->max_pages = ceil($comments->count_all() / $limit); + $feed->title = htmlspecialchars(t("Recent Comments")); + $feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id)); + $feed->description = t("Recent Comments"); - return $feed; - } + return $feed; } -}
\ No newline at end of file +} diff --git a/modules/comment/helpers/comment_search.php b/modules/comment/helpers/comment_search.php deleted file mode 100644 index 29762eae..00000000 --- a/modules/comment/helpers/comment_search.php +++ /dev/null @@ -1,34 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ - -class Comment_Search_Core { - static function item_index_data($item) { - $data = array(); - foreach (Database::instance() - ->select("text") - ->from("comments") - ->where("item_id", $item->id) - ->get() - ->as_array() as $row) { - $data[] = $row->text; - } - return join(" ", $data); - } -} diff --git a/modules/comment/helpers/comment_theme.php b/modules/comment/helpers/comment_theme.php index 89b2f57c..38a00b5c 100644 --- a/modules/comment/helpers/comment_theme.php +++ b/modules/comment/helpers/comment_theme.php @@ -19,14 +19,13 @@ */ class comment_theme_Core { static function head($theme) { - $theme->script("modules/comment/js/comment.js"); + $theme->script("comment.js"); return ""; } static function photo_bottom($theme) { $block = new Block; $block->css_id = "gComments"; - $block->anchor = t("comments"); $block->title = t("Comments"); $view = new View("comments.html"); @@ -37,7 +36,6 @@ class comment_theme_Core { ->find_all(); $block->content = $view; - $block->content .= comment::get_add_form($theme->item())->render("form.html"); return $block; } }
\ No newline at end of file diff --git a/modules/comment/js/comment.js b/modules/comment/js/comment.js index 00fc6027..9fd63c1a 100644 --- a/modules/comment/js/comment.js +++ b/modules/comment/js/comment.js @@ -1,5 +1,13 @@ $("document").ready(function() { - ajaxify_comment_form(); + $("#gAddCommentButton").click(function(event) { + event.preventDefault(); + $.get($(this).attr("href"), + {}, + function(data) { + $("#gCommentDetail").append(data); + ajaxify_comment_form(); + }); + }); }); function ajaxify_comment_form() { diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php index 22c465df..de9b0cd6 100644 --- a/modules/comment/models/comment.php +++ b/modules/comment/models/comment.php @@ -31,7 +31,7 @@ class Comment_Model extends ORM { if ($author->guest) { return $this->guest_name; } else { - return $author->full_name; + return $author->display_name(); } } @@ -61,8 +61,33 @@ class Comment_Model extends ORM { $this->updated = time(); if (!$this->loaded && empty($this->created)) { $this->created = $this->updated; + $created = true; } } - return parent::save(); + $visible_change = $this->original()->state == "published" || $this->state == "published"; + parent::save(); + + if (isset($created)) { + module::event("comment_created", $this); + } else { + module::event("comment_updated", $this->original(), $this); + } + + // We only notify on the related items if we're making a visible change. + if ($visible_change) { + module::event("item_related_update", $this->item()); + } + + return $this; + } + + /** + * Add a set of restrictions to any following queries to restrict access only to items + * viewable by the active user. + * @chainable + */ + public function viewable() { + $this->join("items", "items.id", "comments.item_id"); + return item::viewable($this); } } diff --git a/modules/comment/helpers/comment_menu.php b/modules/comment/tests/Comment_Model_Test.php index 01881921..f4c68b15 100644 --- a/modules/comment/helpers/comment_menu.php +++ b/modules/comment/tests/Comment_Model_Test.php @@ -17,21 +17,24 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -class comment_menu_Core { - static function admin($menu, $theme) { - $menu->get("content_menu") - ->append(Menu::factory("link") - ->id("comments") - ->label(t("Comments")) - ->url(url::site("admin/comments"))); - } +class Comment_Model_Test extends Unit_Test_Case { + + public function cant_view_comments_for_unviewable_items_test() { + $root = ORM::factory("item", 1); + $album = album::create($root, rand(), rand(), rand()); + $comment = comment::create($album, user::guest(), "text", "name", "email", "url"); + user::set_active(user::guest()); + + // We can see the comment when permissions are granted on the album + access::allow(group::everybody(), "view", $album); + $this->assert_equal( + 1, + ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all()); - static function photo($menu, $theme) { - $menu - ->append(Menu::factory("link") - ->id("comments") - ->label(t("View comments on this item")) - ->url("#comments") - ->css_id("gCommentsLink")); + // We can't see the comment when permissions are denied on the album + access::deny(group::everybody(), "view", $album); + $this->assert_equal( + 0, + ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all()); } } diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index 4ff24f86..2afa5bf8 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -2,15 +2,15 @@ <ul> <? foreach ($comments as $i => $comment): ?> <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>"> - <img src="<?= $comment->author()->avatar_url(32, $theme->theme_url("images/avatar.jpg", true)) ?>" + <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= p::clean($comment->author_name()) ?>" + alt="<?= html::clean_attribute($comment->author_name()) ?>" width="32" height="32" /> <?= gallery::date_time($comment->created) ?> <?= t('<a href="#">%author_name</a> said <em>%comment_text</em>', - array("author_name" => p::clean($comment->author_name()), - "comment_text" => text::limit_words(nl2br(p::purify($comment->text)), 50))); ?> + array("author_name" => html::clean($comment->author_name()), + "comment_text" => text::limit_words(nl2br(html::purify($comment->text)), 50))); ?> </li> <? endforeach ?> </ul> diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index ad0ae8f3..455cd714 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <script type="text/javascript"> var set_state_url = - "<?= url::site("admin/comments/set_state/__ID__/__STATE__?csrf=$csrf") ?>"; + <?= html::js_string(url::site("admin/comments/set_state/__ID__/__STATE__?csrf=$csrf")) ?>; function set_state(state, id) { $.get(set_state_url.replace("__STATE__", state).replace("__ID__", id), {}, @@ -12,7 +12,7 @@ } var delete_url = - "<?= url::site("admin/comments/delete/__ID__?csrf=$csrf") ?>"; + <?= html::js_string(url::site("admin/comments/delete/__ID__?csrf=$csrf")) ?>; function del(id) { $.get(delete_url.replace("__ID__", id), @@ -24,7 +24,7 @@ } function update_menu() { - $.get("<?= url::site("admin/comments/menu_labels") ?>", {}, + $.get(<?= html::js_string(url::site("admin/comments/menu_labels")) ?>, {}, function(data) { for (var i = 0; i < data.length; i++) { $("#gAdminCommentsMenu li:eq(" + i + ") a").html(data[i]); @@ -103,17 +103,17 @@ </th> </tr> <? foreach ($comments as $i => $comment): ?> - <tr id="gComment-<?= $comment->id ?>" class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>"> + <tr id="gComment-<?= $comment->id ?>" class="<?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>"> <td> <a href="#"> - <img src="<?= $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) ?>" + <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= p::clean($comment->author_name()) ?>" + alt="<?= html::clean_attribute($comment->author_name()) ?>" width="40" height="40" /> </a> - <p><a href="mailto:<?= p::clean($comment->author_email()) ?>" - title="<?= p::clean($comment->author_email()) ?>"> <?= p::clean($comment->author_name()) ?> </a></p> + <p><a href="mailto:<?= html::clean_attribute($comment->author_email()) ?>" + title="<?= html::clean_attribute($comment->author_email()) ?>"> <?= html::clean($comment->author_name()) ?> </a></p> </td> <td> <div class="right"> @@ -122,7 +122,7 @@ <a href="<?= $item->url() ?>"> <? if ($item->has_thumb()): ?> <img src="<?= $item->thumb_url() ?>" - alt="<?= p::purify($item->title) ?>" + alt="<?= html::purify($item->title)->for_html_attr() ?>" <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?> /> <? else: ?> @@ -132,7 +132,7 @@ </div> </div> <p><?= gallery::date($comment->created) ?></p> - <?= nl2br(p::purify($comment->text)) ?> + <?= nl2br(html::purify($comment->text)) ?> </td> <td> <ul class="gButtonSetVertical"> diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index ab72a0c8..ce4e197d 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -2,17 +2,17 @@ <li id="gComment-<?= $comment->id; ?>"> <p class="gAuthor"> <a href="#"> - <img src="<?= $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) ?>" + <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= p::clean($comment->author_name()) ?>" + alt="<?= html::clean_attribute($comment->author_name()) ?>" width="40" height="40" /> </a> <?= t("on %date_time, %author_name said", array("date_time" => gallery::date_time($comment->created), - "author_name" => p::clean($comment->author_name()))) ?> + "author_name" => html::clean($comment->author_name()))) ?> </p> <div> - <?= nl2br(p::purify($comment->text)) ?> + <?= nl2br(html::purify($comment->text)) ?> </div> </li> diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php index 2b5b13c1..c2a4b538 100644 --- a/modules/comment/views/comment.mrss.php +++ b/modules/comment/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> <channel> <generator>Gallery 3</generator> - <title><?= p::clean($feed->title) ?></title> + <title><?= html::clean($feed->title) ?></title> <link><?= $feed->uri ?></link> - <description><?= p::clean($feed->description) ?></description> + <description><?= html::clean($feed->description) ?></description> <language>en-us</language> <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" /> <fh:complete/> @@ -22,14 +22,14 @@ <lastBuildDate><?= $pub_date ?></lastBuildDate> <? foreach ($feed->children as $child): ?> <item> - <title><?= p::purify($child->title) ?></title> - <link><?= p::clean($child->item_uri) ?></link> - <author><?= p::clean($child->author) ?></author> + <title><?= html::purify($child->title) ?></title> + <link><?= html::clean($child->item_uri) ?></link> + <author><?= html::clean($child->author) ?></author> <guid isPermaLink="true"><?= $child->item_uri ?></guid> <pubDate><?= $child->pub_date ?></pubDate> <content:encoded> <![CDATA[ - <p><?= nl2br(p::purify($child->text)) ?></p> + <p><?= nl2br(html::purify($child->text)) ?></p> <p> <img alt="" src="<?= $child->thumb_url ?>" height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /> diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index fa25a4e0..7eb34c20 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -1,29 +1,35 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> + <a href="<?= url::site("form/add/comments/{$item->id})") ?>" id="gAddCommentButton" + class="gButtonLink ui-corner-all ui-icon-left ui-state-default right"> + <span class="ui-icon ui-icon-comment"></span> + <?= t("Add a comment") ?> +</a> +<div id="gCommentDetail"> <? if (!$comments->count()): ?> <p id="gNoCommentsYet"> <?= t("No comments yet. Be the first to <a %attrs>comment</a>!", - array("attrs" => "href=\"#add_comment_form\" class=\"showCommentForm\"")) ?> + array("attrs" => html::mark_clean("href=\"#add_comment_form\" class=\"showCommentForm\""))) ?> </p> <? endif ?> -<ul id="gComments"> +<ul> <? foreach ($comments as $comment): ?> <li id="gComment-<?= $comment->id ?>"> <p class="gAuthor"> <a href="#"> - <img src="<?= $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) ?>" + <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= p::clean($comment->author_name()) ?>" + alt="<?= html::clean_attribute($comment->author_name()) ?>" width="40" height="40" /> </a> <?= t('on %date <a href="#">%name</a> said', array("date" => date("Y-M-d H:i:s", $comment->created), - "name" => p::clean($comment->author_name()))); ?> + "name" => html::clean($comment->author_name()))); ?> </p> <div> - <?= nl2br(p::purify($comment->text)) ?> + <?= nl2br(html::purify($comment->text)) ?> </div> </li> <? endforeach ?> </ul> -<a name="add_comment_form"></a> +</div> |