diff --git a/comment.php b/comment.php index f98df23be..8710d4a50 100644 --- a/comment.php +++ b/comment.php @@ -38,9 +38,6 @@ if(e_AJAX_REQUEST) // TODO improve security exit; } - - - $ret = array(); // Comment Pagination @@ -54,11 +51,10 @@ if(e_AJAX_REQUEST) // TODO improve security } - if(varset($_GET['mode']) == 'reply' && vartrue($_POST['itemid'])) { $status = e107::getComment()->replyComment($_POST['itemid']); - $ret['msg'] = "Couldn't delete comment"; + $ret['msg'] = COMLAN_332; $ret['error'] = ($status) ? false : true; $ret['html'] = $status; echo json_encode($ret); @@ -69,7 +65,7 @@ if(e_AJAX_REQUEST) // TODO improve security if(varset($_GET['mode']) == 'delete' && vartrue($_POST['itemid'])) { $status = e107::getComment()->deleteComment($_POST['itemid']); - $ret['msg'] = "Couldn't delete comment"; + $ret['msg'] = COMLAN_332; $ret['error'] = ($status) ? false : true; echo json_encode($ret); exit; @@ -78,9 +74,9 @@ if(e_AJAX_REQUEST) // TODO improve security if(varset($_GET['mode']) == 'approve' && vartrue($_POST['itemid'])) { $status = e107::getComment()->approveComment($_POST['itemid']); - $ret['msg'] = ($status) ? "Comment approved" : "Couldn't approve comment"; + $ret['msg'] = ($status) ? COMLAN_333 : COMLAN_334; $ret['error'] = ($status) ? false : true; - $ret['html'] = "Approved"; //TODO LAN + $ret['html'] = COMLAN_335; echo json_encode($ret); exit; } @@ -89,7 +85,7 @@ if(e_AJAX_REQUEST) // TODO improve security if(!vartrue($_POST['comment']) && varset($_GET['mode']) == 'submit') { $ret['error'] = true; - $ret['msg'] = "Please write something first."; //TODO LAN + $ret['msg'] = COMLAN_336; echo json_encode($ret); exit; } @@ -100,23 +96,20 @@ if(e_AJAX_REQUEST) // TODO improve security $error = e107::getComment()->updateComment($_POST['itemid'],$_POST['comment']); $ret['error'] = ($error) ? true : false; - $ret['msg'] = ($error) ? $error : "Updated Successfully."; //TODO Common LAN + $ret['msg'] = ($error) ? $error : COMLAN_337; echo json_encode($ret); exit; } - - - // Insert Comment and return rendered html. if(vartrue($_POST['comment'])) // ajax render comment { - $pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies) - $row = array(); - $clean_authorname = $_POST['author_name']; - $clean_comment = $_POST['comment']; - $clean_subject = $_POST['subject']; + $pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies) + $row = array(); + $clean_authorname = $_POST['author_name']; + $clean_comment = $_POST['comment']; + $clean_subject = $_POST['subject']; $_SESSION['comment_author_name'] = $clean_authorname; @@ -159,26 +152,20 @@ if(e_AJAX_REQUEST) // TODO improve security echo json_encode($ret); } - - exit; } - - - require_once(e_HANDLER."news_class.php"); // FIXME shouldn't be here. require_once(e_HANDLER."comment_class.php"); define("PAGE_NAME", COMLAN_99); if (!e_QUERY) { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } $cobj = new comment; - $temp_query = explode(".", e_QUERY); $action = $temp_query[0]; // Usually says 'comment' - may say 'reply' $table = $temp_query[1]; // Table containing item associated with comment(s) @@ -195,7 +182,7 @@ if (isset($_POST['commentsubmit']) || isset($_POST['editsubmit'])) { // New comment, or edited comment, being posted. if(!ANON && !USER) { - header("location: ".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } @@ -204,28 +191,27 @@ if (isset($_POST['commentsubmit']) || isset($_POST['editsubmit'])) case 'poll' : if (!$sql->db_Select("polls", "poll_title", "`poll_id` = '{$id}' AND `poll_comment` = 1")) { - header("location: ".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } break; case 'news' : if (!$sql->db_Select("news", "news_allow_comments", "`news_id` = '{$id}' AND `news_allow_comments` = 0")) { - header("location: ".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } break; case 'user' : if (!$sql->db_Select('user', 'user_name', '`user_id` ='.$id)) { - header("location: ".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } break; } $pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies) - $editpid = intval(varset($_POST['editpid'], 0)); // ID of the specific comment being edited (in-line comments) $clean_authorname = $_POST['author_name']; @@ -246,7 +232,7 @@ if (isset($_POST['commentsubmit']) || isset($_POST['editsubmit'])) { $redirectFlag = $id; /* $redir = preg_replace("#\.edit.*#si", "", e_QUERY); - header("Location: ".e_SELF."?{$redir}"); + header('Location: '.e_SELF.'?{$redir}'); exit; */ } } @@ -256,7 +242,7 @@ if (isset($_POST['replysubmit'])) { // Reply to nested comment being posted if ($table == "news" && !$sql->db_Select("news", "news_allow_comments", "news_id='{$nid}' ")) { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } else @@ -324,11 +310,12 @@ if ($action == "reply") { if (!$pref['nested_comments']) { - header("Location: ".e_BASE."comment.php?comment.{$table}.{$nid}"); + header('Location: '.e_BASE.'comment.php?comment.{$table}.{$nid}'); exit; } - + $query = "`comment_id` = '{$id}' LIMIT 0,1"; + if ($sql->db_Select("comments", "comment_subject", "`comment_id` = '{$id}'")) { $comments = $sql->db_Fetch(); @@ -340,10 +327,10 @@ if ($action == "reply") { switch ($table) { - case "news" : + case 'news' : if (!$sql->db_Select("news", "news_title", "news_id='{$nid}' ")) { - header("location: ".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } else @@ -353,10 +340,10 @@ if ($action == "reply") $title = COMLAN_100; } break; - case "poll" : + case 'poll' : if (!$sql->db_Select("polls", "poll_title", "poll_id='{$nid}' ")) { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } else @@ -375,7 +362,7 @@ if ($action == "reply") } else { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } break; @@ -388,7 +375,7 @@ if ($action == "reply") } else { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } break; @@ -412,7 +399,7 @@ elseif ($action == 'comment') { switch ($table) { - case "news" : + case 'news' : if(isset($pref['trackbackEnabled']) && $pref['trackbackEnabled']) { $query = "SELECT COUNT(tb.trackback_pid) AS tb_count, n.*, u.user_id, u.user_name, u.user_customtitle, nc.category_name, nc.category_icon FROM #news AS n @@ -436,7 +423,7 @@ elseif ($action == 'comment') if (!$sql->db_Select_gen($query)) { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } else @@ -452,10 +439,10 @@ elseif ($action == 'comment') $field = $news['news_id']; } break; - case "poll" : + case 'poll' : if (!$sql->db_Select("polls", "*", "poll_id='{$id}'")) { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } else @@ -486,7 +473,7 @@ elseif ($action == 'comment') } else { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } break; @@ -501,7 +488,7 @@ elseif ($action == 'comment') } else { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } break; @@ -519,7 +506,7 @@ elseif ($action == 'comment') } else { - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } } @@ -544,11 +531,11 @@ elseif ($action == 'comment') } else { // Invalid action - just exit - header("location:".e_BASE."index.php"); + header('location: '.e_BASE.'index.php'); exit; } -if(isset($pref['trackbackEnabled']) && $pref['trackbackEnabled'] && $table == "news") +if(isset($pref['trackbackEnabled']) && $pref['trackbackEnabled'] && $table == 'news') { echo "".$pref['trackbackString']." ".SITEURLBASE.e_PLUGIN_ABS."trackback/trackback.php?pid={$id}"; } @@ -557,17 +544,18 @@ $field = ($field ? $field : ($id ? $id : "")); // ID of associated source item $width = (isset($width) && $width ? $width : ""); $cobj->compose_comment($table, $action, $field, $width, $subject, $rate=FALSE); - - -if(isset($pref['trackbackEnabled']) && $pref['trackbackEnabled'] && $table == "news") +if(isset($pref['trackbackEnabled']) && $pref['trackbackEnabled'] && $table == 'news') { if($sql->db_Select("trackback", "*", "trackback_pid={$id}")) { $tbArray = $sql -> db_getList(); - if (file_exists(THEME."trackback_template.php")) { + if (file_exists(THEME."trackback_template.php")) + { require_once(THEME."trackback_template.php"); - } else { + } + else + { require_once(e_THEME."templates/trackback_template.php"); } @@ -595,7 +583,8 @@ if(isset($pref['trackbackEnabled']) && $pref['trackbackEnabled'] && $table == "n { echo "".COMLAN_316; } - if (ADMIN && getperms("B")) { + if (ADMIN && getperms("B")) + { echo "
".COMLAN_317."

"; } } @@ -610,7 +599,5 @@ if ($comment_ob_start) ob_end_flush(); // dump the buffer we started } - require_once(FOOTERF); - ?> \ No newline at end of file diff --git a/e107_handlers/form_handler.php b/e107_handlers/form_handler.php index 235b095ba..913c2ff49 100644 --- a/e107_handlers/form_handler.php +++ b/e107_handlers/form_handler.php @@ -107,12 +107,14 @@ class e_form // For Comma separated keyword tags. function tags($name, $value, $maxlength = 200, $options = array()) { + if(is_string($options)) parse_str($options, $options); $options['class'] = 'tbox input-text e-tags'; return $this->text($name, $value, $maxlength, $options); } function text($name, $value, $maxlength = 200, $options = array()) { + if(is_string($options)) parse_str($options, $options); if(!vartrue($options['class']) && $maxlength > 99) $options['class'] = 'tbox span5'; $options = $this->format_options('text', $name, $options); //never allow id in format name-value for text fields @@ -121,6 +123,7 @@ class e_form function number($name, $value, $maxlength = 200, $options = array()) { + if(is_string($options)) parse_str($options, $options); $maxlength = vartrue($parms['maxlength'], 255); unset($parms['maxlength']); if(!vartrue($parms['size'])) $parms['size'] = 15; @@ -1187,7 +1190,9 @@ class e_form // foreach ($options as $option => $optval) { - switch ($option) { + $optval = trim($optval); + switch ($option) + { case 'id': $ret .= $this->_format_id($optval, $name, $value); diff --git a/e107_languages/English/lan_comment.php b/e107_languages/English/lan_comment.php index 1570dcb1b..fd7e5c0eb 100644 --- a/e107_languages/English/lan_comment.php +++ b/e107_languages/English/lan_comment.php @@ -22,7 +22,7 @@ define("COMLAN_8", "Comment"); define("COMLAN_9", "Submit comment"); define("COMLAN_10", "Administrator"); define("COMLAN_11", "Was unable to enter your comment into the database - please retype leaving out any non-standard characters."); -define('COMLAN_12', 'User'); +define("COMLAN_12", "User"); define("COMLAN_16", "Username: "); define("COMLAN_99", "Comments"); define("COMLAN_100", "News"); @@ -48,14 +48,20 @@ define("COMLAN_320", "Update comment"); define("COMLAN_321", "here"); define("COMLAN_322", "to signup"); define("COMLAN_323", "Error!"); -define("COMLAN_324", 'Subject'); -define("COMLAN_325", 'Re:'); -define("COMLAN_326", 'Reply to this'); -define("COMLAN_327", 'Rating'); -define("COMLAN_328", 'Comments are locked'); -define("COMLAN_329", 'Unauthorized'); -define("COMLAN_330", 'IP:'); +define("COMLAN_324", "Subject"); +define("COMLAN_325", "Re:"); +define("COMLAN_326", "Reply to this"); +define("COMLAN_327", "Rating"); +define("COMLAN_328", "Comments are locked"); +define("COMLAN_329", "Unauthorized"); +define("COMLAN_330", "IP:"); define("COMLAN_331", "Pending Approval"); +define("COMLAN_332", "Couldn't delete comment"); +define("COMLAN_333", "Comment approved"); +define("COMLAN_334", "Couldn't approve comment"); +define("COMLAN_335", "Approved"); +define("COMLAN_336", "Please write something first."); +define("COMLAN_337", "Updated successfully."); define("COMLAN_TYPE_1", "news"); define("COMLAN_TYPE_2", "download"); @@ -66,5 +72,4 @@ define("COMLAN_TYPE_6", "bugtrack"); define("COMLAN_TYPE_7", "ideas"); define("COMLAN_TYPE_8", "userprofile"); define("COMLAN_TYPE_PAGE", "Content"); // Really custom page, but use a 'non-technical' description - ?> \ No newline at end of file