Comment and other fixes.

comment.php

@@ -100,7 +100,7 @@ if(e_AJAX_REQUEST) // TODO improve security
 
 	
 	// Insert Comment and return rendered html. 
-	if(vartrue($_POST['comment']) && USERID) // ajax render comment
+	if(vartrue($_POST['comment'])) // ajax render comment
 	{
 		$pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies)
 	
@@ -108,6 +108,8 @@ if(e_AJAX_REQUEST) // TODO improve security
 		$clean_comment = $_POST['comment'];
 		$clean_subject = $_POST['subject'];
 		
+		$_SESSION['comment_author_name'] = $clean_authorname;
+		
 		$newid = e107::getComment()->enter_comment($clean_authorname, $clean_comment, $_POST['table'], intval($_POST['itemid']), $pid, $clean_subject);
 	
 		if(is_numeric($newid) && ($_GET['mode'] == 'submit'))
@@ -116,11 +118,12 @@ if(e_AJAX_REQUEST) // TODO improve security
 			$row['comment_id']			= $newid; 
 			$row['comment_item_id']		= intval($_POST['itemid']);
 			$row['comment_type']		= e107::getComment()->getCommentType($tp->toDB($_POST['table'],true));
-			$row['comment_subject'] 	= $_POST['subject'];
+			$row['comment_subject'] 	= $tp->toDB($_POST['subject']);
-			$row['comment_comment'] 	= $_POST['comment'];
+			$row['comment_comment'] 	= $tp->toDB($_POST['comment']);
 			$row['user_image'] 			= USERIMAGE;
-			$row['user_id']				= USERID;
+			$row['user_id']				= (USERID) ? USERID : 0;
 			$row['user_name'] 			= USERNAME;
+			$row['comment_author_name'] = $tp->toDB($clean_authorname);
 			$row['comment_datestamp'] 	= time();
 			$row['comment_blocked']		= (check_class($pref['comments_moderate']) ? 2 : 0);
 			

e107_admin/auth.php

@@ -53,6 +53,8 @@ else
 		require_once (e_HANDLER.'js_helper.php');
 		e_jshelper::sendAjaxError(403, ADLAN_86, ADLAN_87, true);
 	}
+	
+	$sec_img = e107::getSecureImg();
 
 	$use_imagecode = ($pref['logcode'] && extension_loaded("gd"));
 
@@ -62,7 +64,7 @@ else
 
 		if ($use_imagecode)
 		{	
-			if (e107::getSecureImg()->invalidCode($_POST['rand_num'], $_POST['code_verify']))
+			if ($sec_img->invalidCode($_POST['rand_num'], $_POST['code_verify']))
 			{
 				e107::getRedirect()->redirect('admin.php?failed');
 				exit;
@@ -254,8 +256,8 @@ class auth
 			$text .= "
 			<div class='field'>
 				<label for='code_verify'>".ADLAN_152."</label>"
-				.e107::getSecureImg()->renderImage().
+				.$sec_img->renderImage().
-				e107::getSecureImg()->renderInput()."	
+				$sec_img->renderInput()."	
 			</div>";
 		}
 			    

e107_admin/header.php

@@ -140,7 +140,7 @@ if (!defined('ADMIN_WIDTH'))
 //
 
 // HTML 5 default. 
-if(!defined('XHTML_FORCE'))
+if(!defined('XHTML4'))
 {
 	echo "<!doctype html>\n";
 	echo "<html".(defined("TEXTDIRECTION") ? " dir='".TEXTDIRECTION."'" : "").(defined("CORE_LC") ? " lang=\"".CORE_LC."\"" : "").">\n";	

e107_admin/users.php

@@ -681,7 +681,7 @@ class users_admin_ui extends e_admin_ui
 	 		'user_loginname' 	=> array('title' => LAN_USER_02,	'type' => 'text',	'width' => 'auto'), // User name
 	 		'user_login' 		=> array('title' => LAN_USER_03,	'type' => 'text',	'width' => 'auto'), // Real name (no real vetting)
 	 		'user_customtitle' 	=> array('title' => LAN_USER_04,	'type' => 'text',	'width' => 'auto'), // No real vetting
-	 		'user_password' 	=> array('title' => LAN_USER_05,	'type' => 'text',	'width' => 'auto'),
+	 	//	'user_password' 	=> array('title' => LAN_USER_05,	'type' => 'text',	'width' => 'auto'), //TODO add md5 option to form handler? 
 			'user_sess' 		=> array('title' => 'session',	'type' => 'text',	'width' => 'auto'), // Photo
 	 		'user_image' 		=> array('title' => LAN_USER_07,	'type' => 'text',	'width' => 'auto'), // Avatar
 	 		'user_email' 		=> array('title' => LAN_USER_08,	'type' => 'text',	'width' => 'auto'),

e107_core/shortcodes/batch/comment_shortcodes.php

@@ -224,7 +224,7 @@ class comment_shortcodes extends e_shortcode
 		{
 			if (ANON == TRUE && USER == FALSE) // (anonymous comments - if allowed)
 			{ 
-				return "<input class='tbox comment author' type='text' placeholder=\"".COMLAN_16."\" name='author_name' size='61' value='{$_POST['author_name']}' maxlength='100' />";			
+				return "<input class='tbox comment author' type='text' placeholder=\"".COMLAN_16."\" name='author_name' size='61' value='{$_SESSION['comment_author_name']}' maxlength='100' />";			
 			}
 		}	
 	}

e107_handlers/comment_class.php

@@ -365,6 +365,9 @@ class comment
 		
 		e107::getScBatch('comment')->setParserVars($row);
 		$COMMENT_TEMPLATE = $this->template; 
+		
+		$COMMENT_TEMPLATE['ITEM_START'] 	= "\n\n<div id='{COMMENT_ITEMID}' class='comment-box clearfix'>\n";
+		$COMMENT_TEMPLATE['ITEM_END']		= "\n</div><div class='clear_b'><!-- --></div>\n";
 			
 		if (vartrue($pref['nested_comments']))
 		{
@@ -805,6 +808,7 @@ class comment
 
 		if(isset($pref['comments_disabled']) && $pref['comments_disabled'] == TRUE)
 		{
+			
         	return FALSE;
 		}
 		if (isset($pref['comments_class']))
@@ -849,6 +853,8 @@ class comment
 		
 		if ($this->getCommentPermissions() === FALSE) return;
 
+
+		
 		$sql = e107::getDb();
 		$type = $this->getCommentType($table);
 		$sort = vartrue($pref['comments_sort'],'desc');
@@ -891,6 +897,7 @@ class comment
 
 		if ($this->totalComments = $sql->db_Select_gen($query))
 		{
+			
 			$width = 0;
 			//Shortcodes could use $sql, so just grab all results
 			$rows = $sql->db_getList();

e107_handlers/user_handler.php

@@ -94,7 +94,7 @@ class UserHandler
 		'user_customtitle' => array('niceName'=> LAN_USER_04, 'fieldType' => 'string', 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'customtitle', 'dbClean' => 'toDB', 'enablePref' => 'signup_option_customtitle'),		// No real vetting
 		'user_password' => array('niceName'=> LAN_USER_05, 'fieldType' => 'string', 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'password1', 'dataType' => 2, 'minLength' => varset($pref['signup_pass_len'],1)),
 		'user_sess' => array('niceName'=> LAN_USER_06, 'fieldType' => 'string', 'vetMethod' => '0', 'vetParam' => '', 'stripChars' => "#\"|'|(|)#", 'dbClean' => 'image', 'imagePath' => e_UPLOAD.'avatars/', 'maxHeight' => varset($pref['im_height'], 100), 'maxWidth' => varset($pref['im_width'], 120)),				// Photo
-		'user_image' => array('niceName'=> LAN_USER_07, 'fieldType' => 'string', 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'image', 'stripChars' => "#\"|'|(|)#", 'dbClean' => 'avatar', 'maxHeight' => varset($pref['im_height'], 100), 'maxWidth' => varset($pref['im_width'], 120)),				// Avatar
+		'user_image' => array('niceName'=> LAN_USER_07, 'fieldType' => 'string', 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'image', 'stripChars' => "#\"|'|(|)#", 'dbClean' => 'avatar'),	//, 'maxHeight' => varset($pref['im_height'], 100), 'maxWidth' => varset($pref['im_width'], 120) resized on-the-fly			// Avatar
 		'user_email' => array('niceName'=> LAN_USER_08, 'fieldType' => 'string', 'vetMethod' => '1,3', 'vetParam' => '', 'fieldOptional' => varset($pref['disable_emailcheck'],0), 'srcName' => 'email', 'dbClean' => 'toDB'),
 		'user_signature' => array('niceName'=> LAN_USER_09, 'fieldType' => 'string', 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'signature', 'dbClean' => 'toDB'),
 		'user_hideemail' => array('niceName'=> LAN_USER_10, 'fieldType' => 'int', 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'hideemail', 'dbClean' => 'intval'),

e107_themes/templates/comment_template.php

@@ -118,7 +118,7 @@ $COMMENT_TEMPLATE['ITEM'] = '
 			
 			<span class="comment-status">{COMMENT_STATUS}</span>
 			<div class="comment-user-badge-bar">
-				{COMMENT_RATE}{REPLY} {COMMENTEDIT} {COMMENT_MODERATE}			
+				{COMMENT_RATE}{COMMENT_REPLY} {COMMENTEDIT} {COMMENT_MODERATE}			
 			</div>
 
 			<div class="clear_b H5"><!-- --></div>
@@ -127,8 +127,7 @@ $COMMENT_TEMPLATE['ITEM'] = '
 		</div>
 	</div>';
 	
-$COMMENT_TEMPLATE['ITEM_START'] 	= "\n\n<div id='{COMMENT_ITEMID}' class='comment-box clearfix'>\n";
+
-$COMMENT_TEMPLATE['ITEM_END']		= "\n</div><div class='clear_b'><!-- --></div>\n";
 
 
 $COMMENT_TEMPLATE['LAYOUT'] 		= '{COMMENTFORM}{COMMENTS}{MODERATE}';

e107_themes/templates/header_default.php

@@ -100,27 +100,30 @@ if (!function_exists("parseheader")) {
 //else
   header("Content-type: text/html; charset=utf-8", TRUE);
 
-// NEW - HTML5 support
+// NEW - HTML5 default
 // TODO - more precise controlo over page header depending on the HTML5 mode
-// 'HTML5_MOD' - to be defined by themes; 'HTML5_FORCE' - a way to force a single page to use HTML5
+if(!defined("XHTML4"))
-if(defined('HTML5_MOD') || defined('HTML5_FORCE'))
 {
 	echo "<!doctype html>\n";
+	echo "<html".(defined("TEXTDIRECTION") ? " dir='".TEXTDIRECTION."'" : "").(defined("CORE_LC") ? " lang=\"".CORE_LC."\"" : "").">\n";	
+	echo "<head>\n";
+	echo "<meta charset='utf-8' />\n";
 }
 else 
 {
 	echo (defined("STANDARDS_MODE") ? "" : "<?xml version='1.0' encoding='utf-8' "."?".">\n")."<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n";
 	echo "<html xmlns='http://www.w3.org/1999/xhtml'".(defined("TEXTDIRECTION") ? " dir='".TEXTDIRECTION."'" : "").(defined("XMLNS") ? " ".XMLNS." " : "").(defined("CORE_LC") ? " xml:lang=\"".CORE_LC."\"" : "").">\n";
+	echo "<head>
+	<meta http-equiv='content-type' content='text/html; charset=utf-8' />
+	<meta http-equiv='content-style-type' content='text/css' />
+	";
+	echo (defined("CORE_LC")) ? "<meta http-equiv='content-language' content='".CORE_LC."' />\n" : "";
 }
 
 //
 // C: Send start of HTML
 //
-echo "<head>
+
-<meta http-equiv='content-type' content='text/html; charset=utf-8' />
-<meta http-equiv='content-style-type' content='text/css' />
-";
-echo (defined("CORE_LC")) ? "<meta http-equiv='content-language' content='".CORE_LC."' />\n" : "";
 
 if($pref['meta_copyright'][e_LANGUAGE]) e107::meta('copyright',$pref['meta_copyright'][e_LANGUAGE]);
 if($pref['meta_author'][e_LANGUAGE]) e107::meta('author',$pref['meta_author'][e_LANGUAGE]);