1 | <?php |
||||
2 | /** |
||||
3 | * XOOPS comment view |
||||
4 | * |
||||
5 | * You may not change or alter any portion of this comment or credits |
||||
6 | * of supporting developers from this source code or any supporting source code |
||||
7 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||||
8 | * This program is distributed in the hope that it will be useful, |
||||
9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
11 | * |
||||
12 | * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) |
||||
13 | * @license GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html) |
||||
14 | * @package kernel |
||||
15 | * @since 2.0.0 |
||||
16 | * @author Kazumi Ono (AKA onokazu) http://www.myweb.ne.jp/, http://jp.xoops.org/ |
||||
17 | */ |
||||
18 | /** @var XoopsUser $xoopsUser */ |
||||
19 | /** @var XoopsConfigItem $xoopsConfig */ |
||||
20 | |||||
21 | use Xmf\Request; |
||||
22 | |||||
23 | if (!defined('XOOPS_ROOT_PATH') || !is_object($xoopsModule)) { |
||||
24 | die('Restricted access'); |
||||
25 | } |
||||
26 | |||||
27 | include_once $GLOBALS['xoops']->path('include/comment_constants.php'); |
||||
28 | |||||
29 | if (XOOPS_COMMENT_APPROVENONE != $xoopsModuleConfig['com_rule']) { |
||||
30 | xoops_load('XoopsLists'); |
||||
31 | xoops_load('XoopsFormLoader'); |
||||
32 | |||||
33 | include_once $GLOBALS['xoops']->path('modules/system/constants.php'); |
||||
34 | /** @var XoopsGroupPermHandler $gperm_handler */ |
||||
35 | $gperm_handler = xoops_getHandler('groupperm'); |
||||
36 | $groups = $xoopsUser ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS; |
||||
37 | $xoopsTpl->assign('xoops_iscommentadmin', $gperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $groups)); |
||||
38 | |||||
39 | xoops_loadLanguage('comment'); |
||||
40 | |||||
41 | $comment_config = $xoopsModule->getInfo('comments'); |
||||
42 | $com_itemid = (trim($comment_config['itemName']) != '') ? Request::getInt($comment_config['itemName'], 0, 'GET') : 0; |
||||
43 | |||||
44 | if ($com_itemid > 0) { |
||||
45 | $com_mode = htmlspecialchars(Request::getString('com_mode', '', 'GET'), ENT_QUOTES | ENT_HTML5); |
||||
46 | |||||
47 | if ($com_mode == '') { |
||||
48 | if (is_object($xoopsUser)) { |
||||
49 | $com_mode = $xoopsUser->getVar('umode'); |
||||
50 | } |
||||
51 | $com_mode = empty($com_mode) ? $xoopsConfig['com_mode'] : $com_mode; |
||||
52 | } |
||||
53 | $xoopsTpl->assign('comment_mode', $com_mode); |
||||
54 | if (!isset($_GET['com_order'])) { |
||||
55 | if (is_object($xoopsUser)) { |
||||
56 | $com_order = $xoopsUser->getVar('uorder'); |
||||
57 | } else { |
||||
58 | $com_order = $xoopsConfig['com_order']; |
||||
59 | } |
||||
60 | } else { |
||||
61 | $com_order = Request::getInt('com_order', 0, 'GET'); |
||||
62 | } |
||||
63 | if ($com_order != XOOPS_COMMENT_OLD1ST) { |
||||
64 | $xoopsTpl->assign(array( |
||||
65 | 'comment_order' => XOOPS_COMMENT_NEW1ST, |
||||
66 | 'order_other' => XOOPS_COMMENT_OLD1ST)); |
||||
67 | $com_dborder = 'DESC'; |
||||
68 | } else { |
||||
69 | $xoopsTpl->assign(array( |
||||
70 | 'comment_order' => XOOPS_COMMENT_OLD1ST, |
||||
71 | 'order_other' => XOOPS_COMMENT_NEW1ST)); |
||||
72 | $com_dborder = 'ASC'; |
||||
73 | } |
||||
74 | // admins can view all comments and IPs, others can only view approved(active) comments |
||||
75 | $admin_view = false; |
||||
76 | if (is_object($xoopsUser) && $xoopsUser->isAdmin($xoopsModule->getVar('mid'))) { |
||||
77 | $admin_view = true; |
||||
78 | } |
||||
79 | |||||
80 | $com_id = Request::getInt('com_id', 0, 'GET'); |
||||
81 | $com_rootid = Request::getInt('com_rootid', 0, 'GET'); |
||||
82 | /** @var XoopsCommentHandler $comment_handler */ |
||||
83 | $comment_handler = xoops_getHandler('comment'); |
||||
84 | if ($com_mode === 'flat') { |
||||
85 | $comments = $comment_handler->getByItemId($xoopsModule->getVar('mid'), $com_itemid, $com_dborder); |
||||
86 | include_once $GLOBALS['xoops']->path('class/commentrenderer.php'); |
||||
87 | $renderer = XoopsCommentRenderer::instance($xoopsTpl); |
||||
88 | $renderer->setComments($comments); |
||||
89 | $renderer->renderFlatView($admin_view); |
||||
90 | } elseif ($com_mode === 'thread') { |
||||
91 | // RMV-FIX... added extraParam stuff here |
||||
92 | $comment_url = $comment_config['pageName'] . '?'; |
||||
93 | if (isset($comment_config['extraParams']) && \is_array($comment_config['extraParams'])) { |
||||
94 | $extra_params = ''; |
||||
95 | foreach ($comment_config['extraParams'] as $extra_param) { |
||||
96 | // This page is included in the module hosting page -- param could be from anywhere |
||||
97 | if (isset(${$extra_param})) { |
||||
98 | $extra_params .= $extra_param . '=' . ${$extra_param} . '&'; |
||||
99 | } elseif (isset($_POST[$extra_param])) { |
||||
100 | $extra_params .= $extra_param . '=' . Request::getString($extra_param, '', 'POST') . '&'; |
||||
101 | } elseif (isset($_GET[$extra_param])) { |
||||
102 | $extra_params .= $extra_param . '=' . Request::getString($extra_param, '', 'GET') . '&'; |
||||
103 | } else { |
||||
104 | $extra_params .= $extra_param . '=&'; |
||||
105 | } |
||||
106 | //$extra_params .= isset(${$extra_param}) ? $extra_param .'='.${$extra_param}.'&' : $extra_param .'=&'; |
||||
107 | } |
||||
108 | $comment_url .= $extra_params; |
||||
109 | } |
||||
110 | $xoopsTpl->assign('comment_url', $comment_url . $comment_config['itemName'] . '=' . $com_itemid . '&com_mode=thread&com_order=' . $com_order); |
||||
111 | if (!empty($com_id) && !empty($com_rootid) && ($com_id != $com_rootid)) { |
||||
112 | // Show specific thread tree |
||||
113 | $comments = $comment_handler->getThread($com_rootid, $com_id); |
||||
114 | // if (false != $comments) { |
||||
115 | if (!empty($comments)) { // getThread always returns array - changed in 2.5.9 |
||||
116 | include_once $GLOBALS['xoops']->path('class/commentrenderer.php'); |
||||
117 | $renderer = XoopsCommentRenderer::instance($xoopsTpl); |
||||
118 | $renderer->setComments($comments); |
||||
119 | $renderer->renderThreadView($com_id, $admin_view); |
||||
120 | } |
||||
121 | } else { |
||||
122 | // Show all threads |
||||
123 | $top_comments = $comment_handler->getTopComments($xoopsModule->getVar('mid'), $com_itemid, $com_dborder); |
||||
124 | $c_count = count($top_comments); |
||||
125 | if ($c_count > 0) { |
||||
126 | for ($i = 0; $i < $c_count; ++$i) { |
||||
127 | $comments = $comment_handler->getThread($top_comments[$i]->getVar('com_rootid'), $top_comments[$i]->getVar('com_id')); |
||||
128 | // if (false != $comments) { |
||||
129 | if (!empty($comments)) { // $getThread always returns array - changed in 2.5.9 |
||||
130 | include_once $GLOBALS['xoops']->path('class/commentrenderer.php'); |
||||
131 | $renderer = XoopsCommentRenderer::instance($xoopsTpl); |
||||
132 | $renderer->setComments($comments); |
||||
133 | $renderer->renderThreadView($top_comments[$i]->getVar('com_id'), $admin_view); |
||||
134 | } |
||||
135 | unset($comments); |
||||
136 | } |
||||
137 | } |
||||
138 | } |
||||
139 | } else { |
||||
140 | // Show all threads |
||||
141 | $top_comments = $comment_handler->getTopComments($xoopsModule->getVar('mid'), $com_itemid, $com_dborder); |
||||
142 | $c_count = count($top_comments); |
||||
143 | if ($c_count > 0) { |
||||
144 | for ($i = 0; $i < $c_count; ++$i) { |
||||
145 | $comments = $comment_handler->getThread($top_comments[$i]->getVar('com_rootid'), $top_comments[$i]->getVar('com_id')); |
||||
146 | include_once $GLOBALS['xoops']->path('class/commentrenderer.php'); |
||||
147 | $renderer = XoopsCommentRenderer::instance($xoopsTpl); |
||||
148 | $renderer->setComments($comments); |
||||
149 | $renderer->renderNestView($top_comments[$i]->getVar('com_id'), $admin_view); |
||||
150 | } |
||||
151 | } |
||||
152 | } |
||||
153 | |||||
154 | $commentTpl = new \XoopsTpl(); |
||||
155 | //$commentTpl->template = "db:system_comment_controls.tpl"; |
||||
156 | //$commentTpl->init(); |
||||
157 | $commentTpl->assign('pageName', $comment_config['pageName']); |
||||
158 | |||||
159 | $commentModeSelect = new XoopsFormSelect('', 'com_mode', $com_mode); |
||||
160 | $commentModeSelect->addOption('flat', _FLAT); |
||||
161 | $commentModeSelect->addOption('thread', _THREADED); |
||||
162 | $commentModeSelect->addOption('nest', _NESTED); |
||||
163 | $commentTpl->assign('commentModeSelect', $commentModeSelect); |
||||
164 | |||||
165 | $commentOrderSelect = new XoopsFormSelect('', 'com_order', $com_order); |
||||
166 | $commentOrderSelect->addOption(XOOPS_COMMENT_OLD1ST, _OLDESTFIRST); |
||||
167 | $commentOrderSelect->addOption(XOOPS_COMMENT_NEW1ST, _NEWESTFIRST); |
||||
168 | $commentTpl->assign('commentOrderSelect', $commentOrderSelect); |
||||
169 | |||||
170 | $commentRefreshButton = new XoopsFormButton('', 'com_refresh', _CM_REFRESH, 'submit'); |
||||
171 | $commentTpl->assign('commentRefreshButton', $commentRefreshButton); |
||||
172 | |||||
173 | unset($postcomment_link); |
||||
174 | if (!empty($xoopsModuleConfig['com_anonpost']) || is_object($xoopsUser)) { |
||||
175 | $postcomment_link = 'comment_new.php?com_itemid=' . $com_itemid . '&com_order=' . $com_order . '&com_mode=' . $com_mode; |
||||
176 | |||||
177 | $xoopsTpl->assign('anon_canpost', true); // to main template |
||||
178 | } |
||||
179 | |||||
180 | $commentBarHidden = ''; |
||||
181 | $commentBarHidden .= '<input type="hidden" name="' . $comment_config['itemName'] |
||||
182 | . '" value="' . $com_itemid . '" />'; |
||||
183 | $link_extra = ''; |
||||
184 | if (isset($comment_config['extraParams']) && \is_array($comment_config['extraParams'])) { |
||||
185 | foreach ($comment_config['extraParams'] as $extra_param) { |
||||
186 | if (isset(${$extra_param})) { |
||||
187 | $link_extra .= '&' . $extra_param . '=' . ${$extra_param}; |
||||
188 | $hidden_value = htmlspecialchars(${$extra_param}, ENT_QUOTES | ENT_HTML5); |
||||
189 | $extra_param_val = ${$extra_param}; |
||||
190 | } elseif (isset($_POST[$extra_param])) { |
||||
191 | $extra_param_val = Request::getString($extra_param, '', 'POST'); |
||||
192 | } elseif (isset($_GET[$extra_param])) { |
||||
193 | $extra_param_val = Request::getString($extra_param, '', 'GET'); |
||||
194 | } |
||||
195 | if (isset($extra_param_val)) { |
||||
196 | $link_extra .= '&' . $extra_param . '=' . $extra_param_val; |
||||
197 | $hidden_value = htmlspecialchars($extra_param_val, ENT_QUOTES | ENT_HTML5); |
||||
198 | $commentBarHidden .= '<input type="hidden" name="' . $extra_param . '" value="' . $hidden_value . '" />'; |
||||
199 | } |
||||
200 | } |
||||
201 | } |
||||
202 | |||||
203 | $commentPostButton = false; |
||||
204 | if (!empty($xoopsModuleConfig['com_anonpost']) || is_object($xoopsUser)) { |
||||
205 | $commentPostButton = new XoopsFormButton('', 'com_post', _CM_POSTCOMMENT, 'button'); |
||||
206 | $commentPostButton->setExtra(' onclick="self.location.href=\'' . $postcomment_link . $link_extra . '\'"'); |
||||
207 | } |
||||
208 | $commentTpl->assign('commentPostButton', $commentPostButton); |
||||
209 | $commentTpl->assign('commentPostHidden', $commentBarHidden); |
||||
210 | |||||
211 | $navbar = $commentTpl->fetch('db:system_comments_controls.tpl'); |
||||
212 | |||||
213 | if (!empty($xoopsModuleConfig['com_anonpost']) || is_object($xoopsUser)) { |
||||
214 | if (file_exists($GLOBALS['xoops']->path('modules/' . $xoopsModule->getVar('dirname') . '/comment_fast.php'))) { |
||||
215 | include_once $GLOBALS['xoops']->path('modules/' . $xoopsModule->getVar('dirname') . '/comment_fast.php'); |
||||
216 | } |
||||
217 | if (isset($com_replytitle)) { |
||||
218 | $myts = \MyTextSanitizer::getInstance(); |
||||
219 | $com_title = $myts->htmlSpecialChars($com_replytitle); |
||||
220 | if (!preg_match('/^' . _RE . '/i', $com_title)) { |
||||
221 | $com_title = _RE . ' ' . xoops_substr($com_title, 0, 56); |
||||
222 | } |
||||
223 | } else { |
||||
224 | $com_title = ''; |
||||
225 | } |
||||
226 | |||||
227 | // set form |
||||
228 | $cform = new XoopsThemeForm(_CM_POSTCOMMENT, 'commentfastform', 'comment_post.php', 'post', true); |
||||
229 | $cform->addElement(new XoopsFormElementTray('')); |
||||
230 | if (isset($xoopsModuleConfig['com_rule'])) { |
||||
231 | include_once $GLOBALS['xoops']->path('include/comment_constants.php'); |
||||
232 | switch ($xoopsModuleConfig['com_rule']) { |
||||
233 | case XOOPS_COMMENT_APPROVEALL: |
||||
234 | $rule_text = _CM_COMAPPROVEALL; |
||||
235 | break; |
||||
236 | case XOOPS_COMMENT_APPROVEUSER: |
||||
237 | $rule_text = _CM_COMAPPROVEUSER; |
||||
238 | break; |
||||
239 | case XOOPS_COMMENT_APPROVEADMIN: |
||||
240 | default: |
||||
241 | $rule_text = _CM_COMAPPROVEADMIN; |
||||
242 | break; |
||||
243 | } |
||||
244 | $cform->addElement(new XoopsFormLabel(_CM_COMRULES, $rule_text)); |
||||
245 | } |
||||
246 | $cform->addElement(new XoopsFormText(_CM_TITLE, 'com_title', 50, 255, $com_title), true); |
||||
247 | if (!$xoopsUser) { |
||||
248 | $cform->addElement(new XoopsFormText(_CM_USER, 'com_user', 50, 60, ''), true); |
||||
249 | $cform->addElement(new XoopsFormText(_CM_EMAIL, 'com_email', 50, 60, ''), true); |
||||
250 | $cform->addElement(new XoopsFormText(_CM_URL, 'com_url', 50, 60, ''), false); |
||||
251 | } |
||||
252 | $cform->addElement(new XoopsFormTextArea(_CM_MESSAGE, 'com_text', '', 10, 65), true); |
||||
253 | if (!$xoopsUser) { |
||||
254 | $cform->addElement(new XoopsFormCaptcha()); |
||||
255 | } |
||||
256 | |||||
257 | $cform->addElement(new XoopsFormHidden('com_id', 0)); |
||||
258 | $cform->addElement(new XoopsFormHidden('com_pid', 0)); |
||||
259 | $cform->addElement(new XoopsFormHidden('com_rootid', 0)); |
||||
260 | $cform->addElement(new XoopsFormHidden('com_order', 0)); |
||||
261 | $cform->addElement(new XoopsFormHidden('com_itemid', $com_itemid)); |
||||
262 | $cform->addElement(new XoopsFormHidden('com_mode', $com_mode)); |
||||
263 | $cform->addElement(new xoopsFormHidden('dohtml', 0)); |
||||
264 | $cform->addElement(new xoopsFormHidden('dobr', 0)); |
||||
265 | $cform->addElement(new xoopsFormHidden('dosmiley', 0)); |
||||
266 | $cform->addElement(new xoopsFormHidden('doxcode', 0)); |
||||
267 | |||||
268 | // add module specific extra params |
||||
269 | if ('system' !== $xoopsModule->getVar('dirname')) { |
||||
270 | $comment_config = $xoopsModule->getInfo('comments'); |
||||
271 | if (isset($comment_config['extraParams']) && \is_array($comment_config['extraParams'])) { |
||||
272 | $myts = \MyTextSanitizer::getInstance(); |
||||
273 | foreach ($comment_config['extraParams'] as $extra_param) { |
||||
274 | // This routine is included from forms accessed via both GET and POST |
||||
275 | $hidden_value = ''; |
||||
276 | if (isset($_POST[$extra_param])) { |
||||
277 | $hidden_value = $myts->stripSlashesGPC(Request::getString($extra_param, '', 'POST')); |
||||
0 ignored issues
–
show
|
|||||
278 | } elseif (isset($_GET[$extra_param])) { |
||||
279 | $hidden_value = $myts->stripSlashesGPC(Request::getString($extra_param, '', 'GET')); |
||||
0 ignored issues
–
show
The function
MyTextSanitizer::stripSlashesGPC() has been deprecated: as of XOOPS 2.5.11 and will be removed in next XOOPS version
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
280 | } |
||||
281 | $cform->addElement(new XoopsFormHidden($extra_param, $hidden_value)); |
||||
282 | } |
||||
283 | } |
||||
284 | } |
||||
285 | |||||
286 | $button_tray = new XoopsFormElementTray('', ' '); |
||||
287 | $button_tray->addElement(new XoopsFormButton('', 'com_dopost', _CM_POSTCOMMENT, 'submit')); |
||||
288 | $cform->addElement($button_tray); |
||||
289 | $xoopsTpl->assign('commentform', $cform->render()); |
||||
290 | } else { |
||||
291 | $xoopsTpl->assign('commentform', ''); |
||||
292 | } |
||||
293 | // End added by voltan |
||||
294 | |||||
295 | $xoopsTpl->assign(array( |
||||
296 | 'commentsnav' => $navbar, |
||||
297 | 'editcomment_link' => 'comment_edit.php?com_itemid=' . $com_itemid . '&com_order=' . $com_order . '&com_mode=' . $com_mode . '' . $link_extra, |
||||
298 | 'deletecomment_link' => 'comment_delete.php?com_itemid=' . $com_itemid . '&com_order=' . $com_order . '&com_mode=' . $com_mode . '' . $link_extra, |
||||
299 | 'replycomment_link' => 'comment_reply.php?com_itemid=' . $com_itemid . '&com_order=' . $com_order . '&com_mode=' . $com_mode . '' . $link_extra)); |
||||
300 | |||||
301 | // assign some lang variables |
||||
302 | $xoopsTpl->assign(array( |
||||
303 | 'lang_from' => _CM_FROM, |
||||
304 | 'lang_joined' => _CM_JOINED, |
||||
305 | 'lang_posts' => _CM_POSTS, |
||||
306 | 'lang_poster' => _CM_POSTER, |
||||
307 | 'lang_thread' => _CM_THREAD, |
||||
308 | 'lang_edit' => _EDIT, |
||||
309 | 'lang_delete' => _DELETE, |
||||
310 | 'lang_reply' => _REPLY, |
||||
311 | 'lang_subject' => _CM_REPLIES, |
||||
312 | 'lang_posted' => _CM_POSTED, |
||||
313 | 'lang_updated' => _CM_UPDATED, |
||||
314 | 'lang_notice' => _CM_NOTICE)); |
||||
315 | } |
||||
316 | } |
||||
317 |
This function has been deprecated. The supplier of the function has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.