diff --git a/plugins/calendar/functions.inc b/plugins/calendar/functions.inc index ac8cb21d1..c29005418 100644 --- a/plugins/calendar/functions.inc +++ b/plugins/calendar/functions.inc @@ -419,11 +419,12 @@ function plugin_savesubmission_calendar($A) $retval = ''; $A['title'] = strip_tags(COM_checkWords($A['title'])); + $A['title'] = GLText::removeUtf8Icons($A['title']); $A['start_year'] = COM_applyFilter($A['start_year'], true); $A['start_month'] = COM_applyFilter($A['start_month'], true); $A['start_day'] = COM_applyFilter($A['start_day'], true); - // check for missing textfields + // check for missing text fields if (empty($A['title']) || empty($A['start_month']) || empty($A['start_day']) || empty($A['start_year'])) { $retval .= COM_showMessageText($LANG12[23], $LANG12[22]) . plugin_submit_calendar($A['calendar_type']); @@ -472,23 +473,23 @@ function plugin_savesubmission_calendar($A) $A['description'] = (isset($A['description']) ? $A['description'] : ''); $A['event_type'] = (isset($A['event_type']) ? $A['event_type'] : ''); - if ($A['url'] == 'http://') { + if ($A['url'] === 'http://' || $A['url'] === 'https://') { // remove default entry now to avoid false spam reports $A['url'] = ''; } // pseudo-formatted event description for the spam check - $spamcheck = ''; + $spamCheck = ''; if (empty($A['url'])) { - $spamcheck .= $A['title']; + $spamCheck .= $A['title']; } else { - $spamcheck .= COM_createLink($A['title'], $A['url']); + $spamCheck .= COM_createLink($A['title'], $A['url']); } - $spamcheck .= '' . $A['location'] . '' + $spamCheck .= '' . $A['location'] . '' . $A['address1'] . '' . $A['address2'] . '' . $A['city'] . ', ' . $A['zipcode'] . '' . $A['description'] . '
To install and use Geeklog you will need to have a server running Apache or Microsoft IIS with PHP 5.2.0 or higher installed. You will also need either MySQL 4.1.2 or later (MariaDB 5.1 or later will also work), or PostgreSQL 9.1.7 or greater.
To install and use Geeklog you will need to have a server running Apache or Microsoft IIS with PHP 5.3.3 or higher installed (PHP 7.X is supported). You will also need either MySQL 4.1.3 or later (MariaDB 5.1 or later will also work), or PostgreSQL 9.1.7 or greater.
Note for PostgreSQL users: Geeklog currently requires that the Postgres option standard_conforming_strings is set to off (it is on by default as of PostgreSQL 9.1).
Note for MySQL users: For multi language sites you generally want to use the database collation utf8_general_ci. This collation will be able to handle the character sets of different languages. As of version 5.5.3 MySQL supports 4-byte characters. In this case if you want to support for example emoji icons characters which are 4 bytes you will need to use a collation which supports it like utf8mb4_general_ci. For existing Geeklog databases which are using a different collation you can use a tool like phpMyAdmin to change your database default collation along with all the table collations. Be warned depending on what your initial collation is you may need to also update the data in your tables.
', '[code]', $text); + $text = str_replace('', '[code]', $text); $text = str_replace('', '[/code]', $text); - $text = str_replace('', '[raw]', $text); - $text = str_replace('', '[/raw]', $text); - $text = self::_editUnescape($text, $postmode); + $text = str_replace('', '[raw]', $text); + $text = str_replace('', '[/raw]', $text); + $text = self::_editUnescape($text, $postMode); $text = htmlspecialchars($text, ENT_QUOTES, COM_getEncodingt()); } $text = self::_displayEscape($text); - } else { - // latest version - $text = htmlspecialchars($text, ENT_QUOTES, COM_getEncodingt()); } @@ -90,56 +81,53 @@ public static function getEditText($text, $postmode, $version) /** * Returns text ready for display. * - * @param string $text Text to prepare for display - * @param string $postmode Indicates if text is html, adveditor, wikitext or plaintext - * @param int $version version of GLText engine + * @param string $text Text to prepare for display + * @param string $postMode Indicates if text is html, adveditor, wikitext or plaintext + * @param int $version version of GLText engine * @return string Escaped String * @access public - * */ - public static function getDisplayText($text, $postmode, $version) + public static function getDisplayText($text, $postMode, $version) { if ($version == GLTEXT_FIRST_VERSION) { - // first version - - if ($postmode == 'plaintext') { + if ($postMode === 'plaintext') { $text = COM_nl2br($text); } - if ($postmode == 'wikitext') { - $text = self::_editUnescape($text, $postmode); + if ($postMode === 'wikitext') { + $text = self::_editUnescape($text, $postMode); $text = self::renderWikiText($text); } - } else { - // latest version - - if ($postmode == 'html' || $postmode == 'adveditor') { - + if ($postMode === 'html' || $postMode === 'adveditor') { // Get rid of any newline characters $text = str_replace("\n", '', $text); - $text = self::_handleSpecialTag_callback($text, + $text = self::_handleSpecialTag_callback( + $text, array('[code]', '[/code]', '', ''), - '_escapeSPChars'); + '_escapeSPChars' + ); - $text = self::_handleSpecialTag_callback($text, + $text = self::_handleSpecialTag_callback( + $text, array('[raw]', '[/raw]', '', ''), - '_escapeSPChars'); + '_escapeSPChars' + ); } - if ($postmode == 'plaintext') { + if ($postMode === 'plaintext') { $text = htmlspecialchars($text, ENT_QUOTES, COM_getEncodingt()); $text = COM_makeClickableLinks($text); $text = COM_nl2br($text); } - if ($postmode == 'wikitext') { - $text = self::_editUnescape($text, $postmode); + if ($postMode === 'wikitext') { + $text = self::_editUnescape($text, $postMode); $text = self::renderWikiText($text); -// $text = self::_htmLawed($text, 'story.edit'); + // $text = self::_htmLawed($text, 'story.edit'); } $text = COM_checkWords($text, 'story'); @@ -153,39 +141,46 @@ public static function getDisplayText($text, $postmode, $version) /** * Apply HTML filter to the text * - * @param string $text Text to prepare for store to databese - * @param string $postmode Indicates if text is html, adveditor, wikitext or plaintext - * @param string $permissions comma-separated list of rights which identify the current user as an "Admin" - * @param int $version version of GLText engine + * @param string $text Text to prepare for store to databese + * @param string $postMode Indicates if text is html, adveditor, wikitext or plaintext + * @param string $permissions comma-separated list of rights which identify the current user as an "Admin" + * @param int $version version of GLText engine * @return string Escaped String * @access public - * */ - public static function applyHTMLFilter($text, $postmode, $permissions, $version) + public static function applyHTMLFilter($text, $postMode, $permissions, $version) { global $_CONF; if (($version != GLTEXT_FIRST_VERSION) && - ($postmode == 'html' || $postmode == 'adveditor')) { - + ($postMode === 'html' || $postMode === 'adveditor') + ) { if (!SEC_hasRights('htmlfilter.skip') && - (($_CONF['skip_html_filter_for_root'] != 1) || !SEC_inGroup('Root'))) { - - $text = self::_handleSpecialTag_callback($text, + (($_CONF['skip_html_filter_for_root'] != 1) || !SEC_inGroup('Root')) + ) { + $text = self::_handleSpecialTag_callback( + $text, array('[code]', '[/code]', '[code2]', '[/code2]'), - '_maskCode'); - $text = self::_handleSpecialTag_callback($text, + '_maskCode' + ); + $text = self::_handleSpecialTag_callback( + $text, array('[raw]', '[/raw]', '[raw2]', '[/raw2]'), - '_maskCode'); + '_maskCode' + ); $text = self::_htmLawed($text, $permissions); - $text = self::_handleSpecialTag_callback($text, + $text = self::_handleSpecialTag_callback( + $text, array('[code2]', '[/code2]', '[code]', '[/code]'), - '_unmaskCode'); - $text = self::_handleSpecialTag_callback($text, + '_unmaskCode' + ); + $text = self::_handleSpecialTag_callback( + $text, array('[raw2]', '[/raw2]', '[raw]', '[/raw]'), - '_unmaskCode'); + '_unmaskCode' + ); } } @@ -195,49 +190,50 @@ public static function applyHTMLFilter($text, $postmode, $permissions, $version) /** * Returns text ready for preview. * - * @param string $text Text to prepare for store to databese - * @param string $postmode Indicates if text is html, adveditor, wikitext or plaintext - * @param string $permissions comma-separated list of rights which identify the current user as an "Admin" - * @param int $version version of GLText engine + * @param string $text Text to prepare for store to databese + * @param string $postMode Indicates if text is html, adveditor, wikitext or plaintext + * @param string $permissions comma-separated list of rights which identify the current user as an "Admin" + * @param int $version version of GLText engine * @return string Escaped String * @access public - * */ - public static function getPreviewText($text, $postmode, $permissions, $version) + public static function getPreviewText($text, $postMode, $permissions, $version) { - $text = self::applyHTMLFilter($text, $postmode, $permissions, $version); - $text = self::getDisplayText($text, $postmode, $version); + $text = self::applyHTMLFilter($text, $postMode, $permissions, $version); + $text = self::getDisplayText($text, $postMode, $version); return $text; } /** * This function checks html tags. - * * Checks to see that the HTML tags are on the approved list and * removes them if not. * - * @param string $str HTML to check - * @param string $permissions comma-separated list of rights which identify the current user as an "Admin" + * @param string $str HTML to check + * @param string $permissions comma-separated list of rights which identify the current user as an "Admin" * @return string Filtered HTML * @access public - * */ public static function checkHTML($str, $permissions = 'story.edit') { global $_CONF, $_USER; -// $str = COM_stripslashes($str); // it should not be here + // $str = COM_stripslashes($str); // it should not be here // Get rid of any newline characters $str = str_replace("\n", '', $str); - $str = self::_handleSpecialTag_callback($str, + $str = self::_handleSpecialTag_callback( + $str, array('[code]', '[/code]', '', ''), - '_escapeSPChars'); - $str = self::_handleSpecialTag_callback($str, + '_escapeSPChars' + ); + $str = self::_handleSpecialTag_callback( + $str, array('[raw]', '[/raw]', '[raw2]', '[/raw2]'), - '_escapeSPChars'); + '_escapeSPChars' + ); // To begin with, why handle '$' and '\' as the special character? // @@ -248,7 +244,8 @@ public static function checkHTML($str, $permissions = 'story.edit') // $str = str_replace( '$', '$', $str); if (!SEC_hasRights('htmlfilter.skip') && - (($_CONF['skip_html_filter_for_root'] != 1) || !SEC_inGroup('Root'))) { + (($_CONF['skip_html_filter_for_root'] != 1) || !SEC_inGroup('Root')) + ) { $str = self::_htmLawed($str, $permissions); } @@ -261,18 +258,17 @@ public static function checkHTML($str, $permissions = 'story.edit') } /** - * Convert wiki-formatted text to (X)HTML - * - * @param string $wikitext wiki-formatted text - * @return string XHTML formatted text - * - */ - public static function renderWikiText($wikitext) + * Convert wiki-formatted text to (X)HTML + * + * @param string $wikiText wiki-formatted text + * @return string XHTML formatted text + */ + public static function renderWikiText($wikiText) { global $_CONF; if (!$_CONF['wikitext_editor']) { - return $wikitext; + return $wikiText; } $wiki = new Geeklog\Text\Wiki(); @@ -282,11 +278,9 @@ public static function renderWikiText($wikitext) $wiki->disableRule('freelink'); $wiki->disableRule('interwiki'); - return $wiki->transform($wikitext, 'Xhtml'); + return $wiki->transform($wikiText, 'Xhtml'); } - // Private Methods: - private static function _htmLawed($str, $permissions) { global $_CONF, $_USER; @@ -297,7 +291,7 @@ private static function _htmLawed($str, $permissions) 'balance' => 1, // Balance tags for well-formedness and proper nesting 'comment' => 3, // Allow HTML comment 'css_expression' => 1, // Allow dynamic CSS expression in "style" attributes -// 'keep_bad' => 1, // Neutralize both tags and element content + // 'keep_bad' => 1, // Neutralize both tags and element content 'keep_bad' => 0, // Neutralize both tags and element content 'tidy' => 0, // Don't beautify or compact HTML code 'unique_ids' => 1, // Remove duplicate and/or invalid ids @@ -305,8 +299,9 @@ private static function _htmLawed($str, $permissions) ); if (isset($_CONF['allowed_protocols']) && - is_array($_CONF['allowed_protocols']) && - (count($_CONF['allowed_protocols']) > 0)) { + is_array($_CONF['allowed_protocols']) && + (count($_CONF['allowed_protocols']) > 0) + ) { $schemes = $_CONF['allowed_protocols']; } else { $schemes = array('http:', 'https:', 'ftp:'); @@ -316,19 +311,23 @@ private static function _htmLawed($str, $permissions) $config['schemes'] = 'href: ' . $schemes . '; *: ' . $schemes; if (empty($permissions) || !SEC_hasRights($permissions) || - empty($_CONF['admin_html'])) { + empty($_CONF['admin_html']) + ) { $html = $_CONF['user_html']; } else { if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { $html = array_merge_recursive($_CONF['user_html'], - $_CONF['admin_html'], - $_CONF['advanced_html']); + $_CONF['admin_html'], + $_CONF['advanced_html']); } else { $html = array_merge_recursive($_CONF['user_html'], - $_CONF['admin_html']); + $_CONF['admin_html']); } } + $spec = array(); + $elements = array(); + foreach ($html as $tag => $attr) { if (is_array($attr) && (count($attr) > 0)) { $spec[] = $tag . '=' . implode(', ', array_keys($attr)); @@ -349,30 +348,30 @@ private static function _htmLawed($str, $permissions) /** * Escapes certain HTML for nicely encoded HTML. * - * @param string $text Text to escpae + * @param string $text Text to escape * @return string Escaped string * @access private - * */ private static function _displayEscape($text) { return str_replace( - array('$', '{', '}', '\\'), - array('$', '{', '}', '\'), $text); + array('$', '{', '}', '\\'), + array('$', '{', '}', '\'), + $text + ); } /** - * Unescapes certain HTML for editing again. + * Unescape certain HTML for editing again. * - * @param string $in Text escaped to unescape for editing - * @param string $postmode Indicates if text is html, wikitext or plaintext + * @param string $in Text escaped to unescape for editing + * @param string $postMode Indicates if text is html, wikitext or plaintext * @return string Unescaped string * @access private - * */ - private static function _editUnescape($in, $postmode) + private static function _editUnescape($in, $postMode) { - if (!in_array($postmode, array('html', 'wikitext'))) { + if (!in_array($postMode, array('html', 'wikitext'))) { // advanced editor or plaintext can handle themselves... return $in; } @@ -391,7 +390,7 @@ private static function _editUnescape($in, $postmode) // in rewrite phase 1. // // First, raw - $in = self::_unescapeSpecialTag($in, array('[raw]', '[/raw]')); + $in = self::_unescapeSpecialTag($in, array('[raw]', '[/raw]')); // Then, code $in = self::_unescapeSpecialTag($in, array('[code]', '[/code]')); @@ -399,17 +398,16 @@ private static function _editUnescape($in, $postmode) } /** - * Callback funtion for escapes all special characters within a + * Callback function for escapes all special characters within a * [code] ... [/code] section. * - * @param string $str the code section to encode + * @param string $str the code section to encode * @return string String with the special characters encoded * @access private - * */ private static function _escapeSPChars($str) { - $search = array('&', '<', '>', '[', ']' ); + $search = array('&', '<', '>', '[', ']'); $replace = array('&', '<', '>', '[', ']'); $str = str_replace($search, $replace, $str); @@ -417,12 +415,11 @@ private static function _escapeSPChars($str) } /** - * Callback funtion for mask text within a [code] ... [/code] section. + * Callback function for mask text within a [code] ... [/code] section. * - * @param string $str the code section to mask + * @param string $str the code section to mask * @return string String with characters encoded * @access private - * */ private static function _maskCode($str) { @@ -430,12 +427,11 @@ private static function _maskCode($str) } /** - * Callback funtion for unmask text within a [code] ... [/code] section. + * Callback function for unmask text within a [code] ... [/code] section. * - * @param string $str the code section to unmask + * @param string $str the code section to unmask * @return string String with characters decoded * @access private - * */ private static function _unmaskCode($str) { @@ -469,10 +465,8 @@ private static function _handleSpecialTag_callback($str, $tags, $args) $encoded = $tags[2] . $encoded . $tags[3]; $str = MBYTE_substr($str, 0, $start_pos) . $encoded - . MBYTE_substr($str, $end_pos + $len_end); - + . MBYTE_substr($str, $end_pos + $len_end); } else { // missing [/code] or [/raw] - $part = MBYTE_substr($str, $start_pos + $len_start); if (is_array($args)) { $encoded = self::$function($part, $args); @@ -491,34 +485,41 @@ private static function _handleSpecialTag_callback($str, $tags, $args) private static function _unescapeSpecialTag($in, $tags) { - $inlower = MBYTE_strtolower($in); - $start_pos = MBYTE_strpos($inlower, $tags[0]); - if ($start_pos === false) return $in; + $inLower = MBYTE_strtolower($in); + $start_pos = MBYTE_strpos($inLower, $tags[0]); + + if ($start_pos === false) { + return $in; + } + $buffer = $in; $out = ''; + while ($start_pos !== false) { // Copy in to start to out $out .= MBYTE_substr($buffer, 0, $start_pos); // Find end - $end_pos = MBYTE_strpos($inlower, $tags[1]); + $end_pos = MBYTE_strpos($inLower, $tags[1]); if ($end_pos !== false) { // Encode body and append to out $encoded = html_entity_decode( - MBYTE_substr($buffer, $start_pos, $end_pos - $start_pos)); + MBYTE_substr($buffer, $start_pos, $end_pos - $start_pos) + ); $out .= $encoded . $tags[1]; $len_end = strlen($tags[1]); // Nibble in - $inlower = MBYTE_substr($inlower, $end_pos + $len_end); - $buffer = MBYTE_substr($buffer, $end_pos + $len_end); + $inLower = MBYTE_substr($inLower, $end_pos + $len_end); + $buffer = MBYTE_substr($buffer, $end_pos + $len_end); } else { // missing end $len_start = strlen($tags[0]); // Treat the remainder as code, but this should have been // checked prior to calling: $out .= html_entity_decode( - MBYTE_substr($buffer, $start_pos + $len_start)); - $inlower = ''; + MBYTE_substr($buffer, $start_pos + $len_start) + ); + $inLower = ''; } - $start_pos = MBYTE_strpos($inlower, $tags[0]); + $start_pos = MBYTE_strpos($inLower, $tags[0]); } // Append remainder: if ($buffer != '') { @@ -527,4 +528,35 @@ private static function _unescapeSpecialTag($in, $tags) return $out; } + + /** + * Remove 4-6 byte UTF-8 characters, including emoji icons + * + * @param string $text + * @param string $replace + * @return string + */ + public static function removeUtf8Icons($text, $replace = '') + { + global $_CONF, $_DB_dbms; + static $isRemove = null; + + if ($isRemove === null) { + if ($_DB_dbms === 'mysql') { + if (strcasecmp($_CONF['default_charset'], 'utf-8') === 0) { + $isRemove = version_compare(DB_getVersion(), '5.5.3', '<'); + } else { + $isRemove = true; + } + } else { + $isRemove = false; + } + } + + if ($isRemove) { + $text = preg_replace('/[\xf0-\xfd][\x80-\xbf]{2}[\x80-\xbf]{1,3}/', $replace, $text); + } + + return $text; + } } diff --git a/system/classes/search.class.php b/system/classes/search.class.php index 2f7c20942..57c2ca498 100644 --- a/system/classes/search.class.php +++ b/system/classes/search.class.php @@ -35,10 +35,6 @@ die('This file can not be used on its own.'); } -require_once $_CONF['path_system'] . 'classes/plugin.class.php'; -require_once $_CONF['path_system'] . 'classes/searchcriteria.class.php'; -require_once $_CONF['path_system'] . 'classes/listfactory.class.php'; - /** * Geeklog Search Class * @@ -75,7 +71,9 @@ public function __construct() // Set search criteria if (isset($_GET['query'])) { - $this->_query = strip_tags(COM_stripslashes($_GET['query'])); + $query = COM_stripslashes($_GET['query']); + $query = GLText::removeUtf8Icons($query); + $this->_query = strip_tags($query); } if (isset($_GET['topic'])) { @@ -318,7 +316,7 @@ public function showForm() /** * Performs search on all stories * - * @return object plugin object + * @return array of object plugin object */ private function _searchStories() { @@ -390,7 +388,7 @@ private function _searchStories() $sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd); list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql); - $sql .= " GROUP BY id"; + $sql .= " GROUP BY c.cid, c.title, c.comment, c.date, c.uid "; $search_c->setSQL($sql); $search_c->setFTSQL($ftsql); @@ -486,9 +484,9 @@ public function doSearch() $obj->setRowFunction(array($this, 'searchFormatCallback')); // Start search timer - $searchtimer = new timerobject(); - $searchtimer->setPrecision(4); - $searchtimer->startTimer(); + $searchTimer = new timerobject(); + $searchTimer->setPrecision(4); + $searchTimer->startTimer(); // Have plugins do their searches $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 1; @@ -607,7 +605,7 @@ public function doSearch() $results = $obj->ExecuteQueries(); // Searches are done, stop timer - $searchtime = $searchtimer->stopTimer(); + $searchtime = $searchTimer->stopTimer(); $escquery = htmlspecialchars($this->_query); $escquery = str_replace(array('{', '}'), array('{', '}'), $escquery); diff --git a/system/classes/story.class.php b/system/classes/story.class.php index 7728169b6..63c96a2b1 100644 --- a/system/classes/story.class.php +++ b/system/classes/story.class.php @@ -46,8 +46,6 @@ * @author Michael Jervis, mike AT fuckingbrit DOT com */ -require_once 'gltext.class.php'; - /** * Constants for stories: * Loading from database: @@ -327,8 +325,6 @@ class Story // End Variables. /**************************************************************************/ - /**************************************************************************/ - // Public Methods: /** * Constructor, creates a story, taking a (geeklog) database object. * @@ -343,9 +339,9 @@ public function __construct($mode = 'admin') * Check to see if there is any content in the story, for * bothering to preview testing really. * - * @return boolean trim(title+intro+body) != '' + * @return bool trim(title+intro+body) != '' */ - function hasContent() + public function hasContent() { if (trim($this->_title) != '') { return true; @@ -367,20 +363,20 @@ function hasContent() * * @param $story array Story array from db */ - function loadFromArray($story) + public function loadFromArray($story) { /* Use the magic cheat array to quickly reload the whole story * from the database result array, doing the quick stripslashes. */ reset($this->_dbFields); - while (list($fieldname, $save) = each($this->_dbFields)) { - $varname = '_' . $fieldname; + while (list($fieldName, $save) = each($this->_dbFields)) { + $varName = '_' . $fieldName; - if (array_key_exists($fieldname, $story)) { + if (array_key_exists($fieldName, $story)) { // This is meaningless, and have a negative effect. (bug #0001655) // $this->{$varname} = stripslashes($story[$fieldname]); - $this->{$varname} = $story[$fieldname]; + $this->{$varName} = $story[$fieldName]; } } @@ -421,17 +417,18 @@ function loadFromArray($story) * the exciting gubbins here. * Only used from story admin and submit.php! * - * @param $sid string Story Identifier, valid geeklog story id from the db. - * @return Integer from a constant. + * @param string $sid Story Identifier, valid geeklog story id from the db. + * @param string $mode 'edit'|'view'|'clone'|'editsubmission' + * @return int from a constant. */ - function loadFromDatabase($sid, $mode = 'edit') + public function loadFromDatabase($sid, $mode = 'edit') { global $_TABLES, $_CONF, $_USER, $topic; $sid = DB_escapeString(COM_applyFilter($sid)); $sql = array(); - if (!empty($sid) && (($mode == 'edit') || ($mode == 'view') || ($mode == 'clone'))) { + if (!empty($sid) && (($mode === 'edit') || ($mode === 'view') || ($mode === 'clone'))) { if (empty($topic)) { $topic_sql = ' AND ta.tdefault = 1'; } else { @@ -449,7 +446,7 @@ function loadFromDatabase($sid, $mode = 'edit') $sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, UNIX_TIMESTAMP(s.comment_expire) as cmt_expire_unix, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta WHERE ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1 AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '$sid')"; - } elseif (!empty($sid) && ($mode == 'editsubmission')) { + } elseif (!empty($sid) && ($mode === 'editsubmission')) { /* Original $sql['mysql'] = 'SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, ' . 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')'; @@ -465,7 +462,7 @@ function loadFromDatabase($sid, $mode = 'edit') FROM {$_TABLES['storysubmission']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta WHERE (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '$sid') AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1"; - } elseif ($mode == 'edit') { + } elseif ($mode === 'edit') { $this->_sid = COM_makesid(); $this->_old_sid = $this->_sid; @@ -492,8 +489,7 @@ function loadFromDatabase($sid, $mode = 'edit') } else { $this->_uid = $_USER['uid']; } - $this->_date = time(); - $this->_expire = time(); + $this->_date = $this->_expire = time(); if ($_CONF['article_comment_close_enabled']) { $this->_comment_expire = time() + ($_CONF['article_comment_close_days'] * 86400); @@ -557,7 +553,7 @@ function loadFromDatabase($sid, $mode = 'edit') $this->loadFromArgsArray($_POST); } - /* if we have SQL, load from it */ + // if we have SQL, load from it if (!empty($sql)) { $result = DB_query($sql); @@ -573,23 +569,25 @@ function loadFromDatabase($sid, $mode = 'edit') * the DB. If the user doing the cloning is different from the * original author, we need to fix those here. */ - if (($mode == 'clone') && ($this->_uid != $_USER['uid'])) { + if (($mode === 'clone') && ($this->_uid != $_USER['uid'])) { $this->_uid = $_USER['uid']; $story['owner_id'] = $this->_uid; - $uresult = DB_query("SELECT username, fullname, photo, email FROM {$_TABLES['users']} WHERE uid = {$_USER['uid']}"); - list($this->_username, $this->_fullname, $this->_photo, $this->_email) = DB_fetchArray($uresult); + $uResult = DB_query("SELECT username, fullname, photo, email FROM {$_TABLES['users']} WHERE uid = {$_USER['uid']}"); + list($this->_username, $this->_fullname, $this->_photo, $this->_email) = DB_fetchArray($uResult); } if (!isset($story['owner_id'])) { $story['owner_id'] = 1; } - $access = SEC_hasAccess($story['owner_id'], $story['group_id'], + $access = SEC_hasAccess( + $story['owner_id'], $story['group_id'], $story['perm_owner'], $story['perm_group'], - $story['perm_members'], $story['perm_anon']); + $story['perm_members'], $story['perm_anon'] + ); //$this->_access = min($access, SEC_hasTopicAccess($this->_tid)); //$this->_access = min($access, TOPIC_hasMultiTopicAccess('article', $sid)); - if ($mode != 'view') { + if ($mode !== 'view') { // When editing an article they need access to all topics article is assigned to plus edit access to article itself $this->_access = min($access, TOPIC_hasMultiTopicAccess('article', $sid)); } else { @@ -599,7 +597,7 @@ function loadFromDatabase($sid, $mode = 'edit') if ($this->_access == 0) { return STORY_PERMISSION_DENIED; - } elseif ($this->_access == 2 && $mode != 'view') { + } elseif ($this->_access == 2 && $mode !== 'view') { return STORY_EDIT_DENIED; } elseif ((($this->_access == 2) && ($mode == 'view')) && (($this->_draft_flag == 1) || ($this->_date > time()))) { return STORY_INVALID_SID; @@ -609,7 +607,7 @@ function loadFromDatabase($sid, $mode = 'edit') } } - if ($mode == 'editsubmission') { + if ($mode === 'editsubmission') { if (isset($_CONF['draft_flag'])) { $this->_draft_flag = $_CONF['draft_flag']; } else { @@ -646,11 +644,9 @@ function loadFromDatabase($sid, $mode = 'edit') $this->_numemails = 0; $this->_statuscode = 0; $this->_owner_id = $this->_uid; - - } elseif ($mode == 'clone') { - + } elseif ($mode === 'clone') { // new story, new sid ... - $this->_sid = COM_makesid(); + $this->_sid = COM_makeSid(); $this->_old_sid = $this->_sid; // assign ownership to current user @@ -662,13 +658,11 @@ function loadFromDatabase($sid, $mode = 'edit') $this->_owner_id = $this->_uid; // use current date + time - $this->_date = time(); - $this->_expire = time(); + $this->_date = $this->_expire = time(); // if the original story uses comment expire, update the time if ($this->_comment_expire != 0) { - $this->_comment_expire = time() + - ($_CONF['article_comment_close_days'] * 86400); + $this->_comment_expire = time() + ($_CONF['article_comment_close_days'] * 86400); } // reset counters @@ -678,7 +672,7 @@ function loadFromDatabase($sid, $mode = 'edit') $this->_numemails = 0; } - $this->_sanitizeData(); + $this->sanitizeData(); return STORY_LOADED_OK; } @@ -687,13 +681,12 @@ function loadFromDatabase($sid, $mode = 'edit') * Saves the story in it's final state to the database. * Handles all the SID magic etc. * - * @return Integer status result from a constant list. + * @return int status result from a constant list. */ - function saveToDatabase() + public function saveToDatabase() { global $_TABLES, $_DB_dbms; - $tids = TOPIC_getTopicIdsForObject('topic'); $archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag=1'); if (!empty($tids) && !empty($archive_tid)) { @@ -727,8 +720,8 @@ function saveToDatabase() $oldArticleExists = false; $currentSidExists = false; - /* Fix up old sid => new sid stuff */ - $checksid = DB_escapeString($this->_originalSid); // needed below + // Fix up old sid => new sid stuff + $checkSid = DB_escapeString($this->_originalSid); // needed below if ($this->_sid != $this->_originalSid) { /* The sid has changed. Load from request will have @@ -738,9 +731,9 @@ function saveToDatabase() * sid that was then thrown away) to reduce the sheer * number of SQL queries we do. */ - $newsid = DB_escapeString($this->_sid); + $newSid = DB_escapeString($this->_sid); - $sql = "SELECT 1 FROM {$_TABLES['stories']} WHERE sid='{$checksid}'"; + $sql = "SELECT 1 FROM {$_TABLES['stories']} WHERE sid='{$checkSid}'"; $result = DB_query($sql); if ($result && (DB_numRows($result) > 0)) { @@ -748,21 +741,21 @@ function saveToDatabase() } if ($oldArticleExists) { - /* Move Comments */ - $sql = "UPDATE {$_TABLES['comments']} SET sid='$newsid' WHERE type='article' AND sid='$checksid'"; + // Move Comments + $sql = "UPDATE {$_TABLES['comments']} SET sid='$newSid' WHERE type='article' AND sid='$checkSid'"; DB_query($sql); - /* Move Images */ - $sql = "UPDATE {$_TABLES['article_images']} SET ai_sid = '{$newsid}' WHERE ai_sid = '{$checksid}'"; + // Move Images + $sql = "UPDATE {$_TABLES['article_images']} SET ai_sid = '{$newSid}' WHERE ai_sid = '{$checkSid}'"; DB_query($sql); - /* Move trackbacks */ - $sql = "UPDATE {$_TABLES['trackback']} SET sid='{$newsid}' WHERE sid='{$checksid}' AND type='article'"; + // Move trackbacks + $sql = "UPDATE {$_TABLES['trackback']} SET sid='{$newSid}' WHERE sid='{$checkSid}' AND type='article'"; DB_query($sql); } } - /* Acquire Comment Count */ + // Acquire Comment Count $sql = "SELECT COUNT(1) FROM {$_TABLES['comments']} WHERE type='article' AND sid='{$this->_sid}'"; $result = DB_query($sql); @@ -798,34 +791,34 @@ function saveToDatabase() $this->_introtext, $this->_postmode, 'story.edit', - $this->_text_version); + $this->_text_version + ); $this->_bodytext = GLText::applyHTMLFilter( $this->_bodytext, $this->_postmode, 'story.edit', - $this->_text_version); + $this->_text_version + ); /* This uses the database field array to generate a SQL Statement. This * means that when adding new fields to save and load, all we need to do * is add the field name to the array, and the code will magically cope. */ - while (list($fieldname, $save) = each($this->_dbFields)) { + while (list($fieldName, $save) = each($this->_dbFields)) { if ($save === 1) { - $varname = '_' . $fieldname; - $fields .= $fieldname . ', '; - if (($fieldname == 'date') || ($fieldname == 'expire') || - ($fieldname == 'comment_expire') - ) { + $varName = '_' . $fieldName; + $fields .= $fieldName . ', '; + if (($fieldName === 'date') || ($fieldName === 'expire') || ($fieldName === 'comment_expire')) { // let the DB server do this conversion (cf. timezone hack) - $values .= 'FROM_UNIXTIME(' . $this->{$varname} . '), '; + $values .= 'FROM_UNIXTIME(' . $this->{$varName} . '), '; } else { - if ($this->{$varname} === '') { + if ($this->{$varName} === '') { $values .= "'', "; } else { - if (is_numeric($this->{$varname})) { - $values .= DB_escapeString($this->{$varname}) . ', '; + if (is_numeric($this->{$varName})) { + $values .= DB_escapeString($this->{$varName}) . ', '; } else { - $values .= '\'' . DB_escapeString($this->{$varname}) . '\', '; + $values .= '\'' . DB_escapeString($this->{$varName}) . '\', '; } } } @@ -841,16 +834,16 @@ function saveToDatabase() TOPIC_saveTopicSelectionControl('article', $this->_sid); if ($oldArticleExists) { - /* Clean up the old story */ - DB_delete($_TABLES['stories'], 'sid', $checksid); + // Clean up the old story + DB_delete($_TABLES['stories'], 'sid', $checkSid); // Delete Topic Assignments for this old article id since we just created new ones - TOPIC_deleteTopicAssignments('article', $checksid); + TOPIC_deleteTopicAssignments('article', $checkSid); } - if ($this->type == 'submission') { - /* there might be a submission, clean it up */ - DB_delete($_TABLES['storysubmission'], 'sid', $checksid); + if ($this->type === 'submission') { + // there might be a submission, clean it up + DB_delete($_TABLES['storysubmission'], 'sid', $checkSid); } return STORY_SAVED; @@ -861,8 +854,11 @@ function saveToDatabase() * the whole entire world. First it'll clean up that horrible Magic Quotes * crap. Then it'll do all Geeklog's funky security stuff, anti XSS, anti * SQL Injection. Yay. + * + * @param array $array + * @return int */ - function loadFromArgsArray(&$array) + public function loadFromArgsArray(array &$array) { global $_TABLES, $_CONF; @@ -872,8 +868,7 @@ function loadFromArgsArray(&$array) $retval = STORY_LOADED_OK; // default to success - - /* Load the trivial stuff: */ + // Load the trivial stuff: $this->_loadBasics($array); // override the GLText version to the latest version @@ -882,20 +877,19 @@ function loadFromArgsArray(&$array) /* Check to see if we have permission to edit this sid, and that this * sid is not a duplicate or anything horrible like that. ewww. */ - $sql - = 'SELECT owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon ' . ' FROM ' . $_TABLES['stories'] - . ' WHERE sid=\'' . $this->_sid . '\''; + $sql = "SELECT owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon FROM {$_TABLES['stories']} " + . " WHERE sid='" . DB_escapeString($this->_sid) . "' "; $result = DB_query($sql); if ($result && (DB_numRows($result) > 0)) { - /* Sid exists! Is it our article? */ + //Sid exists! Is it our article? if ($this->_sid != $this->_originalSid) { // for story preview: don't abort $retval = STORY_DUPLICATE_SID; } $article = DB_fetchArray($result); - /* Check Security */ + // Check Security if (SEC_hasAccess($article['owner_id'], $article['group_id'], $article['perm_owner'], $article['perm_group'], $article['perm_members'], $article['perm_anon']) < 3 @@ -904,39 +898,42 @@ function loadFromArgsArray(&$array) } } - $access = SEC_hasAccess($this->_owner_id, $this->_group_id, $this->_perm_owner, $this->_perm_group, - $this->_perm_members, $this->_perm_anon); + $access = SEC_hasAccess( + $this->_owner_id, $this->_group_id, + $this->_perm_owner, $this->_perm_group, + $this->_perm_members, $this->_perm_anon + ); //if (($access < 3) || !SEC_hasTopicAccess($this->_tid) || !SEC_inGroup($this->_group_id)) { if (($access < 3) || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($this->_group_id)) { return STORY_NO_ACCESS_PARAMS; } - /* Load up the topic name and icon */ + // Load up the topic name and icon $topic = DB_query("SELECT tid, topic, imageurl FROM {$_TABLES['topics']} WHERE tid='" . TOPIC_getTopicDefault('topic') . "'"); $topic = DB_fetchArray($topic); $this->_tid = $topic['tid']; $this->_topic = $topic['topic']; $this->_imageurl = $topic['imageurl']; - /* Load the title, page title */ + // Load the title, page title $this->_title = $this->_applyTitleFilter($array['title']); $this->_page_title = $this->_applyTitleFilter($array['page_title']); // fix for bug in advanced editor if (in_array($array['postmode'], array('html', 'adveditor', 'wikitext'))) { - if ($_CONF['advanced_editor'] && ($array['bodytext'] == '')) { + if ($_CONF['advanced_editor'] && ($array['bodytext'] === '')) { $array['bodytext'] = ''; } } - /* Load the introtext, bodytext */ + // Load the introtext, bodytext $this->_introtext = $this->_applyTextFilter($array['introtext'], $array['postmode']); $this->_bodytext = $this->_applyTextFilter($array['bodytext'], $array['postmode']); $this->_advanced_editor_mode = 0; if (in_array($array['postmode'], array('html', 'adveditor', 'wikitext'))) { - if ($this->_postmode == 'adveditor') { + if ($this->_postmode === 'adveditor') { $this->_advanced_editor_mode = 1; $this->_postmode = 'html'; } @@ -946,7 +943,7 @@ function loadFromArgsArray(&$array) return STORY_EMPTY_REQUIRED_FIELDS; } - $this->_sanitizeData(); + $this->sanitizeData(); return $retval; } @@ -954,7 +951,7 @@ function loadFromArgsArray(&$array) /** * Sets up basic data for a new user submission story */ - function initSubmission() + public function initSubmission() { global $_USER, $_CONF, $_TABLES, $topic; @@ -994,9 +991,11 @@ function initSubmission() } /** - * Loads a submitted story from postdata + * Loads a submitted story from post data + * + * @return int */ - function loadSubmission() + public function loadSubmission() { global $_CONF; @@ -1046,13 +1045,13 @@ function loadSubmission() } } - /* Load the introtext, bodytext */ + // Load the introtext, bodytext $this->_introtext = $this->_applyTextFilter($array['introtext'], $array['postmode']); $this->_bodytext = $this->_applyTextFilter($array['bodytext'], $array['postmode']); $this->_advanced_editor_mode = 0; if (in_array($array['postmode'], array('html', 'adveditor'))) { - if ($this->_postmode == 'adveditor') { + if ($this->_postmode === 'adveditor') { $this->_advanced_editor_mode = 1; $this->_postmode = 'html'; } @@ -1074,7 +1073,7 @@ function loadSubmission() * * @return string Story formatted for spam check. */ - function GetSpamCheckFormat() + public function getSpamCheckFormat() { return "{$this->_title}{$this->_introtext}{$this->_bodytext}"; } @@ -1084,9 +1083,10 @@ function GetSpamCheckFormat() * * @return integer result code explaining behaviour. */ - function saveSubmission() + public function saveSubmission() { global $_USER, $_CONF, $_TABLES; + $this->_sid = COM_makeSid(); if (COM_isAnonUser()) { @@ -1095,27 +1095,26 @@ function saveSubmission() $this->_uid = $_USER['uid']; } - // Remove any autotags the user doesn't have permission to use - $introtext = PLG_replaceTags($this->_introtext, '', true); - $bodytext = PLG_replaceTags($this->_bodytext, '', true); + $introText = PLG_replaceTags($this->_introtext, '', true); + $bodyText = PLG_replaceTags($this->_bodytext, '', true); if (!TOPIC_hasMultiTopicAccess('topic')) { // user doesn't have access to one or more topics - bail return STORY_NO_ACCESS_TOPIC; } - if (($_CONF['storysubmission'] == 1) && !SEC_hasRights('story.submit')) { $sid = DB_escapeString($this->_sid); $title = DB_escapeString($this->_title); - $introtext = DB_escapeString($introtext); - $bodytext = DB_escapeString($bodytext); - $postmode = DB_escapeString($this->_postmode); + $introText = DB_escapeString($introText); + $bodyText = DB_escapeString($bodyText); + $postMode = DB_escapeString($this->_postmode); DB_save($_TABLES['storysubmission'], 'sid,uid,title,introtext,bodytext,date,postmode,text_version', "$sid,{$this->_uid},'$title'," . - "'$introtext','$bodytext',NOW(),'$postmode','{$this->_text_version}'"); + "'$introText','$bodyText',NOW(),'$postMode','{$this->_text_version}'" + ); // Save Topics selected TOPIC_saveTopicSelectionControl('article', $sid); @@ -1123,7 +1122,7 @@ function saveSubmission() return STORY_SAVED_SUBMISSION; } else { // post this story directly. First establish the necessary missing data. - $this->_sanitizeData(); + $this->sanitizeData(); if (!isset($_CONF['show_topic_icon'])) { $_CONF['show_topic_icon'] = 1; @@ -1199,15 +1198,13 @@ function saveSubmission() * @param string $text Intro or Body text * @return string processed text */ - function renderImageTags($text) + public function renderImageTags($text) { global $_CONF, $_TABLES, $LANG24; // check if we have a (different) old sid - the article_images table // will only be updated later! cf. bug #0001256 - if (!empty($this->_originalSid) && - ($this->_sid != $this->_originalSid) - ) { + if (!empty($this->_originalSid) && ($this->_sid != $this->_originalSid)) { $ai_sid = $this->_originalSid; } else { $ai_sid = $this->_sid; @@ -1215,17 +1212,17 @@ function renderImageTags($text) $result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} " . "WHERE ai_sid = '{$ai_sid}' ORDER BY ai_img_num"); - $nrows = DB_numRows($result); + $numRows = DB_numRows($result); $stdImageLoc = true; if (!strstr($_CONF['path_images'], $_CONF['path_html'])) { $stdImageLoc = false; } - for ($i = 1; $i <= $nrows; $i++) { + for ($i = 1; $i <= $numRows; $i++) { $A = DB_fetchArray($result); - $imgpath = ''; + $imgPath = ''; // If we are storing images on a "standard path" i.e. is // available to the host web server, then the url to this @@ -1236,33 +1233,30 @@ function renderImageTags($text) // image from whereever else on the file system we're // keeping them: if ($stdImageLoc) { - $imgpath = substr($_CONF['path_images'], strlen($_CONF['path_html'])); - $imgSrc = $_CONF['site_url'] . '/' . $imgpath . 'articles/' . $A['ai_filename']; + $imgPath = substr($_CONF['path_images'], strlen($_CONF['path_html'])); + $imgSrc = $_CONF['site_url'] . '/' . $imgPath . 'articles/' . $A['ai_filename']; } else { $imgSrc = $_CONF['site_url'] . '/getimage.php?mode=articles&image=' . $A['ai_filename']; } - $sizeattributes = COM_getImgSizeAttributes($_CONF['path_images'] . 'articles/' . $A['ai_filename']); + $sizeAttributes = COM_getImgSizeAttributes($_CONF['path_images'] . 'articles/' . $A['ai_filename']); // Build image tags for each flavour of the image: - $img_noalign = ''; - $img_leftalgn = ''; - $img_rightalgn = ''; + $img_noalign = ''; + $img_leftalgn = ''; + $img_rightalgn = ''; // Are we keeping unscaled images? if ($_CONF['keep_unscaled_image'] == 1) { // Yes we are, so, we need to find out what the filename // of the original, unscaled image is: - $lFilename_large = substr_replace($A['ai_filename'], '_original.', - strrpos($A['ai_filename'], '.'), 1); - $lFilename_large_complete = $_CONF['path_images'] . 'articles/' . - $lFilename_large; + $lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1); + $lFilename_large_complete = $_CONF['path_images'] . 'articles/' . $lFilename_large; // We need to map that filename to the right location // or the fetch script: if ($stdImageLoc) { - $lFilename_large_URL = $_CONF['site_url'] . '/' . $imgpath . - 'articles/' . $lFilename_large; + $lFilename_large_URL = $_CONF['site_url'] . '/' . $imgPath . 'articles/' . $lFilename_large; } else { $lFilename_large_URL = $_CONF['site_url'] . '/getimage.php?mode=show&image=' . @@ -1297,22 +1291,22 @@ function renderImageTags($text) } // And insert the unscaled mode images: - if (($_CONF['allow_user_scaling'] == 1) and ($_CONF['keep_unscaled_image'] == 1)) { + if (($_CONF['allow_user_scaling'] == 1) && ($_CONF['keep_unscaled_image'] == 1)) { if (file_exists($lFilename_large_complete)) { $imgSrc = $lFilename_large_URL; - $sizeattributes = COM_getImgSizeAttributes($lFilename_large_complete); + $sizeAttributes = COM_getImgSizeAttributes($lFilename_large_complete); } - $unscalednorm = '[unscaled' . $i . ']'; - $unscaledleft = '[unscaled' . $i . '_left]'; - $unscaledright = '[unscaled' . $i . '_right]'; + $unscaledNorm = '[unscaled' . $i . ']'; + $unscaledLeft = '[unscaled' . $i . '_left]'; + $unscaledRight = '[unscaled' . $i . '_right]'; - $text = str_replace($unscalednorm, - '', $text); - $text = str_replace($unscaledleft, - '', $text); - $text = str_replace($unscaledright, - '', $text); + $text = str_replace($unscaledNorm, + '', $text); + $text = str_replace($unscaledLeft, + '', $text); + $text = str_replace($unscaledRight, + '', $text); } } @@ -1324,7 +1318,7 @@ function renderImageTags($text) * * @return array containing errors, or empty. */ - function checkAttachedImages() + public function checkAttachedImages() { global $_TABLES, $LANG24; @@ -1332,9 +1326,7 @@ function checkAttachedImages() // check if we have a (different) old sid - the article_images table // will only be updated later! cf. bug #0001256 - if (!empty($this->_originalSid) && - ($this->_sid != $this->_originalSid) - ) { + if (!empty($this->_originalSid) && ($this->_sid != $this->_originalSid)) { $ai_sid = $this->_originalSid; } else { $ai_sid = $this->_sid; @@ -1342,13 +1334,13 @@ function checkAttachedImages() $result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} " . "WHERE ai_sid = '{$ai_sid}' ORDER BY ai_img_num"); - $nrows = DB_numRows($result); + $numRows = DB_numRows($result); $errors = array(); - for ($i = 1; $i <= $nrows; $i++) { + for ($i = 1; $i <= $numRows; $i++) { $A = DB_fetchArray($result); // See how many times image $i is used in the fulltext of the article: - $icount = substr_count($text, '[image' . $i . ']') + $iCount = substr_count($text, '[image' . $i . ']') + substr_count($text, '[image' . $i . '_left]') + substr_count($text, '[image' . $i . '_right]') + substr_count($text, '[unscaled' . $i . ']') @@ -1357,7 +1349,7 @@ function checkAttachedImages() // If the image we are currently looking at wasn't used, we need // to log an error - if ($icount == 0) { + if ($iCount == 0) { // There is an image that wasn't used, create an error $errors[] = $LANG24[48] . " #$i, {$A['ai_filename']}, " . $LANG24[53]; } @@ -1371,9 +1363,9 @@ function checkAttachedImages() * GL special syntax * * @param string $text Intro or Body text - * @return string processed text + * @return string processed text */ - function replaceImages($text) + public function replaceImages($text) { global $_CONF, $_TABLES, $LANG24; @@ -1384,18 +1376,18 @@ function replaceImages($text) } $count = 0; - /* If we haven't already cached the images for this story, do so */ + // If we haven't already cached the images for this story, do so if (!is_array($this->_storyImages)) { $result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE " . "ai_sid = '{$this->_sid}' ORDER BY ai_img_num"); - $nrows = DB_numRows($result); + $numRows = DB_numRows($result); $this->_storyImages = array(); - for ($i = 1; $i <= $nrows; $i++) { + for ($i = 1; $i <= $numRows; $i++) { $this->_storyImages[] = DB_fetchArray($result); } - $count = $nrows; + $count = $numRows; } else { $count = count($this->_storyImages); } @@ -1408,7 +1400,7 @@ function replaceImages($text) $imageX_left = '[image' . ($i + 1) . '_left]'; $imageX_right = '[image' . ($i + 1) . '_right]'; - $sizeattributes = COM_getImgSizeAttributes($_CONF['path_images'] . 'articles/' . $A['ai_filename']); + $sizeAttributes = COM_getImgSizeAttributes($_CONF['path_images'] . 'articles/' . $A['ai_filename']); $lLinkPrefix = ''; $lLinkSuffix = ''; @@ -1419,11 +1411,10 @@ function replaceImages($text) $lFilename_large_complete = $_CONF['path_images'] . 'articles/' . $lFilename_large; if ($stdImageLoc) { - $imgpath = substr($_CONF['path_images'], strlen($_CONF['path_html'])); - $lFilename_large_URL = $_CONF['site_url'] . '/' . $imgpath . 'articles/' . $lFilename_large; + $imgPath = substr($_CONF['path_images'], strlen($_CONF['path_html'])); + $lFilename_large_URL = $_CONF['site_url'] . '/' . $imgPath . 'articles/' . $lFilename_large; } else { - $lFilename_large_URL = $_CONF['site_url'] . '/getimage.php?mode=show&image=' - . $lFilename_large; + $lFilename_large_URL = $_CONF['site_url'] . '/getimage.php?mode=show&image=' . $lFilename_large; } if (file_exists($lFilename_large_complete)) { @@ -1433,32 +1424,32 @@ function replaceImages($text) } if ($stdImageLoc) { - $imgpath = substr($_CONF['path_images'], strlen($_CONF['path_html'])); - $imgSrc = $_CONF['site_url'] . '/' . $imgpath . 'articles/' . $A['ai_filename']; + $imgPath = substr($_CONF['path_images'], strlen($_CONF['path_html'])); + $imgSrc = $_CONF['site_url'] . '/' . $imgPath . 'articles/' . $A['ai_filename']; } else { $imgSrc = $_CONF['site_url'] . '/getimage.php?mode=articles&image=' . $A['ai_filename']; } - $norm = $lLinkPrefix . '' . $lLinkSuffix; - $left = $lLinkPrefix . '' + $norm = $lLinkPrefix . '' . $lLinkSuffix; + $left = $lLinkPrefix . '' . $lLinkSuffix; - $right = $lLinkPrefix . '' + $right = $lLinkPrefix . '' . $lLinkSuffix; $text = str_replace($norm, $imageX, $text); $text = str_replace($left, $imageX_left, $text); $text = str_replace($right, $imageX_right, $text); - if (($_CONF['allow_user_scaling'] == 1) and ($_CONF['keep_unscaled_image'] == 1)) { + if (($_CONF['allow_user_scaling'] == 1) && ($_CONF['keep_unscaled_image'] == 1)) { $unscaledX = '[unscaled' . ($i + 1) . ']'; $unscaledX_left = '[unscaled' . ($i + 1) . '_left]'; $unscaledX_right = '[unscaled' . ($i + 1) . '_right]'; if (file_exists($lFilename_large_complete)) { - $sizeattributes = COM_getImgSizeAttributes($lFilename_large_complete); - $norm = ''; - $left = ''; - $right = ''; + $sizeAttributes = COM_getImgSizeAttributes($lFilename_large_complete); + $norm = ''; + $left = ''; + $right = ''; } $text = str_replace($norm, $unscaledX, $text); @@ -1476,7 +1467,7 @@ function replaceImages($text) * @param bool $forDb boolean True if we want an 'DB_escapeString' version for the db * @return string */ - function getSid($forDb = false) + public function getSid($forDb = false) { if ($forDb) { return DB_escapeString($this->_sid); @@ -1487,8 +1478,10 @@ function getSid($forDb = false) /** * Get the access level + * + * @return int */ - function getAccess() + public function getAccess() { return $this->_access; } @@ -1505,9 +1498,10 @@ function getAccess() * @param string $item Item to fetch. * @return mixed The clean and ready to use (in edit mode) value requested. */ - function EditElements($item = 'title') + public function EditElements($item = 'title') { global $_CONF; + switch (strtolower($item)) { case 'unixdate': $return = strtotime($this->_date); @@ -1728,7 +1722,7 @@ function EditElements($item = 'title') * @param string $item Item to fetch. * @return mixed The clean and ready to use value requested. */ - function DisplayElements($item = 'title') + public function DisplayElements($item = 'title') { global $_CONF, $_TABLES; @@ -1798,7 +1792,7 @@ function DisplayElements($item = 'title') break; case 'hits': - $return = COM_NumberFormat($this->_hits); + $return = COM_numberFormat($this->_hits); break; @@ -1828,10 +1822,10 @@ function DisplayElements($item = 'title') break; default: - $varname = '_' . $item; + $varName = '_' . $item; - if (isset($this->{$varname})) { - $return = $this->{$varname}; + if (isset($this->{$varName})) { + $return = $this->{$varName}; } break; @@ -1846,10 +1840,11 @@ function DisplayElements($item = 'title') * @param string $item Item to fetch. Valid only bodytext and introtext. * @return string text for preview in edit mode */ - function getPreviewText($item) + public function getPreviewText($item) { - $text = (strtolower($item) == 'introtext') ? - $this->_introtext : $this->_bodytext; + $text = (strtolower($item) === 'introtext') + ? $this->_introtext + : $this->_bodytext; if ($this->_text_version == GLTEXT_FIRST_VERSION) { $text = $this->replaceImages($text); } @@ -1869,11 +1864,12 @@ function getPreviewText($item) * * @return int access level for this story */ - function checkAccess() + public function checkAccess() { return SEC_hasAccess($this->_owner_id, $this->_group_id, $this->_perm_owner, $this->_perm_group, - $this->_perm_members, $this->_perm_anon); + $this->_perm_members, $this->_perm_anon + ); } /** @@ -1946,7 +1942,7 @@ public static function getRelatedArticlesByKeywords($articleId, $keywordList, $l if (!$found) { $work[] = array( - 'sid' => $sid, + 'sid' => $sid, 'title' => $title, 'score' => 1, ); @@ -1978,71 +1974,67 @@ public static function getRelatedArticlesByKeywords($articleId, $keywordList, $l return $retval; } - // End Public Methods. - - // Private Methods: - /** * Escapes certain HTML for nicely encoded HTML. * - * @access Private - * @param string $in Text to escpae - * @return string escaped string + * @param string $text text to escpae + * @return string escaped string */ - function _displayEscape($text) + private function _displayEscape($text) { return str_replace( array('$', '{', '}', '\\'), - array('$', '{', '}', '\'), $text); + array('$', '{', '}', '\'), + $text + ); } /** * Loads the basic details of an article into the internal * variables, cleaning them up nicely. * - * @access Private - * @param $array Array of POST/GET data (by ref). - * @return Nothing. + * @param array $array Array of POST/GET data (by ref). + * @return void */ - function _loadBasics(&$array) + private function _loadBasics(array &$array) { /* For the really, really basic stuff, we can very easily load them * based on an array that defines how to COM_applyFilter them. */ foreach ($this->_postFields as $key => $value) { - $vartype = $value[0]; - $varname = $value[1]; + $varType = $value[0]; + $varName = $value[1]; // If we have a value if (array_key_exists($key, $array)) { // And it's alphanumeric or numeric, filter it and use it. - if (($vartype == STORY_AL_ALPHANUM) || ($vartype == STORY_AL_NUMERIC)) { - $this->{$varname} = COM_applyFilter($array[$key], $vartype); - } elseif ($vartype == STORY_AL_ANYTHING) { - $this->{$varname} = $array[$key]; + if (($varType == STORY_AL_ALPHANUM) || ($varType == STORY_AL_NUMERIC)) { + $this->{$varName} = COM_applyFilter($array[$key], $varType); + } elseif ($varType == STORY_AL_ANYTHING) { + $this->{$varName} = $array[$key]; } elseif (($array[$key] === 'on') || ($array[$key] === 1)) { // If it's a checkbox that is on - $this->{$varname} = 1; + $this->{$varName} = 1; } else { // Otherwise, it must be a checkbox that is off: - $this->{$varname} = 0; + $this->{$varName} = 0; } - } elseif (($vartype == STORY_AL_NUMERIC) || ($vartype == STORY_AL_CHECKBOX)) { + } elseif (($varType == STORY_AL_NUMERIC) || ($varType == STORY_AL_CHECKBOX)) { // If we don't have a value, and have a numeric or text box, default to 0 - $this->{$varname} = 0; + $this->{$varName} = 0; } } // SID's are a special case: $sid = COM_sanitizeID($array['sid']); if (isset($array['old_sid'])) { - $oldsid = COM_sanitizeID($array['old_sid'], false); + $oldSid = COM_sanitizeID($array['old_sid'], false); } else { - $oldsid = ''; + $oldSid = ''; } if (empty($sid)) { - $sid = $oldsid; + $sid = $oldSid; } if (empty($sid)) { @@ -2050,9 +2042,9 @@ function _loadBasics(&$array) } $this->_sid = $sid; - $this->_originalSid = $oldsid; + $this->_originalSid = $oldSid; - /* Need to deal with the postdate and expiry date stuff */ + // Need to deal with the postdate and expiry date stuff $publish_ampm = ''; if (isset($array['publish_ampm'])) { $publish_ampm = COM_applyFilter($array['publish_ampm']); @@ -2070,13 +2062,13 @@ function _loadBasics(&$array) $publish_second = COM_applyFilter($array['publish_second'], true); } - if ($publish_ampm == 'pm') { + if ($publish_ampm === 'pm') { if ($publish_hour < 12) { $publish_hour = $publish_hour + 12; } } - if ($publish_ampm == 'am' AND $publish_hour == 12) { + if ($publish_ampm === 'am' && $publish_hour == 12) { $publish_hour = '00'; } @@ -2095,13 +2087,13 @@ function _loadBasics(&$array) $this->_date = strtotime( "$publish_month/$publish_day/$publish_year $publish_hour:$publish_minute:$publish_second"); - $archiveflag = 0; + $archiveFlag = 0; if (isset($array['archiveflag'])) { - $archiveflag = COM_applyFilter($array['archiveflag'], true); + $archiveFlag = COM_applyFilter($array['archiveflag'], true); } - /* Override status code if no archive flag is set: */ - if ($archiveflag != 1) { + // Override status code if no archive flag is set: + if ($archiveFlag != 1) { $this->_statuscode = 0; } @@ -2114,23 +2106,22 @@ function _loadBasics(&$array) $expire_month = COM_applyFilter($array['expire_month'], true); $expire_day = COM_applyFilter($array['expire_day'], true); - if ($expire_ampm == 'pm') { + if ($expire_ampm === 'pm') { if ($expire_hour < 12) { $expire_hour = $expire_hour + 12; } } - if ($expire_ampm == 'am' AND $expire_hour == 12) { + if ($expire_ampm === 'am' && $expire_hour == 12) { $expire_hour = '00'; } - $expiredate - = strtotime("$expire_month/$expire_day/$expire_year $expire_hour:$expire_minute:$expire_second"); + $expireDate = strtotime("$expire_month/$expire_day/$expire_year $expire_hour:$expire_minute:$expire_second"); } else { - $expiredate = time(); + $expireDate = time(); } - $this->_expire = $expiredate; + $this->_expire = $expireDate; // comment expire time if (isset($array['cmt_close_flag'])) { @@ -2148,19 +2139,17 @@ function _loadBasics(&$array) } } - if ($cmt_close_ampm == 'am' AND $cmt_close_hour == 12) { + if ($cmt_close_ampm === 'am' && $cmt_close_hour == 12) { $cmt_close_hour = '00'; } - $cmt_close_date - = strtotime("$cmt_close_month/$cmt_close_day/$cmt_close_year $cmt_close_hour:$cmt_close_minute:$cmt_close_second"); - + $cmt_close_date = strtotime("$cmt_close_month/$cmt_close_day/$cmt_close_year $cmt_close_hour:$cmt_close_minute:$cmt_close_second"); $this->_comment_expire = $cmt_close_date; } else { $this->_comment_expire = 0; } - /* Then grab the permissions */ + // Then grab the permissions // Convert array values to numeric permission values if (is_array($array['perm_owner']) || @@ -2186,23 +2175,40 @@ function _loadBasics(&$array) } } - function _applyTitleFilter($title) + /** + * Apply filters to the title element + * + * @param string $title + * @return string + */ + private function _applyTitleFilter($title) { - return htmlspecialchars(strip_tags(COM_checkWords($title, 'story')), - ENT_QUOTES, COM_getEncodingt()); + $retval = strip_tags(COM_checkWords($title, 'story')); + $retval = GLText::removeUtf8Icons($retval); + $retval = htmlspecialchars($retval, ENT_QUOTES, COM_getEncodingt()); + + return $retval; } - function _applyTextFilter($text, $postmode) + /** + * Apply filters to the text element + * + * @param string $text + * @param string $postMode + * @return string + */ + private function _applyTextFilter($text, $postMode) { - if ($this->_text_version == GLTEXT_FIRST_VERSION) { + $text = GLText::removeUtf8Icons($text); + if ($this->_text_version == GLTEXT_FIRST_VERSION) { // first version // Remove any autotags the user doesn't have permission to use $text = PLG_replaceTags($text, '', true); $text = COM_checkWords($text, 'story'); - if (in_array($postmode, array('html', 'adveditor', 'wikitext'))) { + if (in_array($postMode, array('html', 'adveditor', 'wikitext'))) { // html or wikitext $text = GLText::checkHTML($text, 'story.edit'); } else { @@ -2220,10 +2226,9 @@ function _applyTextFilter($text, $postmode) } /** - * Perform some basic cleanups of data, dealing with empty required, - * defaultable fields. + * Perform some basic cleanups of data, dealing with empty required, defaultable fields. */ - function _sanitizeData() + public function sanitizeData() { if (empty($this->_hits)) { $this->_hits = 0; @@ -2253,8 +2258,4 @@ function _sanitizeData() $this->_show_topic_icon = 0; } } - - // End Private Methods. - - /**************************************************************************/ } diff --git a/system/lib-comment.php b/system/lib-comment.php index cd157be96..9388204f0 100644 --- a/system/lib-comment.php +++ b/system/lib-comment.php @@ -2,7 +2,7 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 2.0 | +// | Geeklog 2.1 | // +---------------------------------------------------------------------------+ // | lib-comment.php | // | | @@ -34,135 +34,132 @@ // | | // +---------------------------------------------------------------------------+ -if (strpos(strtolower($_SERVER['PHP_SELF']), 'lib-comment.php') !== false) { +global $_CONF; + +if (stripos($_SERVER['PHP_SELF'], basename(__FILE__)) !== false) { die('This file can not be used on its own!'); } if ($_CONF['allow_user_photo']) { - /** - * only needed for the USER_getPhoto function - */ + // only needed for the USER_getPhoto function require_once $_CONF['path_system'] . 'lib-user.php'; } -define('COMMENT_ON_SAME_PAGE', - ($_CONF['comment_on_same_page'] && !CMT_isCommentPage())); +define('COMMENT_ON_SAME_PAGE', ($_CONF['comment_on_same_page'] && !CMT_isCommentPage())); $prefix = COMMENT_ON_SAME_PAGE ? 'cmt_' : ''; -define('CMT_CID', $prefix . 'cid'); -define('CMT_SID', $prefix . 'sid'); -define('CMT_PID', $prefix . 'pid'); -define('CMT_UID', $prefix . 'uid'); -define('CMT_TYPE', $prefix . 'type'); +define('CMT_CID', $prefix . 'cid'); +define('CMT_SID', $prefix . 'sid'); +define('CMT_PID', $prefix . 'pid'); +define('CMT_UID', $prefix . 'uid'); +define('CMT_TYPE', $prefix . 'type'); define('CMT_USERNAME', $prefix . 'username'); -define('CMT_MODE', $prefix . 'mode'); +define('CMT_MODE', $prefix . 'mode'); /** -* This function displays the comment control bar -* -* Prints the control that allows the user to interact with Geeklog Comments -* -* @param string $sid ID of item in question -* @param string $title Title of item -* @param string $type Type of item (i.e. article, photo, etc) -* @param string $order Order that comments are displayed in -* @param string $mode Mode (nested, flat, etc.) -* @param int $ccode Comment code: -1=no comments, 0=allowed, 1=closed -* @return string HTML Formated comment bar -* @see CMT_userComments -* -*/ -function CMT_commentBar( $sid, $title, $type, $order, $mode, $ccode = 0 ) + * This function displays the comment control bar + * Prints the control that allows the user to interact with Geeklog Comments + * + * @param string $sid ID of item in question + * @param string $title Title of item + * @param string $type Type of item (i.e. article, photo, etc) + * @param string $order Order that comments are displayed in + * @param string $mode Mode (nested, flat, etc.) + * @param int $ccode Comment code: -1=no comments, 0=allowed, 1=closed + * @return string HTML Formated comment bar + * @see CMT_userComments + */ +function CMT_commentBar($sid, $title, $type, $order, $mode, $ccode = 0) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG03; $is_comment_page = CMT_isCommentPage(); - $nrows = DB_count( $_TABLES['comments'], array( 'sid', 'type' ), - array( $sid, $type )); + $nrows = DB_count($_TABLES['comments'], array('sid', 'type'), + array($sid, $type)); - $commentbar = COM_newTemplate($_CONF['path_layout'] . 'comment'); - $commentbar->set_file( array( 'commentbar' => 'commentbar.thtml' )); - $commentbar->set_block('commentbar', 'commenteditform_jumplink'); + $commentBar = COM_newTemplate($_CONF['path_layout'] . 'comment'); + $commentBar->set_file(array('commentbar' => 'commentbar.thtml')); + $commentBar->set_block('commentbar', 'commenteditform_jumplink'); - $commentbar->set_var( 'lang_comments', $LANG01[3] ); - $commentbar->set_var( 'lang_refresh', $LANG01[39] ); - $commentbar->set_var( 'lang_reply', $LANG01[60] ); - $commentbar->set_var( 'lang_disclaimer', $LANG01[26] ); + $commentBar->set_var('lang_comments', $LANG01[3]); + $commentBar->set_var('lang_refresh', $LANG01[39]); + $commentBar->set_var('lang_reply', $LANG01[60]); + $commentBar->set_var('lang_disclaimer', $LANG01[26]); - if ( $ccode == 0 && !COMMENT_ON_SAME_PAGE) { - $commentbar->set_var( 'reply_hidden_or_submit', 'submit' ); + if ($ccode == 0 && !COMMENT_ON_SAME_PAGE) { + $commentBar->set_var('reply_hidden_or_submit', 'submit'); // $commentbar->set_var( 'show_link_to_commenteditform', 'display:none;' ); - $commentbar->set_var( 'jump_link_for_commenteditform', '' ); + $commentBar->set_var('jump_link_for_commenteditform', ''); } else { - $commentbar->set_var( 'reply_hidden_or_submit', 'hidden' ); - $commentbar->parse( 'jump_link_for_commenteditform', 'commenteditform_jumplink' ); + $commentBar->set_var('reply_hidden_or_submit', 'hidden'); + $commentBar->parse('jump_link_for_commenteditform', 'commenteditform_jumplink'); } - $commentbar->set_var( 'num_comments', COM_numberFormat( $nrows )); - $commentbar->set_var( 'comment_type', $type ); - $commentbar->set_var( 'sid', $sid ); + $commentBar->set_var('num_comments', COM_numberFormat($nrows)); + $commentBar->set_var('comment_type', $type); + $commentBar->set_var('sid', $sid); $cmt_title = stripslashes($title); - $commentbar->set_var('story_title', $cmt_title); + $commentBar->set_var('story_title', $cmt_title); // Article's are pre-escaped. if ($type != 'article') { $cmt_title = htmlspecialchars($cmt_title); } - $commentbar->set_var('comment_title', $cmt_title); + $commentBar->set_var('comment_title', $cmt_title); // Link to plugin defined link or lacking that a generic link // that the plugin should support (hopefully) list($plgurl, $plgid) = CMT_getCommentUrlId($type); $articleUrl = "$plgurl?$plgid=$sid"; - $commentbar->set_var('article_url', $articleUrl); + $commentBar->set_var('article_url', $articleUrl); if ($is_comment_page) { $link = COM_createLink($cmt_title, $articleUrl, - array('class' => 'non-ul b')); - $commentbar->set_var('story_link', $link); - $commentbar->set_var('start_storylink_anchortag', - ''); - $commentbar->set_var('end_storylink_anchortag', ''); + array('class' => 'non-ul b')); + $commentBar->set_var('story_link', $link); + $commentBar->set_var('start_storylink_anchortag', + ''); + $commentBar->set_var('end_storylink_anchortag', ''); } else { - $commentbar->set_var('story_link', $articleUrl); + $commentBar->set_var('story_link', $articleUrl); } - if (! COM_isAnonUser()) { + if (!COM_isAnonUser()) { $username = $_USER['username']; $fullname = $_USER['fullname']; } else { - $result = DB_query( "SELECT username,fullname FROM {$_TABLES['users']} WHERE uid = 1" ); - $N = DB_fetchArray( $result ); + $result = DB_query("SELECT username,fullname FROM {$_TABLES['users']} WHERE uid = 1"); + $N = DB_fetchArray($result); $username = $N['username']; $fullname = $N['fullname']; } - if( empty( $fullname )) { + if (empty($fullname)) { $fullname = $username; } - $commentbar->set_var( 'user_name', $username ); - $commentbar->set_var( 'user_fullname', $fullname ); + $commentBar->set_var('user_name', $username); + $commentBar->set_var('user_fullname', $fullname); - if (! COM_isAnonUser()) { - $author = COM_getDisplayName( $_USER['uid'], $username, $fullname ); - $commentbar->set_var( 'user_nullname', $author ); - $commentbar->set_var( 'author', $author ); - $commentbar->set_var( 'login_logout_url', - $_CONF['site_url'] . '/users.php?mode=logout' ); - $commentbar->set_var( 'lang_login_logout', $LANG01[35] ); + if (!COM_isAnonUser()) { + $author = COM_getDisplayName($_USER['uid'], $username, $fullname); + $commentBar->set_var('user_nullname', $author); + $commentBar->set_var('author', $author); + $commentBar->set_var('login_logout_url', + $_CONF['site_url'] . '/users.php?mode=logout'); + $commentBar->set_var('lang_login_logout', $LANG01[35]); } else { - $commentbar->set_var( 'user_nullname', '' ); - $commentbar->set_var( 'login_logout_url', - $_CONF['site_url'] . '/users.php?mode=new' ); - $commentbar->set_var( 'lang_login_logout', $LANG01[61] ); + $commentBar->set_var('user_nullname', ''); + $commentBar->set_var('login_logout_url', + $_CONF['site_url'] . '/users.php?mode=new'); + $commentBar->set_var('lang_login_logout', $LANG01[61]); } $comment_url = $_CONF['site_url'] . '/comment.php'; if ($is_comment_page) { - $commentbar->set_var( 'parent_url', $comment_url . '#comments' ); - $commentbar->set_var( 'editor_url', $comment_url . '#commenteditform' ); + $commentBar->set_var('parent_url', $comment_url . '#comments'); + $commentBar->set_var('editor_url', $comment_url . '#commenteditform'); $hidden = ''; - $commentmode = ''; + $commentMode = ''; if (isset($_REQUEST[CMT_MODE])) { - $commentmode = COM_applyFilter($_REQUEST[CMT_MODE]); + $commentMode = COM_applyFilter($_REQUEST[CMT_MODE]); } $cid = 0; if (isset($_REQUEST[CMT_CID])) { @@ -172,36 +169,35 @@ function CMT_commentBar( $sid, $title, $type, $order, $mode, $ccode = 0 ) if (isset($_REQUEST[CMT_PID])) { $pid = COM_applyFilter($_REQUEST[CMT_PID], true); } - if (in_array($commentmode, array('view', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) { + if (in_array($commentMode, array('view', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) { $hidden .= ''; $hidden .= ''; - } - else if ( $commentmode == 'display' || empty($commentmode) ) { + } else if ($commentMode == 'display' || empty($commentMode)) { $hidden .= ''; } - $hidden .= ''; - $commentbar->set_var( 'hidden_field', $hidden ); - $commentbar->set_var( 'hidden_field_reply', '' ); - $commentbar->set_var( 'nprefix', '' ); + $hidden .= ''; + $commentBar->set_var('hidden_field', $hidden); + $commentBar->set_var('hidden_field_reply', ''); + $commentBar->set_var('nprefix', ''); } else { // article and plugin - $commentbar->set_var( 'parent_url', $articleUrl . '#comments' ); + $commentBar->set_var('parent_url', $articleUrl . '#comments'); if (COMMENT_ON_SAME_PAGE) { - $commentbar->set_var( 'editor_url', $articleUrl . '#commenteditform' ); - $commentbar->set_var( 'nprefix', 'cmd_' ); + $commentBar->set_var('editor_url', $articleUrl . '#commenteditform'); + $commentBar->set_var('nprefix', 'cmd_'); } else { - $commentbar->set_var( 'editor_url', $comment_url . '#commenteditform' ); - $commentbar->set_var( 'nprefix', '' ); + $commentBar->set_var('editor_url', $comment_url . '#commenteditform'); + $commentBar->set_var('nprefix', ''); } $hidden = ''; - $commentbar->set_var( 'hidden_field', $hidden ); - $commentbar->set_var( 'hidden_field_reply', $hidden ); + $commentBar->set_var('hidden_field', $hidden); + $commentBar->set_var('hidden_field_reply', $hidden); } // Order $selector = '' . LB - . COM_optionList( $_TABLES['sortcodes'], 'code,name', $order ) - . LB . ''; - $commentbar->set_var( 'order_selector', $selector); + . COM_optionList($_TABLES['sortcodes'], 'code,name', $order) + . LB . ''; + $commentBar->set_var('order_selector', $selector); // Mode if ($is_comment_page) { @@ -210,32 +206,31 @@ function CMT_commentBar( $sid, $title, $type, $order, $mode, $ccode = 0 ) $selector = ''; } $selector .= LB - . COM_optionList( $_TABLES['commentmodes'], 'mode,name', $mode ) - . LB . ''; - $commentbar->set_var( 'mode_selector', $selector); + . COM_optionList($_TABLES['commentmodes'], 'mode,name', $mode) + . LB . ''; + $commentBar->set_var('mode_selector', $selector); - return $commentbar->finish( $commentbar->parse( 'output', 'commentbar' )); + return $commentBar->finish($commentBar->parse('output', 'commentbar')); } /** -* This function prints &$comments (db results set of comments) in comment format -* -For previews, &$comments is assumed to be an associative array containing -* data for a single comment. -* -* @param array &$comments Database result set of comments to be printed -* @param string $mode 'flat', 'threaded', etc -* @param string $type Type of item (article, polls, etc.) -* @param string $order How to order the comments 'ASC' or 'DESC' -* @param boolean $delete_option if current user can delete comments -* @param boolean $preview Preview display (for edit) or not -* @param int $ccode Comment code: -1=no comments, 0=allowed, 1=closed -* @param int $cpage page number of comments to display -* @return string HTML Formated Comment -* -*/ -function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = false, $preview = false, $ccode = 0, - $cpage = 1 ) + * This function prints &$comments (db results set of comments) in comment format + * -For previews, &$comments is assumed to be an associative array containing + * data for a single comment. + * + * @param array &$comments Database result set of comments to be printed + * @param string $mode 'flat', 'threaded', etc + * @param string $type Type of item (article, polls, etc.) + * @param string $order How to order the comments 'ASC' or 'DESC' + * @param boolean $delete_option if current user can delete comments + * @param boolean $preview Preview display (for edit) or not + * @param int $commentCode Comment code: -1=no comments, 0=allowed, 1=closed + * @param int $commentPage page number of comments to display + * @return string HTML Formatted Comment + */ +function CMT_getComment(&$comments, $mode, $type, $order, $delete_option = false, $preview = false, $commentCode = 0, + $commentPage = 1) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG03, $MESSAGE, $_IMAGE_TYPE; @@ -243,21 +238,23 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals $retval = ''; // initialize return value $template = COM_newTemplate($_CONF['path_layout'] . 'comment'); - $template->set_file( array( 'comment' => 'comment.thtml', - 'thread' => 'thread.thtml' )); + $template->set_file(array( + 'comment' => 'comment.thtml', + 'thread' => 'thread.thtml', + )); // generic template variables - $template->set_var( 'lang_authoredby', $LANG01[42] ); - $template->set_var( 'lang_on', $LANG01[36] ); - $template->set_var( 'lang_permlink', $LANG01[120] ); - $template->set_var( 'order', $order ); - - if( $ccode == 0 ) { - $template->set_var( 'lang_replytothis', $LANG01[43] ); - $template->set_var( 'lang_reply', $LANG01[25] ); + $template->set_var('lang_authoredby', $LANG01[42]); + $template->set_var('lang_on', $LANG01[36]); + $template->set_var('lang_permlink', $LANG01[120]); + $template->set_var('order', $order); + + if ($commentCode == 0) { + $template->set_var('lang_replytothis', $LANG01[43]); + $template->set_var('lang_reply', $LANG01[25]); } else { - $template->set_var( 'lang_replytothis', '' ); - $template->set_var( 'lang_reply', '' ); + $template->set_var('lang_replytothis', ''); + $template->set_var('lang_reply', ''); } // Make sure we have a default value for comment indentation @@ -267,7 +264,7 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals if ($preview) { $A = $comments; - if (empty( $A['nice_date'])) { + if (empty($A['nice_date'])) { $A['nice_date'] = time(); } if (!isset($A['cid'])) { @@ -280,7 +277,7 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals $A['photo'] = ''; } } - if (! isset($A['email'])) { + if (!isset($A['email'])) { if (isset($_USER['email'])) { $A['email'] = $_USER['email']; } else { @@ -289,47 +286,46 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals } $mode = 'flat'; } else { - $A = DB_fetchArray( $comments ); + $A = DB_fetchArray($comments); } if (empty($A)) { return ''; } - $commentmode = ''; + $commentMode = ''; if (isset($_REQUEST[CMT_MODE])) { - $commentmode = COM_applyFilter($_REQUEST[CMT_MODE]); + $commentMode = COM_applyFilter($_REQUEST[CMT_MODE]); } - $submit = (($commentmode == $LANG03[29]) || ($commentmode == $LANG03[35])); + $submit = (($commentMode == $LANG03[29]) || ($commentMode == $LANG03[35])); $token = ''; if ($delete_option && !$preview && !$submit) { $token = SEC_createToken(); } // check for comment edit - $row = 1; + do { // check for comment edit - $commentedit = DB_query("SELECT cid,uid,UNIX_TIMESTAMP(time) AS time FROM {$_TABLES['commentedits']} WHERE cid = {$A['cid']}"); - $B = DB_fetchArray($commentedit); + $commentEdit = DB_query("SELECT cid,uid,UNIX_TIMESTAMP(time) AS time FROM {$_TABLES['commentedits']} WHERE cid = {$A['cid']}"); + $B = DB_fetchArray($commentEdit); if ($B) { //comment edit present // get correct editor name if ($A['uid'] == $B['uid']) { - $editname = $A['username']; + $editName = $A['username']; } else { - $editname = DB_getItem($_TABLES['users'], 'username', - "uid={$B['uid']}"); + $editName = DB_getItem($_TABLES['users'], 'username', "uid={$B['uid']}"); } // add edit info to text $A['comment'] .= '' . $LANG03[30] . ' ' - . strftime($_CONF['date'], $B['time']) . ' ' - . $LANG03[31] . ' ' . $editname - . ''; + . strftime($_CONF['date'], $B['time']) . ' ' + . $LANG03[31] . ' ' . $editName + . ''; } // determines indentation for current comment - if ($mode == 'threaded' || $mode == 'nested') { + if ($mode === 'threaded' || $mode === 'nested') { $indent = ($A['indent'] - $A['pindent']) * $_CONF['comment_indent']; // set the maximum indentation level to 16 if ($indent > 400) { @@ -340,7 +336,7 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals // Filemgmt plugin is doing special processing. // Therefore, I support specially, against my better judgment. // May should delete this code part. - if ($type == 'filemgmt') { + if ($type === 'filemgmt') { $A['sid'] = str_replace('fileid_', '', $A['sid']); } @@ -353,14 +349,14 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals if ($A['uid'] > 1) { $fullname = ''; - if (! empty($A['fullname'])) { + if (!empty($A['fullname'])) { $fullname = $A['fullname']; } $fullname = COM_getDisplayName($A['uid'], $A['username'], - $fullname); + $fullname); $template->set_var('author_fullname', $fullname); $template->set_var('author', $fullname); - $alttext = $fullname; + $altText = $fullname; $photo = ''; if ($_CONF['allow_user_photo']) { @@ -369,86 +365,84 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals } $photo = USER_getPhoto($A['uid'], $A['photo'], $A['email']); } - $profile_link = $_CONF['site_url'] - . '/users.php?mode=profile&uid=' . $A['uid']; - if (! empty($photo)) { + $profile_link = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid']; + if (!empty($photo)) { $template->set_var('author_photo', $photo); $camera_icon = ''; $template->set_var('camera_icon', - COM_createLink($camera_icon, $profile_link)); + COM_createLink($camera_icon, $profile_link)); } else { $template->set_var('author_photo', ''); $template->set_var('camera_icon', ''); } - $template->set_var('start_author_anchortag', - '' ); + $template->set_var('start_author_anchortag', ''); $template->set_var('end_author_anchortag', ''); - $template->set_var('author_link', - COM_createLink($fullname, $profile_link)); - + $template->set_var('author_link', COM_createLink($fullname, $profile_link)); } else { // comment is from anonymous user if (isset($A['name'])) { $A['username'] = strip_tags($A['name']); } - $template->set_var( 'author', $A['username'] ); - $template->set_var( 'author_fullname', $A['username'] ); - $template->set_var( 'author_link', $A['username'] ); - $template->set_var( 'author_photo', '' ); - $template->set_var( 'camera_icon', '' ); - $template->set_var( 'start_author_anchortag', '' ); - $template->set_var( 'end_author_anchortag', '' ); + $template->set_var('author', $A['username']); + $template->set_var('author_fullname', $A['username']); + $template->set_var('author_link', $A['username']); + $template->set_var('author_photo', ''); + $template->set_var('camera_icon', ''); + $template->set_var('start_author_anchortag', ''); + $template->set_var('end_author_anchortag', ''); } // hide reply link from anonymous users if they can't post replies - $hidefromanon = false; + $hideFromAnon = false; if (COM_isAnonUser() && (($_CONF['loginrequired'] == 1) || - ($_CONF['commentsloginrequired'] == 1))) { - $hidefromanon = true; + ($_CONF['commentsloginrequired'] == 1)) + ) { + $hideFromAnon = true; } // this will hide HTML that should not be viewed in preview mode - if( $preview || $hidefromanon ) { - $template->set_var( 'hide_if_preview', 'style="display:none"' ); + if ($preview || $hideFromAnon) { + $template->set_var('hide_if_preview', 'style="display:none"'); } else { - $template->set_var( 'hide_if_preview', '' ); + $template->set_var('hide_if_preview', ''); } // for threaded mode, add a link to comment parent - if( $mode == 'threaded' && $A['pid'] != 0 && $indent == 0 ) { + if ($mode === 'threaded' && $A['pid'] != 0 && $indent == 0) { $pid = DB_getItem($_TABLES['comments'], 'pid', - "cid = '{$A['pid']}'"); + "cid = '{$A['pid']}'"); if ($pid != 0) { - $plink = $_CONF['site_url'] . '/comment.php?mode=display' - . '&sid=' . $A['sid'] . '&type=' . $type - . '&order=' . $order . '&pid=' . $pid - . '&format=threaded'; + $pLink = $_CONF['site_url'] . '/comment.php?mode=display' + . '&sid=' . $A['sid'] . '&type=' . $type + . '&order=' . $order . '&pid=' . $pid + . '&format=threaded'; } else { - $plink = $_CONF['site_url'] . '/comment.php?mode=view' - . '&sid=' . $A['sid'] . '&type=' . $type - . '&order=' . $order . '&cid=' . $A['pid'] - . '&format=threaded'; + $pLink = $_CONF['site_url'] . '/comment.php?mode=view' + . '&sid=' . $A['sid'] . '&type=' . $type + . '&order=' . $order . '&cid=' . $A['pid'] + . '&format=threaded'; } - $parent_link = COM_createLink($LANG01[44], $plink) . ' | '; + $parent_link = COM_createLink($LANG01[44], $pLink) . ' | '; $template->set_var('parent_link', $parent_link); } else { $template->set_var('parent_link', ''); } - $template->set_var( 'date', strftime( $_CONF['date'], $A['nice_date'] )); - $template->set_var( 'sid', $A['sid'] ); - $template->set_var( 'type', $A['type'] ); + $template->set_var('date', strftime($_CONF['date'], $A['nice_date'])); + $template->set_var('sid', $A['sid']); + $template->set_var('type', $A['type']); // COMMENT edit rights $edit_option = false; if (isset($A['uid']) && isset($_USER['uid']) - && ($_USER['uid'] == $A['uid']) && ($_CONF['comment_edit'] == 1) - && ((time() - $A['nice_date']) < $_CONF['comment_edittime']) - && (DB_getItem($_TABLES['comments'], 'COUNT(*)', - "pid = {$A['cid']}") == 0)) { + && ($_USER['uid'] == $A['uid']) && ($_CONF['comment_edit'] == 1) + && ((time() - $A['nice_date']) < $_CONF['comment_edittime']) + && (DB_getItem($_TABLES['comments'], 'COUNT(*)', + "pid = {$A['cid']}") == 0) + ) { $edit_option = true; if (empty($token) && !$preview && !$submit) { $token = SEC_createToken(); @@ -458,109 +452,108 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals } if (COMMENT_ON_SAME_PAGE) { - list($plgurl, $plgid) = CMT_getCommentUrlId($type); + list($pluginUrl, $pluginId) = CMT_getCommentUrlId($type); } // edit link $edit = ''; if ($edit_option) { if (COMMENT_ON_SAME_PAGE) { - $editlink = $plgurl . '?' . CMT_MODE . '=edit&' . CMT_CID . '=' - . $A['cid'] . "&$plgid=" . $A['sid'] . '&' . CMT_TYPE . '=' . $type + $editLink = $pluginUrl . '?' . CMT_MODE . '=edit&' . CMT_CID . '=' + . $A['cid'] . "&$pluginId=" . $A['sid'] . '&' . CMT_TYPE . '=' . $type . '&mode=' . $mode . '&order=' . $order - . '&cpage=' . $cpage + . '&cpage=' . $commentPage . '#commenteditform'; } else { - $editlink = $_CONF['site_url'] . '/comment.php?mode=edit&cid=' + $editLink = $_CONF['site_url'] . '/comment.php?mode=edit&cid=' . $A['cid'] . '&sid=' . $A['sid'] . '&type=' . $type; } - $edit = COM_createLink($LANG01[4], $editlink) . ' | '; + $edit = COM_createLink($LANG01[4], $editLink) . ' | '; } // unsubscribe link $unsubscribe = ''; if (($_CONF['allow_reply_notifications'] == 1) && !COM_isAnonUser() - && isset($A['uid']) && isset($_USER['uid']) - && ($_USER['uid'] == $A['uid'])) { + && isset($A['uid']) && isset($_USER['uid']) + && ($_USER['uid'] == $A['uid']) + ) { $hash = DB_getItem($_TABLES['commentnotifications'], 'deletehash', - "cid = {$A['cid']} AND uid = {$_USER['uid']}"); - if (! empty($hash)) { + "cid = {$A['cid']} AND uid = {$_USER['uid']}"); + if (!empty($hash)) { if (COMMENT_ON_SAME_PAGE) { - $unsublink = $plgurl . '?' . CMT_MODE . "=unsubscribe&$plgid=" - . $A['sid'] . '&key=' . $hash; + $unsubLink = $pluginUrl . '?' . CMT_MODE . "=unsubscribe&$pluginId=" + . $A['sid'] . '&key=' . $hash; } else { - $unsublink = $_CONF['site_url'] - . '/comment.php?mode=unsubscribe&key=' . $hash; + $unsubLink = $_CONF['site_url'] + . '/comment.php?mode=unsubscribe&key=' . $hash; } - $unsubattr = array('title' => $LANG03[43]); - $unsubscribe = COM_createLink($LANG03[42], $unsublink, - $unsubattr) . ' | '; + $unsubAttr = array('title' => $LANG03[43]); + $unsubscribe = COM_createLink($LANG03[42], $unsubLink, $unsubAttr) . ' | '; } } // if deletion is allowed, displays delete link if ($delete_option) { - $deloption = ''; + $delOption = ''; // always place edit option first, if available - if (! empty($edit)) { - $deloption .= $edit; + if (!empty($edit)) { + $delOption .= $edit; } // actual delete option if (COMMENT_ON_SAME_PAGE) { - $dellink = $plgurl .'?' . CMT_MODE . '=delete&' . CMT_CID . '=' - . $A['cid'] . "&$plgid=" . $A['sid'] . '&' . CMT_TYPE . '=' . $type + $delLink = $pluginUrl . '?' . CMT_MODE . '=delete&' . CMT_CID . '=' + . $A['cid'] . "&$pluginId=" . $A['sid'] . '&' . CMT_TYPE . '=' . $type . '&' . CSRF_TOKEN . '=' . $token; } else { - $dellink = $_CONF['site_url'] . '/comment.php?mode=delete&cid=' + $delLink = $_CONF['site_url'] . '/comment.php?mode=delete&cid=' . $A['cid'] . '&sid=' . $A['sid'] . '&type=' . $type . '&' . CSRF_TOKEN . '=' . $token; } - $delattr = array('onclick' => "return confirm('{$MESSAGE[76]}');"); - $deloption .= COM_createLink($LANG01[28], $dellink, $delattr) . ' | '; + $delAttr = array('onclick' => "return confirm('{$MESSAGE[76]}');"); + $delOption .= COM_createLink($LANG01[28], $delLink, $delAttr) . ' | '; if (!empty($A['ipaddress'])) { if (empty($_CONF['ip_lookup'])) { - $deloption .= $A['ipaddress'] . ' | '; + $delOption .= $A['ipaddress'] . ' | '; } else { - $iplookup = str_replace('*', $A['ipaddress'], - $_CONF['ip_lookup']); - $deloption .= COM_createLink($A['ipaddress'], $iplookup) . ' | '; + $ipLookUp = str_replace('*', $A['ipaddress'], $_CONF['ip_lookup']); + $delOption .= COM_createLink($A['ipaddress'], $ipLookUp) . ' | '; } } - if (! empty($unsubscribe)) { - $deloption .= $unsubscribe; + if (!empty($unsubscribe)) { + $delOption .= $unsubscribe; } - $template->set_var('delete_option', $deloption); + $template->set_var('delete_option', $delOption); } elseif ($edit_option) { $template->set_var('delete_option', $edit . $unsubscribe); - } elseif (! COM_isAnonUser()) { - $reportthis = ''; + } elseif (!COM_isAnonUser()) { + $reportThis = ''; if ($A['uid'] != $_USER['uid']) { if (COMMENT_ON_SAME_PAGE) { - $reportthis_link = $plgurl .'?' . CMT_MODE . '=report&' . CMT_CID . '=' . $A['cid'] + $reportThisLink = $pluginUrl . '?' . CMT_MODE . '=report&' . CMT_CID . '=' . $A['cid'] . '&' . CMT_TYPE . '=' . $type; } else { - $reportthis_link = $_CONF['site_url'] + $reportThisLink = $_CONF['site_url'] . '/comment.php?mode=report&cid=' . $A['cid'] . '&type=' . $type; } $report_attr = array('title' => $LANG01[110]); - $reportthis = COM_createLink($LANG01[109], $reportthis_link, - $report_attr) . ' | '; + $reportThis = COM_createLink($LANG01[109], $reportThisLink, + $report_attr) . ' | '; } - $template->set_var('delete_option', $reportthis . $unsubscribe); + $template->set_var('delete_option', $reportThis . $unsubscribe); } else { $template->set_var('delete_option', ''); } //and finally: format the actual text of the comment, but check only the text, not sig or edit $text = str_replace('', '', - $A['comment']); + $A['comment']); $text = str_replace('', '', $text); $text = str_replace('', '', $text); $text = str_replace('', '', $text); @@ -569,35 +562,34 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals } // highlight search terms if specified - if( !empty( $_REQUEST['query'] )) { - $A['comment'] = COM_highlightQuery( $A['comment'], - $_REQUEST['query'] ); + if (!empty($_REQUEST['query'])) { + $A['comment'] = COM_highlightQuery($A['comment'], + $_REQUEST['query']); } - $A['comment'] = str_replace( '$', '$', $A['comment'] ); - $A['comment'] = str_replace( '{', '{', $A['comment'] ); - $A['comment'] = str_replace( '}', '}', $A['comment'] ); + $A['comment'] = str_replace('$', '$', $A['comment']); + $A['comment'] = str_replace('{', '{', $A['comment']); + $A['comment'] = str_replace('}', '}', $A['comment']); // Replace any plugin autolink tags - $A['comment'] = PLG_replaceTags( $A['comment'] ); + $A['comment'] = PLG_replaceTags($A['comment']); // create a reply to link $reply_link = ''; - if ($ccode == 0) { + if ($commentCode == 0) { if (COMMENT_ON_SAME_PAGE) { - $reply_link = $plgurl ."?$plgid=" . $A['sid'] - . '&' . CMT_PID . '=' . $A['cid'] - . '&' . CMT_TYPE . '=' . $A['type'] - . '&mode=' . $mode - . '&order=' . $order - . '&cpage=' . $cpage - . '#commenteditform'; + $reply_link = $pluginUrl . "?$pluginId=" . $A['sid'] + . '&' . CMT_PID . '=' . $A['cid'] + . '&' . CMT_TYPE . '=' . $A['type'] + . '&mode=' . $mode + . '&order=' . $order + . '&cpage=' . $commentPage + . '#commenteditform'; } else { $reply_link = $_CONF['site_url'] . '/comment.php?sid=' . $A['sid'] - . '&pid=' . $A['cid'] . '&type=' . $A['type']; + . '&pid=' . $A['cid'] . '&type=' . $A['type']; } - $reply_option = COM_createLink($LANG01[43], $reply_link, - array('rel' => 'nofollow')) . ' | '; + $reply_option = COM_createLink($LANG01[43], $reply_link, array('rel' => 'nofollow')) . ' | '; $template->set_var('reply_option', $reply_option); } else { $template->set_var('reply_option', ''); @@ -605,118 +597,115 @@ function CMT_getComment( &$comments, $mode, $type, $order, $delete_option = fals $template->set_var('reply_link', $reply_link); // format title for display, must happen after reply_link is created - $A['title'] = htmlspecialchars( $A['title'] ); - $A['title'] = str_replace( '$', '$', $A['title'] ); + $A['title'] = htmlspecialchars($A['title']); + $A['title'] = str_replace('$', '$', $A['title']); - $template->set_var( 'title', $A['title'] ); - $template->set_var( 'comments', $A['comment'] ); + $template->set_var('title', $A['title']); + $template->set_var('comments', $A['comment']); // parse the templates - if( ($mode == 'threaded') && $indent > 0 ) { - $template->set_var( 'pid', $A['pid'] ); - $retval .= $template->parse( 'output', 'thread' ); + if (($mode === 'threaded') && $indent > 0) { + $template->set_var('pid', $A['pid']); + $retval .= $template->parse('output', 'thread'); } else { - $template->set_var( 'pid', $A['cid'] ); - $retval .= $template->parse( 'output', 'comment' ); + $template->set_var('pid', $A['cid']); + $retval .= $template->parse('output', 'comment'); } $row++; - } while( !$preview && ($A = DB_fetchArray( $comments ))); - + } while (!$preview && ($A = DB_fetchArray($comments))); return $retval; } /** -* This function displays the comments in a high level format. -* -* Begins displaying user comments for an item -* -* @param string $sid ID for item to show comments for -* @param string $title Title of item -* @param string $type Type of item (article, polls, etc.) -* @param string $order How to order the comments 'ASC' or 'DESC' -* @param string $mode comment mode (nested, flat, etc.) -* @param int $pid id of parent comment -* @param int $page page number of comments to display -* @param boolean $cid true if $pid should be interpreted as a cid instead -* @param boolean $delete_option if current user can delete comments -* @param int $ccode Comment code: -1=no comments, 0=allowed, 1=closed -* @return string HTML Formated Comments -* @see CMT_commentBar -* -*/ -function CMT_userComments( $sid, $title, $type='article', $order='', $mode='', $pid = 0, $page = 1, $cid = false, $delete_option = false, $ccode = 0 ) + * This function displays the comments in a high level format. + * Begins displaying user comments for an item + * + * @param string $sid ID for item to show comments for + * @param string $title Title of item + * @param string $type Type of item (article, polls, etc.) + * @param string $order How to order the comments 'ASC' or 'DESC' + * @param string $mode comment mode (nested, flat, etc.) + * @param int $pid id of parent comment + * @param int $page page number of comments to display + * @param boolean $cid true if $pid should be interpreted as a cid instead + * @param boolean $delete_option if current user can delete comments + * @param int $commentCode Comment code: -1=no comments, 0=allowed, 1=closed + * @return string HTML Formatted Comments + * @see CMT_commentBar + */ +function CMT_userComments($sid, $title, $type = 'article', $order = '', $mode = '', $pid = 0, $page = 1, $cid = false, $delete_option = false, $commentCode = 0) { global $_CONF, $_TABLES, $_USER, $LANG01; $retval = ''; - if (! COM_isAnonUser()) { - $result = DB_query( "SELECT commentorder,commentmode,commentlimit FROM {$_TABLES['usercomment']} WHERE uid = '{$_USER['uid']}'" ); - $U = DB_fetchArray( $result ); - if( empty( $order ) ) { + if (!COM_isAnonUser()) { + $result = DB_query("SELECT commentorder,commentmode,commentlimit FROM {$_TABLES['usercomment']} WHERE uid = '{$_USER['uid']}'"); + $U = DB_fetchArray($result); + if (empty($order)) { $order = $U['commentorder']; } - if( empty( $mode ) ) { + if (empty($mode)) { $mode = $U['commentmode']; } $limit = $U['commentlimit']; } - if( $order != 'ASC' && $order != 'DESC' ) { + if ($order != 'ASC' && $order != 'DESC') { $order = $_CONF['comment_order']; } - if( empty( $mode )) { + if (empty($mode)) { $mode = $_CONF['comment_mode']; } - if( empty( $limit )) { + if (empty($limit)) { $limit = $_CONF['comment_limit']; } - if( !is_numeric($page) || $page < 1 ) { + if (!is_numeric($page) || $page < 1) { $page = 1; } - $start = $limit * ( $page - 1 ); + $start = $limit * ($page - 1); $template = COM_newTemplate($_CONF['path_layout'] . 'comment'); - $template->set_file( array( 'commentarea' => 'startcomment.thtml' )); - $template->set_var( 'commentbar', - CMT_commentBar( $sid, $title, $type, $order, $mode, $ccode )); - $template->set_var( 'sid', $sid ); - $template->set_var( 'comment_type', $type ); - $template->set_var( 'area_id', 'commentarea' ); - - if( $mode == 'nested' || $mode == 'threaded' || $mode == 'flat' ) { + $template->set_file(array('commentarea' => 'startcomment.thtml')); + $template->set_var('commentbar', + CMT_commentBar($sid, $title, $type, $order, $mode, $commentCode)); + $template->set_var('sid', $sid); + $template->set_var('comment_type', $type); + $template->set_var('area_id', 'commentarea'); + + if ($mode === 'nested' || $mode === 'threaded' || $mode === 'flat') { // build query - switch( $mode ) { + switch ($mode) { case 'flat': - if( $cid ) { + if ($cid) { $count = 1; $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, " - . "UNIX_TIMESTAMP(c.date) AS nice_date " - . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " - . "WHERE c.uid = u.uid AND c.cid = $pid AND type='{$type}'"; + . "UNIX_TIMESTAMP(c.date) AS nice_date " + . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " + . "WHERE c.uid = u.uid AND c.cid = $pid AND type='{$type}'"; } else { - $count = DB_count( $_TABLES['comments'], - array( 'sid', 'type' ), array( $sid, $type )); + $count = DB_count($_TABLES['comments'], + array('sid', 'type'), array($sid, $type)); $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, " - . "UNIX_TIMESTAMP(c.date) AS nice_date " - . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " - . "WHERE c.uid = u.uid AND c.sid = '$sid' AND type='{$type}' " - . "ORDER BY date $order LIMIT $start, $limit"; + . "UNIX_TIMESTAMP(c.date) AS nice_date " + . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " + . "WHERE c.uid = u.uid AND c.sid = '$sid' AND type='{$type}' " + . "ORDER BY date $order LIMIT $start, $limit"; } break; case 'nested': case 'threaded': default: - if( $order == 'DESC' ) { + if ($order === 'DESC') { $cOrder = 'c.rht DESC'; } else { $cOrder = 'c.lft ASC'; @@ -724,33 +713,33 @@ function CMT_userComments( $sid, $title, $type='article', $order='', $mode='', $ // We can simplify the query, and hence increase performance // when pid = 0 (when fetching all the comments for a given sid) - if( $cid ) { // pid refers to commentid rather than parentid + if ($cid) { // pid refers to commentid rather than parentid // count the total number of applicable comments $q2 = "SELECT COUNT(*) " . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2 " . "WHERE c.sid = '$sid' AND (c.lft >= c2.lft AND c.lft <= c2.rht) " . "AND c2.cid = $pid AND c.type='{$type}'"; - $result = DB_query( $q2 ); - list( $count ) = DB_fetchArray( $result ); + $result = DB_query($q2); + list($count) = DB_fetchArray($result); $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, c2.indent AS pindent, " - . "UNIX_TIMESTAMP(c.date) AS nice_date " - . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " - . "{$_TABLES['users']} AS u " - . "WHERE c.sid = '$sid' AND (c.lft >= c2.lft AND c.lft <= c2.rht) " - . "AND c2.cid = $pid AND c.uid = u.uid AND c.type='{$type}' " - . "ORDER BY $cOrder LIMIT $start, $limit"; + . "UNIX_TIMESTAMP(c.date) AS nice_date " + . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " + . "{$_TABLES['users']} AS u " + . "WHERE c.sid = '$sid' AND (c.lft >= c2.lft AND c.lft <= c2.rht) " + . "AND c2.cid = $pid AND c.uid = u.uid AND c.type='{$type}' " + . "ORDER BY $cOrder LIMIT $start, $limit"; } else { // pid refers to parentid rather than commentid - if( $pid == 0 ) { // the simple, fast case + if ($pid == 0) { // the simple, fast case // count the total number of applicable comments - $count = DB_count( $_TABLES['comments'], - array( 'sid', 'type' ), array( $sid, $type )); + $count = DB_count($_TABLES['comments'], + array('sid', 'type'), array($sid, $type)); $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, 0 AS pindent, " - . "UNIX_TIMESTAMP(c.date) AS nice_date " - . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " - . "WHERE c.sid = '$sid' AND c.uid = u.uid AND type='{$type}' " - . "ORDER BY $cOrder LIMIT $start, $limit"; + . "UNIX_TIMESTAMP(c.date) AS nice_date " + . "FROM {$_TABLES['comments']} AS c, {$_TABLES['users']} AS u " + . "WHERE c.sid = '$sid' AND c.uid = u.uid AND type='{$type}' " + . "ORDER BY $cOrder LIMIT $start, $limit"; } else { // count the total number of applicable comments $q2 = "SELECT COUNT(*) " @@ -761,57 +750,57 @@ function CMT_userComments( $sid, $title, $type='article', $order='', $mode='', $ list($count) = DB_fetchArray($result); $q = "SELECT c.*, u.username, u.fullname, u.photo, u.email, c2.indent + 1 AS pindent, " - . "UNIX_TIMESTAMP(c.date) AS nice_date " - . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " - . "{$_TABLES['users']} AS u " - . "WHERE c.sid = '$sid' AND (c.lft > c2.lft AND c.lft < c2.rht) " - . "AND c2.cid = $pid AND c.uid = u.uid AND c.type='{$type}' " - . "ORDER BY $cOrder LIMIT $start, $limit"; + . "UNIX_TIMESTAMP(c.date) AS nice_date " + . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " + . "{$_TABLES['users']} AS u " + . "WHERE c.sid = '$sid' AND (c.lft > c2.lft AND c.lft < c2.rht) " + . "AND c2.cid = $pid AND c.uid = u.uid AND c.type='{$type}' " + . "ORDER BY $cOrder LIMIT $start, $limit"; } } break; } - $thecomments = ''; - $result = DB_query( $q ); + $theComments = ''; + $result = DB_query($q); if (DB_numRows($result) == 0) { if ($page > 1) { - list($plgurl, $plgid) = CMT_getCommentUrlId($type); - $plglink = ''; - if (!empty($plgurl)) { - $plglink = "$plgurl?$plgid=$sid"; + list($pluginUrl, $pluginId) = CMT_getCommentUrlId($type); + $pluginLink = ''; + if (!empty($pluginUrl)) { + $pluginLink = "$pluginUrl?$pluginId=$sid"; } // Requested invalid page - COM_handle404($plglink); + COM_handle404($pluginLink); } } - $thecomments .= CMT_getComment( $result, $mode, $type, $order, - $delete_option, false, $ccode, $page ); + $theComments .= CMT_getComment($result, $mode, $type, $order, + $delete_option, false, $commentCode, $page); // Pagination - $tot_pages = ceil($count / $limit); + $tot_pages = ceil($count / $limit); $is_comment_page = CMT_isCommentPage(); if ($is_comment_page) { $pLink[0] = "comment.php?sid=$sid"; $pLink[0] .= "&" . CMT_TYPE . "=$type&order=$order&format=$mode"; } else { - list($plgurl, $plgid) = CMT_getCommentUrlId($type); - $pLink[0] = "$plgurl?$plgid=$sid"; + list($pluginUrl, $pluginId) = CMT_getCommentUrlId($type); + $pLink[0] = "$pluginUrl?$pluginId=$sid"; $pLink[0] .= "&" . CMT_TYPE . "=$type&order=$order&mode=$mode"; } $pLink[1] = "#comments"; $page_str = "cpage="; $template->set_var('pagenav', - COM_printPageNavigation($pLink, $page, $tot_pages, $page_str, false)); + COM_printPageNavigation($pLink, $page, $tot_pages, $page_str, false)); - $template->set_var('comments', $thecomments); + $template->set_var('comments', $theComments); if (COMMENT_ON_SAME_PAGE) { - if ($ccode == 0) { - $cmode = COM_applyFilter(COM_getArgument(CMT_MODE)); - $html = CMT_handleComment($cmode, $type, $title, $sid, $mode); + if ($commentCode == 0) { + $cMode = COM_applyFilter(COM_getArgument(CMT_MODE)); + $html = CMT_handleComment($cMode, $type, $title, $sid, $mode); $template->set_var('commenteditor', $html); } } @@ -823,45 +812,43 @@ function CMT_userComments( $sid, $title, $type='article', $order='', $mode='', $ } /** -* Displays the comment form -* -* @param string $title Title of comment -* @param string $comment Text of comment -* @param string $sid ID of object comment belongs to -* @param int $pid ID of parent comment -* @param string $type Type of object comment is posted to -* @param string $mode Mode, e.g. 'preview' -* @param string $postmode Indicates if comment is plain text or HTML -* @param string $format 'threaded', 'nested', or 'flat' -* @param string $order 'ASC' or 'DESC' or blank -* @param int $page Page number of comments to display -* @return string HTML for comment form -* -*/ -function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmode, $format='', $order='', $page='') + * Displays the comment form + * + * @param string $title Title of comment + * @param string $comment Text of comment + * @param string $sid ID of object comment belongs to + * @param int $pid ID of parent comment + * @param string $type Type of object comment is posted to + * @param string $mode Mode, e.g. 'preview' + * @param string $postMode Indicates if comment is plain text or HTML + * @param string $format 'threaded', 'nested', or 'flat' + * @param string $order 'ASC' or 'DESC' or blank + * @param int $page Page number of comments to display + * @return string HTML for comment form + */ +function CMT_commentForm($title, $comment, $sid, $pid = 0, $type, $mode, $postMode, $format = '', $order = '', $page = 0) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG03, $LANG12, $LANG_ADMIN - , $LANG_ACCESS, $MESSAGE, $_SCRIPTS; + , $LANG_ACCESS, $MESSAGE, $_SCRIPTS; $retval = ''; // never trust $uid ... - if (empty ($_USER['uid'])) { + if (empty($_USER['uid'])) { $uid = 1; } else { $uid = $_USER['uid']; } if (empty($format)) { - if(isset($_REQUEST['format'])) { + if (isset($_REQUEST['format'])) { $format = COM_applyFilter($_REQUEST['format']); } if (!in_array($format, array('threaded', 'nested', 'flat', 'nocomment'))) { if (COM_isAnonUser()) { $format = $_CONF['comment_mode']; } else { - $format = DB_getItem( $_TABLES['usercomment'], 'commentmode', - "uid = $uid" ); + $format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$uid}"); } } } @@ -879,36 +866,39 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo } } - $commentuid = $uid; + $commentUid = $uid; $table = ''; - if ($mode == 'edit' || $mode == $LANG03[28]) { + if ($mode === 'edit' || $mode === $LANG03[28]) { $table = $_TABLES['comments']; - } elseif ($mode == 'editsubmission' || $mode == $LANG03[34]) { + } elseif ($mode === 'editsubmission' || $mode == $LANG03[34]) { $table = $_TABLES['commentsubmissions']; } if (!empty($table)) { $cid = 0; if (isset($_REQUEST[CMT_CID])) { - $cid = COM_applyFilter ($_REQUEST[CMT_CID], true); + $cid = COM_applyFilter($_REQUEST[CMT_CID], true); } if ($cid <= 0) { COM_redirect($_CONF['site_url'] . '/index.php'); } - $commentuid = DB_getItem ($table, 'uid', "cid = '$cid'"); + $commentUid = DB_getItem($table, 'uid', "cid = '$cid'"); } if (COM_isAnonUser() && - (($_CONF['loginrequired'] == 1) || ($_CONF['commentsloginrequired'] == 1))) { + (($_CONF['loginrequired'] == 1) || ($_CONF['commentsloginrequired'] == 1)) + ) { $retval .= SEC_loginRequiredForm(); + return $retval; } else { - COM_clearSpeedlimit ($_CONF['commentspeedlimit'], 'comment'); + COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'comment'); $last = 0; - if ($mode != 'edit' && $mode != 'editsubmission' - && $mode != $LANG03[28] && $mode != $LANG03[34]) { + if ($mode !== 'edit' && $mode !== 'editsubmission' + && $mode != $LANG03[28] && $mode != $LANG03[34] + ) { // not edit mode or preview changes - $last = COM_checkSpeedlimit ('comment'); + $last = COM_checkSpeedlimit('comment'); } if ($last > 0) { @@ -918,70 +908,70 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo $retval .= COM_showMessageText($LANG03[7] . $last . $LANG03[8], $LANG12[26]); } } else { - // Add JavaScript $_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js'); - if (($postmode != 'html') && ($postmode != 'plaintext')) { - if (empty($postmode) && $_CONF['advanced_editor'] && $_USER['advanced_editor']) { - $postmode = 'html'; - } elseif (empty($postmode)) { - $postmode = $_CONF['postmode']; + if (($postMode !== 'html') && ($postMode !== 'plaintext')) { + if (empty($postMode) && $_CONF['advanced_editor'] && $_USER['advanced_editor']) { + $postMode = 'html'; + } elseif (empty($postMode)) { + $postMode = $_CONF['postmode']; } } $sig = ''; if ($uid > 1) { - $sig = DB_getItem ($_TABLES['users'], 'sig', "uid = '$uid'"); + $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '$uid'"); } // Note: - // $comment / $newcomment is what goes into the preview / is + // $comment / $newComment is what goes into the preview / is // actually stored in the database -> strip HTML - // $commenttext is what the user entered and goes back into the + // $commentText is what the user entered and goes back into the // -> don't strip HTML - $commenttext = htmlspecialchars (COM_stripslashes ($comment)); + $commentText = COM_stripslashes($comment); + $commentText = GLText::removeUtf8Icons($commentText); + $commentText = htmlspecialchars($commentText); // Replace $, {, and } with special HTML equivalents - $commenttext = str_replace('$','$',$commenttext); - $commenttext = str_replace('{','{',$commenttext); - $commenttext = str_replace('}','}',$commenttext); + $commentText = str_replace('$', '$', $commentText); + $commentText = str_replace('{', '{', $commentText); + $commentText = str_replace('}', '}', $commentText); // Remove any autotags the user doesn't have permission to use - $commenttext = PLG_replaceTags($commenttext, '', true); + $commentText = PLG_replaceTags($commentText, '', true); // Autotags can now be used in templates when an article is rendered // for this reason, replace [, ] in order to prevent garbled characters - $commenttext = str_replace('[','[',$commenttext); - $commenttext = str_replace(']',']',$commenttext); + $commentText = str_replace('[', '[', $commentText); + $commentText = str_replace(']', ']', $commentText); - $title = COM_checkWords(strip_tags(COM_stripslashes ($title)), 'comment'); + $title = COM_checkWords(strip_tags(COM_stripslashes($title)), 'comment'); // $title = str_replace('$','$',$title); done in CMT_getComment $_POST['title'] = $title; - $newcomment = $comment; - if ($mode == $LANG03[28] ) { // for preview - $newcomment = CMT_prepareText($comment, $postmode, $type, true, $cid); + if ($mode == $LANG03[28]) { // for preview + $newComment = CMT_prepareText($comment, $postMode, $type, true, $cid); } elseif ($mode == $LANG03[34]) { - $newcomment = CMT_prepareText($comment, $postmode, $type, true); + $newComment = CMT_prepareText($comment, $postMode, $type, true); } else { - $newcomment = CMT_prepareText($comment, $postmode, $type); + $newComment = CMT_prepareText($comment, $postMode, $type); } - $_POST['comment'] = $newcomment; + $_POST['comment'] = $newComment; // Preview mode: - if (($mode == $LANG03[14] || $mode == $LANG03[28] || $mode == $LANG03[34]) && !empty($title) && !empty($comment) ) { + if (($mode == $LANG03[14] || $mode == $LANG03[28] || $mode == $LANG03[34]) && !empty($title) && !empty($comment)) { $start = COM_newTemplate($_CONF['path_layout'] . 'comment'); $start->set_file(array('comment' => 'startcomment.thtml')); $start->set_var('hide_if_preview', 'style="display:none"'); - $start->set_var( 'area_id', 'commentpreview' ); + $start->set_var('area_id', 'commentpreview'); // Clean up all the vars $A = array(); foreach ($_POST as $key => $value) { if (($key == CMT_PID) || ($key == CMT_CID)) { - $A[$key] = COM_applyFilter ($_POST[$key], true); + $A[$key] = COM_applyFilter($_POST[$key], true); } else if (($key == 'title') || ($key == 'comment')) { // these have already been filtered above $A[$key] = $_POST[$key]; @@ -990,22 +980,22 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo COM_checkWords(strip_tags(COM_stripslashes($_POST[$key])), 'comment') ); } else { - $A[$key] = COM_applyFilter ($_POST[$key]); + $A[$key] = COM_applyFilter($_POST[$key]); } } // correct time and username for edit preview if (($mode == $LANG03[28]) || ($mode == $LANG03[34])) { $A['nice_date'] = DB_getItem($table, 'UNIX_TIMESTAMP(date)', - "cid = '$cid'"); - if ($_USER['uid'] != $commentuid) { - $uresult = DB_query("SELECT username, fullname, email, photo FROM {$_TABLES['users']} WHERE uid = $commentuid"); + "cid = '{$cid}'"); + if ($_USER['uid'] != $commentUid) { + $uresult = DB_query("SELECT username, fullname, email, photo FROM {$_TABLES['users']} WHERE uid = $commentUid"); $A = array_merge($A, DB_fetchArray($uresult)); } } if (($uid != 1) || empty($A[CMT_USERNAME])) { - $A[CMT_USERNAME] = DB_getItem ($_TABLES['users'], 'username', - "uid = $uid"); + $A[CMT_USERNAME] = DB_getItem($_TABLES['users'], 'username', + "uid = $uid"); } if (COMMENT_ON_SAME_PAGE) { @@ -1019,13 +1009,13 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo $A['username'] = $A[CMT_USERNAME]; } - $thecomments = CMT_getComment ($A, 'flat', $type, 'ASC', false, - true); + $thecomments = CMT_getComment($A, 'flat', $type, 'ASC', false, + true); - $start->set_var( 'comments', $thecomments ); - $retval .= COM_startBlock ($LANG03[14]) - . $start->finish( $start->parse( 'output', 'comment' )) - . COM_endBlock (); + $start->set_var('comments', $thecomments); + $retval .= COM_startBlock($LANG03[14]) + . $start->finish($start->parse('output', 'comment')) + . COM_endBlock(); } else if ($mode == $LANG03[14]) { $retval .= COM_showMessageText($LANG03[12], $LANG03[17]); $mode = 'error'; @@ -1074,7 +1064,7 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo $comment_template->set_var('type', $type); if ($mode == 'edit' || $mode == 'editsubmission' || $mode == $LANG03[28] || $mode == $LANG03[34]) { $comment_template->set_var('hidewhenediting', - ' style="display:none;"'); + ' style="display:none;"'); } else { $comment_template->set_var('hidewhenediting', ''); } @@ -1089,25 +1079,25 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo $sid = str_replace('fileid_', '', $sid); } - $formurl = "$plgurl?$plgid=$sid#commentpreview"; + $formUrl = "$plgurl?$plgid=$sid#commentpreview"; } else { - $formurl = $_CONF['site_url'] . '/comment.php#commentpreview'; // commentpreview needed for when showing replies on the same page + $formUrl = $_CONF['site_url'] . '/comment.php#commentpreview'; // commentpreview needed for when showing replies on the same page } - if ($mode == 'edit' || $mode == $LANG03[28]) { //edit modes + if ($mode === 'edit' || $mode === $LANG03[28]) { //edit modes $comment_template->set_var('start_block_postacomment', - COM_startBlock($LANG03[32])); + COM_startBlock($LANG03[32])); $comment_template->set_var('cid', ''); } else if ($mode == 'editsubmission' || $mode == $LANG03[34]) { $comment_template->set_var('start_block_postacomment', - COM_startBlock($LANG03[33])); + COM_startBlock($LANG03[33])); $comment_template->set_var('cid', ''); } else { $comment_template->set_var('start_block_postacomment', - COM_startBlock($LANG03[1])); + COM_startBlock($LANG03[1])); $comment_template->set_var('cid', ''); } - $comment_template->set_var('form_url', $formurl); + $comment_template->set_var('form_url', $formUrl); if (COM_isAnonUser()) { // Anonymous user @@ -1126,7 +1116,7 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo $name = COM_getDisplayName(1); // anonymous user } $usernameblock = ''; + $name . '" maxlength="32"' . XHTML . '>'; $comment_template->set_var('username', $usernameblock); $comment_template->set_var('action_url', @@ -1134,8 +1124,8 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo $comment_template->set_var('lang_logoutorcreateaccount', $LANG03[04]); } else { - if ($commentuid != $_USER['uid']) { - $uresult = DB_query("SELECT username, fullname FROM {$_TABLES['users']} WHERE uid = $commentuid"); + if ($commentUid != $_USER['uid']) { + $uresult = DB_query("SELECT username, fullname FROM {$_TABLES['users']} WHERE uid = $commentUid"); list($username, $fullname) = DB_fetchArray($uresult); } else { $username = $_USER['username']; @@ -1143,8 +1133,8 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo } $comment_template->set_var('gltoken_name', CSRF_TOKEN); $comment_template->set_var('gltoken', SEC_createToken()); - $comment_template->set_var('uid', $commentuid); - $name = COM_getDisplayName($commentuid, $username, $fullname); + $comment_template->set_var('uid', $commentUid); + $name = COM_getDisplayName($commentUid, $username, $fullname); $comment_template->set_var('username', $name); $comment_template->set_var('action_url', $_CONF['site_url'] . '/users.php?mode=logout'); @@ -1156,10 +1146,10 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo if ($mode == 'editsubmission' OR $mode == 'edit' OR $mode == $LANG03[34] OR $mode == $LANG03[28]) { $delbutton = ''; + . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; - $comment_template->set_var ('delete_option', - sprintf ($delbutton, $jsconfirm)); + $comment_template->set_var('delete_option', + sprintf($delbutton, $jsconfirm)); $comment_template->set_var('allow_delete', true); $comment_template->set_var('lang_delete', $LANG_ADMIN['delete']); @@ -1174,21 +1164,21 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo } - if ($postmode == 'html') { - $comment_template->set_var ('show_texteditor', 'none'); - $comment_template->set_var ('show_htmleditor', ''); + if ($postMode == 'html') { + $comment_template->set_var('show_texteditor', 'none'); + $comment_template->set_var('show_htmleditor', ''); } else { - $comment_template->set_var ('show_texteditor', ''); - $comment_template->set_var ('show_htmleditor', 'none'); + $comment_template->set_var('show_texteditor', ''); + $comment_template->set_var('show_htmleditor', 'none'); } $comment_template->set_var('lang_title', $LANG03[16]); $comment_template->set_var('title', htmlspecialchars($title)); $comment_template->set_var('lang_comment', $LANG03[9]); - $comment_template->set_var('comment', $commenttext); + $comment_template->set_var('comment', $commentText); $comment_template->set_var('lang_postmode', $LANG03[2]); $comment_template->set_var('postmode_options', - COM_optionList($_TABLES['postmodes'], 'code,name', $postmode)); + COM_optionList($_TABLES['postmodes'], 'code,name', $postMode)); $allowed_html = ''; foreach (array('plaintext', 'html') as $pm) { $allowed_html .= COM_allowedHTML($permission, false, 1, $pm); @@ -1222,7 +1212,7 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo $comment_template->set_var('allow_save', true); $comment_template->set_var('lang_save', $LANG03[29]); - } elseif ($mode == $LANG03[34] || ($mode == 'editsubmission' && $_CONF['skip_preview'] == 1)) { + } elseif ($mode == $LANG03[34] || ($mode == 'editsubmission' && $_CONF['skip_preview'] == 1)) { PLG_templateSetVars('comment', $comment_template); // editing submission comment $comment_template->set_var('save_option', @@ -1243,7 +1233,8 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo } if (($_CONF['allow_reply_notifications'] == 1 && $uid != 1) && - ($mode == '' || $mode == $LANG03[14] || $mode == 'error')) { + ($mode == '' || $mode == $LANG03[14] || $mode == 'error') + ) { $checked = ''; if (isset($_POST['notify'])) { $checked = ' checked="checked"'; @@ -1266,14 +1257,13 @@ function CMT_commentForm($title, $comment, $sid, $pid='0', $type, $mode, $postmo * Save a comment * * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net - * @param string $title Title of comment - * @param string $comment Text of comment - * @param string $sid ID of object receiving comment - * @param int $pid ID of parent comment - * @param string $type Type of comment this is (article, polls, etc) - * @param string $postmode Indicates if text is HTML or plain text + * @param string $title Title of comment + * @param string $comment Text of comment + * @param string $sid ID of object receiving comment + * @param int $pid ID of parent comment + * @param string $type Type of comment this is (article, polls, etc) + * @param string $postmode Indicates if text is HTML or plain text * @return int -1 == queued, 0 == comment saved, > 0 indicates error - * */ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) { @@ -1283,43 +1273,47 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) $cid = 0; // Get a valid uid - if (empty ($_USER['uid'])) { + if (empty($_USER['uid'])) { $uid = 1; } else { $uid = $_USER['uid']; } // Sanity check - if (empty ($sid) || empty ($title) || empty ($comment) || empty ($type) ) { + if (empty($sid) || empty($title) || empty($comment) || empty($type)) { COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried " - . 'to submit a comment with one or more missing values.'); + . 'to submit a comment with one or more missing values.'); + return $ret = 1; } // Check that anonymous comments are allowed if (($uid == 1) && (($_CONF['loginrequired'] == 1) - || ($_CONF['commentsloginrequired'] == 1))) { + || ($_CONF['commentsloginrequired'] == 1)) + ) { COM_errorLog("CMT_saveComment: IP address {$_SERVER['REMOTE_ADDR']} " - . 'attempted to save a comment with anonymous comments disabled for site.'); + . 'attempted to save a comment with anonymous comments disabled for site.'); + return $ret = 2; } // Check for people breaking the speed limit - COM_clearSpeedlimit ($_CONF['commentspeedlimit'], 'comment'); - $last = COM_checkSpeedlimit ('comment'); + COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'comment'); + $last = COM_checkSpeedlimit('comment'); if ($last > 0) { COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried " - . 'to submit a comment before the speed limit expired'); + . 'to submit a comment before the speed limit expired'); + return $ret = 3; } // Let plugins have a chance to check for spam $spamcheck = '' . $title . '' . $comment . ''; - $result = PLG_checkforSpam ($spamcheck, $_CONF['spamx']); + $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); // Now check the result and display message if spam action was taken if ($result > 0) { - COM_updateSpeedlimit ('comment'); // update speed limit nonetheless - COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); // then tell them to get lost ... + COM_updateSpeedlimit('comment'); // update speed limit nonetheless + COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); // then tell them to get lost ... } // Let plugins have a chance to decide what to do before saving the comment, return errors. @@ -1344,8 +1338,8 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) 'comment' ); setcookie($_CONF['cookie_anon_name'], $username, time() + 31536000, - $_CONF['cookie_path'], $_CONF['cookiedomain'], - $_CONF['cookiesecure']); + $_CONF['cookie_path'], $_CONF['cookiedomain'], + $_CONF['cookiesecure']); $name = DB_escapeString($username); } } @@ -1359,7 +1353,8 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) COM_updateSpeedlimit('comment'); if (empty($title) || empty($comment)) { COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried " - . 'to submit a comment with invalid $title and/or $comment.'); + . 'to submit a comment with invalid $title and/or $comment.'); + return $ret = 5; } @@ -1367,40 +1362,40 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) // comment into comment submission table enabled if (isset($name)) { DB_query("INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,name,comment,type,date,title,pid,ipaddress) " - . "VALUES ('$sid',$uid,'$name','$comment','$type',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')"); + . "VALUES ('$sid',$uid,'$name','$comment','$type',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')"); } else { DB_query("INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,comment,type,date,title,pid,ipaddress) " - . "VALUES ('$sid',$uid,'$comment','$type',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')"); + . "VALUES ('$sid',$uid,'$comment','$type',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')"); } - $cid = DB_insertId('',$_TABLES['commentsubmissions'].'_cid_seq'); + $cid = DB_insertId('', $_TABLES['commentsubmissions'] . '_cid_seq'); $ret = -1; // comment queued } elseif ($pid > 0) { - DB_lockTable ($_TABLES['comments']); + DB_lockTable($_TABLES['comments']); $result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = $pid AND sid = '$sid'"); list($rht, $indent) = DB_fetchArray($result); - if ( !DB_error() ) { - $rht2=$rht+1; - $indent+=1; + if (!DB_error()) { + $rht2 = $rht + 1; + $indent += 1; DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " - . "WHERE sid = '$sid' AND type = '$type' AND lft >= $rht"); + . "WHERE sid = '$sid' AND type = '$type' AND lft >= $rht"); DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " - . "WHERE sid = '$sid' AND type = '$type' AND rht >= $rht"); + . "WHERE sid = '$sid' AND type = '$type' AND rht >= $rht"); if (isset($name)) { - DB_save ($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', - "'$sid',$uid,'$comment',now(),'$title',$pid,$rht,$rht2,$indent,'$type','{$_SERVER['REMOTE_ADDR']}','$name'"); + DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', + "'$sid',$uid,'$comment',now(),'$title',$pid,$rht,$rht2,$indent,'$type','{$_SERVER['REMOTE_ADDR']}','$name'"); } else { - DB_save ($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', - "'$sid',$uid,'$comment',now(),'$title',$pid,$rht,$rht2,$indent,'$type','{$_SERVER['REMOTE_ADDR']}'"); + DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', + "'$sid',$uid,'$comment',now(),'$title',$pid,$rht,$rht2,$indent,'$type','{$_SERVER['REMOTE_ADDR']}'"); } - $cid = DB_insertId('',$_TABLES['comments'].'_cid_seq'); + $cid = DB_insertId('', $_TABLES['comments'] . '_cid_seq'); } else { //replying to non-existent comment or comment in wrong article COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried " - . 'to reply to a non-existent comment or the pid/sid did not match'); + . 'to reply to a non-existent comment or the pid/sid did not match'); $ret = 4; // Cannot return here, tables locked! } DB_unlockTable($_TABLES['comments']); @@ -1422,10 +1417,10 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) if ($_CONF['allow_reply_notifications'] == 1 && $cid > 0 && $pid > 0) { // $sql = "SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = $pid"; // Used in Geeklog 2.0.0 and before. Notification sent only if someone directly replies to the comment (not a reply of a reply) $sql = "SELECT cn.cid, cn.uid, cn.deletehash " - . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " - . "{$_TABLES['commentnotifications']} AS cn " - . "WHERE c2.cid = cn.cid AND (c.lft >= c2.lft AND c.lft <= c2.rht) " - . "AND c.cid = $pid GROUP BY cn.uid"; + . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " + . "{$_TABLES['commentnotifications']} AS cn " + . "WHERE c2.cid = cn.cid AND (c.lft >= c2.lft AND c.lft <= c2.rht) " + . "AND c.cid = $pid GROUP BY cn.uid"; $result = DB_query($sql); $A = DB_fetchArray($result); if ($A !== false) { @@ -1433,22 +1428,22 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) } } } else { - DB_lockTable ($_TABLES['comments']); + DB_lockTable($_TABLES['comments']); $rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '$sid'"); - if ( DB_error() ) { + if (DB_error()) { $rht = 0; } - $rht2=$rht+1; // value of new comment's "lft" - $rht3=$rht+2; // value of new comment's "rht" + $rht2 = $rht + 1; // value of new comment's "lft" + $rht3 = $rht + 2; // value of new comment's "rht" if (isset($name)) { - DB_save ($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', + DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', "'$sid',$uid,'$comment',now(),'$title',$pid,$rht2,$rht3,0,'$type','{$_SERVER['REMOTE_ADDR']}','$name'"); } else { - DB_save ($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', + DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'$sid',$uid,'$comment',now(),'$title',$pid,$rht2,$rht3,0,'$type','{$_SERVER['REMOTE_ADDR']}'"); } - $cid = DB_insertId('',$_TABLES['comments'].'_cid_seq'); + $cid = DB_insertId('', $_TABLES['comments'] . '_cid_seq'); DB_unlockTable($_TABLES['comments']); // Update Comment Feeds @@ -1462,23 +1457,24 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) } // save user notification information - if (isset($_POST['notify']) && ($ret == -1 || $ret == 0) ) { + if (isset($_POST['notify']) && ($ret == -1 || $ret == 0)) { $cid4hash = ($cid == 0) ? '' : $cid; - $cid4db = ($cid == 0) ? null : $cid; + $cid4db = ($cid == 0) ? null : $cid; $deletehash = md5($title . $cid4hash . $comment . rand()); if ($ret == -1) { //null goes into cid, comment not published yet, set moderation queue id - DB_save($_TABLES['commentnotifications'], 'uid,deletehash,mid',"$uid,'$deletehash',{$cid4db}"); + DB_save($_TABLES['commentnotifications'], 'uid,deletehash,mid', "$uid,'$deletehash',{$cid4db}"); } else { - DB_save($_TABLES['commentnotifications'], 'cid,uid,deletehash',"{$cid4db},$uid,'$deletehash'"); + DB_save($_TABLES['commentnotifications'], 'cid,uid,deletehash', "{$cid4db},$uid,'$deletehash'"); } } // Send notification of comment if no errors and notifications enabled // for comments if ((($ret == -1) || ($ret == 0)) && isset($_CONF['notification']) && - in_array('comment', $_CONF['notification'])) { + in_array('comment', $_CONF['notification']) + ) { if ($ret == -1) { $cid = 0; // comment went into the submission queue } @@ -1493,26 +1489,27 @@ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) } /** -* Send an email notification for a new comment submission. -* -* @param $title string comment title -* @param $comment string text of the comment -* @param $uid int user id -* @param $username string optional name of anonymous user -* @param $ipaddress string poster's IP address -* @param $type string type of comment ('article', 'polls', ...) -* @param $cid int comment id (or 0 when in submission queue) -* @return boolean true if successfully sent, otherwise false -* -*/ + * Send an email notification for a new comment submission. + * + * @param $title string comment title + * @param $comment string text of the comment + * @param $uid int user id + * @param $username string optional name of anonymous user + * @param $ipaddress string poster's IP address + * @param $type string type of comment ('article', 'polls', ...) + * @param $cid int comment id (or 0 when in submission queue) + * @return boolean true if successfully sent, otherwise false + */ function CMT_sendNotification($title, $comment, $uid, $username, $ipaddress, $type, $cid) { global $_CONF, $_TABLES, $LANG01, $LANG03, $LANG08, $LANG09, $LANG29; // sanity check if (($username == $_SERVER['REMOTE_ADDR']) && - ($ipaddress != $_SERVER['REMOTE_ADDR'])) { + ($ipaddress != $_SERVER['REMOTE_ADDR']) + ) { COM_errorLog("The API for CMT_sendNotification has changed ..."); + return false; } @@ -1537,7 +1534,7 @@ function CMT_sendNotification($title, $comment, $uid, $username, $ipaddress, $ty } $mailbody = "$LANG03[16]: $title\n" - . "$LANG03[5]: $author\n"; + . "$LANG03[5]: $author\n"; if ($type != 'article') { $mailbody .= "$LANG09[5]: $type\n"; @@ -1546,7 +1543,7 @@ function CMT_sendNotification($title, $comment, $uid, $username, $ipaddress, $ty if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) - . '...'; + . '...'; } $mailbody .= $comment . "\n\n"; } @@ -1554,11 +1551,11 @@ function CMT_sendNotification($title, $comment, $uid, $username, $ipaddress, $ty if ($cid == 0) { $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[41]; $mailbody .= $LANG01[10] . ' <' . $_CONF['site_admin_url'] - . "/moderation.php>\n\n"; + . "/moderation.php>\n\n"; } else { $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[9]; $mailbody .= $LANG03[39] . ' <' . $_CONF['site_url'] - . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; + . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; } $mailbody .= "\n------------------------------\n"; @@ -1571,18 +1568,17 @@ function CMT_sendNotification($title, $comment, $uid, $username, $ipaddress, $ty /** * Deletes a given comment - * * The function expects the calling function to check to make sure the * requesting user has the correct permissions and that the comment exits * for the specified $type and $sid. * * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net - * @param string $type article, or plugin identifier - * @param string $sid id of object comment belongs to - * @param int $cid Comment ID + * @param string $type article, or plugin identifier + * @param string $sid id of object comment belongs to + * @param int $cid Comment ID * @return string 0 indicates success, >0 identifies problem */ -function CMT_deleteComment ($cid, $sid, $type) +function CMT_deleteComment($cid, $sid, $type) { global $_CONF, $_TABLES, $_USER; @@ -1590,9 +1586,10 @@ function CMT_deleteComment ($cid, $sid, $type) // Sanity check, note we return immediately here and no DB operations // are performed - if (!is_numeric ($cid) || ($cid < 0) || empty ($sid) || empty ($type)) { + if (!is_numeric($cid) || ($cid < 0) || empty($sid) || empty($type)) { COM_errorLog("CMT_deleteComment: {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to delete a comment with one or more missing/bad values.'); + . 'to delete a comment with one or more missing/bad values.'); + return $ret = 1; } @@ -1601,20 +1598,20 @@ function CMT_deleteComment ($cid, $sid, $type) // A lock is needed here to prevent other additions and/or deletions // from happening at the same time. A transaction would work better, // but aren't supported with MyISAM tables. - DB_lockTable ($_TABLES['comments']); + DB_lockTable($_TABLES['comments']); $result = DB_query("SELECT pid, lft, rht FROM {$_TABLES['comments']} " - . "WHERE cid = $cid AND sid = '$sid' AND type = '$type'"); - if ( DB_numRows($result) == 1 ) { - list($pid,$lft,$rht) = DB_fetchArray($result); - DB_change ($_TABLES['comments'], 'pid', $pid, 'pid', $cid); - DB_delete ($_TABLES['comments'], 'cid', $cid); + . "WHERE cid = $cid AND sid = '$sid' AND type = '$type'"); + if (DB_numRows($result) == 1) { + list($pid, $lft, $rht) = DB_fetchArray($result); + DB_change($_TABLES['comments'], 'pid', $pid, 'pid', $cid); + DB_delete($_TABLES['comments'], 'cid', $cid); DB_query("UPDATE {$_TABLES['comments']} SET indent = indent - 1 " - . "WHERE sid = '$sid' AND type = '$type' AND lft BETWEEN $lft AND $rht"); + . "WHERE sid = '$sid' AND type = '$type' AND lft BETWEEN $lft AND $rht"); DB_query("UPDATE {$_TABLES['comments']} SET lft = lft - 2 " - . "WHERE sid = '$sid' AND type = '$type' AND lft >= $rht"); + . "WHERE sid = '$sid' AND type = '$type' AND lft >= $rht"); DB_query("UPDATE {$_TABLES['comments']} SET rht = rht - 2 " - . "WHERE sid = '$sid' AND type = '$type' AND rht >= $rht"); - DB_unlockTable ($_TABLES['comments']); + . "WHERE sid = '$sid' AND type = '$type' AND rht >= $rht"); + DB_unlockTable($_TABLES['comments']); // Update Comment Feeds COM_rdfUpToDateCheck('comment'); @@ -1625,9 +1622,10 @@ function CMT_deleteComment ($cid, $sid, $type) CACHE_remove_instance($cacheInstance); } } else { - DB_unlockTable ($_TABLES['comments']); + DB_unlockTable($_TABLES['comments']); COM_errorLog("CMT_deleteComment: {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to delete a comment that doesn\'t exist as described.'); + . 'to delete a comment that doesn\'t exist as described.'); + return $ret = 2; } @@ -1635,14 +1633,13 @@ function CMT_deleteComment ($cid, $sid, $type) } /** -* Display form to report abusive comment. -* -* @param string $cid comment id -* @param string $type type of comment ('article', 'polls', ...) -* @return string HTML for the form (or error message) -* -*/ -function CMT_reportAbusiveComment ($cid, $type) + * Display form to report abusive comment. + * + * @param string $cid comment id + * @param string $type type of comment ('article', 'polls', ...) + * @return string HTML for the form (or error message) + */ +function CMT_reportAbusiveComment($cid, $type) { global $_CONF, $_TABLES, $LANG03, $LANG12; @@ -1654,8 +1651,8 @@ function CMT_reportAbusiveComment ($cid, $type) return $retval; } - COM_clearSpeedlimit ($_CONF['speedlimit'], 'mail'); - $last = COM_checkSpeedlimit ('mail'); + COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); + $last = COM_checkSpeedlimit('mail'); if ($last > 0) { $retval .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]); @@ -1671,11 +1668,11 @@ function CMT_reportAbusiveComment ($cid, $type) $start->set_var('gltoken_name', CSRF_TOKEN); $start->set_var('gltoken', SEC_createToken()); - $result = DB_query ("SELECT uid,sid,pid,title,comment,UNIX_TIMESTAMP(date) AS nice_date FROM {$_TABLES['comments']} WHERE cid = $cid AND type = '$type'"); - $A = DB_fetchArray ($result); + $result = DB_query("SELECT uid,sid,pid,title,comment,UNIX_TIMESTAMP(date) AS nice_date FROM {$_TABLES['comments']} WHERE cid = $cid AND type = '$type'"); + $A = DB_fetchArray($result); - $result = DB_query ("SELECT username,fullname,photo,email FROM {$_TABLES['users']} WHERE uid = {$A['uid']}"); - $B = DB_fetchArray ($result); + $result = DB_query("SELECT username,fullname,photo,email FROM {$_TABLES['users']} WHERE uid = {$A['uid']}"); + $B = DB_fetchArray($result); // prepare data for comment preview $A['cid'] = $cid; @@ -1687,26 +1684,25 @@ function CMT_reportAbusiveComment ($cid, $type) $A['indent'] = 0; $A['pindent'] = 0; - $thecomment = CMT_getComment ($A, 'flat', $type, 'ASC', false, true); - $start->set_var ('comment', $thecomment); - $retval .= COM_startBlock ($LANG03[15]) - . $start->finish ($start->parse ('output', 'report')) - . COM_endBlock (); + $thecomment = CMT_getComment($A, 'flat', $type, 'ASC', false, true); + $start->set_var('comment', $thecomment); + $retval .= COM_startBlock($LANG03[15]) + . $start->finish($start->parse('output', 'report')) + . COM_endBlock(); return $retval; } /** -* Send report about abusive comment -* -* @param string $cid comment id -* @param string $type type of comment ('article', 'polls', ...) -* @return string Meta refresh or HTML for error message -* -*/ + * Send report about abusive comment + * + * @param string $cid comment id + * @param string $type type of comment ('article', 'polls', ...) + * @return string|void + */ function CMT_sendReport($cid, $type) { - global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08; + global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG09; if (COM_isAnonUser()) { $retval = SEC_loginRequiredForm(); @@ -1715,71 +1711,71 @@ function CMT_sendReport($cid, $type) return $retval; } - COM_clearSpeedlimit ($_CONF['speedlimit'], 'mail'); - if (COM_checkSpeedlimit ('mail') > 0) { + COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); + if (COM_checkSpeedlimit('mail') > 0) { COM_redirect($_CONF['site_url'] . '/index.php'); } - $username = DB_getItem ($_TABLES['users'], 'username', - "uid = {$_USER['uid']}"); - $result = DB_query ("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = $cid AND type = '$type'"); - $A = DB_fetchArray ($result); + $username = DB_getItem($_TABLES['users'], 'username', + "uid = {$_USER['uid']}"); + $result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = $cid AND type = '$type'"); + $A = DB_fetchArray($result); - $title = stripslashes ($A['title']); - $comment = stripslashes ($A['comment']); + $title = stripslashes($A['title']); + $comment = stripslashes($A['comment']); // strip HTML if posted in HTML mode - if (preg_match ('/<.*>/', $comment) != 0) { - $comment = strip_tags ($comment); + if (preg_match('/<.*>/', $comment) != 0) { + $comment = strip_tags($comment); } - $author = COM_getDisplayName ($A['uid']); - if (($A['uid'] <= 1) && !empty ($A['ipaddress'])) { + $author = COM_getDisplayName($A['uid']); + if (($A['uid'] <= 1) && !empty($A['ipaddress'])) { // add IP address for anonymous posters $author .= ' (' . $A['ipaddress'] . ')'; } - $mailbody = sprintf ($LANG03[26], $username); - $mailbody .= "\n\n" - . "$LANG03[16]: $title\n" - . "$LANG03[5]: $author\n"; + $mailBody = sprintf($LANG03[26], $username); + $mailBody .= "\n\n" + . "$LANG03[16]: $title\n" + . "$LANG03[5]: $author\n"; if ($type != 'article') { - $mailbody .= "$LANG09[5]: $type\n"; + $mailBody .= "$LANG09[5]: $type\n"; } if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { - $comment = MBYTE_substr ($comment, 0, $_CONF['emailstorieslength']) - . '...'; + $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) + . '...'; } - $mailbody .= $comment . "\n\n"; + $mailBody .= $comment . "\n\n"; } - $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] - . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; + $mailBody .= $LANG08[33] . ' <' . $_CONF['site_url'] + . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; - $mailbody .= "\n------------------------------\n"; - $mailbody .= "\n$LANG08[34]\n"; - $mailbody .= "\n------------------------------\n"; + $mailBody .= "\n------------------------------\n"; + $mailBody .= "\n$LANG08[34]\n"; + $mailBody .= "\n------------------------------\n"; $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27]; - if (COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody)) { + if (COM_mail($_CONF['site_mail'], $mailsubject, $mailBody)) { $msg = 27; // message sent } else { $msg = 85; // problem sending the email } - COM_updateSpeedlimit ('mail'); - COM_redirect($_CONF['site_url'] . "/index.php?msg=$msg"); + COM_updateSpeedlimit('mail'); + COM_redirect($_CONF['site_url'] . "/index.php?msg={$msg}"); } /** * Handles a comment edit submission * * @copyright Jared Wenerd 2008 - * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $mode whether to store edited comment in the queue * @return string HTML (possibly a refresh) */ @@ -1787,8 +1783,6 @@ function CMT_handleEditSubmit($mode = null) { global $_CONF, $_TABLES, $_USER, $LANG03; - $display = ''; - $type = ''; if (isset($_POST[CMT_TYPE])) { $type = COM_applyFilter($_POST[CMT_TYPE]); @@ -1808,9 +1802,10 @@ function CMT_handleEditSubmit($mode = null) // check for bad input if (empty($sid) || empty($_POST['title']) || empty($_POST['comment']) || - ($cid <= 0) || empty($type) || empty($postmode)) { + ($cid <= 0) || empty($type) || empty($postmode) + ) { COM_errorLog("CMT_handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to edit a comment with one or more missing values.'); + . 'to edit a comment with one or more missing values.'); COM_redirect($_CONF['site_url'] . '/index.php'); } @@ -1823,13 +1818,13 @@ function CMT_handleEditSubmit($mode = null) //check permissions if ($uid != $commentuid && !SEC_hasRights('comment.moderate')) { COM_errorLog("CMT_handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to edit a comment without proper permission.'); + . 'to edit a comment without proper permission.'); COM_redirect($_CONF['site_url'] . '/index.php'); } $comment = CMT_prepareText($_POST['comment'], $postmode, $type); $title = COM_checkWords( - strip_tags(COM_stripslashes ($_POST['title'])), + strip_tags(COM_stripslashes($_POST['title'])), 'comment' ); @@ -1839,24 +1834,24 @@ function CMT_handleEditSubmit($mode = null) $table = $_TABLES['comments']; } - if (!empty ($title) && !empty ($comment)) { - COM_updateSpeedlimit ('comment'); + if (!empty($title) && !empty($comment)) { + COM_updateSpeedlimit('comment'); $title = DB_escapeString($title); $comment = DB_escapeString($comment); // save the comment into the table DB_query("UPDATE $table SET comment = '$comment', title = '$title', type = '$type'" - . " WHERE cid=$cid AND sid='$sid'"); + . " WHERE cid=$cid AND sid='$sid'"); - if (DB_error() ) { //saving to non-existent comment or comment in wrong article + if (DB_error()) { //saving to non-existent comment or comment in wrong article COM_errorLog("CMT_handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to edit to a non-existent comment or the cid/sid did not match'); + . 'to edit to a non-existent comment or the cid/sid did not match'); COM_redirect($_CONF['site_url'] . '/index.php'); } //save edit information for published comment // Update any feeds if ($mode != $LANG03[35]) { - DB_save($_TABLES['commentedits'],'cid,uid,time',"$cid,$uid,NOW()"); + DB_save($_TABLES['commentedits'], 'cid,uid,time', "$cid,$uid,NOW()"); COM_rdfUpToDateCheck('comment'); @@ -1866,40 +1861,41 @@ function CMT_handleEditSubmit($mode = null) CACHE_remove_instance($cacheInstance); } } else { - COM_redirect(COM_buildUrl ($_CONF['site_admin_url'] . "/moderation.php")); + COM_redirect(COM_buildUrl($_CONF['site_admin_url'] . "/moderation.php")); } } else { COM_errorLog("CMT_handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to submit a comment with invalid $title and/or $comment.'); + . 'to submit a comment with invalid $title and/or $comment.'); COM_redirect($_CONF['site_url'] . '/index.php'); } list($plgurl, $plgid) = CMT_getCommentUrlId($type); - $formurl = "$plgurl?$plgid=$sid"; - COM_redirect($formurl); + $formUrl = "$plgurl?$plgid=$sid"; + COM_redirect($formUrl); } /** * Filters comment text and appends necessary tags (sig and/or edit) * * @copyright Jared Wenerd 2008 - * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $comment comment text - * @param string $postmode ('html', 'plaintext', ...) + * @param string $postMode ('html', 'plaintext', ...) * @param string $type Type of item (article, polls, etc.) * @param boolean $edit if true append edit tag - * @param int $cid commentid if editing comment (for proper sig) + * @param int $cid comment id if editing comment (for proper sig) * @return string of comment text */ -function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null) +function CMT_prepareText($comment, $postMode, $type, $edit = false, $cid = null) { global $_USER, $_TABLES, $LANG03, $_CONF; // Remove any autotags the user doesn't have permission to use $comment = PLG_replaceTags($comment, '', true); + $comment = GLText::removeUtf8Icons($comment); - if ($postmode == 'html') { + if ($postMode === 'html') { $html_perm = ($type == 'article') ? 'story.edit' : "$type.edit"; $comment = COM_checkWords( COM_checkHTML( @@ -1915,40 +1911,37 @@ function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null) 'comment' ) ); - $newcomment = COM_makeClickableLinks ($comment); - if (strcmp ($comment, $newcomment) != 0) { - $comment = COM_nl2br($newcomment); + $newComment = COM_makeClickableLinks($comment); + if (strcmp($comment, $newComment) != 0) { + $comment = COM_nl2br($newComment); } } if ($edit) { $comment .= '' . $LANG03[30] . ' ' - . strftime($_CONF['date'], time()) . ' ' .$LANG03[31] .' ' - . $_USER['username'] . ''; - $text = $comment; - + . strftime($_CONF['date'], time()) . ' ' . $LANG03[31] . ' ' + . $_USER['username'] . ''; } - if (empty ($_USER['uid'])) { + if (empty($_USER['uid'])) { $uid = 1; - } elseif ($edit && is_numeric($cid) ){ + } elseif ($edit && is_numeric($cid)) { //if comment moderator - $uid = DB_getItem ($_TABLES['comments'], 'uid', "cid = '$cid'"); + $uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '$cid'"); } else { $uid = $_USER['uid']; } - $sig = ''; if ($uid > 1) { - $sig = DB_getItem ($_TABLES['users'], 'sig', "uid = '$uid'"); - if (!empty ($sig)) { + $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '$uid'"); + if (!empty($sig)) { $comment .= ''; - if ( $postmode == 'html') { + if ($postMode == 'html') { $comment .= '---' . COM_nl2br($sig); } else { - $comment .= '---' . LB . $sig; + $comment .= '---' . LB . $sig; } - $comment .= ''; + $comment .= ''; } } @@ -1960,23 +1953,26 @@ function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null) * time and enables comments for certain number of most recent stories. * * @copyright Jared Wenerd 2008 - * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @author Jared Wenerd, wenerd87 AT gmail DOT com */ function CMT_updateCommentcodes() { global $_CONF, $_TABLES; if ($_CONF['comment_close_rec_stories'] > 0) { + $allowedComments = array(); $results = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE (date <= NOW()) AND (draft_flag = 0) ORDER BY date DESC LIMIT {$_CONF['comment_close_rec_stories']}"); + while ($A = DB_fetchArray($results)) { - $allowedcomments[] = $A['sid']; + $allowedComments[] = DB_escapeString($A['sid']); } + // update comment codes $sql = ' AND '; - if (count($allowedcomments) > 1) { - $sql .= "sid NOT IN ('" . implode("','", $allowedcomments) . "')"; + if (count($allowedComments) > 1) { + $sql .= "sid NOT IN ('" . implode("','", $allowedComments) . "')"; } else { - $sql .= "sid <> '$sid'"; + $sql .= "sid <> '{$allowedComments[0]}'"; } $sql = "UPDATE {$_TABLES['stories']} SET commentcode = 1 WHERE (commentcode = 0) AND (date < NOW()) AND (draft_flag = 0)" . $sql; DB_query($sql); @@ -1990,37 +1986,35 @@ function CMT_updateCommentcodes() * Rebuilds hierarchical data of comments after moderation using recursion. * * @copyright Jared Wenerd 2008 - * @author Jared Wenerd, wenerd87 AT gmail DOT com - * @param string $sid id of object comment belongs to - * @param int $pid id of parent comment - * @param int $left id of left-hand successor - * @return int id of right-hand successor - * @see CMT_deleteComment - * + * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @param string $sid id of object comment belongs to + * @param int $pid id of parent comment + * @param int $left id of left-hand successor + * @return int id of right-hand successor + * @see CMT_deleteComment */ function CMT_rebuildTree($sid, $pid = 0, $left = 0) { global $_TABLES; $right = $left + 1; - $result = DB_query ("SELECT cid FROM {$_TABLES['comments']} WHERE sid = '$sid' AND pid = $pid ORDER BY date ASC"); - while (DB_numRows($result) != 0 && $A = DB_fetchArray ($result)) { + $result = DB_query("SELECT cid FROM {$_TABLES['comments']} WHERE sid = '$sid' AND pid = $pid ORDER BY date ASC"); + while (DB_numRows($result) != 0 && $A = DB_fetchArray($result)) { $right = CMT_rebuildTree($sid, $A['cid'], $right); } if ($pid != 0) { - DB_query ("UPDATE {$_TABLES['comments']} SET lft = $left, rht = $right WHERE cid = $pid"); + DB_query("UPDATE {$_TABLES['comments']} SET lft = $left, rht = $right WHERE cid = $pid"); } - return $right+1; + return $right + 1; } /** * Moves comment from submission table to comments table * - * @param int cid comment id - * @copyright Jared Wenerd 2008 - * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @copyright Jared Wenerd 2008 + * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $cid comment id * @return string of story id */ @@ -2033,8 +2027,7 @@ function CMT_approveModeration($cid) if ($A['pid'] > 0) { // get indent+1 of parent - $indent = DB_getItem($_TABLES['comments'], 'indent+1', - "cid = '{$A['pid']}'"); + $indent = DB_getItem($_TABLES['comments'], 'indent+1', "cid = '{$A['pid']}'"); if (empty($indent)) { $indent = 0; @@ -2050,27 +2043,27 @@ function CMT_approveModeration($cid) // insert data $A['name'] = DB_escapeString($A['name']); DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent', - "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}',". - "'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',$indent"); + "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . + "'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',$indent"); } else { // insert data, null automatically goes into name column DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent', - "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}',". - "'{$A['pid']}','{$A['ipaddress']}',$indent"); + "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . + "'{$A['pid']}','{$A['ipaddress']}',$indent"); } - $newcid = DB_insertId('','comments_cid_seq'); + $newCid = DB_insertId('', 'comments_cid_seq'); DB_delete($_TABLES['commentsubmissions'], 'cid', $cid); - DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid); + DB_change($_TABLES['commentnotifications'], 'cid', $newCid, 'mid', $cid); // notify of new published comment if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 0) { // $sql = "SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = $pid"; // Used in Geeklog 2.0.0 and before. Notification sent only if someone directly replies to the comment (not a reply of a reply) $sql = "SELECT cn.cid, cn.uid, cn.deletehash " - . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " - . "{$_TABLES['commentnotifications']} AS cn " - . "WHERE c2.cid = cn.cid AND (c.lft >= c2.lft AND c.lft <= c2.rht) " - . "AND c.cid = {$A['pid']} GROUP BY cn.uid"; + . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " + . "{$_TABLES['commentnotifications']} AS cn " + . "WHERE c2.cid = cn.cid AND (c.lft >= c2.lft AND c.lft <= c2.rht) " + . "AND c.cid = {$A['pid']} GROUP BY cn.uid"; $result = DB_query($sql); $B = DB_fetchArray($result); if ($B !== false) { @@ -2093,10 +2086,10 @@ function CMT_approveModeration($cid) /** * Sends a notification of new comment reply * - * @param array $A contains cid, uid, and deletekey - * @param boolean $send_self send notification when replying to self? + * @param array $A contains cid, uid, and deletekey + * @param boolean $send_self send notification when replying to self? * @copyright Jared Wenerd 2008 - * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @author Jared Wenerd, wenerd87 AT gmail DOT com */ function CMT_sendReplyNotification($A, $send_self = false) { @@ -2106,22 +2099,20 @@ function CMT_sendReplyNotification($A, $send_self = false) $name = COM_getDisplayName($A['uid']); $title = DB_getItem($_TABLES['comments'], 'title', "cid = {$A['cid']}"); - $commenturl = $_CONF['site_url'] . '/comment.php'; - - $mailsubject = $_CONF['site_name'] . ': ' . $LANG03[37]; + $commentUrl = $_CONF['site_url'] . '/comment.php'; + $mailSubject = $_CONF['site_name'] . ': ' . $LANG03[37]; - $mailbody = sprintf($LANG03[41], $name) . LB . LB; - $mailbody .= sprintf($LANG03[38], $title) . LB . LB; - $mailbody .= $LANG03[39] . LB . '<' . $commenturl . '?mode=view&cid=' - . $A['cid'] . '&format=nested' . '>' . LB . LB; - $mailbody .= $LANG03[40] . LB . '<' . $commenturl - . '?mode=unsubscribe&key=' . $A['deletehash'] . '>' . LB; + $mailBody = sprintf($LANG03[41], $name) . LB . LB; + $mailBody .= sprintf($LANG03[38], $title) . LB . LB; + $mailBody .= $LANG03[39] . LB . '<' . $commentUrl . '?mode=view&cid=' + . $A['cid'] . '&format=nested' . '>' . LB . LB; + $mailBody .= $LANG03[40] . LB . '<' . $commentUrl + . '?mode=unsubscribe&key=' . $A['deletehash'] . '>' . LB; $email = DB_getItem($_TABLES['users'], 'email', "uid = {$A['uid']}"); if (!empty($email)) { - COM_mail($email, $mailsubject, $mailbody); + COM_mail($email, $mailSubject, $mailBody); } - } } @@ -2129,7 +2120,7 @@ function CMT_sendReplyNotification($A, $send_self = false) * Handles a comment submission * * @copyright Vincent Furia 2005 - * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net + * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net * @return string HTML (possibly a refresh) */ function CMT_handleCancel() @@ -2168,14 +2159,20 @@ function CMT_handleCancel() * Handles a comment submission * * @copyright Vincent Furia 2005 - * @author Vincent Furia + * @author Vincent Furia + * @param string $title + * @param string $sid + * @param int $pid + * @param string $type + * @param string $postMode + * @param int $uid * @return string HTML (possibly a refresh) */ -function CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid) +function CMT_handleSubmit($title, $sid, $pid, $type, $postMode, $uid) { global $_CONF, $_TABLES, $LANG03; - $display = PLG_commentSave($type, $title, $_POST['comment'], $sid, $pid, $postmode); + $display = PLG_commentSave($type, $title, $_POST['comment'], $sid, $pid, $postMode); if (!$display) { COM_redirect($_CONF['site_url'] . '/index.php'); } @@ -2187,10 +2184,13 @@ function CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid) * Hanldes a comment submission * * @copyright Vincent Furia 2005 - * @author Vincent Furia + * @author Vincent Furia + * @param string $sid + * @param string $type + * @param string $formType * @return string HTML (possibly a refresh) */ -function CMT_handleDelete($sid, $type, $formtype) +function CMT_handleDelete($sid, $type, $formType) { global $_CONF, $_TABLES; @@ -2204,7 +2204,7 @@ function CMT_handleDelete($sid, $type, $formtype) COM_redirect($_CONF['site_url'] . '/index.php'); } - if ($formtype == 'editsubmission') { + if ($formType == 'editsubmission') { DB_delete($_TABLES['commentsubmissions'], 'cid', $cid); COM_redirect($_CONF['site_admin_url'] . '/moderation.php'); } else { @@ -2221,19 +2221,17 @@ function CMT_handleDelete($sid, $type, $formtype) * Handles a comment view request * * @copyright Vincent Furia 2005 - * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net - * @param string $format 'threaded', 'nested', or 'flat' - * @param string $order 'ASC' or 'DESC' or blank - * @param int $page Page number of comments to display - * @param boolean $view View or display (true for view) + * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net + * @param string $format 'threaded', 'nested', or 'flat' + * @param string $order 'ASC' or 'DESC' or blank + * @param int $page Page number of comments to display + * @param bool $view View or display (true for view) * @return string HTML (possibly a refresh) */ function CMT_handleView($format, $order, $page, $view = true) { global $_CONF, $_TABLES, $_USER; - $display = ''; - $cid = 0; if ($view) { if (isset($_REQUEST[CMT_CID])) { @@ -2249,13 +2247,13 @@ function CMT_handleView($format, $order, $page, $view = true) } $sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = $cid"; - $A = DB_fetchArray( DB_query($sql) ); - $sid = $A['sid']; + $A = DB_fetchArray(DB_query($sql)); + $sid = $A['sid']; $title = $A['title']; - $type = $A['type']; + $type = $A['type']; $display = PLG_displayComment($type, $sid, $cid, $title, - $order, $format, $page, $view); + $order, $format, $page, $view); if (!$display) { COM_handle404(); } @@ -2270,16 +2268,16 @@ function CMT_handleView($format, $order, $page, $view = true) * Handles a comment edit submission * * @copyright Jared Wenerd 2008 - * @author Jared Wenerd, wenerd87 AT gmail DOT com - * @param string $mode 'edit' or 'editsubmission' - * @param string $format 'threaded', 'nested', or 'flat' - * @param string $order 'ASC' or 'DESC' or blank - * @param int $page Page number of comments to display + * @author Jared Wenerd, wenerd87 AT gmail DOT com + * @param string $mode 'edit' or 'editsubmission' + * @param string $format 'threaded', 'nested', or 'flat' + * @param string $order 'ASC' or 'DESC' or blank + * @param int $page Page number of comments to display * @return string HTML (possibly a refresh) */ -function CMT_handleEdit($mode='', $postmode='', $format, $order, $page) +function CMT_handleEdit($mode = '', $postMode = '', $format, $order, $page) { - global $_TABLES, $LANG03, $_CONF; + global $_TABLES, $LANG03, $_CONF, $_USER; //get needed data $cid = 0; @@ -2288,13 +2286,13 @@ function CMT_handleEdit($mode='', $postmode='', $format, $order, $page) } if ($cid <= 0) { COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to edit a comment with one or more missing/bad values.'); + . 'to edit a comment with one or more missing/bad values.'); COM_redirect($_CONF['site_url'] . '/index.php'); } $type = ''; $sid = ''; - if ($mode == 'editsubmission') { + if ($mode === 'editsubmission') { $table = $_TABLES['commentsubmissions']; $result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = $cid"); list($type, $sid) = DB_fetchArray($result); @@ -2305,9 +2303,9 @@ function CMT_handleEdit($mode='', $postmode='', $format, $order, $page) } if (COMMENT_ON_SAME_PAGE) { - list($plgurl, $plgid) = CMT_getCommentUrlId($type); - if (isset($_REQUEST[$plgid])) { - $sid = COM_applyFilter($_REQUEST[$plgid]); + list($pluginUrl, $pluginId) = CMT_getCommentUrlId($type); + if (isset($_REQUEST[$pluginId])) { + $sid = COM_applyFilter($_REQUEST[$pluginId]); } } else { if (isset($_REQUEST['sid'])) { @@ -2319,72 +2317,72 @@ function CMT_handleEdit($mode='', $postmode='', $format, $order, $page) //check for bad data if (empty($sid) || empty($type)) { COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to edit a comment with one or more missing/bad values.'); + . 'to edit a comment with one or more missing/bad values.'); COM_redirect($_CONF['site_url'] . '/index.php'); } // Filemgmt plugin is doing special processing. // Therefore, I support specially, against my better judgment. // May should delete this code part. - if ($type == 'filemgmt' AND $mode != 'editsubmission') { + if ($type === 'filemgmt' && $mode !== 'editsubmission') { $sid = 'fileid_' . $sid; } - $result = DB_query ("SELECT title,comment FROM $table " - . "WHERE cid = $cid AND sid = '$sid' AND type = '$type'"); + $result = DB_query("SELECT title,comment FROM {$table} " + . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'"); - if ( DB_numRows($result) == 1 ) { - $A = DB_fetchArray ($result); + if (DB_numRows($result) == 1) { + $A = DB_fetchArray($result); $title = COM_stripslashes($A['title']); - $commenttext = COM_stripslashes(COM_undoSpecialChars ($A['comment'])); + $commentText = COM_stripslashes(COM_undoSpecialChars($A['comment'])); //remove signature - $pos = strpos( $commenttext,''); - if ( $pos > 0) { - $commenttext = substr($commenttext, 0, $pos); + $pos = strpos($commentText, ''); + if ($pos > 0) { + $commentText = substr($commentText, 0, $pos); } //get format mode - if ( preg_match( '/<.*>/', $commenttext ) != 0 ){ - $postmode = 'html'; + if (preg_match('/<.*>/', $commentText) != 0) { + $postMode = 'html'; } else { - $postmode = 'plaintext'; + $postMode = 'plaintext'; } } else { COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to edit a comment that doesn\'t exist as described.'); + . 'to edit a comment that doesn\'t exist as described.'); COM_redirect($_CONF['site_url'] . '/index.php'); } - return CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode, - $format, $order, $page); + return CMT_commentForm($title, $commentText, $sid, $cid, $type, $mode, $postMode, + $format, $order, $page); } /** * Handles comment processing * - * @param string $mode Mode of comment processing - * @param string $type Type of item (article, polls, etc.) - * @param string $title Title of item - * @param string $sid ID for item to show comments for - * @param string $format 'threaded', 'nested', or 'flat' - * @return string HTML formated + * @param string $mode Mode of comment processing + * @param string $type Type of item (article, polls, etc.) + * @param string $title Title of item + * @param string $sid ID for item to show comments for + * @param string $format 'threaded', 'nested', or 'flat' + * @return string HTML formatted */ -function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') +function CMT_handleComment($mode = '', $type = '', $title = '', $sid = '', $format = '') { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN, $topic, $_PLUGINS; - $commentmode = ''; + $commentMode = ''; if (!empty($_REQUEST[CMT_MODE])) { - $commentmode = COM_applyFilter($_REQUEST[CMT_MODE]); + $commentMode = COM_applyFilter($_REQUEST[CMT_MODE]); } if (empty($mode)) { $mode = COM_applyFilter(COM_getArgument(CMT_MODE)); } - if (empty($commentmode) && !empty($mode)) { - $commentmode = $mode; + if (empty($commentMode) && !empty($mode)) { + $commentMode = $mode; } if (empty($sid) && !empty($_REQUEST[CMT_SID])) { @@ -2413,14 +2411,14 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') } } - $postmode = $_CONF['postmode']; + $postMode = $_CONF['postmode']; if (isset($_REQUEST['postmode'])) { - $postmode = COM_applyFilter($_REQUEST['postmode']); + $postMode = COM_applyFilter($_REQUEST['postmode']); } - $formtype = ''; + $formType = ''; if (!empty($_REQUEST['formtype'])) { - $formtype = COM_applyFilter($_REQUEST['formtype']); + $formType = COM_applyFilter($_REQUEST['formtype']); } // Get comment id, may not be there...will handle in function @@ -2430,15 +2428,15 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') } TOPIC_getTopic('comment', $cid); - if(empty($format) && isset( $_REQUEST['format'] )) { - $format = COM_applyFilter( $_REQUEST['format'] ); + if (empty($format) && isset($_REQUEST['format'])) { + $format = COM_applyFilter($_REQUEST['format']); } if (!in_array($format, array('threaded', 'nested', 'flat', 'nocomment'))) { if (COM_isAnonUser()) { $format = $_CONF['comment_mode']; } else { - $format = DB_getItem( $_TABLES['usercomment'], 'commentmode', - "uid = {$_USER['uid']}" ); + $format = DB_getItem($_TABLES['usercomment'], 'commentmode', + "uid = {$_USER['uid']}"); } } @@ -2447,10 +2445,10 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') $order = COM_applyFilter($_REQUEST['order']); } - $cpage = 1; + $cPage = 1; if (!empty($_REQUEST['cpage'])) { - $cpage = COM_applyFilter($_REQUEST['cpage'], true); - if (empty($cpage)) $cpage = 1; + $cPage = COM_applyFilter($_REQUEST['cpage'], true); + if (empty($cPage)) $cPage = 1; } $is_comment_page = CMT_isCommentPage(); @@ -2458,15 +2456,16 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') $retval = ''; if ($_CONF['show_comments_at_replying'] && $is_comment_page && !empty($sid) && !empty($type) - && in_array($commentmode, array('', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) { - if ($commentmode == 'edit') { + && in_array($commentMode, array('', $LANG03[28], $LANG03[34], $LANG03[14], 'edit')) + ) { + if ($commentMode == 'edit') { $cid = 0; if (isset($_REQUEST[CMT_CID])) { $cid = COM_applyFilter($_REQUEST[CMT_CID], true); } if ($cid <= 0) { COM_errorLog("CMT_handleComment(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " - . 'to edit a comment with one or more missing/bad values.'); + . 'to edit a comment with one or more missing/bad values.'); COM_redirect($_CONF['site_url'] . '/index.php'); } $pid = $cid; @@ -2474,28 +2473,27 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') if (($pid > 0) && empty($title)) { $atype = DB_escapeString($type); $title = DB_getItem($_TABLES['comments'], 'title', - "(cid = $pid) AND (type = '$atype')"); + "(cid = $pid) AND (type = '$atype')"); } if (empty($title)) { $title = PLG_getItemInfo($type, $sid, 'title'); - $title = str_replace ( '$', '$', $title ); + $title = str_replace('$', '$', $title); // CMT_userComments expects non-htmlspecial chars for title... - $title = str_replace ( '&', '&', $title ); - $title = str_replace ( '"', '"', $title ); - $title = str_replace ( '<', '<', $title ); - $title = str_replace ( '>', '>', $title ); + $title = str_replace('&', '&', $title); + $title = str_replace('"', '"', $title); + $title = str_replace('<', '<', $title); + $title = str_replace('>', '>', $title); } - $retval .= CMT_userComments($sid, $title, $type, $order, $format, $pid, $cpage, ($pid > 0), false, 0); + $retval .= CMT_userComments($sid, $title, $type, $order, $format, $pid, $cPage, ($pid > 0), false, 0); } - switch ($commentmode) { - + switch ($commentMode) { case $LANG03[28]: // Preview Changes (for edit) case $LANG03[34]: // Preview Submission changes (for edit) case $LANG03[14]: // Preview - $retval .= CMT_commentForm ($title, $_POST['comment'], - $sid, $pid, $type, $commentmode, $postmode, - $format, $order, $cpage); + $retval .= CMT_commentForm($title, $_POST['comment'], + $sid, $pid, $type, $commentMode, $postMode, + $format, $order, $cPage); if ($is_comment_page) { $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[14])); } @@ -2504,31 +2502,31 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') case $LANG03[35]: // Submit Changes to Moderation table case $LANG03[29]: // Submit Changes if (SEC_checkToken()) { - $retval .= CMT_handleEditSubmit($commentmode); + $retval .= CMT_handleEditSubmit($commentMode); } else { COM_redirect($_CONF['site_url'] . '/index.php'); } break; case $LANG03[11]: // Submit comment - $retval .= CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid); + $retval .= CMT_handleSubmit($title, $sid, $pid, $type, $postMode, $uid); break; case $LANG_ADMIN['delete']: case 'delete': // Delete comment if (SEC_checkToken()) { - $retval .= CMT_handleDelete($sid, $type, $formtype); + $retval .= CMT_handleDelete($sid, $type, $formType); } else { COM_redirect($_CONF['site_url'] . '/index.php'); } break; case 'view': // View comment by $cid - $retval .= CMT_handleView($format, $order, $cpage, true); + $retval .= CMT_handleView($format, $order, $cPage, true); break; case 'display': // View comment by $pid - $retval .= CMT_handleView($format, $order, $cpage, false); + $retval .= CMT_handleView($format, $order, $cPage, false); break; case 'report': @@ -2572,28 +2570,26 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') if (!SEC_hasRights('comment.moderate')) { COM_redirect($_CONF['site_url'] . '/index.php'); } - // deliberate fall-through + // deliberate fall-through case 'edit': - $retval .= CMT_handleEdit($commentmode, $postmode, $format, $order, $cpage); + $retval .= CMT_handleEdit($commentMode, $postMode, $format, $order, $cPage); if ($is_comment_page) { $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1])); } break; case 'unsubscribe': - $cid = 0; $key = COM_applyFilter($_GET['key']); if (!empty($key)) { $key = DB_escapeString($key); - $cid = DB_getItem($_TABLES['commentnotifications'], 'cid', - "deletehash = '$key'"); + $cid = DB_getItem($_TABLES['commentnotifications'], 'cid', "deletehash = '$key'"); if (!empty($cid)) { - $redirecturl = $_CONF['site_url'] - . '/comment.php?mode=view&cid=' . $cid - . '&format=nested&msg=16'; + $redirectUrl = $_CONF['site_url'] + . '/comment.php?mode=view&cid=' . $cid + . '&format=nested&msg=16'; DB_delete($_TABLES['commentnotifications'], 'deletehash', $key, - $redirecturl); + $redirectUrl); exit; } } @@ -2602,7 +2598,7 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') break; case $LANG_ADMIN['cancel']: - if ($formtype == 'editsubmission') { + if ($formType == 'editsubmission') { COM_redirect($_CONF['site_admin_url'] . '/moderation.php'); } else { $retval .= CMT_handleCancel(); // moved to function for readibility @@ -2610,7 +2606,6 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') break; default: // New Comment or Reply Comment - $abort = false; // Check to make sure comment type exists if ($type != 'article' && !in_array($type, $_PLUGINS)) { @@ -2618,10 +2613,10 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') } // Check article permissions - if (!$abort && ($type == 'article') && !empty($sid)) { + if (!$abort && ($type === 'article') && !empty($sid)) { $dbTitle = DB_getItem($_TABLES['stories'], 'title', - "(sid = '$sid') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)" - . COM_getPermSQL('AND')); + "(sid = '$sid') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)" + . COM_getPermSQL('AND')); // if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid) < 2) { // Make sure have at least read access to topics to post comment if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid, $topic) < 2) { // Make sure have at least read access to current topic of article to post comment @@ -2634,7 +2629,7 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') if (($pid > 0) && empty($title)) { $atype = DB_escapeString($type); $title = DB_getItem($_TABLES['comments'], 'title', - "(cid = $pid) AND (type = '$atype')"); + "(cid = $pid) AND (type = '$atype')"); } if (empty($title)) { $title = PLG_getItemInfo($type, $sid, 'title'); @@ -2643,15 +2638,15 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') if (is_array($title) || empty($title) || ($title == false)) { COM_redirect($_CONF['site_url'] . '/index.php'); } - $title = str_replace ( '$', '$', $title ); + $title = str_replace('$', '$', $title); // CMT_commentForm expects non-htmlspecial chars for title... - $title = str_replace ( '&', '&', $title ); - $title = str_replace ( '"', '"', $title ); - $title = str_replace ( '<', '<', $title ); - $title = str_replace ( '>', '>', $title ); + $title = str_replace('&', '&', $title); + $title = str_replace('"', '"', $title); + $title = str_replace('<', '<', $title); + $title = str_replace('>', '>', $title); } - $retval .= CMT_commentForm ($title, '', $sid, $pid, $type, $commentmode, - $postmode, $format, $order, $cpage); + $retval .= CMT_commentForm($title, '', $sid, $pid, $type, $commentMode, + $postMode, $format, $order, $cPage); } else { if (COMMENT_ON_SAME_PAGE) { // Do nothing and do not show comment form (happens most likely when admin viewing draft article) @@ -2661,8 +2656,8 @@ function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='') } } if ($is_comment_page) { - $noindex = ''; - $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1], 'headercode' => $noindex)); + $noIndex = ''; + $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1], 'headercode' => $noIndex)); } break; } @@ -2682,7 +2677,7 @@ function CMT_isCommentPage() if (!isset($result)) { $parts = explode('/', $_SERVER['PHP_SELF']); $page = array_pop($parts); - $result = ($page == 'comment.php'); + $result = ($page === 'comment.php'); } return $result; @@ -2691,7 +2686,7 @@ function CMT_isCommentPage() /** * Get view URL and name of unique identifier * - * @param string $type Plugin to delete comment + * @param string $type Plugin to delete comment * @return array string of URL of view page, name of unique identifier * @see function PLG_getCommentUrlId */ @@ -2700,7 +2695,7 @@ function CMT_getCommentUrlId($type) global $_CONF; if ($type == 'article') { - $retval[0] = COM_buildUrl($_CONF['site_url'] . '/article.php'); + $retval[0] = COM_buildURL($_CONF['site_url'] . '/article.php'); $retval[1] = 'story'; } else { $retval = PLG_getCommentUrlId($type); @@ -2716,26 +2711,25 @@ function CMT_getCommentUrlId($type) */ /** -* Do we support comment feeds? (use plugin api) -* -* @return array id/name pairs of all supported feeds -* -*/ + * Do we support comment feeds? (use plugin api) + * + * @return array id/name pairs of all supported feeds + */ function plugin_getfeednames_comment() { global $_TABLES, $LANG33; - $feeds = array (); + $feeds = array(); - $feeds[] = array ('id' => 'all', 'name' => $LANG33[23]); + $feeds[] = array('id' => 'all', 'name' => $LANG33[23]); - $result = DB_query ("SELECT tid, topic FROM {$_TABLES['topics']} ".COM_getPermSQL('AND')." ORDER BY topic ASC"); - $num = DB_numRows ($result); + $result = DB_query("SELECT tid, topic FROM {$_TABLES['topics']} " . COM_getPermSQL('AND') . " ORDER BY topic ASC"); + $num = DB_numRows($result); if ($num > 0) { for ($i = 0; $i < $num; $i++) { - $A = DB_fetchArray ($result); - $feeds[] = array ('id' => $A['tid'], 'name' => $A['topic']); + $A = DB_fetchArray($result); + $feeds[] = array('id' => $A['tid'], 'name' => $A['topic']); } } @@ -2743,116 +2737,109 @@ function plugin_getfeednames_comment() } /** -* Provide feed data -* -* @param int $feed feed ID -* @param ref $link -* @param ref $update -* @return array feed entries -* -*/ -function plugin_getfeedcontent_comment ($feed, &$link, &$update) + * Provide feed data + * + * @param int $feed feed ID + * @param string $link + * @param string $update + * @return array feed entries + */ +function plugin_getfeedcontent_comment($feed, &$link, &$update) { global $_CONF, $_TABLES; - $result = DB_query( "SELECT topic,limits,content_length FROM {$_TABLES['syndication']} WHERE fid = '$feed'" ); - $S = DB_fetchArray( $result ); + $result = DB_query("SELECT topic,limits,content_length FROM {$_TABLES['syndication']} WHERE fid = '$feed'"); + $S = DB_fetchArray($result); // If topic is all then make it root so all topics are returned (since articles cannot belong to all topics) if ($S['topic'] == TOPIC_ALL_OPTION OR empty($S['topic'])) { - $S['topic'] = TOPIC_ROOT; + $S['topic'] = TOPIC_ROOT; } // Retrieve list of inherited topics for anonymous user $tid_list = TOPIC_getChildList($S['topic'], 1); $sql = "SELECT c.cid, c.sid, c.title as title, c.comment, UNIX_TIMESTAMP(c.date) AS modified, " - ." s.title as articleTitle, c.uid, s.uid as articleAuthor " - . "FROM {$_TABLES['comments']} c, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta " - . "WHERE (s.draft_flag = 0) AND (s.date <= NOW()) " - . COM_getPermSQL('AND', 1, 2, 's') - . " AND ta.type = 'article' AND ta.id = s.sid " - ." AND c.type = 'article' AND s.sid = c.sid " - . "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$S['topic']}'))) " - . "GROUP BY c.cid " - . "ORDER BY modified DESC LIMIT 0, {$S['limits']} "; - - $result = DB_query( $sql ); + . " s.title as articleTitle, c.uid, s.uid as articleAuthor " + . "FROM {$_TABLES['comments']} c, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta " + . "WHERE (s.draft_flag = 0) AND (s.date <= NOW()) " + . COM_getPermSQL('AND', 1, 2, 's') + . " AND ta.type = 'article' AND ta.id = s.sid " + . " AND c.type = 'article' AND s.sid = c.sid " + . "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$S['topic']}'))) " + . "GROUP BY c.cid " + . "ORDER BY modified DESC LIMIT 0, {$S['limits']} "; + + $result = DB_query($sql); $content = array(); $cids = array(); - $nrows = DB_numRows( $result ); + $numRows = DB_numRows($result); - for( $i = 0; $i < $nrows; $i++ ) - { - $row = DB_fetchArray( $result ); + for ($i = 0; $i < $numRows; $i++) { + $row = DB_fetchArray($result); $cids[] = $row['cid']; - $title = stripslashes( $row['title'] ); - $body = stripslashes( $row['comment'] ); + $title = stripslashes($row['title']); + $body = stripslashes($row['comment']); if ($S['content_length'] > 1) { - $body = SYND_truncateSummary( $body, $S['content_length'] ); + $body = SYND_truncateSummary($body, $S['content_length']); } - $articleLink = COM_buildUrl( $_CONF['site_url'] - ."/article.php?story={$row['sid']}"); + $articleLink = COM_buildURL($_CONF['site_url'] . "/article.php?story={$row['sid']}"); - $link = $_CONF['site_url']."/comment.php?mode=view&cid={$row['cid']}"; + $link = $_CONF['site_url'] . "/comment.php?mode=view&cid={$row['cid']}"; $articleTitle = $row['articleTitle']; - if( $_CONF['comment_feeds_article_tag_position'] != 'none' ) - { - + if ($_CONF['comment_feeds_article_tag_position'] !== 'none') { $articleAuthor = sprintf($_CONF['comment_feeds_article_author_tag'], - $_CONF['site_url'].'/users.php?mode=profile&uid='.$row['articleAuthor'], - COM_getDisplayName( $row['articleAuthor'])); + $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $row['articleAuthor'], + COM_getDisplayName($row['articleAuthor'])); $commentAuthor = sprintf($_CONF['comment_feeds_comment_author_tag'], - $_CONF['site_url'].'/users.php?mode=profile&uid='.$row['uid'], - COM_getDisplayName( $row['uid'] )); + $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $row['uid'], + COM_getDisplayName($row['uid'])); $magicTag = sprintf($_CONF['comment_feeds_article_tag'], $articleLink, $articleTitle, $articleAuthor, $commentAuthor); - if( $_CONF['comment_feeds_article_tag_position'] == 'start' ) - { - $body = $magicTag.$body; + + if ($_CONF['comment_feeds_article_tag_position'] === 'start') { + $body = $magicTag . $body; } else { $body .= $magicTag; } } - $content[] = array( 'title' => $title, - 'summary' => $body, - 'link' => $link, - 'uid' => $row['uid'], - 'author' => COM_getDisplayName( $row['uid'] ), - 'date' => $row['modified'], - 'format' => 'html' - ); + $content[] = array( + 'title' => $title, + 'summary' => $body, + 'link' => $link, + 'uid' => $row['uid'], + 'author' => COM_getDisplayName($row['uid']), + 'date' => $row['modified'], + 'format' => 'html', + ); } $link = $_CONF['site_url']; - $update = implode( ',', $cids ); + $update = implode(',', $cids); return $content; } /** -* Checking if comment feeds are up to date -* -* @param int $feed id of feed to be checked -* @param string $topic topic -* @param string $update_data data describing current feed contents -* @param string $limit number of entries or number of hours -* @param string $updated_type (optional) type of feed to be updated -* @param string $updated_topic (optional) feed's "topic" to be updated -* @param string $updated_id (optional) id of entry that has changed -* @return boolean true: feed data is up to date; false: isn't -* -*/ -function plugin_feedupdatecheck_comment ($feed, $topic, $update_data, $limit, $updated_type = '', $updated_topic = '', $updated_id = '') + * Checking if comment feeds are up to date + * + * @param int $feed id of feed to be checked + * @param string $topic topic + * @param string $update_data data describing current feed contents + * @param string $limit number of entries or number of hours + * @param string $updated_type (optional) type of feed to be updated + * @param string $updated_topic (optional) feed's "topic" to be updated + * @param string $updated_id (optional) id of entry that has changed + * @return bool true: feed data is up to date; false: isn't + */ +function plugin_feedupdatecheck_comment($feed, $topic, $update_data, $limit, $updated_type = '', $updated_topic = '', $updated_id = '') { global $_TABLES, $_TOPICS; - $is_current = true; - - if ($updated_type != 'comment') { + if ($updated_type !== 'comment') { // we're not interested $updated_type = ''; $updated_topic = ''; @@ -2876,30 +2863,30 @@ function plugin_feedupdatecheck_comment ($feed, $topic, $update_data, $limit, $u } */ - // If topic is all then make it root so all topics are returned (since articles cannot belong to all topics) - if ($topic == TOPIC_ALL_OPTION OR empty($topic)) { - $topic = TOPIC_ROOT; - } + // If topic is all then make it root so all topics are returned (since articles cannot belong to all topics) + if ($topic == TOPIC_ALL_OPTION || empty($topic)) { + $topic = TOPIC_ROOT; + } // Retrieve list of inherited topics for anonymous user $tid_list = TOPIC_getChildList($topic, 1); $sql = "SELECT c.cid, UNIX_TIMESTAMP(c.date) AS modified " - . "FROM {$_TABLES['comments']} c, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta " - . "WHERE (s.draft_flag = 0) AND (s.date <= NOW()) " - . COM_getPermSQL('AND', 1, 2, 's') - . " AND ta.type = 'article' AND ta.id = s.sid " - ." AND c.type = 'article' AND s.sid = c.sid " - . "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$topic}'))) " - . "GROUP BY c.cid " - . "ORDER BY modified DESC LIMIT 0, {$limit} "; - - $result = DB_query ($sql); - $num = DB_numRows ($result); - - $cids = array (); + . "FROM {$_TABLES['comments']} c, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta " + . "WHERE (s.draft_flag = 0) AND (s.date <= NOW()) " + . COM_getPermSQL('AND', 1, 2, 's') + . " AND ta.type = 'article' AND ta.id = s.sid " + . " AND c.type = 'article' AND s.sid = c.sid " + . "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$topic}'))) " + . "GROUP BY c.cid " + . "ORDER BY modified DESC LIMIT 0, {$limit} "; + + $result = DB_query($sql); + $num = DB_numRows($result); + + $cids = array(); for ($i = 0; $i < $num; $i++) { - $A = DB_fetchArray ($result); + $A = DB_fetchArray($result); if ($A['cid'] == $updated_id) { // this feed has to be updated - no further checks needed @@ -2908,9 +2895,7 @@ function plugin_feedupdatecheck_comment ($feed, $topic, $update_data, $limit, $u $cids[] = $A['cid']; } - $current = implode (',', $cids); + $current = implode(',', $cids); - return ($current != $update_data) ? false : true; + return ($current == $update_data); } - -?> diff --git a/system/lib-story.php b/system/lib-story.php index c8aa0a3d8..27b2756a5 100644 --- a/system/lib-story.php +++ b/system/lib-story.php @@ -1782,7 +1782,7 @@ function service_submit_story($args, &$output, &$svc_msg) } } - /* Store the first CATEGORY as the Topic ID */ + // Store the first CATEGORY as the Topic ID if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } @@ -1804,8 +1804,7 @@ function service_submit_story($args, &$output, &$svc_msg) } } - /* Apply filters to the parameters passed by the webservice */ - + // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); @@ -1815,7 +1814,7 @@ function service_submit_story($args, &$output, &$svc_msg) } } - /* - START: Set all the defaults - */ + // - START: Set all the defaults - /* if (empty($args['tid'])) { // see if we have a default topic @@ -1867,8 +1866,7 @@ function service_submit_story($args, &$output, &$svc_msg) } if ($args['gl_svc']) { - - /* Permissions */ + // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { @@ -1902,7 +1900,7 @@ function service_submit_story($args, &$output, &$svc_msg) $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } - /* - END: Set all the defaults - */ + // - END: Set all the defaults - // TEST CODE /* foreach ($args as $k => $v) { @@ -1942,7 +1940,7 @@ function service_submit_story($args, &$output, &$svc_msg) $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { - /* First load the original story to check if it has been modified */ + // First load the original story to check if it has been modified $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { @@ -1957,7 +1955,7 @@ function service_submit_story($args, &$output, &$svc_msg) } } - /* This function is also doing the security checks */ + // This function is also doing the security checks $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); @@ -2366,7 +2364,7 @@ function service_get_story($args, &$output, &$svc_msg) continue; } - $story->_sanitizeData(); + $story->sanitizeData(); reset($story->_dbFields); diff --git a/system/lib-topic.php b/system/lib-topic.php index 7df243ffa..18ff0fa39 100644 --- a/system/lib-topic.php +++ b/system/lib-topic.php @@ -393,13 +393,13 @@ function TOPIC_checkList($selected_ids = '', $fieldname = '', $language_specific /** * This function creates html options for Topics, for a single or multi select box * -* @param string/array $selected_ids Topics Ids to mark as selected +* @param string|array $selected_ids Topics Ids to mark as selected * @param int $include_root_all Include Nothing (0) or Root (1) or All (2) or None (4) in list. * @param boolean $language_specific If false include all topics for every language * @param string $remove_id Id of topic to not include (includes any children) (used for selection of parent id) * @param boolean $remove_archive Remove archive topic from list if any * @param int $uid User id or 0 = current user -* @return HTML string +* @return string HTML * */ function TOPIC_getTopicListSelect($selected_ids = array(), $include_root_all = 1, $language_specific = false, $remove_id = '', $remove_archive = false, $uid = 0)
', '[code]', $text); $text = str_replace('
', '
{$this->_introtext}
{$this->_bodytext}
' . $comment . '