Permalink
Browse files

Merge branch 's9_MDL-26854_spam_comments_20_2' of git://github.com/do…

…ngsheng/moodle into MOODLE_20_STABLE
  • Loading branch information...
2 parents 1374c61 + b473046 commit 7390fdde6305fc1d83a48ecce48a1607ad9972e8 Sam Hemelryk committed May 5, 2011
@@ -1,5 +1,31 @@
<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
+/**
+ * The comments block
+ *
+ * @package block
+ * @subpackage comments
+ * @copyright 2009 Dongsheng Cai <dongsheng@moodle.com>
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+// Obviously required
require_once($CFG->dirroot . '/comment/lib.php');
class block_comments extends block_base {
@@ -38,13 +64,12 @@ function get_content() {
$this->content->footer = '';
$this->content->text = '';
list($context, $course, $cm) = get_context_info_array($PAGE->context->id);
- $args = new stdClass();
+
+ $args = new stdClass;
$args->context = $PAGE->context;
$args->course = $course;
$args->area = 'page_comments';
$args->itemid = 0;
- // set 'env' to tell moodle tweak ui for this block
- $args->env = 'block_comments';
$args->component = 'block_comments';
$args->linktext = get_string('showcomments');
$args->notoggle = true;
View
@@ -966,3 +966,65 @@ function blog_get_associated_count($courseid, $cmid=null) {
}
return $DB->count_records('blog_association', array('contextid' => $context->id));
}
+
+/**
+ * Running addtional permission check on plugin, for example, plugins
+ * may have switch to turn on/off comments option, this callback will
+ * affect UI display, not like pluginname_comment_validate only throw
+ * exceptions.
+ * Capability check has been done in comment->check_permissions(), we
+ * don't need to do it again here.
+ *
+ * @param stdClass $comment_param {
+ * context => context the context object
+ * courseid => int course id
+ * cm => stdClass course module object
+ * commentarea => string comment area
+ * itemid => int itemid
+ * }
+ * @return array
+ */
+function blog_comment_permissions($comment_param) {
+ return array('post'=>true, 'view'=>true);
+}
+
+/**
+ * Validate comment parameter before perform other comments actions
+ *
+ * @param stdClass $comment {
+ * context => context the context object
+ * courseid => int course id
+ * cm => stdClass course module object
+ * commentarea => string comment area
+ * itemid => int itemid
+ * }
+ * @return boolean
+ */
+function blog_comment_validate($comment_param) {
+ global $DB;
+ // validate comment itemid
+ if (!$entry = $DB->get_record('post', array('id'=>$comment_param->itemid))) {
+ throw new comment_exception('invalidcommentitemid');
+ }
+ // validate comment area
+ if ($comment_param->commentarea != 'format_blog') {
+ throw new comment_exception('invalidcommentarea');
+ }
+ // validation for comment deletion
+ if (!empty($comment_param->commentid)) {
+ if ($record = $DB->get_record('comments', array('id'=>$comment_param->commentid))) {
+ if ($record->commentarea != 'format_blog') {
+ throw new comment_exception('invalidcommentarea');
+ }
+ if ($record->contextid != $comment_param->context->id) {
+ throw new comment_exception('invalidcontext');
+ }
+ if ($record->itemid != $comment_param->itemid) {
+ throw new comment_exception('invalidcommentitemid');
+ }
+ } else {
+ throw new comment_exception('invalidcommentid');
+ }
+ }
+ return true;
+}
View
@@ -40,7 +40,6 @@ M.core_comment = {
this.component = args.component;
this.courseid = args.courseid;
this.contextid = args.contextid;
- this.env = args.env;
this.autostart = (args.autostart);
// expand comments?
if (this.autostart) {
@@ -116,7 +115,6 @@ bodyContent: '<div class="comment-delete-confirm"><a href="#" id="confirmdelete-
scope = args['scope'];
}
//params['page'] = args.page?args.page:'';
- params['env'] = '';
// the form element only accept certain file types
params['sesskey'] = M.cfg.sesskey;
params['action'] = args.action?args.action:'';
@@ -348,7 +346,7 @@ bodyContent: '<div class="comment-delete-confirm"><a href="#" id="confirmdelete-
var d = container.getStyle('display');
if (d=='none'||d=='') {
// show
- if (this.autostart) {
+ if (!this.autostart) {
this.load(page);
} else {
this.register_delete_buttons();
@@ -1,5 +1,4 @@
<?php
-
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
@@ -24,87 +23,96 @@
require_once($CFG->dirroot . '/comment/lib.php');
$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
+$action = optional_param('action', '', PARAM_ALPHA);
+
+if (empty($CFG->usecomments)) {
+ throw new comment_exception('commentsnotenabled', 'moodle');
+}
+
list($context, $course, $cm) = get_context_info_array($contextid);
-$PAGE->set_context($context);
$PAGE->set_url('/comment/comment_ajax.php');
-$action = optional_param('action', '', PARAM_ALPHA);
+// Allow anonymous user to view comments providing forcelogin now enabled
+require_course_login($course, true, $cm);
+$PAGE->set_context($context);
+if (!empty($cm)) {
+ $PAGE->set_cm($cm, $course);
+} else if (!empty($course)) {
+ $PAGE->set_course($course);
+}
if (!confirm_sesskey()) {
- $error = array('error'=>get_string('invalidsesskey'));
+ $error = array('error'=>get_string('invalidsesskey', 'error'));
die(json_encode($error));
}
-if (!isloggedin()) {
- // display comments on front page without permission check
- if ($action == 'get') {
- if ($context->id == get_context_instance(CONTEXT_COURSE, SITEID)->id) {
- $ignore_permission = true;
- } else {
- // tell user to log in to view comments
- $ignore_permission = false;
- echo json_encode(array('error'=>'require_login'));
- die;
- }
- } else {
- // ignore request
- die;
- }
-} else {
- $ignore_permission = false;
-}
-
+$client_id = required_param('client_id', PARAM_ALPHANUM);
$area = optional_param('area', '', PARAM_ALPHAEXT);
-$client_id = optional_param('client_id', '', PARAM_RAW);
$commentid = optional_param('commentid', -1, PARAM_INT);
$content = optional_param('content', '', PARAM_RAW);
$itemid = optional_param('itemid', '', PARAM_INT);
$page = optional_param('page', 0, PARAM_INT);
$component = optional_param('component', '', PARAM_ALPHAEXT);
-echo $OUTPUT->header(); // send headers
-
// initilising comment object
-if (!empty($client_id)) {
- $args = new stdClass();
- $args->context = $context;
- $args->course = $course;
- $args->cm = $cm;
- $args->area = $area;
- $args->itemid = $itemid;
- $args->client_id = $client_id;
- $args->component = $component;
- // only for comments in frontpage
- $args->ignore_permission = $ignore_permission;
- $manager = new comment($args);
-} else {
- die;
-}
+$args = new stdClass;
+$args->context = $context;
+$args->course = $course;
+$args->cm = $cm;
+$args->area = $area;
+$args->itemid = $itemid;
+$args->client_id = $client_id;
+$args->component = $component;
+$manager = new comment($args);
+
+echo $OUTPUT->header(); // send headers
// process ajax request
switch ($action) {
case 'add':
- $result = $manager->add($content);
- if (!empty($result) && is_object($result)) {
- $result->count = $manager->count();
- $result->client_id = $client_id;
- echo json_encode($result);
+ if ($manager->can_post()) {
+ $result = $manager->add($content);
+ if (!empty($result) && is_object($result)) {
+ $result->count = $manager->count();
+ $result->client_id = $client_id;
+ echo json_encode($result);
+ die();
+ }
}
break;
case 'delete':
- $result = $manager->delete($commentid);
- if ($result === true) {
- echo json_encode(array('client_id'=>$client_id, 'commentid'=>$commentid));
+ $comment_record = $DB->get_record('comments', array('id'=>$commentid));
+ if ($manager->can_delete($commentid) || $comment_record->userid == $USER->id) {
+ if ($manager->delete($commentid)) {
+ $result = array(
+ 'client_id' => $client_id,
+ 'commentid' => $commentid
+ );
+ echo json_encode($result);
+ die();
+ }
}
break;
case 'get':
default:
- $result = array();
- $comments = $manager->get_comments($page);
- $result['list'] = $comments;
- $result['count'] = $manager->count();
- $result['pagination'] = $manager->get_pagination($page);
- $result['client_id'] = $client_id;
- echo json_encode($result);
+ if ($manager->can_view()) {
+ $comments = $manager->get_comments($page);
+ $result = array(
+ 'list' => $comments,
+ 'count' => $manager->count(),
+ 'pagination' => $manager->get_pagination($page),
+ 'client_id' => $client_id
+ );
+ echo json_encode($result);
+ die();
+ }
+ break;
+}
+
+if (!isloggedin()) {
+ // tell user to log in to view comments
+ echo json_encode(array('error'=>'require_login'));
}
+// ignore request
+die;
@@ -1,5 +1,4 @@
<?php
-
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
@@ -21,35 +20,40 @@
require_once('../config.php');
require_once($CFG->dirroot . '/comment/lib.php');
+if (empty($CFG->usecomments)) {
+ throw new comment_exception('commentsnotenabled', 'moodle');
+}
+
$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
list($context, $course, $cm) = get_context_info_array($contextid);
require_login($course, true, $cm);
require_sesskey();
-$action = optional_param('action', '', PARAM_ALPHA);
-$area = optional_param('area', '', PARAM_ALPHAEXT);
-$commentid = optional_param('commentid', -1, PARAM_INT);
-$content = optional_param('content', '', PARAM_RAW);
-$itemid = optional_param('itemid', '', PARAM_INT);
-$returnurl = optional_param('returnurl', '', PARAM_URL);
-$component = optional_param('component', '', PARAM_ALPHAEXT);
+$action = optional_param('action', '', PARAM_ALPHA);
+$area = optional_param('area', '', PARAM_ALPHAEXT);
+$content = optional_param('content', '', PARAM_RAW);
+$itemid = optional_param('itemid', '', PARAM_INT);
+$returnurl = optional_param('returnurl', '/', PARAM_URL);
+$component = optional_param('component', '', PARAM_ALPHAEXT);
+
+// Currently this script can only add comments
+if ($action !== 'add') {
+ redirect($returnurl);
+}
-$cmt = new stdClass();
+$cmt = new stdClass;
$cmt->contextid = $contextid;
$cmt->courseid = $course->id;
+$cmt->cm = $cm;
$cmt->area = $area;
$cmt->itemid = $itemid;
$cmt->component = $component;
$comment = new comment($cmt);
-switch ($action) {
-case 'add':
+if ($comment->can_post()) {
$cmt = $comment->add($content);
if (!empty($cmt) && is_object($cmt)) {
redirect($returnurl);
}
- break;
-default:
- exit;
}
View
@@ -20,7 +20,7 @@
*/
require_once('../config.php');
require_once($CFG->libdir.'/adminlib.php');
-require_once('locallib.php');
+require_once($CFG->dirroot.'/comment/locallib.php');
require_login();
admin_externalpage_setup('comments', '', null, '', array('pagelayout'=>'report'));
@@ -81,8 +81,11 @@
}
if (empty($action)) {
echo '<form method="post">';
- $manager->print_comments($page);
- echo '<input type="submit" id="comments_delete" name="batchdelete" value="'.get_string('delete').'" />';
+ $return = $manager->print_comments($page);
+ // if no comments available, $return will be false
+ if ($return) {
+ echo '<input type="submit" id="comments_delete" name="batchdelete" value="'.get_string('delete').'" />';
+ }
echo '</form>';
}
Oops, something went wrong. Retry.

0 comments on commit 7390fdd

Please sign in to comment.