diff options
| -rw-r--r-- | modules/comment.module | 32 | ||||
| -rw-r--r-- | modules/comment/comment.module | 32 |
2 files changed, 48 insertions, 16 deletions
diff --git a/modules/comment.module b/modules/comment.module index b9bf4f01a..bb96f6d27 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -924,7 +924,7 @@ function comment_delete($cid) { // We'll only delete if the user has confirmed the // deletion using the form in our else clause below. - if ($comment->cid && $_POST['edit']['confirm']) { + if (is_object($comment) && ctype_digit($comment->cid) && $_POST['edit']['confirm']) { drupal_set_message(t('The comment and all its replies have been deleted.')); // Delete comment and its replies. @@ -937,7 +937,7 @@ function comment_delete($cid) { drupal_goto("node/$comment->nid"); } - else if ($comment->cid) { + else if (is_object($comment) && ctype_digit($comment->cid)) { $output = confirm_form('comment_confirm_delete', array(), t('Are you sure you want to delete the comment %title?', array('%title' => theme('placeholder', $comment->subject))), @@ -1102,16 +1102,27 @@ function comment_multiple_delete_confirm() { $form['comments'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE); // array_filter() returns only elements with actual values + $comment_counter = 0; foreach (array_filter($edit['comments']) as $cid => $value) { - $subject = db_result(db_query('SELECT subject FROM {comments} WHERE cid = %d', $cid)); - $form['comments'][$cid] = array('#type' => 'hidden', '#value' => $cid, '#prefix' => '<li>', '#suffix' => check_plain($subject) .'</li>'); + $comment = _comment_load($cid); + if (is_object($comment) && ctype_digit($comment->cid)) { + $subject = db_result(db_query('SELECT subject FROM {comments} WHERE cid = %d', $cid)); + $form['comments'][$cid] = array('#type' => 'hidden', '#value' => $cid, '#prefix' => '<li>', '#suffix' => check_plain($subject) .'</li>'); + $comment_counter++; + } } $form['operation'] = array('#type' => 'hidden', '#value' => 'delete'); - return confirm_form('comment_multiple_delete_confirm', $form, - t('Are you sure you want to delete these comments and all their children?'), - 'admin/comment', t('This action cannot be undone.'), - t('Delete comments'), t('Cancel')); + if (!$comment_counter) { + drupal_set_message(t('There do not appear to be any comments to delete or your selected comment was deleted by another administrator.')); + drupal_goto('admin/comment'); + } + else { + return confirm_form('comment_multiple_delete_confirm', $form, + t('Are you sure you want to delete these comments and all their children?'), + 'admin/comment', t('This action cannot be undone.'), + t('Delete comments'), t('Cancel')); + } } /** @@ -1646,6 +1657,11 @@ function theme_comment_post_forbidden($nid) { } function _comment_delete_thread($comment) { + if (!is_object($comment) || !ctype_digit($comment->cid)) { + watchdog('content', t('Can not delete non-existent comment.'), WATCHDOG_WARNING); + return; + } + // Delete the comment: db_query('DELETE FROM {comments} WHERE cid = %d', $comment->cid); watchdog('content', t('Comment: deleted %subject.', array('%subject' => theme('placeholder', $comment->subject)))); diff --git a/modules/comment/comment.module b/modules/comment/comment.module index b9bf4f01a..bb96f6d27 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -924,7 +924,7 @@ function comment_delete($cid) { // We'll only delete if the user has confirmed the // deletion using the form in our else clause below. - if ($comment->cid && $_POST['edit']['confirm']) { + if (is_object($comment) && ctype_digit($comment->cid) && $_POST['edit']['confirm']) { drupal_set_message(t('The comment and all its replies have been deleted.')); // Delete comment and its replies. @@ -937,7 +937,7 @@ function comment_delete($cid) { drupal_goto("node/$comment->nid"); } - else if ($comment->cid) { + else if (is_object($comment) && ctype_digit($comment->cid)) { $output = confirm_form('comment_confirm_delete', array(), t('Are you sure you want to delete the comment %title?', array('%title' => theme('placeholder', $comment->subject))), @@ -1102,16 +1102,27 @@ function comment_multiple_delete_confirm() { $form['comments'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE); // array_filter() returns only elements with actual values + $comment_counter = 0; foreach (array_filter($edit['comments']) as $cid => $value) { - $subject = db_result(db_query('SELECT subject FROM {comments} WHERE cid = %d', $cid)); - $form['comments'][$cid] = array('#type' => 'hidden', '#value' => $cid, '#prefix' => '<li>', '#suffix' => check_plain($subject) .'</li>'); + $comment = _comment_load($cid); + if (is_object($comment) && ctype_digit($comment->cid)) { + $subject = db_result(db_query('SELECT subject FROM {comments} WHERE cid = %d', $cid)); + $form['comments'][$cid] = array('#type' => 'hidden', '#value' => $cid, '#prefix' => '<li>', '#suffix' => check_plain($subject) .'</li>'); + $comment_counter++; + } } $form['operation'] = array('#type' => 'hidden', '#value' => 'delete'); - return confirm_form('comment_multiple_delete_confirm', $form, - t('Are you sure you want to delete these comments and all their children?'), - 'admin/comment', t('This action cannot be undone.'), - t('Delete comments'), t('Cancel')); + if (!$comment_counter) { + drupal_set_message(t('There do not appear to be any comments to delete or your selected comment was deleted by another administrator.')); + drupal_goto('admin/comment'); + } + else { + return confirm_form('comment_multiple_delete_confirm', $form, + t('Are you sure you want to delete these comments and all their children?'), + 'admin/comment', t('This action cannot be undone.'), + t('Delete comments'), t('Cancel')); + } } /** @@ -1646,6 +1657,11 @@ function theme_comment_post_forbidden($nid) { } function _comment_delete_thread($comment) { + if (!is_object($comment) || !ctype_digit($comment->cid)) { + watchdog('content', t('Can not delete non-existent comment.'), WATCHDOG_WARNING); + return; + } + // Delete the comment: db_query('DELETE FROM {comments} WHERE cid = %d', $comment->cid); watchdog('content', t('Comment: deleted %subject.', array('%subject' => theme('placeholder', $comment->subject)))); |