diff options
author | Dries Buytaert <dries@buytaert.net> | 2006-01-18 15:09:39 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2006-01-18 15:09:39 +0000 |
commit | 47dd0142e6d081d01b10cf8a68a570d9ba7074a1 (patch) | |
tree | e5f7d6dfa79ad387ce9771b1f81f40c33a106241 /modules/comment.module | |
parent | 46913a7efd8d44fe5d3d5cf3e0274529bfd75d48 (diff) | |
download | brdo-47dd0142e6d081d01b10cf8a68a570d9ba7074a1.tar.gz brdo-47dd0142e6d081d01b10cf8a68a570d9ba7074a1.tar.bz2 |
- Patch #43325 by chx/drumm/merlinofchaos: critical bugfix: made editing comments work.
Diffstat (limited to 'modules/comment.module')
-rw-r--r-- | modules/comment.module | 254 |
1 files changed, 140 insertions, 114 deletions
diff --git a/modules/comment.module b/modules/comment.module index e18a7d685..c574d19fb 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -515,100 +515,6 @@ function comment_reply($nid, $pid = NULL) { return $output; } -function comment_validate(&$edit) { - global $user; - - // Invoke other validation handlers - comment_invoke_comment($edit, 'validate'); - - // only admins can change these fields - if (!user_access('administer comments')) { - $edit['uid'] = $user->uid; - $edit['timestamp'] = time(); - $edit['status'] = user_access('post comments without approval') ? 0 : 1; - } - else { - $date = isset($edit['date']) ? $edit['date'] : 'now'; - // As of PHP 5.1.0, strtotime returns FALSE upon failure instead of -1. - if (strtotime($date) > 0) { - $edit['timestamp'] = strtotime($date); - } - else { - form_set_error('date', t('You have to specify a valid date.')); - } - - if ($edit['uid']) { - // if a registered user posted the comment, we assume you only want to transfer authorship - // to another registered user. Name changes are freely allowed on anon comments. - if ($account = user_load(array('name' => $edit['author']))) { - $edit['uid'] = $account->uid; - } - else { - form_set_error('author', t('You have to specify a valid author.')); - } - } - else { - $edit['uid'] = 0; - $edit['name'] = $edit['author']; - } - } - - // Validate the comment's subject. If not specified, extract - // one from the comment's body. - if (trim($edit['subject']) == '') { - // The body may be in any format, so we: - // 1) Filter it into HTML - // 2) Strip out all HTML tags - // 3) Convert entities back to plain-text. - // Note: format is checked by check_markup(). - $edit['subject'] = truncate_utf8(decode_entities(strip_tags(check_markup($edit['comment'], $edit['format']))), 29, TRUE); - } - - // Validate the comment's body. - if ($edit['comment'] == '') { - form_set_error('comment', t('The body of your comment is empty.')); - } - - // Validate filter format - if (array_key_exists('format', $edit) && !filter_access($edit['format'])) { - form_set_error('format', t('The supplied input format is invalid.')); - } - - // Check validity of name, mail and homepage (if given) - if (!$user->uid) { - if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) { - if ($edit['name']) { - $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0); - - if ($taken != 0) { - form_set_error('name', t('The name you used belongs to a registered user.')); - } - - } - else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) { - form_set_error('name', t('You have to leave your name.')); - } - - if ($edit['mail']) { - if (!valid_email_address($edit['mail'])) { - form_set_error('mail', t('The e-mail address you specified is not valid.')); - } - } - else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) { - form_set_error('mail', t('You have to leave an e-mail address.')); - } - - if ($edit['homepage']) { - if (!valid_url($edit['homepage'], TRUE)) { - form_set_error('homepage', t('The URL of your homepage is not valid. Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.')); - } - } - } - } - - return $edit; -} - /** * Accepts a submission of new or changed comment content. * @@ -632,7 +538,7 @@ function comment_save($edit) { if ($edit['cid']) { // Update the comment in the database. - db_query("UPDATE {comments} SET status = '%s', timestamp = %d, subject = '%s', comment = '%s', format = '%s', uid = %d, name = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['cid']); + db_query("UPDATE {comments} SET status = '%s', timestamp = %d, subject = '%s', comment = '%s', format = '%s', uid = %d, name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['mail'], $edit['homepage'], $edit['cid']); _comment_update_node_statistics($edit['nid']); @@ -1251,6 +1157,61 @@ function comment_num_new($nid, $timestamp = 0) { } +function comment_validate($edit) { + global $user; + + // Invoke other validation handlers + comment_invoke_comment($edit, 'validate'); + + $check_date = strtotime($date); + // As of PHP 5.1.0, strtotime returns FALSE upon failure instead of -1. + if ($check_date === FALSE || $check_date === -1) { + form_set_error('date', t('You have to specify a valid date.')); + } + if (isset($edit['author']) && !$account = user_load(array('name' => $edit['author']))) { + form_set_error('author', t('You have to specify a valid author.')); + } + + // Validate the comment's body. + if ($edit['comment'] == '') { + form_set_error('comment', t('The body of your comment is empty.')); + } + + // Check validity of name, mail and homepage (if given) + if (!$user->uid || isset($edit['is_anonymous'])) { + if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) { + if ($edit['name']) { + $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0); + + if ($taken != 0) { + form_set_error('name', t('The name you used belongs to a registered user.')); + } + + } + else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) { + form_set_error('name', t('You have to leave your name.')); + } + + if ($edit['mail']) { + if (!valid_email_address($edit['mail'])) { + form_set_error('mail', t('The e-mail address you specified is not valid.')); + } + } + else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) { + form_set_error('mail', t('You have to leave an e-mail address.')); + } + + if ($edit['homepage']) { + if (!valid_url($edit['homepage'], TRUE)) { + form_set_error('homepage', t('The URL of your homepage is not valid. Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.')); + } + } + } + } + + return $edit; +} + /* ** Generate the basic commenting form, for appending to a node or display on a separate page. ** This is rendered by theme_comment_form. @@ -1287,9 +1248,57 @@ function comment_form($edit, $title = NULL) { $date = format_date($edit['timestamp'], 'custom', 'Y-m-d H:i O'); } - $form['admin'] = array('#type' => 'fieldset', '#title' => t('Administration'), '#collapsible' => TRUE, '#collapsed' => TRUE, '#weight' => -2); + $form['admin'] = array( + '#type' => 'fieldset', + '#title' => t('Administration'), + '#collapsible' => TRUE, + '#collapsed' => TRUE, + '#weight' => -2, + ); + + if ($edit['registered_name'] != '') { + // The comment is by a registered user + $form['admin']['author'] = array( + '#type' => 'textfield', + '#title' => t('Authored by'), + '#size' => 30, + '#maxlength' => 60, + '#autocomplete_path' => 'user/autocomplete', + '#default_value' => $author, + '#weight' => -1, + ); + } + else { + // The comment is by an anonymous user + $form['is_anonymous'] = array( + '#type' => 'value', + '#value' => TRUE, + ); + $form['admin']['name'] = array( + '#type' => 'textfield', + '#title' => t('Authored by'), + '#size' => 30, + '#maxlength' => 60, + '#default_value' => $author, + '#weight' => -1, + ); + $form['admin']['mail'] = array( + '#type' => 'textfield', + '#title' => t('E-mail'), + '#maxlength' => 64, + '#size' => 30, + '#default_value' => $edit['mail'], + '#description' => t('The content of this field is kept private and will not be shown publicly.'), + ); - $form['admin']['author'] = array('#type' => 'textfield', '#parents' => array('author'), '#title' => t('Authored by'), '#size' => 30, '#maxlength' => 60, '#autocomplete_path' => 'user/autocomplete', '#default_value' => $author, '#weight' => -1); + $form['admin']['homepage'] = array( + '#type' => 'textfield', + '#title' => t('Homepage'), + '#maxlength' => 255, + '#size' => 30, + '#default_value' => $edit['homepage'], + ); + } $form['admin']['date'] = array('#type' => 'textfield', '#parents' => array('date'), '#title' => t('Authored on'), '#size' => 20, '#maxlength' => 25, '#default_value' => $date, '#weight' => -1); @@ -1297,8 +1306,9 @@ function comment_form($edit, $title = NULL) { } else { - $form['author'] = array('#type' => 'item', '#title' => t('Your name'), '#value' => theme('username', $user) + $form['_author'] = array('#type' => 'item', '#title' => t('Your name'), '#value' => theme('username', $user) ); + $form['author'] = array('#type' => 'value', '#value' => $user->name); } } else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MAY_CONTACT) { @@ -1332,7 +1342,7 @@ function comment_form($edit, $title = NULL) { $form['nid'] = array('#type' => 'value', '#value' => $edit['nid']); $form['uid'] = array('#type' => 'value', '#value' => $edit['uid']); - $form['preview'] = array('#type' => 'submit', '#value' => t('Preview comment'), '#weight' => 19); + $form['preview'] = array('#type' => 'button', '#value' => t('Preview comment'), '#weight' => 19); $form['#token'] = 'comment' . $edit['nid'] . $edit['pid']; // Only show post button if preview is optional or if we are in preview mode. @@ -1363,15 +1373,18 @@ function comment_form($edit, $title = NULL) { function comment_form_add_preview($form, $edit) { global $user; + drupal_set_title(t('Preview comment')); + $output = ''; - $comment = (object)comment_validate($edit); + comment_validate($edit); + $comment = (object)_comment_form_submit($edit); // Attach the user and time information. if ($edit['author']) { $account = user_load(array('name' => $edit['author'])); } - elseif ($user->uid) { + elseif ($user->uid && !isset($edit['is_anonymous'])) { $account = $user; } if ($account) { @@ -1408,20 +1421,33 @@ function comment_form_validate($form_id, $form_values) { comment_validate($form_values); } -function comment_form_submit($form_id, $form_values) { - - $op = isset($_POST['op']) ? $_POST['op'] : ''; - $nid = $form_values['nid']; - - // are we posting or previewing a reply? - if ($op == t('Post comment')) { - drupal_set_title(t('Post comment')); - if ($cid = comment_save($form_values)) { - drupal_goto("node/$nid", NULL, "comment-$cid"); - } +function _comment_form_submit($form_values) { + if (!isset($form_values['date'])) { + $form_values['date'] = 'now'; + } + $form_values['timestamp'] = strtotime($form_values['date']); + if (isset($form_values['author'])) { + $account = user_load(array('name' => $form_values['author'])); + $form_values['uid'] = $account->uid; + $form_values['name'] = $form_values['author']; + } + // Validate the comment's subject. If not specified, extract + // one from the comment's body. + if (trim($form_values['subject']) == '') { + // The body may be in any format, so we: + // 1) Filter it into HTML + // 2) Strip out all HTML tags + // 3) Convert entities back to plain-text. + // Note: format is checked by check_markup(). + $form_values['subject'] = truncate_utf8(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format']))), 29, TRUE); } - else if ($_POST['op'] == t('Preview comment')) { - drupal_set_title(t('Preview comment')); + return $form_values; +} + +function comment_form_submit($form_id, $form_values) { + $form_values = _comment_form_submit($form_values); + if ($cid = comment_save($form_values)) { + drupal_goto('node/'. $form_values['nid'], NULL, "comment-$cid"); } } |