2007-07-19 12:40:05 +02:00
|
|
|
<?php
|
2008-02-25 03:10:37 +01:00
|
|
|
/**
|
|
|
|
* Represents a single comment on a page
|
2010-04-23 02:18:39 +02:00
|
|
|
*
|
2008-02-25 03:10:37 +01:00
|
|
|
* @package cms
|
|
|
|
* @subpackage comments
|
|
|
|
*/
|
2007-07-19 12:40:05 +02:00
|
|
|
class PageComment extends DataObject {
|
2009-02-03 04:26:44 +01:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
static $db = array(
|
2008-08-18 02:10:26 +02:00
|
|
|
"Name" => "Varchar(200)",
|
2007-07-19 12:40:05 +02:00
|
|
|
"Comment" => "Text",
|
|
|
|
"IsSpam" => "Boolean",
|
2009-01-05 07:17:59 +01:00
|
|
|
"NeedsModeration" => "Boolean",
|
2009-04-29 03:44:28 +02:00
|
|
|
"CommenterURL" => "Varchar(255)",
|
|
|
|
"SessionID" => "Varchar(255)"
|
2007-07-19 12:40:05 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
static $has_one = array(
|
|
|
|
"Parent" => "SiteTree",
|
2008-08-12 04:59:27 +02:00
|
|
|
"Author" => "Member" // Only set when the user is logged in when posting
|
2007-07-19 12:40:05 +02:00
|
|
|
);
|
|
|
|
|
2009-02-03 04:26:44 +01:00
|
|
|
static $has_many = array();
|
|
|
|
|
|
|
|
static $many_many = array();
|
|
|
|
|
|
|
|
static $defaults = array();
|
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
static $casting = array(
|
|
|
|
"RSSTitle" => "Varchar",
|
|
|
|
);
|
|
|
|
|
|
|
|
// Number of comments to show before paginating
|
|
|
|
static $comments_per_page = 10;
|
|
|
|
|
2007-08-07 06:32:52 +02:00
|
|
|
static $moderate = false;
|
|
|
|
|
2007-10-02 04:47:02 +02:00
|
|
|
static $bbcode = false;
|
2009-02-03 04:26:44 +01:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
/**
|
|
|
|
* Return a link to this comment
|
|
|
|
* @return string link to this comment.
|
|
|
|
*/
|
|
|
|
function Link() {
|
2007-08-06 03:03:19 +02:00
|
|
|
return $this->Parent()->Link() . '#PageComment_'. $this->ID;
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
2007-10-02 04:47:02 +02:00
|
|
|
|
2009-10-21 06:53:24 +02:00
|
|
|
function getRSSName() {
|
|
|
|
if($this->Name) {
|
|
|
|
return $this->Name;
|
|
|
|
} elseif($this->Author()) {
|
|
|
|
return $this->Author()->getName();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-02 04:47:02 +02:00
|
|
|
function ParsedBBCode(){
|
|
|
|
$parser = new BBCodeParser($this->Comment);
|
|
|
|
return $parser->parse();
|
|
|
|
}
|
2007-07-19 12:40:05 +02:00
|
|
|
|
|
|
|
function DeleteLink() {
|
2010-11-01 02:29:02 +01:00
|
|
|
$token = SecurityToken::inst();
|
|
|
|
$link = $token->addToUrl("PageComment_Controller/deletecomment/$this->ID");
|
|
|
|
|
|
|
|
return ($this->canDelete()) ? $link : false;
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
|
|
|
|
2009-10-21 06:37:59 +02:00
|
|
|
function CommentTextWithLinks() {
|
2009-10-21 06:38:41 +02:00
|
|
|
$pattern = '|([a-zA-Z]+://)([a-zA-Z0-9?&%.;:/=+_-]*)|is';
|
|
|
|
$replace = '<a rel="nofollow" href="$1$2">$1$2</a>';
|
|
|
|
return preg_replace($pattern, $replace, $this->Comment);
|
2009-10-21 06:37:59 +02:00
|
|
|
}
|
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
function SpamLink() {
|
2010-11-01 02:29:02 +01:00
|
|
|
$token = SecurityToken::inst();
|
|
|
|
$link = $token->addToUrl("PageComment_Controller/reportspam/$this->ID");
|
|
|
|
return ($this->canEdit() && !$this->IsSpam) ? $link : false;
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function HamLink() {
|
2010-11-01 02:29:02 +01:00
|
|
|
$token = SecurityToken::inst();
|
|
|
|
$link = $token->addToUrl("PageComment_Controller/reportham/$this->ID");
|
|
|
|
return ($this->canEdit() && $this->IsSpam) ? $link : false;
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
|
|
|
|
2007-08-13 00:19:06 +02:00
|
|
|
function ApproveLink() {
|
2010-11-01 02:29:02 +01:00
|
|
|
$token = SecurityToken::inst();
|
|
|
|
$link = $token->addToUrl("PageComment_Controller/approve/$this->ID");
|
|
|
|
return ($this->canEdit() && $this->NeedsModeration) ? $link : false;
|
2007-08-10 03:29:09 +02:00
|
|
|
}
|
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
function SpamClass() {
|
|
|
|
if($this->getField('IsSpam')) {
|
|
|
|
return 'spam';
|
2007-08-13 01:39:18 +02:00
|
|
|
} else if($this->getField('NeedsModeration')) {
|
|
|
|
return 'unmoderated';
|
2007-07-19 12:40:05 +02:00
|
|
|
} else {
|
|
|
|
return 'notspam';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-04-26 08:38:48 +02:00
|
|
|
|
|
|
|
function RSSTitle() {
|
|
|
|
return sprintf(
|
|
|
|
_t('PageComment.COMMENTBY', "Comment by '%s' on %s", PR_MEDIUM, 'Name, Page Title'),
|
2009-10-21 06:53:24 +02:00
|
|
|
Convert::raw2xml($this->getRSSName()),
|
2008-04-26 08:38:48 +02:00
|
|
|
$this->Parent()->Title
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function PageTitle() {
|
|
|
|
return $this->Parent()->Title;
|
|
|
|
}
|
|
|
|
|
|
|
|
static function enableModeration() {
|
|
|
|
self::$moderate = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static function moderationEnabled() {
|
|
|
|
return self::$moderate;
|
|
|
|
}
|
|
|
|
|
|
|
|
static function enableBBCode() {
|
|
|
|
self::$bbcode = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static function bbCodeEnabled() {
|
|
|
|
return self::$bbcode;
|
|
|
|
}
|
|
|
|
|
2009-04-29 03:44:28 +02:00
|
|
|
/**
|
|
|
|
*
|
|
|
|
* @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
function fieldLabels($includerelations = true) {
|
|
|
|
$labels = parent::fieldLabels($includerelations);
|
2008-11-02 21:04:26 +01:00
|
|
|
$labels['Name'] = _t('PageComment.Name', 'Author Name');
|
|
|
|
$labels['Comment'] = _t('PageComment.Comment', 'Comment');
|
|
|
|
$labels['IsSpam'] = _t('PageComment.IsSpam', 'Spam?');
|
|
|
|
$labels['NeedsModeration'] = _t('PageComment.NeedsModeration', 'Needs Moderation?');
|
|
|
|
|
|
|
|
return $labels;
|
|
|
|
}
|
|
|
|
|
2009-01-05 07:17:59 +01:00
|
|
|
/**
|
|
|
|
* This method is called just before this object is
|
|
|
|
* written to the database.
|
|
|
|
*
|
|
|
|
* Specifically, make sure "http://" exists at the start
|
|
|
|
* of the URL, if it doesn't have https:// or http://
|
|
|
|
*/
|
|
|
|
public function onBeforeWrite() {
|
|
|
|
parent::onBeforeWrite();
|
|
|
|
|
|
|
|
$url = $this->CommenterURL;
|
|
|
|
|
|
|
|
if($url) {
|
2010-01-15 03:52:37 +01:00
|
|
|
if(strtolower(substr($url, 0, 8)) != 'https://' && strtolower(substr($url, 0, 7)) != 'http://') {
|
|
|
|
$this->CommenterURL = 'http://' . $url;
|
2009-01-05 07:17:59 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2010-05-17 01:50:03 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* This always returns true, and should be handled by {@link PageCommentInterface->CanPostComment()}.
|
|
|
|
*
|
|
|
|
* @todo Integrate with PageCommentInterface::$comments_require_permission and $comments_require_login
|
|
|
|
*
|
|
|
|
* @param Member $member
|
|
|
|
* @return Boolean
|
|
|
|
*/
|
|
|
|
function canCreate($member = null) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks for association with a page,
|
|
|
|
* and {@link SiteTree->ProvidePermission} flag being set to TRUE.
|
|
|
|
* Note: There's an additional layer of permission control
|
|
|
|
* in {@link PageCommentInterface}.
|
|
|
|
*
|
|
|
|
* @param Member $member
|
|
|
|
* @return Boolean
|
|
|
|
*/
|
|
|
|
function canView($member = null) {
|
|
|
|
if(!$member) $member = Member::currentUser();
|
|
|
|
|
|
|
|
// Standard mechanism for accepting permission changes from decorators
|
|
|
|
$extended = $this->extendedCan('canView', $member);
|
|
|
|
if($extended !== null) return $extended;
|
|
|
|
|
|
|
|
$page = $this->Parent();
|
|
|
|
return (
|
|
|
|
($page && $page->ProvideComments)
|
|
|
|
|| (bool)Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin')
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks for "CMS_ACCESS_CommentAdmin" permission codes
|
|
|
|
* and {@link canView()}.
|
|
|
|
*
|
|
|
|
* @param Member $member
|
|
|
|
* @return Boolean
|
|
|
|
*/
|
|
|
|
function canEdit($member = null) {
|
|
|
|
if(!$member) $member = Member::currentUser();
|
|
|
|
|
|
|
|
// Standard mechanism for accepting permission changes from decorators
|
|
|
|
$extended = $this->extendedCan('canEdit', $member);
|
|
|
|
if($extended !== null) return $extended;
|
|
|
|
|
|
|
|
if(!$this->canView($member)) return false;
|
|
|
|
|
|
|
|
return (bool)Permission::checkMember($member, 'CMS_ACCESS_CommentAdmin');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks for "CMS_ACCESS_CommentAdmin" permission codes
|
|
|
|
* and {@link canEdit()}.
|
|
|
|
*
|
|
|
|
* @param Member $member
|
|
|
|
* @return Boolean
|
|
|
|
*/
|
|
|
|
function canDelete($member = null) {
|
|
|
|
if(!$member) $member = Member::currentUser();
|
|
|
|
|
|
|
|
// Standard mechanism for accepting permission changes from decorators
|
|
|
|
$extended = $this->extendedCan('canDelete', $member);
|
|
|
|
if($extended !== null) return $extended;
|
|
|
|
|
|
|
|
return $this->canEdit($member);
|
|
|
|
}
|
2008-04-26 08:38:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-04-23 02:18:39 +02:00
|
|
|
/**
|
|
|
|
* @package cms
|
|
|
|
* @subpackage comments
|
|
|
|
*/
|
2008-04-26 08:38:48 +02:00
|
|
|
class PageComment_Controller extends Controller {
|
|
|
|
function rss() {
|
2008-11-24 10:30:41 +01:00
|
|
|
$parentcheck = isset($_REQUEST['pageid']) ? "\"ParentID\" = " . (int) $_REQUEST['pageid'] : "\"ParentID\" > 0";
|
2009-11-12 11:42:37 +01:00
|
|
|
$unmoderatedfilter = Permission::check('ADMIN') ? '' : "AND \"NeedsModeration\" = 0";
|
2009-10-21 06:52:37 +02:00
|
|
|
$comments = DataObject::get("PageComment", "$parentcheck AND \"IsSpam\" = 0 $unmoderatedfilter", "\"Created\" DESC", "", 10);
|
2008-04-26 08:38:48 +02:00
|
|
|
if(!isset($comments)) {
|
|
|
|
$comments = new DataObjectSet();
|
|
|
|
}
|
|
|
|
|
2009-10-21 06:53:24 +02:00
|
|
|
$rss = new RSSFeed($comments, "home/", "Page comments", "", "RSSTitle", "Comment", "RSSName");
|
2008-04-26 08:38:48 +02:00
|
|
|
$rss->outputToBrowser();
|
|
|
|
}
|
|
|
|
|
2009-12-15 04:33:38 +01:00
|
|
|
/**
|
|
|
|
* Deletes all comments on the page referenced by the url param pageid
|
|
|
|
*/
|
2010-11-01 02:29:02 +01:00
|
|
|
function deleteallcomments($request) {
|
|
|
|
// Protect against CSRF on destructive action
|
|
|
|
$token = SecurityToken::inst();
|
|
|
|
if(!$token->checkRequest($request)) return $this->httpError(400);
|
|
|
|
|
|
|
|
$pageId = $request->requestVar('pageid');
|
2010-05-17 01:50:03 +02:00
|
|
|
if(preg_match('/^\d+$/', $pageId)) {
|
2010-11-01 02:29:02 +01:00
|
|
|
$comments = DataObject::get("PageComment", sprintf("\"ParentID\" = %d", (int)$pageId));
|
2010-05-17 01:50:03 +02:00
|
|
|
if($comments) foreach($comments as $c) {
|
|
|
|
if($c->canDelete()) $c->delete();
|
2009-12-15 04:33:38 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-03-04 05:09:18 +01:00
|
|
|
if(Director::is_ajax()) {
|
2009-12-15 04:33:38 +01:00
|
|
|
echo "";
|
|
|
|
} else {
|
2010-03-04 05:09:18 +01:00
|
|
|
Director::redirectBack();
|
2009-12-15 04:33:38 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-11-01 02:29:02 +01:00
|
|
|
function deletecomment($request) {
|
|
|
|
// Protect against CSRF on destructive action
|
|
|
|
$token = SecurityToken::inst();
|
|
|
|
if(!$token->checkRequest($request)) return $this->httpError(400);
|
|
|
|
|
|
|
|
$comment = DataObject::get_by_id("PageComment", $request->param('ID'));
|
2010-05-17 01:50:03 +02:00
|
|
|
if($comment && $comment->canDelete()) {
|
|
|
|
$comment->delete();
|
2008-04-26 08:38:48 +02:00
|
|
|
}
|
|
|
|
|
2010-03-04 05:09:18 +01:00
|
|
|
if(Director::is_ajax()) {
|
2008-04-26 08:38:48 +02:00
|
|
|
echo "";
|
|
|
|
} else {
|
2010-03-04 05:09:18 +01:00
|
|
|
Director::redirectBack();
|
2008-04-26 08:38:48 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-11-01 02:29:02 +01:00
|
|
|
function approve($request) {
|
|
|
|
// Protect against CSRF on destructive action
|
|
|
|
$token = SecurityToken::inst();
|
|
|
|
if(!$token->checkRequest($request)) return $this->httpError(400);
|
|
|
|
|
|
|
|
$comment = DataObject::get_by_id("PageComment", $request->param('ID'));
|
2009-11-05 02:16:09 +01:00
|
|
|
|
2010-05-17 01:50:03 +02:00
|
|
|
if($comment && $comment->canEdit()) {
|
|
|
|
$comment->NeedsModeration = false;
|
|
|
|
$comment->write();
|
|
|
|
|
|
|
|
// @todo Report to spamprotecter this is true
|
|
|
|
|
|
|
|
if(Director::is_ajax()) {
|
|
|
|
echo $comment->renderWith('PageCommentInterface_singlecomment');
|
|
|
|
} else {
|
|
|
|
Director::redirectBack();
|
2007-08-10 03:29:09 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-11-01 02:29:02 +01:00
|
|
|
function reportspam($request) {
|
|
|
|
// Protect against CSRF on destructive action
|
|
|
|
$token = SecurityToken::inst();
|
|
|
|
if(!$token->checkRequest($request)) return $this->httpError(400);
|
|
|
|
|
|
|
|
$comment = DataObject::get_by_id("PageComment", $request->param('ID'));
|
2010-05-17 01:50:03 +02:00
|
|
|
if($comment && $comment->canEdit()) {
|
|
|
|
// if spam protection module exists
|
|
|
|
if(class_exists('SpamProtectorManager')) {
|
|
|
|
SpamProtectorManager::send_feedback($comment, 'spam');
|
|
|
|
}
|
|
|
|
|
|
|
|
// If Akismet is enabled
|
|
|
|
else if(SSAkismet::isEnabled()) {
|
|
|
|
try {
|
|
|
|
$akismet = new SSAkismet();
|
|
|
|
$akismet->setCommentAuthor($comment->getField('Name'));
|
|
|
|
$akismet->setCommentContent($comment->getField('Comment'));
|
|
|
|
$akismet->submitSpam();
|
|
|
|
} catch (Exception $e) {
|
|
|
|
// Akismet didn't work, most likely the service is down.
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
2007-08-10 03:29:09 +02:00
|
|
|
}
|
2010-05-17 01:50:03 +02:00
|
|
|
|
|
|
|
$comment->IsSpam = true;
|
|
|
|
$comment->NeedsModeration = false;
|
|
|
|
$comment->write();
|
2009-04-29 03:44:28 +02:00
|
|
|
}
|
2010-05-17 01:50:03 +02:00
|
|
|
|
2010-03-04 05:09:18 +01:00
|
|
|
if(Director::is_ajax()) {
|
2009-12-08 02:29:19 +01:00
|
|
|
if(SSAkismet::isEnabled() && SSAkismet::getSaveSpam()) {
|
2009-04-29 03:44:28 +02:00
|
|
|
echo $comment->renderWith('PageCommentInterface_singlecomment');
|
2007-07-19 12:40:05 +02:00
|
|
|
} else {
|
2009-04-29 03:44:28 +02:00
|
|
|
echo '';
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
2009-04-29 03:44:28 +02:00
|
|
|
} else {
|
2010-03-04 05:09:18 +01:00
|
|
|
Director::redirectBack();
|
2009-04-29 03:44:28 +02:00
|
|
|
}
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
2009-04-29 03:44:28 +02:00
|
|
|
/**
|
|
|
|
* Report a Spam Comment as valid comment (not spam)
|
|
|
|
*/
|
2010-11-01 02:29:02 +01:00
|
|
|
function reportham($request) {
|
|
|
|
// Protect against CSRF on destructive action
|
|
|
|
$token = SecurityToken::inst();
|
|
|
|
if(!$token->checkRequest($request)) return $this->httpError(400);
|
|
|
|
|
|
|
|
$comment = DataObject::get_by_id("PageComment", $request->param('ID'));
|
2010-05-17 01:50:03 +02:00
|
|
|
if($comment && $comment->canEdit()) {
|
|
|
|
// if spam protection module exists
|
|
|
|
if(class_exists('SpamProtectorManager')) {
|
|
|
|
SpamProtectorManager::send_feedback($comment, 'ham');
|
|
|
|
}
|
|
|
|
|
|
|
|
if(SSAkismet::isEnabled()) {
|
|
|
|
try {
|
|
|
|
$akismet = new SSAkismet();
|
|
|
|
$akismet->setCommentAuthor($comment->getField('Name'));
|
|
|
|
$akismet->setCommentContent($comment->getField('Comment'));
|
|
|
|
$akismet->submitHam();
|
|
|
|
} catch (Exception $e) {
|
|
|
|
// Akismet didn't work, most likely the service is down.
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
|
|
|
}
|
2010-05-17 01:50:03 +02:00
|
|
|
$comment->setField('IsSpam', false);
|
|
|
|
$comment->write();
|
2009-04-29 03:44:28 +02:00
|
|
|
}
|
2010-05-17 01:50:03 +02:00
|
|
|
|
2010-03-04 05:09:18 +01:00
|
|
|
if(Director::is_ajax()) {
|
2009-04-29 03:44:28 +02:00
|
|
|
echo $comment->renderWith('PageCommentInterface_singlecomment');
|
|
|
|
} else {
|
2010-03-04 05:09:18 +01:00
|
|
|
Director::redirectBack();
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
|
|
|
}
|
2009-01-05 07:17:59 +01:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
|
|
|
|
2010-11-01 02:29:02 +01:00
|
|
|
?>
|