ENHANCEMENT If a user posts a spamcomment and it's saved, ensure the form is correctly redirected to

code/controllers/CommentingController.php

@@ -373,27 +373,30 @@ class CommentingController extends Controller {
 		$this->extend('onBeforePostComment', $form);	
 		
 		// If commenting can only be done by logged in users, make sure the user is logged in
-		$member = Member::currentUser();
-		
-		if(Commenting::can_member_post($class) && $member) {
-			$form->Fields()->push(new HiddenField("AuthorID", "Author ID", $member->ID));
-		} 
-		
 		if(!Commenting::can_member_post($class)) {
-			echo _t('CommentingController.PERMISSIONFAILURE', "You're not able to post comments to this page. Please ensure you are logged in and have an appropriate permission level.");
-			
-			return;
+			return Security::permissionFailure(
+				$this,
+				_t(
+					'CommentingController.PERMISSIONFAILURE',
+					"You're not able to post comments to this page. Please ensure you are logged in and have an "
+					. "appropriate permission level."
+				)
+			);
 		}
 
+		if($member = Member::currentUser()) {
+			$form->Fields()->push(new HiddenField("AuthorID", "Author ID", $member->ID));
+		} 
+
 		// is moderation turned on
-		$moderated = Commenting::get_config_value($class, 'require_moderation');
-		if(!$moderated){
-		  $moderated_nonmembers = Commenting::get_config_value($class, 'require_moderation_nonmembers');
-		  $moderated = $moderated_nonmembers ? !Member::currentUser() : false;
+		$requireModeration = Commenting::get_config_value($class, 'require_moderation');
+		if(!$requireModeration){
+			$requireModerationNonmembers = Commenting::get_config_value($class, 'require_moderation_nonmembers');
+			$requireModeration = $requireModerationNonmembers ? !Member::currentUser() : false;
 		}
 		
 		// we want to show a notification if comments are moderated
-		if ($moderated) {
+		if ($requireModeration) {
 			Session::set('CommentsModerated', 1);
 		}
 
@@ -402,7 +405,7 @@ class CommentingController extends Controller {
 		$form->saveInto($comment);
 
 		$comment->AllowHtml = Commenting::get_config_value($class, 'html_allowed');
-		$comment->Moderated = ($moderated) ? false : true;
+		$comment->Moderated = !$requireModeration;
 
 		// Save into DB, or call pre-save hooks to give accurate preview
 		if($isPreview) {
@@ -410,19 +413,36 @@ class CommentingController extends Controller {
 		} else {
 			$comment->write();	
 
-		// extend hook to allow extensions. Also see onBeforePostComment
-		$this->extend('onAfterPostComment', $comment);	
+			// extend hook to allow extensions. Also see onBeforePostComment
+			$this->extend('onAfterPostComment', $comment);
 		}
 		
 		// clear the users comment since it passed validation
 		Cookie::set('CommentsForm_Comment', false);
 
-		$holder = Commenting::get_config_value($comment->BaseClass, 'comments_holder_id');
+		// Find parent link
+		if(!empty($data['ReturnURL'])) {
+			$url = $data['ReturnURL'];
+		} elseif($parent = $comment->getParent()) {
+			$url = $parent->Link();
+		} else {
+			return $this->redirectBack();
+		}
 
-		$hash = ($moderated) ? $holder : $comment->Permalink();
-		$url = (isset($data['ReturnURL'])) ? $data['ReturnURL'] : false;
-			
-		return ($url) ? $this->redirect($url .'#'. $hash) : $this->redirectBack();
+		// Given a redirect page exists, attempt to link to the correct anchor
+		if(!$comment->Moderated) {
+			// Display the "awaiting moderation" text
+			$holder = Commenting::get_config_value($comment->BaseClass, 'comments_holder_id');
+			$hash = "{$holder}_PostCommentForm_error";
+		} elseif($comment->IsSpam) {
+			// Link to the form with the error message contained
+			$hash = $form->FormName();
+		} else {
+			// Link to the moderated, non-spam comment
+			$hash = $comment->Permalink();
+		}
+
+		return $this->redirect(Controller::join_links($url, "#{$hash}"));
 	}
 
 	public function doPreviewComment($data, $form) {

templates/CommentsInterface.ss

@@ -1,11 +1,11 @@
-<% if CommentsEnabled %>
+<% if $CommentsEnabled %>
 	<div id="$CommentHolderID" class="comments-holder-container">
 		<h4><% _t('CommentsInterface_ss.POSTCOM','Post your comment') %></h4>
 		
-		<% if AddCommentForm %>
-			<% if CanPost %>
-				<% if ModeratedSubmitted %>
-					<p id="$CommentHolderID_PostCommentForm_error" class="message good"><% _t('CommentsInterface_ss.AWAITINGMODERATION', 'Your comment has been submitted and is now awaiting moderation.') %></p>
+		<% if $AddCommentForm %>
+			<% if $CanPost %>
+				<% if $ModeratedSubmitted %>
+					<p id="{$CommentHolderID}_PostCommentForm_error" class="message good"><% _t('CommentsInterface_ss.AWAITINGMODERATION', 'Your comment has been submitted and is now awaiting moderation.') %></p>
 				<% end_if %>
 				$AddCommentForm
 			<% else %>
@@ -20,25 +20,25 @@
 		<h4><% _t('CommentsInterface_ss.COMMENTS','Comments') %></h4>
 	
 		<div class="comments-holder">
-			<% if Comments %>
+			<% if $Comments %>
 				<ul class="comments-list">
-					<% loop Comments %>
+					<% loop $Comments %>
 						<li class="comment $EvenOdd<% if FirstLast %> $FirstLast <% end_if %> $SpamClass">
 							<% include CommentsInterface_singlecomment %>
 						</li>
 					<% end_loop %>
 				</ul>
 			
-				<% if Comments.MoreThanOnePage %>
+				<% if $Comments.MoreThanOnePage %>
 					<div class="comments-pagination">
 						<p>
-							<% if Comments.PrevLink %>
+							<% if $Comments.PrevLink %>
 								<a href="$Comments.PrevLink" class="previous">&laquo; <% _t('CommentsInterface_ss.PREV','previous') %></a>
 							<% end_if %>
 					
-							<% if Comments.Pages %>
-								<% loop Comments.Pages %>
-									<% if CurrentBool %>
+							<% if $Comments.Pages %>
+								<% loop $Comments.Pages %>
+									<% if $CurrentBool %>
 										<strong>$PageNum</strong>
 									<% else %>
 										<a href="$Link">$PageNum</a>
@@ -46,7 +46,7 @@
 								<% end_loop %>
 							<% end_if %>
 	
-							<% if Comments.NextLink %>
+							<% if $Comments.NextLink %>
 								<a href="$Comments.NextLink" class="next"><% _t('CommentsInterface_ss.NEXT','next') %> &raquo;</a>
 							<% end_if %>
 						</p>
@@ -58,7 +58,7 @@
 
 		</div>
 		
-		<% if DeleteAllLink %>
+		<% if $DeleteAllLink %>
 			<p class="delete-comments">
 				<a href="$DeleteAllLink"><% _t('CommentsInterface_ss.PageCommentInterface.DELETEALLCOMMENTS','Delete all comments on this page') %></a>
 			</p>

templates/CommentsInterface_singlecomment.ss

@@ -1,4 +1,4 @@
-<div class="comment" id="<% if isPreview %>comment-preview<% else %>$Permalink<% end_if %>">
+<div class="comment" id="<% if $isPreview %>comment-preview<% else %>$Permalink<% end_if %>">
 <% if $Gravatar %><img class="gravatar" src="$Gravatar" alt="Gravatar for $Name" title="Gravatar for $Name" /><% end_if %>
 	$EscapedComment
 </div>
@@ -14,16 +14,16 @@
 
 	<% if $ApproveLink || $SpamLink || $HamLink || $DeleteLink %>
 		<ul class="action-links">
-			<% if ApproveLink %>
+			<% if $ApproveLink %>
 				<li><a href="$ApproveLink.ATT" class="approve"><% _t('CommentsInterface_singlecomment_ss.APPROVE', 'approve this comment') %></a></li>
 			<% end_if %>
-			<% if SpamLink %>
+			<% if $SpamLink %>
 				<li><a href="$SpamLink.ATT" class="spam"><% _t('CommentsInterface_singlecomment_ss.ISSPAM','this comment is spam') %></a></li>
 			<% end_if %>
-			<% if HamLink %>
+			<% if $HamLink %>
 				<li><a href="$HamLink.ATT" class="ham"><% _t('CommentsInterface_singlecomment_ss.ISNTSPAM','this comment is not spam') %></a></li>
 			<% end_if %>
-			<% if DeleteLink %>
+			<% if $DeleteLink %>
 				<li class="last"><a href="$DeleteLink.ATT" class="delete"><% _t('CommentsInterface_singlecomment_ss.REMCOM','remove this comment') %></a></li>
 			<% end_if %>
 		</ul>