From 5dec31c84fc34c8b486993b931235837a1cb304d Mon Sep 17 00:00:00 2001 From: Will Rossiter Date: Sat, 11 Dec 2010 18:33:21 +1300 Subject: [PATCH] ENHANCEMENT: dont allow comments to be displayed on fake pages such as security. BUGFIX: updated commentadmin tests to just work --- code/CommentAdmin.php | 198 ++++++++++++-------------- code/dataobjects/Comment.php | 3 +- code/extensions/CommentsExtension.php | 6 +- tests/CommentAdminTest.php | 39 +++++ tests/CommentsTest.yml | 116 ++++++++------- 5 files changed, 200 insertions(+), 162 deletions(-) create mode 100644 tests/CommentAdminTest.php diff --git a/code/CommentAdmin.php b/code/CommentAdmin.php index 457e47f..568cb94 100644 --- a/code/CommentAdmin.php +++ b/code/CommentAdmin.php @@ -27,7 +27,7 @@ class CommentAdmin extends LeftAndMain { /** * @var int The number of comments per page for the {@link CommentTable} in this admin. */ - static $comments_per_page = '20'; + static $comments_per_page = 20; public function init() { parent::init(); @@ -78,18 +78,18 @@ class CommentAdmin extends LeftAndMain { "Name" => _t('CommentAdmin.AUTHOR', 'Author'), "Comment" => _t('CommentAdmin.COMMENT', 'Comment'), "Parent.Title" => _t('CommentAdmin.PAGE', 'Page'), - "CommenterURL" => _t('CommentAdmin.COMMENTERURL', 'URL'), + "URL" => _t('CommentAdmin.COMMENTERURL', 'URL'), "Created" => _t('CommentAdmin.DATEPOSTED', 'Date Posted') ); $popupFields = new FieldSet( new TextField('Name', _t('CommentAdmin.NAME', 'Name')), - new TextField('CommenterURL', _t('CommentAdmin.COMMENTERURL', 'URL')), + new TextField('URL', _t('CommentAdmin.URL', 'URL')), new TextareaField('Comment', _t('CommentAdmin.COMMENT', 'Comment')) ); $idField = new HiddenField('ID', '', $section); - $table = new CommentTableField($this, "Comments", "PageComment", $section, $tableFields, $popupFields, array($filter), 'Created DESC'); + $table = new CommentTableField($this, "Comments", "Comment", $section, $tableFields, $popupFields, array($filter), 'Created DESC'); $table->setParentClass(false); $table->setFieldCasting(array( @@ -133,38 +133,40 @@ class CommentAdmin extends LeftAndMain { } function deletemarked() { - $numComments = 0; - $folderID = 0; - $deleteList = ''; + $numComments = 0; + $folderID = 0; + $deleteList = ''; - if($_REQUEST['Comments']) { - foreach($_REQUEST['Comments'] as $commentid) { - $comment = DataObject::get_by_id('PageComment', $commentid); - if($comment) { - $comment->delete(); - $numComments++; - } + if($_REQUEST['Comments']) { + foreach($_REQUEST['Comments'] as $commentid) { + $comment = DataObject::get_by_id('Comment', $commentid); + if($comment && $comment->canDelete()) { + $comment->delete(); + $numComments++; } - } else { - user_error("No comments in $commentList could be found!", E_USER_ERROR); } + } else { + user_error("No comments in $commentList could be found!", E_USER_ERROR); + } - echo <<Count(); foreach($spam as $comment) { - $comment->delete(); + if($comment->canDelete()) { + $comment->delete(); + } } } @@ -177,134 +179,118 @@ JS; } function spammarked() { - $numComments = 0; - $folderID = 0; - $deleteList = ''; + $numComments = 0; + $folderID = 0; + $deleteList = ''; - if($_REQUEST['Comments']) { - foreach($_REQUEST['Comments'] as $commentid) { - $comment = DataObject::get_by_id('PageComment', $commentid); - if($comment) { - $comment->IsSpam = true; - $comment->NeedsModeration = false; - $comment->write(); + if($_REQUEST['Comments']) { + foreach($_REQUEST['Comments'] as $commentid) { + $comment = DataObject::get_by_id('Comment', $commentid); + if($comment) { + $comment->IsSpam = true; + $comment->Moderated = true; + $comment->write(); - if(SSAkismet::isEnabled()) { - try { - $akismet = new SSAkismet(); - $akismet->setCommentAuthor($comment->getField('Name')); - $akismet->setCommentContent($comment->getField('Comment')); - - $akismet->submitSpam(); - } catch (Exception $e) { - // Akismet didn't work, most likely the service is down. - } - } - $numComments++; - } + $numComments++; } - } else { - user_error("No comments in $commentList could be found!", E_USER_ERROR); } + } else { + user_error("No comments in $commentList could be found!", E_USER_ERROR); + } - $msg = sprintf(_t('CommentAdmin.MARKEDSPAM', 'Marked %s comments as spam.'), $numComments); - echo <<IsSpam = false; - $comment->NeedsModeration = false; - $comment->write(); + if($_REQUEST['Comments']) { + foreach($_REQUEST['Comments'] as $commentid) { + $comment = DataObject::get_by_id('Comment', $commentid); - if(SSAkismet::isEnabled()) { - try { - $akismet = new SSAkismet(); - $akismet->setCommentAuthor($comment->getField('Name')); - $akismet->setCommentContent($comment->getField('Comment')); + if($comment) { + $comment->IsSpam = false; + $comment->Moderated = true; + $comment->write(); - $akismet->submitSpam(); - } catch (Exception $e) { - // Akismet didn't work, most likely the service is down. - } - } - - $numComments++; - } + $numComments++; } - } else { - user_error("No comments in $commentList could be found!", E_USER_ERROR); } + } else { + user_error("No comments in $commentList could be found!", E_USER_ERROR); + } - $msg = sprintf(_t('CommentAdmin.MARKEDNOTSPAM', 'Marked %s comments as not spam.'), $numComments); - echo <<IsSpam = false; - $comment->NeedsModeration = false; - $comment->write(); - $numComments++; - } + if($_REQUEST['Comments']) { + foreach($_REQUEST['Comments'] as $commentid) { + $comment = DataObject::get_by_id('Comment', $commentid); + if($comment) { + $comment->IsSpam = false; + $comment->Moderated = true; + $comment->write(); + $numComments++; } - } else { - user_error("No comments in $commentList could be found!", E_USER_ERROR); } + } else { + user_error("No comments in $commentList could be found!", E_USER_ERROR); + } - $msg = sprintf(_t('CommentAdmin.APPROVED', 'Accepted %s comments.'), $numComments); - echo <<value(); + return DB::query("SELECT COUNT(*) FROM \"Comment\" WHERE \"Moderated\" = 1")->value(); } /** * Return the number of unmoderated comments + * + * @return int */ function NumUnmoderated() { - return DB::query("SELECT COUNT(*) FROM \"PageComment\" WHERE \"IsSpam\"=0 AND \"NeedsModeration\"=1")->value(); + return DB::query("SELECT COUNT(*) FROM \"Comment\" WHERE \"Moderated\" = 0")->value(); } /** * Return the number of comments marked as spam + * + * @return int */ function NumSpam() { - return DB::query("SELECT COUNT(*) FROM \"PageComment\" WHERE \"IsSpam\"=1")->value(); + return DB::query("SELECT COUNT(*) FROM \"Comment\" WHERE \"IsSpam\" = 1")->value(); } /** - * @param $num int + * @param int */ function set_comments_per_page($num){ self::$comments_per_page = $num; @@ -317,5 +303,3 @@ JS; return self::$comments_per_page; } } - -?> diff --git a/code/dataobjects/Comment.php b/code/dataobjects/Comment.php index 66d5df1..d4b80a1 100755 --- a/code/dataobjects/Comment.php +++ b/code/dataobjects/Comment.php @@ -13,7 +13,8 @@ class Comment extends DataObject { "Email" => "Varchar(200)", "URL" => "Varchar(255)", "BaseClass" => "Varchar(200)", - "Moderated" => "Boolean" + "Moderated" => "Boolean", + "IsSpam" => "Boolean" ); static $has_one = array( diff --git a/code/extensions/CommentsExtension.php b/code/extensions/CommentsExtension.php index 52b05d5..5e0dbb3 100644 --- a/code/extensions/CommentsExtension.php +++ b/code/extensions/CommentsExtension.php @@ -75,7 +75,10 @@ class CommentsExtension extends DataObjectDecorator { // on a {@link DataObject} then it is enabled, however {@link SiteTree} objects can // trigger comments on / off via ProvideComments $enabled = (!$this->attachedToSiteTree() || $this->owner->ProvideComments) ? true : false; - + + // do not include the comments on pages which don't have id's such as security pages + if($this->owner->ID < 0) return false; + $controller = new CommentingController(); // tad bit messy but needed to ensure all datas available @@ -85,6 +88,7 @@ class CommentsExtension extends DataObjectDecorator { $form = ($enabled) ? $controller->CommentsForm() : false; + Debug::show(Controller::curr()->ID); // a little bit all over the show but to ensure a slightly easier upgrade for users // return back the same variables as previously done in comments return $interface->process(new ArrayData(array( diff --git a/tests/CommentAdminTest.php b/tests/CommentAdminTest.php new file mode 100644 index 0000000..15cc04f --- /dev/null +++ b/tests/CommentAdminTest.php @@ -0,0 +1,39 @@ +NumModerated(); + $this->assertEquals(4, $resp); + } + + function testNumUnmoderated(){ + $comm = new CommentAdmin(); + $resp = $comm->NumUnmoderated(); + $this->assertEquals(3, $resp); + } + + function testNumSpam(){ + $comm = new CommentAdmin(); + $resp = $comm->NumSpam(); + $this->assertEquals(2, $resp); + } + + function testdeletemarked(){ + $comm = $this->objFromFixture('Comment', 'firstComA'); + $id = $comm->ID; + $this->logInWithPermission('CMS_ACCESS_CommentAdmin'); + $result = $this->get("admin/comments/EditForm/field/Comments/item/$id/delete"); + + $checkComm = DataObject::get_by_id('Comment',$id); + + $this->assertFalse($checkComm); + } +} \ No newline at end of file diff --git a/tests/CommentsTest.yml b/tests/CommentsTest.yml index 87062a9..84ff8df 100644 --- a/tests/CommentsTest.yml +++ b/tests/CommentsTest.yml @@ -1,62 +1,72 @@ Member: - commentadmin: - FirstName: admin - visitor: - FirstName: visitor + commentadmin: + FirstName: admin + visitor: + FirstName: visitor Group: - commentadmins: - Title: Admin - Members: =>Member.commentadmin + commentadmins: + Title: Admin + Members: =>Member.commentadmin Permission: - admin: - Code: CMS_ACCESS_CommentAdmin - Group: =>Group.commentadmins + admin: + Code: CMS_ACCESS_CommentAdmin + Group: =>Group.commentadmins Page: - first: - Title: First page - URLSegment: first-page - ProvideComments: 1 - second: - Title: Second page - URLSegment: second-page - ProvideComments: 1 - third: - Title: Third page - URLSegment:third-page - ProvideComments: 1 - pageNoComments: - Title: No comments - URLSegment: no-comments - ProvideComments: 0 + first: + Title: First page + URLSegment: first-page + ProvideComments: 1 + second: + Title: Second page + URLSegment: second-page + ProvideComments: 1 + third: + Title: Third page + URLSegment:third-page + ProvideComments: 1 + pageNoComments: + Title: No comments + URLSegment: no-comments + ProvideComments: 0 Comment: - firstComA: - ParentID: =>Page.first - Name: FA - Comment: textFA - secondComA: - ParentID: =>Page.second - Name: SA - Comment: textSA - secondComB: - ParentID: =>Page.second - Name: SB - Comment: textSB - thirdComA: - ParentID: =>Page.third - Name: TA - Comment: textTA - thirdComB: - ParentID: =>Page.third - Name: TB - Comment: textTB - thirdComC: - ParentID: =>Page.third - Name: TC - Comment: textTC - disabledCom: - ParentID: =>Page.pageNoComments - Name: Disabled \ No newline at end of file + firstComA: + ParentID: =>Page.first + Name: FA + Comment: textFA + Moderated: 1 + secondComA: + ParentID: =>Page.second + Name: SA + Comment: textSA + Moderated: 1 + secondComB: + ParentID: =>Page.second + Name: SB + Comment: textSB + Moderated: 1 + thirdComA: + ParentID: =>Page.third + Name: TA + Comment: textTA + Moderated: 1 + IsSpam: 1 + thirdComB: + ParentID: =>Page.third + Name: TB + Comment: textTB + Moderated: 0 + thirdComC: + ParentID: =>Page.third + Name: TC + Comment: textTC + Moderated: 0 + + disabledCom: + ParentID: =>Page.pageNoComments + Name: Disabled + Moderated: 0 + IsSpam: 1 \ No newline at end of file