• Main Page
  • Related Pages
  • Namespaces
  • Classes
  • Files
  • Examples
  • File List

system/handlers/feedbackhandler.php

00001 <?php
00007 namespace Habari;
00008 
00014 class FeedbackHandler extends ActionHandler
00015 {
00021   public function act_add_comment()
00022   {
00023     Utils::check_request_method( array( 'POST' ) );
00024 
00025     // We need to get the post anyway to redirect back to the post page.
00026     $post = Post::get( array( 'id' => $this->handler_vars['id'] ) );
00027     if ( ! $post ) {
00028       // trying to comment on a non-existent post?  Weirdo.
00029       header( 'HTTP/1.1 403 Forbidden', true, 403 );
00030       die();
00031     }
00032 
00033     // Allow theme action hooks to work
00034     Themes::create();
00035     $form = $post->comment_form();
00036     $form->get();
00037 
00038     // Disallow non-FormUI comments
00039     if ( !$form->submitted ) {
00040       // Trying to submit a non-FormUI comment
00041       header( 'HTTP/1.1 403 Forbidden', true, 403 );
00042       die();
00043     }
00044     else {
00045 
00046       // To be eventually incorporated more fully into FormUI.
00047       Plugins::act( 'comment_form_submit', $form );
00048 
00049       if ( $form->success ) {
00050         $this->add_comment(
00051           $post->id,
00052           $form->cf_commenter->value,
00053           $form->cf_email->value,
00054           $form->cf_url->value,
00055           $form->cf_content->value,
00056           $form->get_values()
00057         );
00058       }
00059       else {
00060         Session::error( _t( 'There was a problem submitting your comment.' ) );
00061         $form->bounce();
00062         //Utils::redirect( $post->permalink . '#respond' );
00063       }
00064     }
00065   }
00066 
00077   function add_comment( $post, $name = null, $email = null, $url = null, $content = null, $extra = null )
00078   {
00079     if ( is_numeric( $post ) ) {
00080       $post = Post::get( array( 'id' => $post ) );
00081     }
00082 
00083     if ( !$post instanceof Post ) {
00084       // Not sure what you're trying to pull here, but that's no good
00085       header( 'HTTP/1.1 403 Forbidden', true, 403 );
00086       die();
00087     }
00088 
00089     /* Sanitize data */
00090     foreach ( array( 'name', 'url', 'email', 'content' ) as $k ) {
00091       $$k = InputFilter::filter( $$k );
00092     }
00093     
00094     // there should never be any HTML in the name, so do some extra filtering on it
00095     $name = strip_tags( html_entity_decode( $name, ENT_QUOTES, 'UTF-8' ) );
00096 
00097     /* Sanitize the URL */
00098     if ( !empty( $url ) ) {
00099       $parsed = InputFilter::parse_url( $url );
00100       if ( $parsed['is_relative'] ) {
00101         // guess if they meant to use an absolute link
00102         $parsed = InputFilter::parse_url( 'http://' . $url );
00103         if ( ! $parsed['is_error'] ) {
00104           $url = InputFilter::glue_url( $parsed );
00105         }
00106         else {
00107           // disallow relative URLs
00108           $url = '';
00109         }
00110       }
00111       if ( $parsed['is_pseudo'] || ( $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https' ) ) {
00112         // allow only http(s) URLs
00113         $url = '';
00114       }
00115       else {
00116         // reconstruct the URL from the error-tolerant parsing
00117         // http:moeffju.net/blog/ -> http://moeffju.net/blog/
00118         $url = InputFilter::glue_url( $parsed );
00119       }
00120     }
00121 
00122     /* Create comment object*/
00123     $comment = new Comment( array(
00124       'post_id' => $post->id,
00125       'name' => $name,
00126       'email' => $email,
00127       'url' => $url,
00128       'ip' => Utils::get_ip(),
00129       'content' => $content,
00130       'status' => Comment::status('approved'),
00131       'date' => DateTime::create(),
00132       'type' => Comment::type('comment'),
00133     ) );
00134 
00135     // Should this really be here or in a default filter?
00136     // In any case, we should let plugins modify the status after we set it here.
00137     $user = User::identify();
00138     if ( ( $user->loggedin ) && ( $comment->email == $user->email ) ) {
00139       $comment->status = 'approved';
00140     }
00141     
00142     // Allow themes to work with comment hooks
00143     Themes::create();
00144 
00145     // Allow plugins to change comment data and add commentinfo based on plugin-added form fields
00146     Plugins::act( 'comment_accepted', $comment, $this->handler_vars, $extra );
00147 
00148     $spam_rating = 0;
00149     $spam_rating = Plugins::filter( 'spam_filter', $spam_rating, $comment, $this->handler_vars, $extra );
00150     
00151     if ( $spam_rating >= Options::get( 'spam_percentage', 100 ) ) {
00152       $comment->status = 'spam';
00153     }
00154 
00155     $comment->insert();
00156     $anchor = '';
00157 
00158     // If the comment was saved
00159     if ( $comment->id && $comment->status != 'spam' ) { 
00160       $anchor = '#comment-' . $comment->id;
00161 
00162       // store in the user's session that this comment is pending moderation
00163       if ( $comment->status == 'unapproved' ) {
00164         Session::notice( _t( 'Your comment is pending moderation.' ), 'comment_' . $comment->id );
00165       }
00166 
00167       // if no cookie exists, we should set one
00168       // but only if the user provided some details
00169       $cookie_name = 'comment_' . Options::get( 'public-GUID' );
00170       
00171       // build the string we store for the cookie
00172       $cookie_content = implode( '#', array( $comment->name, $comment->email, $comment->url ) );
00173       
00174       // if the user is not logged in and there is no cookie OR the cookie differs from the current set
00175       if ( User::identify()->loggedin == false && ( !isset( $_COOKIE[ $cookie_name ] ) || $_COOKIE[ $cookie_name ] != $cookie_content ) ) {
00176         
00177         // update the cookie
00178         setcookie( $cookie_name, $cookie_content, time() + DateTime::YEAR, Site::get_path( 'base', true ) );
00179         
00180       }
00181     }
00182 
00183     // Return the commenter to the original page.
00184     Utils::redirect( $post->permalink . $anchor );
00185   }
00186 
00187 }
00188 ?>

Generated on Sun Aug 4 2013 12:51:43 for Habari by  doxygen 1.7.1