98 empty($_POST['subj']) || |
98 empty($_POST['subj']) || |
99 empty($_POST['text']) |
99 empty($_POST['text']) |
100 ) { echo 'Invalid request'; break; } |
100 ) { echo 'Invalid request'; break; } |
101 $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; |
101 $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; |
102 $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; |
102 $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; |
103 PageUtils::addcomment($paths->page_id, $paths->namespace, $_POST['name'], $_POST['subj'], $_POST['text'], $cin, $cid); // All filtering, etc. is handled inside this method |
103 |
|
104 require_once('includes/comment.php'); |
|
105 $comments = new Comments($paths->page_id, $paths->namespace); |
|
106 |
|
107 $submission = array( |
|
108 'mode' => 'submit', |
|
109 'captcha_id' => $cid, |
|
110 'captcha_code' => $cin, |
|
111 'name' => $_POST['name'], |
|
112 'subj' => $_POST['subj'], |
|
113 'text' => $_POST['text'], |
|
114 ); |
|
115 |
|
116 $result = $comments->process_json($submission); |
|
117 if ( $result['mode'] == 'error' ) |
|
118 { |
|
119 echo '<div class="error-box">' . htmlspecialchars($result['error']) . '</div>'; |
|
120 } |
|
121 else |
|
122 { |
|
123 echo '<div class="info-box">' . $lang->get('comment_msg_comment_posted') . '</div>'; |
|
124 } |
|
125 |
104 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
126 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
105 break; |
127 break; |
106 case 'editcomment': |
128 case 'editcomment': |
107 if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; } |
129 if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; } |
108 $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); |
130 $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); |
130 PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); |
152 PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); |
131 } |
153 } |
132 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
154 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
133 break; |
155 break; |
134 } |
156 } |
135 $template->footer(); |
157 $output->footer(); |
136 break; |
158 break; |
137 case 'edit': |
159 case 'edit': |
138 if(isset($_POST['_cancel'])) |
160 if(isset($_POST['_cancel'])) |
139 { |
161 { |
140 redirect(makeUrl($paths->page), '', '', 0); |
162 redirect(makeUrl($paths->page), '', '', 0); |