1 <?php |
1 <?php |
2 |
2 |
3 /* |
3 /* |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
5 * Version 1.1.6 (Caoineag beta 1) |
5 * Copyright (C) 2006-2009 Dan Fuhry |
6 * Copyright (C) 2006-2008 Dan Fuhry |
|
7 * |
6 * |
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
7 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
8 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
10 * |
9 * |
11 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
10 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
311 // Preprocess |
310 // Preprocess |
312 $name = ( $session->user_logged_in ) ? htmlspecialchars($session->username) : htmlspecialchars($data['name']); |
311 $name = ( $session->user_logged_in ) ? htmlspecialchars($session->username) : htmlspecialchars($data['name']); |
313 $subj = htmlspecialchars($data['subj']); |
312 $subj = htmlspecialchars($data['subj']); |
314 $text = RenderMan::preprocess_text($data['text'], true, false); |
313 $text = RenderMan::preprocess_text($data['text'], true, false); |
315 $src = $text; |
314 $src = $text; |
|
315 $sql_subj = $db->escape($subj); |
316 $sql_text = $db->escape($text); |
316 $sql_text = $db->escape($text); |
317 $text = RenderMan::render($text); |
317 $text = RenderMan::render($text); |
318 $appr = ( getConfig('approve_comments', '0') == '1' ) ? COMMENT_UNAPPROVED : COMMENT_APPROVED; |
318 $appr = ( getConfig('approve_comments', '0') == '1' ) ? COMMENT_UNAPPROVED : COMMENT_APPROVED; |
319 if ( $appr === COMMENT_APPROVED && $spam_policy === 'moderate' && !$spamcheck ) |
319 if ( $appr === COMMENT_APPROVED && $spam_policy === 'moderate' && !$spamcheck ) |
320 $appr = COMMENT_SPAM; |
320 $appr = COMMENT_SPAM; |
321 $time = time(); |
321 $time = time(); |
322 $date = enano_date('F d, Y h:i a', $time); |
322 $date = enano_date(ED_DATE | ED_TIME, $time); |
323 $ip = $_SERVER['REMOTE_ADDR']; |
323 $ip = $_SERVER['REMOTE_ADDR']; |
324 if ( !is_valid_ip($ip) ) |
324 if ( !is_valid_ip($ip) ) |
325 die('Hacking attempt'); |
325 die('Hacking attempt'); |
326 |
326 |
327 // Send it to the database |
327 // Send it to the database |
328 $q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id, ip_address) VALUES' . "\n " . |
328 $q = $db->sql_query('INSERT INTO '.table_prefix.'comments(page_id,namespace,name,subject,comment_data,approved, time, user_id, ip_address) VALUES' . "\n " . |
329 "('$this->page_id', '$this->namespace', '$name', '$subj', '$sql_text', $appr, $time, {$session->user_id}, '$ip');"); |
329 "('$this->page_id', '$this->namespace', '$name', '$sql_subj', '$sql_text', $appr, $time, {$session->user_id}, '$ip');"); |
330 if(!$q) |
330 if(!$q) |
331 $db->die_json(); |
331 $db->die_json(); |
332 |
332 |
333 // Re-fetch |
333 // Re-fetch |
334 $q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.email,u.signature,u.user_has_avatar,u.avatar_type FROM '.table_prefix.'comments AS c |
334 $q = $db->sql_query('SELECT c.comment_id,c.name,c.subject,c.comment_data,c.time,c.approved,u.user_level,u.user_id,u.email,u.signature,u.user_has_avatar,u.avatar_type FROM '.table_prefix.'comments AS c |