comment.module 55.5 KB
Newer Older
1
<?php
2
// $Id$
Dries's avatar
 
Dries committed
3

Dries's avatar
Dries committed
4 5
/**
 * @file
Dries's avatar
 
Dries committed
6
 * Enables users to comment on published content.
Dries's avatar
Dries committed
7 8 9 10 11 12
 *
 * When enabled, the Drupal comment module creates a discussion
 * board for each Drupal node. Users can post comments to discuss
 * a forum topic, weblog post, story, collaborative book page, etc.
 */

13 14 15 16 17 18
/*
 * Constants
 */
 define('COMMENT_PUBLISHED', 0);
 define('COMMENT_NOT_PUBLISHED', 1);

19 20 21
/**
 * Implementation of hook_help().
 */
22
function comment_help($section) {
Dries's avatar
 
Dries committed
23
  switch ($section) {
Dries's avatar
 
Dries committed
24
    case 'admin/help#comment':
25 26 27 28 29 30 31 32 33 34 35 36
      $output = '<p>'. t('The comment module creates a discussion board for each post. Users can post comments to discuss a forum topic, weblog post, story, collaborative book page, etc. The ability to comment is an important part of involving members in a communtiy dialogue.') .'</p>';
      $output .= '<p>'. t('An administrator can give comment permissions to user groups, and users can (optionally) edit their last comment, assuming no others have been posted since.  Attached to each comment board is a control panel for customizing the way that comments are displayed. Users can control the chronological ordering of posts (newest or oldest first) and the number of posts to display on each page.  Comments behave like other user submissions. Filters, smileys and HTML that work in nodes will also work with comments. The comment module provides specific features to inform site members when new comments have been posted. On sites with active commenting from users, the administrator can turn over comment moderation to the community.') .'</p>';
      $output .= t('<p>You can</p>
<ul>
<li>control access for various comment module functions through access permissions <a href="%admin-access">administer &gt;&gt; access control</a>.</li>
<li>administer comments <a href="%admin-comment-configure"> administer &gt;&gt; comments &gt;&gt; configure</a>.</li>
</ul>
', array('%admin-access' => url('admin/access'), '%admin-comment-configure' => url('admin/comment/configure')));
      $output .= '<p>'. t('For more information please read the configuration and customization handbook <a href="%comment">Comment page</a>.', array('%comment' => 'http://www.drupal.org/handbook/modules/comment/')) .'</p>';
      return $output;
    case 'admin/modules#description':
      return t('Allows users to comment on and discuss published content.');
Dries's avatar
 
Dries committed
37
    case 'admin/comment':
38
    case 'admin/comment/new':
39
      return t("<p>Below is a list of the latest comments posted to your site. Click on a subject to see the comment, the author's name to edit the author's user information , \"edit\" to modify the text, and \"delete\" to remove their submission.</p>");
Dries's avatar
 
Dries committed
40
    case 'admin/comment/approval':
41
      return t("<p>Below is a list of the comments posted to your site that need approval. To approve a comment, click on \"edit\" and then change its \"moderation status\" to Approved. Click on a subject to see the comment, the author's name to edit the author's user information, \"edit\" to modify the text, and \"delete\" to remove their submission.</p>");
Dries's avatar
Dries committed
42 43
    case 'admin/comment/configure':
    case 'admin/comment/configure/settings':
44
      return t("<p>Comments can be attached to any node, and their settings are below. The display comes in two types: a \"flat list\" where everything is flush to the left side, and comments come in chronological order, and a \"threaded list\" where replies to other comments are placed immediately below and slightly indented, forming an outline. They also come in two styles: \"expanded\", where you see both the title and the contents, and \"collapsed\" where you only see the title. Preview comment forces a user to look at their comment by clicking on a \"Preview\" button before they can actually add the comment.</p>");
45
   }
Dries's avatar
 
Dries committed
46 47
}

Dries's avatar
 
Dries committed
48 49 50
/**
 * Implementation of hook_menu().
 */
Dries's avatar
 
Dries committed
51
function comment_menu($may_cache) {
Dries's avatar
 
Dries committed
52 53
  $items = array();

Dries's avatar
 
Dries committed
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
  if ($may_cache) {
    $access = user_access('administer comments');
    $items[] = array('path' => 'admin/comment', 'title' => t('comments'),
      'callback' => 'comment_admin_overview', 'access' => $access);

    // Tabs:
    $items[] = array('path' => 'admin/comment/list', 'title' => t('list'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
    $items[] = array('path' => 'admin/comment/configure', 'title' => t('configure'),
      'callback' => 'comment_configure', 'access' => $access, 'type' => MENU_LOCAL_TASK);

    // Subtabs:
    $items[] = array('path' => 'admin/comment/list/new', 'title' => t('new comments'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
    $items[] = array('path' => 'admin/comment/list/approval', 'title' => t('approval queue'),
      'callback' => 'comment_admin_overview', 'access' => $access,
70
      'callback arguments' => array('approval'),
Dries's avatar
 
Dries committed
71 72 73 74 75 76
      'type' => MENU_LOCAL_TASK);

    $items[] = array('path' => 'admin/comment/configure/settings', 'title' => t('settings'),
      'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);

    $access = user_access('post comments');
77 78
    $items[] = array('path' => 'comment/reply', 'title' => t('reply to comment'),
      'callback' => 'comment_save_settings', 'access' => 1, 'type' => MENU_CALLBACK);
79
    $items[] = array('path' => 'comment/edit', 'title' => t('edit comment'),
Dries's avatar
 
Dries committed
80
      'callback' => 'comment_edit', 'access' => $access, 'type' => MENU_CALLBACK);
81 82
    $items[] = array('path' => 'comment/delete', 'title' => t('delete comment'),
      'callback' => 'comment_delete', 'access' => $access, 'type' => MENU_CALLBACK);
Dries's avatar
 
Dries committed
83
  }
Dries's avatar
 
Dries committed
84 85
  else {
    if (arg(0) == 'comment' && arg(1) == 'reply' && is_numeric(arg(2))) {
86
      $node = node_load(arg(2));
Dries's avatar
 
Dries committed
87 88 89 90 91 92 93 94 95 96
      if ($node->nid) {
        $items[] = array('path' => 'comment/reply', 'title' => t('reply to comment'),
          'callback' => 'comment_reply', 'access' => node_access('view', $node), 'type' => MENU_CALLBACK);
      }
    }
    if ((arg(0) == 'node') && is_numeric(arg(1)) && is_numeric(arg(2))) {
      $items[] = array('path' => ('node/'. arg(1) .'/'. arg(2)), 'title' => t('view'),
        'callback' => 'node_page',
        'type' => MENU_CALLBACK);
    }
Dries's avatar
 
Dries committed
97
  }
Dries's avatar
 
Dries committed
98 99 100 101 102 103 104 105

  return $items;
}

/**
 * Implementation of hook_perm().
 */
function comment_perm() {
106
  return array('access comments', 'post comments', 'administer comments', 'post comments without approval');
Dries's avatar
 
Dries committed
107 108 109 110 111 112 113 114 115 116 117 118
}

/**
 * Implementation of hook_block().
 *
 * Generates a block with the most recent comments.
 */
function comment_block($op = 'list', $delta = 0) {
  if ($op == 'list') {
    $blocks[0]['info'] = t('Recent comments');
    return $blocks;
  }
119
  else if ($op == 'view' && user_access('access comments')) {
120
    $result = db_query_range(db_rewrite_sql('SELECT c.nid, c.* FROM {comments} c INNER JOIN {node} n ON n.nid = c.nid WHERE n.status = 1 AND c.status = %d ORDER BY c.timestamp DESC', 'c'), COMMENT_PUBLISHED, 0, 10);
Dries's avatar
 
Dries committed
121 122
    $items = array();
    while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
123
      $items[] = l($comment->subject, 'node/'. $comment->nid, NULL, NULL, 'comment-'. $comment->cid) .'<br />'. t('%time ago', array('%time' => format_interval(time() - $comment->timestamp)));
Dries's avatar
 
Dries committed
124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189
    }

    $block['subject'] = t('Recent comments');
    $block['content'] = theme('item_list', $items);
    return $block;
  }
}

/**
 * Implementation of hook_link().
 */
function comment_link($type, $node = 0, $main = 0) {
  $links = array();

  if ($type == 'node' && $node->comment) {

    if ($main) {
      // Main page: display the number of comments that have been posted.

      if (user_access('access comments')) {
        $all = comment_num_all($node->nid);
        $new = comment_num_new($node->nid);

        if ($all) {
          $links[] = l(format_plural($all, '1 comment', '%count comments'), "node/$node->nid", array('title' => t('Jump to the first comment of this posting.')), NULL, 'comment');

          if ($new) {
            $links[] = l(format_plural($new, '1 new comment', '%count new comments'), "node/$node->nid", array('title' => t('Jump to the first new comment of this posting.')), NULL, 'new');
          }
        }
        else {
          if ($node->comment == 2) {
            if (user_access('post comments')) {
              $links[] = l(t('add new comment'), "comment/reply/$node->nid", array('title' => t('Add a new comment to this page.')));
            }
            else {
              $links[] = theme('comment_post_forbidden');
            }
          }
        }
      }
    }
    else {
      // Node page: add a "post comment" link if the user is allowed to
      // post comments, if this node is not read-only, and if the comment form isn't already shown

      if ($node->comment == 2 && variable_get('comment_form_location', 0) == 0) {
        if (user_access('post comments')) {
          $links[] = l(t('add new comment'), "comment/reply/$node->nid", array('title' => t('Share your thoughts and opinions related to this posting.')), NULL, 'comment');
        }
        else {
          $links[] = theme('comment_post_forbidden');
        }
      }
    }
  }

  if ($type == 'comment') {
    $links = comment_links($node, $main);
  }

  return $links;
}

/**
 * Implementation of hook_nodeapi().
Dries's avatar
 
Dries committed
190
 *
Dries's avatar
 
Dries committed
191 192 193 194
 */
function comment_nodeapi(&$node, $op, $arg = 0) {
  switch ($op) {
    case 'settings':
195
      $form['comment_'. $node->type] = array('#type' => 'radios', '#title' => t('Default comment setting'), '#default_value' => variable_get('comment_'. $node->type, 2), '#options' => array(t('Disabled'), t('Read only'), t('Read/Write')), '#description' => t('Users with the <em>administer comments</em> permission will be able to override this setting.'));
196
      return $form;
Dries's avatar
 
Dries committed
197 198
    case 'fields':
      return array('comment');
199

200
    case 'form':
Dries's avatar
 
Dries committed
201 202
      if (user_access('administer comments')) {
        $selected = isset($node->comment) ? $node->comment : variable_get("comment_$node->type", 2);
203 204
        $form['user_comments'] = array('#type' => 'fieldset', '#title' => t('User Comments'), '#collapsible' => TRUE, '#collapsed' => TRUE);
        $form['user_comments']['comment'] = array('#type' => 'radios', '#parents' => array('comment'), '#default_value' => $selected, '#options' => array(t('Disabled'), t('Read only'), t('Read/Write')));
205
        return $form;
Dries's avatar
 
Dries committed
206 207
      }
      break;
208

Dries's avatar
 
Dries committed
209
    case 'load':
210
      return db_fetch_array(db_query("SELECT last_comment_timestamp, last_comment_name, comment_count FROM {node_comment_statistics} WHERE nid = %d", $node->nid));
Dries's avatar
 
Dries committed
211
    case 'validate':
212
      if (!user_access('administer comments')) {
Dries's avatar
 
Dries committed
213 214 215 216
        // Force default for normal users:
        $node->comment = variable_get("comment_$node->type", 2);
      }
      break;
217

Dries's avatar
 
Dries committed
218
    case 'insert':
219
      db_query('INSERT INTO {node_comment_statistics} (nid, last_comment_timestamp, last_comment_name, last_comment_uid, comment_count) VALUES (%d, %d, NULL, %d, 0)', $node->nid, $node->created, $node->uid);
Dries's avatar
 
Dries committed
220
      break;
221

Dries's avatar
 
Dries committed
222
    case 'delete':
Dries's avatar
 
Dries committed
223 224
      db_query('DELETE FROM {comments} WHERE nid = %d', $node->nid);
      db_query('DELETE FROM {node_comment_statistics} WHERE nid = %d', $node->nid);
Dries's avatar
 
Dries committed
225
      break;
226

Dries's avatar
Dries committed
227 228
    case 'update index':
      $text = '';
229
      $comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = %d AND status = %d', $node->nid, COMMENT_PUBLISHED);
Dries's avatar
Dries committed
230
      while ($comment = db_fetch_object($comments)) {
231
        $text .= '<h2>'. check_plain($comment->subject) .'</h2>'. check_markup($comment->comment, $comment->format, FALSE);
Dries's avatar
Dries committed
232 233
      }
      return $text;
234

Dries's avatar
Dries committed
235 236 237
    case 'search result':
      $comments = db_result(db_query('SELECT comment_count FROM {node_comment_statistics} WHERE nid = %d', $node->nid));
      return format_plural($comments, '1 comment', '%count comments');
238

Steven Wittens's avatar
- Typo  
Steven Wittens committed
239
    case 'rss item':
Steven Wittens's avatar
Steven Wittens committed
240
      return array(array('key' => 'comments', 'value' => url('node/'. $node->nid, NULL, 'comment', TRUE)));
Dries's avatar
 
Dries committed
241 242 243 244 245 246 247 248 249 250 251
  }
}

/**
 * Implementation of hook_user().
 *
 * Provides signature customization for the user's comments.
 */
function comment_user($type, $edit, &$user, $category = NULL) {
  if ($type == 'form' && $category == 'account') {
    // when user tries to edit his own data
252 253
    $form['comment_settings'] = array('#type' => 'fieldset', '#title' => t('Comment settings'), '#collapsible' => TRUE, '#weight' => 4);
    $form['comment_settings']['signature'] = array('#type' => 'textarea', '#title' => t('Signature'), '#default_value' => $edit['comment_settings']['signature'], '#description' => ('Your signature will be publicly displayed at the end of your comments.'));
254 255

    return $form;
Dries's avatar
 
Dries committed
256 257 258
  }
}

259
/**
Dries's avatar
 
Dries committed
260
 * Menu callback; presents the comment settings page.
261
 */
Dries's avatar
 
Dries committed
262
function comment_configure() {
263
  $form['viewing_options'] = array('#type' => 'fieldset', '#title' => t('Comment viewing options'), '#collapsible' => TRUE, '#collapsed' => TRUE, '#weight' => 0);
Dries's avatar
 
Dries committed
264

265
  $form['viewing_options']['comment_default_mode'] = array('#type' => 'radios', '#title' => t('Default display mode'), '#default_value' => variable_get('comment_default_mode', 4), '#options' => _comment_get_modes(), '#description' => t('The default view for comments. Expanded views display the body of the comment. Threaded views keep replies together.'));
266

267
  $form['viewing_options']['comment_default_order'] = array('#type' => 'radios', '#title' => t('Default display order'), '#default_value' => variable_get('Default display order', 1), '#options' => _comment_get_orders(), '#description' => t('The default sorting for new users and anonymous users while viewing comments. These users may change their view using the comment control panel. For registered users, this change is remembered as a persistent user preference.'));
Dries's avatar
 
Dries committed
268

269
  $form['viewing_options']['comment_default_per_page'] = array(
270 271 272 273 274
    '#type' => 'select',
    '#title' => t('Default comments per page'),
    '#default_value' => variable_get('comment_default_per_page', 50),
    '#options' => _comment_per_page(),
    '#description' => t('Default number of comments for each page: more comments are distributed in several pages.')
275 276
  );

277
  $form['viewing_options']['comment_controls'] = array('#type' => 'radios', '#title' => t('Comment controls'), '#default_value' => variable_get('comment_controls', 3), '#options' => array(t('Display above the comments'), t('Display below the comments'), t('Display above and below the comments'), t('Do not display')), '#description' => t('Position of the comment controls box.  The comment controls let the user change the default display mode and display order of comments.'));
278

279
  $form['posting_settings'] = array('#type' => 'fieldset', '#title' => t('Comment posting settings'), '#collapsible' => true, '#collapsed' => true, '#weight' => 0);
280

281
  $form['posting_settings']['comment_anonymous'] = array('#type' => 'radios', '#title' => t('Comment controls'), '#default_value' => variable_get('comment_anonymous', 1), '#options' => array(t('Anonymous posters may not enter their contact information'), t('Anonymous posters may leave their contact information'), t('Anonymous posters must leave their contact information')),'#description' => t('This feature is only useful if you allow anonymous users to post comments.  See the <a href="%url">permissions page</a>.', array('%url' => url('admin/access/permissions'))));
282 283

  $form['posting_settings']['comment_subject_field'] = array(
284 285 286 287 288
    '#type' => 'radios',
    '#title' => t('Comment subject field'),
    '#default_value' => variable_get('comment_subject_field', 1),
    '#options' => array(t('Disabled'), t('Enabled')),
    '#description' => t('Can users provide a unique subject for their comments?')
289 290
  );

291
  $form['posting_settings']['comment_preview'] = array('#type' => 'radios', '#title' => t('Preview comment'), '#default_value' => variable_get('comment_preview', 1), '#options' => array(t('Optional'), t('Required')));
292

293
  $form['posting_settings']['comment_form_location'] = array('#type' => 'radios', '#title' => t('Location of comment submission form'), '#default_value' => variable_get('comment_form_location', 0), '#options' => array(t('Display on separate page'), t('Display below post or comments')));
294 295

  return system_settings_form('comment_settings_form', $form);
Dries's avatar
 
Dries committed
296 297
}

298 299 300 301 302 303 304 305 306 307
/**
 * This is *not* a hook_access() implementation. This function is called
 * to determine whether the current user has access to a particular comment.
 *
 * Authenticated users can edit their comments as long they have not been
 * replied to. This prevents people from changing or revising their
 * statements based on the replies their posts got. Furthermore, users
 * can't reply to their own comments and are encouraged instead to extend
 * their original comment.
 */
Dries's avatar
 
Dries committed
308
function comment_access($op, $comment) {
Dries's avatar
 
Dries committed
309 310
  global $user;

311
  if ($op == 'edit') {
312
    return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0) || user_access('administer comments');
Dries's avatar
 
Dries committed
313 314
  }
}
315

Dries's avatar
 
Dries committed
316
function comment_node_url() {
Dries's avatar
Dries committed
317
  return arg(0) .'/'. arg(1);
Dries's avatar
 
Dries committed
318
}
Dries's avatar
 
Dries committed
319

Dries's avatar
 
Dries committed
320 321 322
function comment_edit($cid) {
  global $user;

323
  $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d', $cid));
Dries's avatar
 
Dries committed
324
  $comment = drupal_unpack($comment);
325
  $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
326
  if (comment_access('edit', $comment)) {
327
    return comment_form(object2array($comment));
328 329 330
  }
  else {
    drupal_access_denied();
Dries's avatar
 
Dries committed
331 332 333
  }
}

Dries's avatar
Dries committed
334
function comment_reply($nid, $pid = NULL) {
335
  // set the breadcrumb trail
336
  $node = node_load($nid);
337
  menu_set_location(array(array('path' => "node/$nid", 'title' => $node->title), array('path' => "comment/reply/$nid")));
Dries's avatar
 
Dries committed
338

339
  $output = '';
Dries's avatar
 
Dries committed
340

Dries's avatar
Dries committed
341 342 343
  // are we posting or previewing a reply?
  if ($_POST['op'] == t('Post comment')) {
    $edit = $_POST['edit'];
344
    $edit = comment_validate($edit);
345
    drupal_set_title(t('Post comment'));
346 347 348 349 350
    if (!$cid = comment_save($edit)) {
      // comment could not be posted. show edit form with errors
      return comment_preview($edit);
    }
    else {
351
      drupal_goto("node/$nid", NULL, "comment-$cid");
352
    }
Dries's avatar
Dries committed
353 354 355
  }
  else if ($_POST['op'] == t('Preview comment')) {
    $edit = $_POST['edit'];
356
    $edit = comment_validate($edit);
357
    drupal_set_title(t('Preview comment'));
Dries's avatar
 
Dries committed
358
    return comment_preview($edit);
Dries's avatar
Dries committed
359
  }
Dries's avatar
 
Dries committed
360

Dries's avatar
Dries committed
361 362 363 364 365
  // or are we merely showing the form?
  if (user_access('access comments')) {

    // if this is a reply to another comment, show that comment first
    // else, we'll just show the user the node they're commenting on.
Dries's avatar
 
Dries committed
366
    if ($pid) {
367
      $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED));
Dries's avatar
 
Dries committed
368
      $comment = drupal_unpack($comment);
369
      $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
370
      $output .= theme('comment_view', $comment);
Dries's avatar
 
Dries committed
371
    }
372
    else if (user_access('access content')) {
373
      $output .= node_view($node);
Dries's avatar
 
Dries committed
374 375
      $pid = 0;
    }
Dries's avatar
 
Dries committed
376

Dries's avatar
Dries committed
377
    // should we show the reply box?
Dries's avatar
 
Dries committed
378
    if (node_comment_mode($nid) != 2) {
379
      drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error');
Kjartan's avatar
Kjartan committed
380
    }
381
    else if (user_access('post comments')) {
382
      $output .= comment_form(array('pid' => $pid, 'nid' => $nid), t('Reply'));
Dries's avatar
 
Dries committed
383 384
    }
    else {
385
      drupal_set_message(t('You are not authorized to post comments.'), 'error');
Dries's avatar
 
Dries committed
386
    }
Kjartan's avatar
Kjartan committed
387 388
  }
  else {
389
    drupal_set_message(t('You are not authorized to view comments.'), 'error');
Dries's avatar
 
Dries committed
390
  }
Dries's avatar
 
Dries committed
391

Dries's avatar
 
Dries committed
392
  return $output;
Dries's avatar
 
Dries committed
393 394
}

395
function comment_validate(&$edit) {
Dries's avatar
 
Dries committed
396
  global $user;
Dries's avatar
 
Dries committed
397

398 399 400
  // Invoke other validation handlers
  comment_invoke_comment($edit, 'validate');

401 402 403 404 405 406 407
  // only admins can change these fields
  if (!user_access('administer comments')) {
    $edit['uid'] = $user->uid;
    $edit['timestamp'] = time();
    $edit['status'] = user_access('post comments without approval') ? 0 : 1;
  }
  else {
408 409 410
    $date = isset($edit['date']) ? $edit['date'] : 'now';
    if (strtotime($date) != -1) {
      $edit['timestamp'] = strtotime($date);
411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431
    }
    else {
      form_set_error('date', t('You have to specify a valid date.'));
    }

    if ($edit['uid']) {
      // if a registered user posted the comment, we assume you only want to transfer authorship
      // to another registered user. Name changes are freely allowed on anon comments.
      if ($account = user_load(array('name' => $edit['author']))) {
        $edit['uid'] = $account->uid;
      }
      else {
        form_set_error('author', t('You have to specify a valid author.'));
      }
    }
    else {
      $edit['uid'] = 0;
      $edit['name'] = $edit['author'];
    }
  }

432 433
  // Validate the comment's subject.  If not specified, extract
  // one from the comment's body.
434 435 436 437 438
  if (trim($edit['subject']) == '') {
    // The body may be in any format, so we:
    // 1) Filter it into HTML
    // 2) Strip out all HTML tags
    // 3) Convert entities back to plain-text.
439 440
  // Note: format is checked by check_markup().
    $edit['subject'] = truncate_utf8(decode_entities(strip_tags(check_markup($edit['comment'], $edit['format']))), 29, TRUE);
441
  }
Dries's avatar
 
Dries committed
442

443
  // Validate the comment's body.
Dries's avatar
 
Dries committed
444 445 446 447
  if ($edit['comment'] == '') {
    form_set_error('comment', t('The body of your comment is empty.'));
  }

448
  // Validate filter format
449
  if (array_key_exists('format', $edit) && !filter_access($edit['format'])) {
450 451 452
    form_set_error('format', t('The supplied input format is invalid.'));
  }

453
  // Check validity of name, mail and homepage (if given)
Dries's avatar
 
Dries committed
454
  if (!$user->uid) {
455
    if (variable_get('comment_anonymous', 1) > 1) {
Dries's avatar
 
Dries committed
456
      if ($edit['name']) {
457
        $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0);
Dries's avatar
 
Dries committed
458 459 460 461 462 463

        if ($taken != 0) {
          form_set_error('name', t('The name you used belongs to a registered user.'));
        }

      }
464
      else if (variable_get('comment_anonymous', 1) == 3) {
Dries's avatar
 
Dries committed
465 466 467 468 469
        form_set_error('name', t('You have to leave your name.'));
      }

      if ($edit['mail']) {
        if (!valid_email_address($edit['mail'])) {
470
          form_set_error('mail', t('The e-mail address you specified is not valid.'));
Dries's avatar
 
Dries committed
471 472
        }
      }
473
      else if (variable_get('comment_anonymous', 1) == 3) {
Dries's avatar
 
Dries committed
474 475 476 477 478 479 480 481 482 483
        form_set_error('mail', t('You have to leave an e-mail address.'));
      }

      if ($edit['homepage']) {
        if (!valid_url($edit['homepage'], TRUE)) {
          form_set_error('homepage', t('The URL of your homepage is not valid.  Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.'));
        }
      }
    }
  }
484

485
  return $edit;
Dries's avatar
 
Dries committed
486 487
}

Dries's avatar
 
Dries committed
488
function comment_preview($edit) {
Dries's avatar
 
Dries committed
489
  global $user;
Dries's avatar
 
Dries committed
490

491
  $output = '';
Dries's avatar
 
Dries committed
492

493
  $comment = array2object($edit);
Dries's avatar
 
Dries committed
494

495
  // Attach the user and time information.
496 497 498 499 500 501 502 503 504 505 506
  if ($edit['author']) {
    $account = user_load(array('name' => $edit['author']));
  }
  elseif ($user->uid) {
    $account = $user;
  }
  if ($account) {
    $comment->uid = $account->uid;
    $comment->name = check_plain($account->name);
  }
  $comment->timestamp = $edit['timestamp'] ? $edit['timestamp'] : time();
Dries's avatar
 
Dries committed
507

508 509 510 511
  // Preview the comment with security check.
  if (!form_get_errors()) {
    $output .= theme('comment_view', $comment);
  }
512
  $output .= comment_form($edit, t('Reply'));
Kjartan's avatar
Kjartan committed
513

514
  if ($edit['pid']) {
515
    $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED));
Dries's avatar
 
Dries committed
516
    $comment = drupal_unpack($comment);
517
    $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
518
    $output .= theme('comment_view', $comment);
Kjartan's avatar
Kjartan committed
519 520
  }
  else {
521
    $output .= node_view(node_load($edit['nid']));
522
    $edit['pid'] = 0;
Kjartan's avatar
Kjartan committed
523
  }
Dries's avatar
 
Dries committed
524 525

  return $output;
Dries's avatar
 
Dries committed
526 527
}

528 529 530 531 532 533 534 535 536 537 538
/**
 * Accepts a submission of new or changed comment content.
 *
 * @param $edit
 *   A comment array.
 *
 * @return
 *   If the comment is successfully saved the comment ID is returned.  If the comment
 *   is not saved, FALSE is returned.
 */
function comment_save($edit) {
Dries's avatar
 
Dries committed
539
  global $user;
540
  if (user_access('post comments') && (user_access('administer coments') || node_comment_mode($edit['nid']) == 2)) {
Dries's avatar
 
Dries committed
541
    if (!form_get_errors()) {
542 543
      // Check for duplicate comments.  Note that we have to use the
      // validated/filtered data to perform such check.
544
      $duplicate = db_result(db_query("SELECT COUNT(cid) FROM {comments} WHERE pid = %d AND nid = %d AND subject = '%s' AND comment = '%s'", $edit['pid'], $edit['nid'], $edit['subject'], $edit['comment']), 0);
Dries's avatar
 
Dries committed
545
      if ($duplicate != 0) {
546
        watchdog('content', t('Comment: duplicate %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_WARNING);
Dries's avatar
 
Dries committed
547
      }
Dries's avatar
 
Dries committed
548

549
      if ($edit['cid']) {
550
        // Update the comment in the database.
551
        db_query("UPDATE {comments} SET status = '%s', timestamp = %d, subject = '%s', comment = '%s', format = '%s', uid = %d, name = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['cid']);
Dries's avatar
 
Dries committed
552

Dries's avatar
 
Dries committed
553 554
        _comment_update_node_statistics($edit['nid']);

555
        // Allow modules to respond to the updating of a comment.
556 557
        comment_invoke_comment($edit, 'update');

Dries's avatar
 
Dries committed
558

Dries's avatar
Dries committed
559
        // Add an entry to the watchdog log.
560
        watchdog('content', t('Comment: updated %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid']));
Dries's avatar
 
Dries committed
561 562
      }
      else {
563
        // Add the comment to database.
564
        $status = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;
565
        $roles = variable_get('comment_roles', array());
Dries's avatar
 
Dries committed
566 567 568 569 570 571
        $score = 0;

        foreach (array_intersect(array_keys($roles), array_keys($user->roles)) as $rid) {
          $score = max($roles[$rid], $score);
        }

Dries's avatar
 
Dries committed
572 573
        $users = serialize(array(0 => $score));

574 575
        // Here we are building the thread field.  See the comment
        // in comment_render().
576
        if ($edit['pid'] == 0) {
577 578
          // This is a comment with no parent comment (depth 0): we start
          // by retrieving the maximum thread level.
579
          $max = db_result(db_query('SELECT MAX(thread) FROM {comments} WHERE nid = %d', $edit['nid']));
Dries's avatar
 
Dries committed
580

581 582
          // Strip the "/" from the end of the thread.
          $max = rtrim($max, '/');
Dries's avatar
 
Dries committed
583

584 585 586 587 588
          // Next, we increase this value by one.  Note that we can't
          // use 1, 2, 3, ... 9, 10, 11 because we order by string and
          // 10 would be right after 1.  We use 1, 2, 3, ..., 9, 91,
          // 92, 93, ... instead.  Ugly but fast.
          $decimals = (string) substr($max, 0, strlen($max) - 1);
Dries's avatar
 
Dries committed
589 590 591 592 593 594 595 596 597
          $units = substr($max, -1, 1);
          if ($units) {
            $units++;
          }
          else {
            $units = 1;
          }

          if ($units == 10) {
598
            $units = '90';
Dries's avatar
 
Dries committed
599 600
          }

601
          // Finally, build the thread field for this new comment.
602
          $thread = $decimals . $units .'/';
Dries's avatar
 
Dries committed
603 604
        }
        else {
605 606
          // This is comment with a parent comment: we increase
          // the part of the thread value at the proper depth.
Dries's avatar
 
Dries committed
607 608

          // Get the parent comment:
609
          $parent = db_fetch_object(db_query('SELECT * FROM {comments} WHERE cid = %d', $edit['pid']));
Dries's avatar
 
Dries committed
610

611
          // Strip the "/" from the end of the parent thread.
612
          $parent->thread = (string) rtrim((string) $parent->thread, '/');
Dries's avatar
 
Dries committed
613

614
          // Get the max value in _this_ thread.
Dries's avatar
 
Dries committed
615
          $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE '%s.%%' AND nid = %d", $parent->thread, $edit['nid']));
Dries's avatar
 
Dries committed
616

617 618
          if ($max == '') {
            // First child of this parent.
619
            $thread = $parent->thread .'.1/';
Dries's avatar
 
Dries committed
620 621
          }
          else {
622 623
            // Strip the "/" at the end of the thread.
            $max = rtrim($max, '/');
Dries's avatar
 
Dries committed
624

625 626 627
            // We need to get the value at the correct depth.
            $parts = explode('.', $max);
            $parent_depth = count(explode('.', $parent->thread));
Dries's avatar
 
Dries committed
628 629
            $last = $parts[$parent_depth];

630 631 632 633
            // Next, we increase this value by one.  Note that we can't
            // use 1, 2, 3, ... 9, 10, 11 because we order by string and
            // 10 would be right after 1.  We use 1, 2, 3, ..., 9, 91,
            // 92, 93, ... instead.  Ugly but fast.
Dries's avatar
 
Dries committed
634 635 636 637
            $decimals = (string)substr($last, 0, strlen($last) - 1);
            $units = substr($last, -1, 1);
            $units++;
            if ($units == 10) {
638
              $units = '90';
Dries's avatar
 
Dries committed
639 640
            }

641
            // Finally, build the thread field for this new comment.
642
            $thread = $parent->thread .'.'. $decimals . $units .'/';
Dries's avatar
 
Dries committed
643 644 645
          }
        }

646
        $edit['cid'] = db_next_id('{comments}_cid');
Dries's avatar
 
Dries committed
647 648 649 650 651 652
        $edit['timestamp'] = time();

        if ($edit['uid'] = $user->uid) {
          $edit['name'] = $user->name;
        }

653
        db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit['cid'], $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $edit['status'], $score, $users, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
Dries's avatar
 
Dries committed
654 655

        _comment_update_node_statistics($edit['nid']);
Dries's avatar
 
Dries committed
656

657
        // Tell the other modules a new comment has been submitted.
658
        comment_invoke_comment($edit, 'insert');
Dries's avatar
 
Dries committed
659

660
        // Add an entry to the watchdog log.
661
        watchdog('content', t('Comment: added %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid']));
Dries's avatar
 
Dries committed
662
      }
Dries's avatar
 
Dries committed
663

664
      // Clear the cache so an anonymous user can see his comment being added.
Dries's avatar
 
Dries committed
665
      cache_clear_all();
Dries's avatar
 
Dries committed
666

Dries's avatar
 
Dries committed
667
      // Explain the approval queue if necessary, and then
Dries's avatar
 
Dries committed
668
      // redirect the user to the node he's commenting on.
669
      if ($status == COMMENT_NOT_PUBLISHED) {
Dries's avatar
 
Dries committed
670
        drupal_set_message(t('Your comment has been queued for moderation by site administrators and will be published after approval.'));
Dries's avatar
 
Dries committed
671
      }
672
      return $edit['cid'];
Dries's avatar
 
Dries committed
673 674
    }
    else {
675
      return FALSE;
Dries's avatar
 
Dries committed
676 677
    }
  }
Dries's avatar
 
Dries committed
678
  else {
679
    $txt = t('Comment: unauthorized comment submitted or comment submitted to a closed node %subject.', array('%subject' => theme('placeholder', $edit['subject'])));
680 681 682
    watchdog('content', $txt, WATCHDOG_WARNING);
    drupal_set_message($txt, 'error');
    return FALSE;
Dries's avatar
 
Dries committed
683 684 685 686
  }
}

function comment_links($comment, $return = 1) {
Dries's avatar
 
Dries committed
687
  global $user;
Dries's avatar
 
Dries committed
688

Dries's avatar
 
Dries committed
689
  $links = array();
Dries's avatar
 
Dries committed
690

691
  // If we are viewing just this comment, we link back to the node.
Dries's avatar
 
Dries committed
692
  if ($return) {
693
    $links[] = l(t('parent'), comment_node_url(), NULL, NULL, "comment-$comment->cid");
Dries's avatar
 
Dries committed
694
  }
Dries's avatar
 
Dries committed
695

Dries's avatar
 
Dries committed
696
  if (node_comment_mode($comment->nid) == 2) {
697
    if (user_access('administer comments') && user_access('access administration pages')) {
698 699
      $links[] = l(t('delete'), "comment/delete/$comment->cid");
      $links[] = l(t('edit'), "comment/edit/$comment->cid");
Dries's avatar
 
Dries committed
700
      $links[] = l(t('reply'), "comment/reply/$comment->nid/$comment->cid");
701
    }
702 703
    else if (user_access('post comments')) {
      if (comment_access('edit', $comment)) {
Dries's avatar
 
Dries committed
704
        $links[] = l(t('edit'), "comment/edit/$comment->cid");
Dries's avatar
 
Dries committed
705
      }
Dries's avatar
 
Dries committed
706
      $links[] = l(t('reply'), "comment/reply/$comment->nid/$comment->cid");
Dries's avatar
 
Dries committed
707 708
    }
    else {
709
      $links[] = theme('comment_post_forbidden');
Dries's avatar
 
Dries committed
710
    }
Dries's avatar
 
Dries committed
711
  }
Dries's avatar
 
Dries committed
712

Dries's avatar
 
Dries committed
713
  return $links;
Dries's avatar
 
Dries committed
714 715
}

Dries's avatar
 
Dries committed
716
function comment_render($node, $cid = 0) {
Dries's avatar
 
Dries committed
717 718
  global $user;

719 720 721 722
  $mode = $_GET['mode'];
  $order = $_GET['order'];
  $comments_per_page = $_GET['comments_per_page'];
  $comment_page = $_GET['comment_page'];
Dries's avatar
 
Dries committed
723

724
  $output = '';
Dries's avatar
 
Dries committed
725

726 727
  if (user_access('access comments')) {
    // Pre-process variables.
Dries's avatar
 
Dries committed
728
    $nid = $node->nid;
Dries's avatar
 
Dries committed
729 730
    if (empty($nid)) {
      $nid = 0;
Dries's avatar
 
Dries committed
731 732 733
    }

    if (empty($mode)) {
734
      $mode = $user->mode ? $user->mode : ($_SESSION['comment_mode'] ? $_SESSION['comment_mode'] : variable_get('comment_default_mode', 4));
Dries's avatar
 
Dries committed
735 736 737
    }

    if (empty($order)) {
738
      $order = $user->sort ? $user->sort : ($_SESSION['comment_sort'] ? $_SESSION['comment_sort'] : variable_get('comment_default_order', 1));
Dries's avatar
 
Dries committed
739 740
    }

Dries's avatar
 
Dries committed
741
    if (empty($comments_per_page)) {
742
      $comments_per_page = $user->comments_per_page ? $user->comments_per_page : ($_SESSION['comment_comments_per_page'] ? $_SESSION['comment_comments_per_page'] : variable_get('comment_default_per_page', '50'));
Dries's avatar
 
Dries committed
743
    }
Dries's avatar
 
Dries committed
744

Dries's avatar
 
Dries committed
745
    $output .= "<a id=\"comment\"></a>\n";
Dries's avatar
 
Dries committed
746

Kjartan's avatar
Kjartan committed
747
    if ($cid) {
748
      // Single comment view.
749
      $result = db_query('SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users', $cid, COMMENT_PUBLISHED);
Dries's avatar
 
Dries committed
750

Dries's avatar
 
Dries committed
751
      if ($comment = db_fetch_object($result)) {
752
        $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
753
        $output .= theme('comment_view', $comment, module_invoke_all('link', 'comment', $comment, 1));
Dries's avatar
 
Dries committed
754
      }
Dries's avatar
 
Dries committed
755
    }
Dries's avatar
 
Dries committed
756
    else {
757
      // Multiple comment view
Dries's avatar
 
Dries committed
758

759
      $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d AND c.status = %d";
Dries's avatar
 
Dries committed
760

761
      $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread';
Dries's avatar
 
Dries committed
762

Dries's avatar
 
Dries committed
763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824
      /*
      ** We want to use the standard pager, but threads would need every
      ** comment to build the thread structure, so we need to store some
      ** extra info.
      **
      ** We use a "thread" field to store this extra info. The basic idea
      ** is to store a value and to order by that value. The "thread" field
      ** keeps this data in a way which is easy to update and convenient
      ** to use.
      **
      ** A "thread" value starts at "1". If we add a child (A) to this
      ** comment, we assign it a "thread" = "1.1". A child of (A) will have
      ** "1.1.1". Next brother of (A) will get "1.2". Next brother of the
      ** parent of (A) will get "2" and so on.
      **
      ** First of all note that the thread field stores the depth of the
      ** comment: depth 0 will be "X", depth 1 "X.X", depth 2 "X.X.X", etc.
      **
      ** Now to get the ordering right, consider this example:
      **
      ** 1
      ** 1.1
      ** 1.1.1
      ** 1.2
      ** 2
      **
      ** If we "ORDER BY thread ASC" we get the above result, and this is
      ** the natural order sorted by time.  However, if we "ORDER BY thread
      ** DESC" we get:
      **
      ** 2
      ** 1.2
      ** 1.1.1
      ** 1.1
      ** 1
      **
      ** Clearly, this is not a natural way to see a thread, and users
      ** will get confused. The natural order to show a thread by time
      ** desc would be:
      **
      ** 2
      ** 1
      ** 1.2
      ** 1.1
      ** 1.1.1
      **
      ** which is what we already did before the standard pager patch. To
      ** achieve this we simply add a "/" at the end of each "thread" value.
      ** This way out thread fields will look like depicted below:
      **
      ** 1/
      ** 1.1/
      ** 1.1.1/
      ** 1.2/
      ** 2/
      **
      ** we add "/" since this char is, in ASCII, higher than every number,
      ** so if now we "ORDER BY thread DESC" we get the correct order.  Try
      ** it, it works ;).  However this would spoil the "ORDER BY thread ASC"
      ** Here, we do not need to consider the trailing "/" so we use a
      ** substring only.
      */
Dries's avatar
 
Dries committed
825 826

      if ($order == 1) {
Dries's avatar
 
Dries committed
827
        if ($mode == 1 || $mode == 2) {
828
          $query .= ' ORDER BY c.timestamp DESC';
Dries's avatar
 
Dries committed
829 830
        }
        else {
831
          $query .= ' ORDER BY c.thread DESC';
Dries's avatar
 
Dries committed
832
        }
Dries's avatar
 
Dries committed
833
      }
Dries's avatar
 
Dries committed
834
      else if ($order == 2) {
Dries's avatar
 
Dries committed
835
        if ($mode == 1 || $mode == 2) {
836
          $query .= ' ORDER BY c.timestamp';
Dries's avatar
 
Dries committed
837 838 839 840 841 842 843 844 845
        }
        else {

          /*
          ** See comment above.  Analysis learns that this doesn't cost
          ** too much.  It scales much much better than having the whole
          ** comment structure.
          */

846
          $query .= ' ORDER BY SUBSTRING(c.thread, 1, (LENGTH(c.thread) - 1))';
Dries's avatar
 
Dries committed
847
        }
Dries's avatar
 
Dries committed
848 849
      }

850 851
      // Start a form, for use with comment control.
      $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = %d AND status = %d", $nid, COMMENT_PUBLISHED);
Dries's avatar
 
Dries committed
852
      if (db_num_rows($result) && (variable_get('comment_controls', 3) == 0 || variable_get('comment_controls', 3) == 2)) {
853
        $output .= comment_controls($mode, $order, $comments_per_page, $nid, 'top');
Dries's avatar
 
Dries committed
854
      }
Dries's avatar
 
Dries committed
855

Dries's avatar
 
Dries committed
856
      while ($comment = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
857
        $comment = drupal_unpack($comment);
858
        $comment->name = $comment->uid ? $comment->registered_name : $comment->name;
859
        $comment->depth = count(explode('.', $comment->thread)) - 1;
Dries's avatar
 
Dries committed
860

Dries's avatar
 
Dries committed
861
        if ($mode == 1) {
862
          $output .= theme('comment_flat_collapsed', $comment);
Dries's avatar
 
Dries committed
863
        }
Dries's avatar
 
Dries committed
864
        else if ($mode == 2) {
865
          $output .= theme('comment_flat_expanded', $comment);
Dries's avatar
 
Dries committed
866
        }
Dries's avatar
 
Dries committed
867
        else if ($mode == 3) {
868
          $output .= theme('comment_thread_min', $comment);
Dries's avatar
 
Dries committed
869
        }
Dries's avatar
 
Dries committed
870
        else if ($mode == 4) {
871
          $output .= theme('comment_thread_max', $comment);
Dries's avatar
 
Dries committed
872
        }
Dries's avatar
 
Dries committed
873
      }
Dries's avatar
 
Dries committed
874

875 876
      // Use the standard pager; $pager_total is the number of returned rows,
      // is global and defined in pager.inc.
877
      $output .= theme('pager', NULL, $comments_per_page, 0, array('comments_per_page' => $comments_per_page));
Dries's avatar
 
Dries committed
878

879 880
      if (db_num_rows($result) && (variable_get('comment_controls', 3) == 1 || variable_get('comment_controls', 3) == 3)) {
        $output .= comment_controls($mode, $order, $comments_per_page, $nid, 'bottom');
Dries's avatar
 
Dries committed
881