Commit 47dd0142 authored by Dries's avatar Dries
Browse files

- Patch #43325 by chx/drumm/merlinofchaos: critical bugfix: made editing comments work.

parent 46913a7e
......@@ -515,100 +515,6 @@ function comment_reply($nid, $pid = NULL) {
return $output;
}
function comment_validate(&$edit) {
global $user;
// Invoke other validation handlers
comment_invoke_comment($edit, 'validate');
// only admins can change these fields
if (!user_access('administer comments')) {
$edit['uid'] = $user->uid;
$edit['timestamp'] = time();
$edit['status'] = user_access('post comments without approval') ? 0 : 1;
}
else {
$date = isset($edit['date']) ? $edit['date'] : 'now';
// As of PHP 5.1.0, strtotime returns FALSE upon failure instead of -1.
if (strtotime($date) > 0) {
$edit['timestamp'] = strtotime($date);
}
else {
form_set_error('date', t('You have to specify a valid date.'));
}
if ($edit['uid']) {
// if a registered user posted the comment, we assume you only want to transfer authorship
// to another registered user. Name changes are freely allowed on anon comments.
if ($account = user_load(array('name' => $edit['author']))) {
$edit['uid'] = $account->uid;
}
else {
form_set_error('author', t('You have to specify a valid author.'));
}
}
else {
$edit['uid'] = 0;
$edit['name'] = $edit['author'];
}
}
// Validate the comment's subject. If not specified, extract
// one from the comment's body.
if (trim($edit['subject']) == '') {
// The body may be in any format, so we:
// 1) Filter it into HTML
// 2) Strip out all HTML tags
// 3) Convert entities back to plain-text.
// Note: format is checked by check_markup().
$edit['subject'] = truncate_utf8(decode_entities(strip_tags(check_markup($edit['comment'], $edit['format']))), 29, TRUE);
}
// Validate the comment's body.
if ($edit['comment'] == '') {
form_set_error('comment', t('The body of your comment is empty.'));
}
// Validate filter format
if (array_key_exists('format', $edit) && !filter_access($edit['format'])) {
form_set_error('format', t('The supplied input format is invalid.'));
}
// Check validity of name, mail and homepage (if given)
if (!$user->uid) {
if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
if ($edit['name']) {
$taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0);
if ($taken != 0) {
form_set_error('name', t('The name you used belongs to a registered user.'));
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) {
form_set_error('name', t('You have to leave your name.'));
}
if ($edit['mail']) {
if (!valid_email_address($edit['mail'])) {
form_set_error('mail', t('The e-mail address you specified is not valid.'));
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) {
form_set_error('mail', t('You have to leave an e-mail address.'));
}
if ($edit['homepage']) {
if (!valid_url($edit['homepage'], TRUE)) {
form_set_error('homepage', t('The URL of your homepage is not valid. Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.'));
}
}
}
}
return $edit;
}
/**
* Accepts a submission of new or changed comment content.
*
......@@ -632,7 +538,7 @@ function comment_save($edit) {
if ($edit['cid']) {
// Update the comment in the database.
db_query("UPDATE {comments} SET status = '%s', timestamp = %d, subject = '%s', comment = '%s', format = '%s', uid = %d, name = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['cid']);
db_query("UPDATE {comments} SET status = '%s', timestamp = %d, subject = '%s', comment = '%s', format = '%s', uid = %d, name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['mail'], $edit['homepage'], $edit['cid']);
_comment_update_node_statistics($edit['nid']);
......@@ -1251,6 +1157,61 @@ function comment_num_new($nid, $timestamp = 0) {
}
function comment_validate($edit) {
global $user;
// Invoke other validation handlers
comment_invoke_comment($edit, 'validate');
$check_date = strtotime($date);
// As of PHP 5.1.0, strtotime returns FALSE upon failure instead of -1.
if ($check_date === FALSE || $check_date === -1) {
form_set_error('date', t('You have to specify a valid date.'));
}
if (isset($edit['author']) && !$account = user_load(array('name' => $edit['author']))) {
form_set_error('author', t('You have to specify a valid author.'));
}
// Validate the comment's body.
if ($edit['comment'] == '') {
form_set_error('comment', t('The body of your comment is empty.'));
}
// Check validity of name, mail and homepage (if given)
if (!$user->uid || isset($edit['is_anonymous'])) {
if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
if ($edit['name']) {
$taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0);
if ($taken != 0) {
form_set_error('name', t('The name you used belongs to a registered user.'));
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) {
form_set_error('name', t('You have to leave your name.'));
}
if ($edit['mail']) {
if (!valid_email_address($edit['mail'])) {
form_set_error('mail', t('The e-mail address you specified is not valid.'));
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) {
form_set_error('mail', t('You have to leave an e-mail address.'));
}
if ($edit['homepage']) {
if (!valid_url($edit['homepage'], TRUE)) {
form_set_error('homepage', t('The URL of your homepage is not valid. Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.'));
}
}
}
}
return $edit;
}
/*
** Generate the basic commenting form, for appending to a node or display on a separate page.
** This is rendered by theme_comment_form.
......@@ -1287,9 +1248,57 @@ function comment_form($edit, $title = NULL) {
$date = format_date($edit['timestamp'], 'custom', 'Y-m-d H:i O');
}
$form['admin'] = array('#type' => 'fieldset', '#title' => t('Administration'), '#collapsible' => TRUE, '#collapsed' => TRUE, '#weight' => -2);
$form['admin'] = array(
'#type' => 'fieldset',
'#title' => t('Administration'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#weight' => -2,
);
if ($edit['registered_name'] != '') {
// The comment is by a registered user
$form['admin']['author'] = array(
'#type' => 'textfield',
'#title' => t('Authored by'),
'#size' => 30,
'#maxlength' => 60,
'#autocomplete_path' => 'user/autocomplete',
'#default_value' => $author,
'#weight' => -1,
);
}
else {
// The comment is by an anonymous user
$form['is_anonymous'] = array(
'#type' => 'value',
'#value' => TRUE,
);
$form['admin']['name'] = array(
'#type' => 'textfield',
'#title' => t('Authored by'),
'#size' => 30,
'#maxlength' => 60,
'#default_value' => $author,
'#weight' => -1,
);
$form['admin']['mail'] = array(
'#type' => 'textfield',
'#title' => t('E-mail'),
'#maxlength' => 64,
'#size' => 30,
'#default_value' => $edit['mail'],
'#description' => t('The content of this field is kept private and will not be shown publicly.'),
);
$form['admin']['author'] = array('#type' => 'textfield', '#parents' => array('author'), '#title' => t('Authored by'), '#size' => 30, '#maxlength' => 60, '#autocomplete_path' => 'user/autocomplete', '#default_value' => $author, '#weight' => -1);
$form['admin']['homepage'] = array(
'#type' => 'textfield',
'#title' => t('Homepage'),
'#maxlength' => 255,
'#size' => 30,
'#default_value' => $edit['homepage'],
);
}
$form['admin']['date'] = array('#type' => 'textfield', '#parents' => array('date'), '#title' => t('Authored on'), '#size' => 20, '#maxlength' => 25, '#default_value' => $date, '#weight' => -1);
......@@ -1297,8 +1306,9 @@ function comment_form($edit, $title = NULL) {
}
else {
$form['author'] = array('#type' => 'item', '#title' => t('Your name'), '#value' => theme('username', $user)
$form['_author'] = array('#type' => 'item', '#title' => t('Your name'), '#value' => theme('username', $user)
);
$form['author'] = array('#type' => 'value', '#value' => $user->name);
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MAY_CONTACT) {
......@@ -1332,7 +1342,7 @@ function comment_form($edit, $title = NULL) {
$form['nid'] = array('#type' => 'value', '#value' => $edit['nid']);
$form['uid'] = array('#type' => 'value', '#value' => $edit['uid']);
$form['preview'] = array('#type' => 'submit', '#value' => t('Preview comment'), '#weight' => 19);
$form['preview'] = array('#type' => 'button', '#value' => t('Preview comment'), '#weight' => 19);
$form['#token'] = 'comment' . $edit['nid'] . $edit['pid'];
// Only show post button if preview is optional or if we are in preview mode.
......@@ -1363,15 +1373,18 @@ function comment_form($edit, $title = NULL) {
function comment_form_add_preview($form, $edit) {
global $user;
drupal_set_title(t('Preview comment'));
$output = '';
$comment = (object)comment_validate($edit);
comment_validate($edit);
$comment = (object)_comment_form_submit($edit);
// Attach the user and time information.
if ($edit['author']) {
$account = user_load(array('name' => $edit['author']));
}
elseif ($user->uid) {
elseif ($user->uid && !isset($edit['is_anonymous'])) {
$account = $user;
}
if ($account) {
......@@ -1408,20 +1421,33 @@ function comment_form_validate($form_id, $form_values) {
comment_validate($form_values);
}
function comment_form_submit($form_id, $form_values) {
$op = isset($_POST['op']) ? $_POST['op'] : '';
$nid = $form_values['nid'];
// are we posting or previewing a reply?
if ($op == t('Post comment')) {
drupal_set_title(t('Post comment'));
if ($cid = comment_save($form_values)) {
drupal_goto("node/$nid", NULL, "comment-$cid");
}
function _comment_form_submit($form_values) {
if (!isset($form_values['date'])) {
$form_values['date'] = 'now';
}
$form_values['timestamp'] = strtotime($form_values['date']);
if (isset($form_values['author'])) {
$account = user_load(array('name' => $form_values['author']));
$form_values['uid'] = $account->uid;
$form_values['name'] = $form_values['author'];
}
// Validate the comment's subject. If not specified, extract
// one from the comment's body.
if (trim($form_values['subject']) == '') {
// The body may be in any format, so we:
// 1) Filter it into HTML
// 2) Strip out all HTML tags
// 3) Convert entities back to plain-text.
// Note: format is checked by check_markup().
$form_values['subject'] = truncate_utf8(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format']))), 29, TRUE);
}
else if ($_POST['op'] == t('Preview comment')) {
drupal_set_title(t('Preview comment'));
return $form_values;
}
function comment_form_submit($form_id, $form_values) {
$form_values = _comment_form_submit($form_values);
if ($cid = comment_save($form_values)) {
drupal_goto('node/'. $form_values['nid'], NULL, "comment-$cid");
}
}
......
......@@ -515,100 +515,6 @@ function comment_reply($nid, $pid = NULL) {
return $output;
}
function comment_validate(&$edit) {
global $user;
// Invoke other validation handlers
comment_invoke_comment($edit, 'validate');
// only admins can change these fields
if (!user_access('administer comments')) {
$edit['uid'] = $user->uid;
$edit['timestamp'] = time();
$edit['status'] = user_access('post comments without approval') ? 0 : 1;
}
else {
$date = isset($edit['date']) ? $edit['date'] : 'now';
// As of PHP 5.1.0, strtotime returns FALSE upon failure instead of -1.
if (strtotime($date) > 0) {
$edit['timestamp'] = strtotime($date);
}
else {
form_set_error('date', t('You have to specify a valid date.'));
}
if ($edit['uid']) {
// if a registered user posted the comment, we assume you only want to transfer authorship
// to another registered user. Name changes are freely allowed on anon comments.
if ($account = user_load(array('name' => $edit['author']))) {
$edit['uid'] = $account->uid;
}
else {
form_set_error('author', t('You have to specify a valid author.'));
}
}
else {
$edit['uid'] = 0;
$edit['name'] = $edit['author'];
}
}
// Validate the comment's subject. If not specified, extract
// one from the comment's body.
if (trim($edit['subject']) == '') {
// The body may be in any format, so we:
// 1) Filter it into HTML
// 2) Strip out all HTML tags
// 3) Convert entities back to plain-text.
// Note: format is checked by check_markup().
$edit['subject'] = truncate_utf8(decode_entities(strip_tags(check_markup($edit['comment'], $edit['format']))), 29, TRUE);
}
// Validate the comment's body.
if ($edit['comment'] == '') {
form_set_error('comment', t('The body of your comment is empty.'));
}
// Validate filter format
if (array_key_exists('format', $edit) && !filter_access($edit['format'])) {
form_set_error('format', t('The supplied input format is invalid.'));
}
// Check validity of name, mail and homepage (if given)
if (!$user->uid) {
if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
if ($edit['name']) {
$taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0);
if ($taken != 0) {
form_set_error('name', t('The name you used belongs to a registered user.'));
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) {
form_set_error('name', t('You have to leave your name.'));
}
if ($edit['mail']) {
if (!valid_email_address($edit['mail'])) {
form_set_error('mail', t('The e-mail address you specified is not valid.'));
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) {
form_set_error('mail', t('You have to leave an e-mail address.'));
}
if ($edit['homepage']) {
if (!valid_url($edit['homepage'], TRUE)) {
form_set_error('homepage', t('The URL of your homepage is not valid. Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.'));
}
}
}
}
return $edit;
}
/**
* Accepts a submission of new or changed comment content.
*
......@@ -632,7 +538,7 @@ function comment_save($edit) {
if ($edit['cid']) {
// Update the comment in the database.
db_query("UPDATE {comments} SET status = '%s', timestamp = %d, subject = '%s', comment = '%s', format = '%s', uid = %d, name = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['cid']);
db_query("UPDATE {comments} SET status = '%s', timestamp = %d, subject = '%s', comment = '%s', format = '%s', uid = %d, name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['mail'], $edit['homepage'], $edit['cid']);
_comment_update_node_statistics($edit['nid']);
......@@ -1251,6 +1157,61 @@ function comment_num_new($nid, $timestamp = 0) {
}
function comment_validate($edit) {
global $user;
// Invoke other validation handlers
comment_invoke_comment($edit, 'validate');
$check_date = strtotime($date);
// As of PHP 5.1.0, strtotime returns FALSE upon failure instead of -1.
if ($check_date === FALSE || $check_date === -1) {
form_set_error('date', t('You have to specify a valid date.'));
}
if (isset($edit['author']) && !$account = user_load(array('name' => $edit['author']))) {
form_set_error('author', t('You have to specify a valid author.'));
}
// Validate the comment's body.
if ($edit['comment'] == '') {
form_set_error('comment', t('The body of your comment is empty.'));
}
// Check validity of name, mail and homepage (if given)
if (!$user->uid || isset($edit['is_anonymous'])) {
if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
if ($edit['name']) {
$taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0);
if ($taken != 0) {
form_set_error('name', t('The name you used belongs to a registered user.'));
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) {
form_set_error('name', t('You have to leave your name.'));
}
if ($edit['mail']) {
if (!valid_email_address($edit['mail'])) {
form_set_error('mail', t('The e-mail address you specified is not valid.'));
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) {
form_set_error('mail', t('You have to leave an e-mail address.'));
}
if ($edit['homepage']) {
if (!valid_url($edit['homepage'], TRUE)) {
form_set_error('homepage', t('The URL of your homepage is not valid. Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.'));
}
}
}
}
return $edit;
}
/*
** Generate the basic commenting form, for appending to a node or display on a separate page.
** This is rendered by theme_comment_form.
......@@ -1287,9 +1248,57 @@ function comment_form($edit, $title = NULL) {
$date = format_date($edit['timestamp'], 'custom', 'Y-m-d H:i O');
}
$form['admin'] = array('#type' => 'fieldset', '#title' => t('Administration'), '#collapsible' => TRUE, '#collapsed' => TRUE, '#weight' => -2);
$form['admin'] = array(
'#type' => 'fieldset',
'#title' => t('Administration'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#weight' => -2,
);
if ($edit['registered_name'] != '') {
// The comment is by a registered user
$form['admin']['author'] = array(
'#type' => 'textfield',
'#title' => t('Authored by'),
'#size' => 30,
'#maxlength' => 60,
'#autocomplete_path' => 'user/autocomplete',
'#default_value' => $author,
'#weight' => -1,
);
}
else {
// The comment is by an anonymous user
$form['is_anonymous'] = array(
'#type' => 'value',
'#value' => TRUE,
);
$form['admin']['name'] = array(
'#type' => 'textfield',
'#title' => t('Authored by'),
'#size' => 30,
'#maxlength' => 60,
'#default_value' => $author,
'#weight' => -1,
);
$form['admin']['mail'] = array(
'#type' => 'textfield',
'#title' => t('E-mail'),
'#maxlength' => 64,
'#size' => 30,
'#default_value' => $edit['mail'],
'#description' => t('The content of this field is kept private and will not be shown publicly.'),
);
$form['admin']['author'] = array('#type' => 'textfield', '#parents' => array('author'), '#title' => t('Authored by'), '#size' => 30, '#maxlength' => 60, '#autocomplete_path' => 'user/autocomplete', '#default_value' => $author, '#weight' => -1);
$form['admin']['homepage'] = array(
'#type' => 'textfield',
'#title' => t('Homepage'),
'#maxlength' => 255,
'#size' => 30,
'#default_value' => $edit['homepage'],
);
}
$form['admin']['date'] = array('#type' => 'textfield', '#parents' => array('date'), '#title' => t('Authored on'), '#size' => 20, '#maxlength' => 25, '#default_value' => $date, '#weight' => -1);
......@@ -1297,8 +1306,9 @@ function comment_form($edit, $title = NULL) {
}
else {
$form['author'] = array('#type' => 'item', '#title' => t('Your name'), '#value' => theme('username', $user)
$form['_author'] = array('#type' => 'item', '#title' => t('Your name'), '#value' => theme('username', $user)
);
$form['author'] = array('#type' => 'value', '#value' => $user->name);
}
}
else if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MAY_CONTACT) {
......@@ -1332,7 +1342,7 @@ function comment_form($edit, $title = NULL) {
$form['nid'] = array('#type' => 'value', '#value' => $edit['nid']);
$form['uid'] = array('#type' => 'value', '#value' => $edit['uid']);
$form['preview'] = array('#type' => 'submit', '#value' => t('Preview comment'), '#weight' => 19);
$form['preview'] = array('#type' => 'button', '#value' => t('Preview comment'), '#weight' => 19);
$form['#token'] = 'comment' . $edit['nid'] . $edit['pid'];
// Only show post button if preview is optional or if we are in preview mode.
......@@ -1363,15 +1373,18 @@ function comment_form($edit, $title = NULL) {
function comment_form_add_preview($form, $edit) {
global $user;
drupal_set_title(t('Preview comment'));
$output = '';
$comment = (object)comment_validate($edit);
comment_validate($edit);
$comment = (object)_comment_form_submit($edit);
// Attach the user and time information.
if ($edit['author']) {
$account = user_load(array('name' => $edit['author']));
}
elseif ($user->uid) {
elseif ($user->uid && !isset($edit['is_anonymous'])) {
$account = $user;
}
if ($account) {
......@@ -1408,20 +1421,33 @@ function comment_form_validate($form_id, $form_values) {
comment_validate($form_values);
}
function comment_form_submit($form_id, $form_values) {
$op = isset($_POST['op']) ? $_POST['op'] : '';
$nid = $form_values['nid'];
// are we posting or previewing a reply?
if ($op == t('Post comment')) {
drupal_set_title(t('Post comment'));
if ($cid = comment_save($form_values)) {
drupal_goto("node/$nid", NULL, "comment-$cid");
}
function _comment_form_submit($form_values) {
if (!isset($form_values['date'])) {
$form_values['date'] = 'now';
}