diff --git a/includes/comment.inc b/includes/comment.inc
index f09585eee8469de7c4b2dc2a0e904a7f5b560fc7..9b0bd321985d8d3fc91384dc370cc951ed384020 100644
--- a/includes/comment.inc
+++ b/includes/comment.inc
@@ -47,8 +47,36 @@ function comment_settings($mode, $order, $threshold) {
if ($user->id) $user = user_save($user, array("mode" => $mode, "sort" => $order, "threshold" => $threshold));
}
+function comment_form($edit) {
+ global $REQUEST_URI, $user;
+
+ // Name field:
+ $form .= form_item(t("Your name"), format_username($user->userid));
+
+ // Subject field:
+ $form .= form_textfield(t("Subject"), "subject", check_input($edit[subject]), 50, 60);
+
+ // Comment field:
+ $form .= form_textarea(t("Comment"), "comment", check_input($edit[comment]), 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
+
+ // Preview button:
+ $form .= form_hidden("pid", check_input($edit[pid]));
+ $form .= form_hidden("id", check_input($edit[id]));
+
+ if (empty($edit[subject])) {
+ $form .= "<FONT COLOR=\"red\">". t("Warning: you did not supply a subject.") ."</FONT><P>\n";
+ $form .= form_submit(t("Preview comment"));
+ }
+ else {
+ $form .= form_submit(t("Preview comment"));
+ $form .= form_submit(t("Post comment"));
+ }
+
+ return form($REQUEST_URL, $form);
+}
+
function comment_reply($pid, $id) {
- global $REQUEST_URI, $theme, $user;
+ global $theme;
if ($pid) {
$item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = '$pid'"));
@@ -59,79 +87,26 @@ function comment_reply($pid, $id) {
$pid = 0;
}
- // Build reply form:
- $output .= "<FORM ACTION=\"$REQUEST_URI\" METHOD=\"post\">\n";
-
- // Name field:
- $output .= "<B>". t("Your name") .":</B><BR>\n";
- $output .= format_username($user->userid) ."<P>\n";
-
- // Subject field:
- $output .= "<B>". t("Subject") .":</B><BR>\n";
- $output .= "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\"><P>\n";
-
- // Comment field:
- $output .= "<B>".t("Comment") .":</B><BR>\n";
- $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_form($user->signature) ."</TEXTAREA><BR>\n";
- $output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL><P>\n";
-
- // Preview button:
- $output .= "<SMALL><I>". t("You must preview at least once before you can submit") .":</I></SMALL><BR>\n";
- $output .= "<INPUT TYPE=\"hidden\" NAME=\"pid\" VALUE=\"$pid\">\n";
- $output .= "<INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n";
- $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview comment") ."\"><BR>\n";
-
- $output .= "</FORM>\n";
-
- $theme->box(t("Reply"), $output);
+ $theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
}
-function comment_preview($pid, $id, $subject, $comment) {
+function comment_preview($edit) {
global $REQUEST_URI, $theme, $user;
// Preview comment:
- comment_view(new Comment($user->userid, check_preview($subject), check_preview($comment), time(), check_preview($user->url), check_preview($user->fake_email), 0, 0, 0, 0), t("reply to this comment"));
-
- // Build reply form:
- $output .= "<FORM ACTION=\"$REQUEST_URI\" METHOD=\"post\">\n";
-
- // Name field:
- $output .= "<B>". t("Your name") .":</B><BR>\n";
- $output .= format_username($user->userid) ."<P>\n";
-
- // Subject field:
- $output .= "<B>". t("Subject") .":</B><BR>\n";
- $output .= "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_form($subject) ."\"><P>\n";
-
- // Comment field:
- $output .= "<B>". t("Comment") .":</B><BR>\n";
- $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_form($comment) ."</TEXTAREA><BR>\n";
- $output .= "<SMALL><I>". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")) .".</I></SMALL><P>\n";
-
- // Hidden fields:
- $output .= "<INPUT TYPE=\"hidden\" NAME=\"pid\" VALUE=\"$pid\">\n";
- $output .= "<INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n";
-
- if (empty($subject)) {
- $output .= "<FONT COLOR=\"red\">". t("Warning: you did not supply a subject.") ."</FONT><P>\n";
- }
-
- // Preview and submit button:
- $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview comment") ."\">\n";
- $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Post comment") ."\">\n";
- $output .= "</FORM>\n";
+ comment_view(new Comment($user->userid, check_preview($edit[subject]), check_preview($edit[comment]), time(), check_preview($user->url), check_preview($user->fake_email), 0, 0, 0, 0), t("reply to this comment"));
- $theme->box(t("Reply"), $output);
+ $theme->box(t("Reply"), comment_form($edit));
}
-function comment_post($pid, $id, $subject, $comment) {
+function comment_post($edit) {
global $theme, $user;
// check comment submission rate:
throttle("post comment", variable_get(max_comment_rate, 60));
// check for duplicate comments:
- $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$pid' AND lid = '$id' AND subject = '$subject' AND comment = '$comment'"), 0);
+ $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
if ($duplicate != 0) {
watchdog("warning", "comment: duplicate '$subject'");
@@ -144,7 +119,7 @@ function comment_post($pid, $id, $subject, $comment) {
watchdog("special", "comment: added '$subject'");
// add comment to database:
- db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('$id', '$pid', '$user->id', '$subject', '$comment', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
+ db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
}
}
diff --git a/node.php b/node.php
index 711268674a29656184fe2daba790bf3db82e1e4e..dae4683b9407e6be5dfedb085cdb1ccaf6cfed59 100644
--- a/node.php
+++ b/node.php
@@ -5,20 +5,20 @@
page_header();
function node_render($node) {
- global $id, $cid, $op, $moderate, $pid, $subject, $comment, $theme, $mode, $order, $threshold, $PHP_SELF;
+ global $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF;
if ($node->comment) {
switch($op) {
case t("Preview comment"):
$theme->header();
- comment_preview(check_input($pid), check_input($id), $subject, $comment);
+ comment_preview($edit);
$theme->footer();
break;
case t("Post comment"):
- comment_post(check_input($pid), check_input($id), check_input($subject), check_input($comment));
+ comment_post($edit);
$theme->header();
node_view($node);
- comment_render($id, $cid);
+ comment_render($edit[id], $cid);
$theme->footer();
break;
case t("Add comment"):
@@ -93,7 +93,7 @@ function node_history($node) {
$theme->footer();
}
elseif ($number) {
- $node = ($title ? node_get_object(array("title" => $title)) : node_get_object(array("nid" => $id)));
+ $node = ($title ? node_get_object(array("title" => $title)) : node_get_object(array("nid" => ($edit[id] ? $edit[id] : $id))));
if ($node && node_visible($node)) {
switch ($op) {
case "history":