path('include/comment_constants.php');
xoops_loadLanguage('comment');
if ('system' === $xoopsModule->getVar('dirname')) {
$com_id = isset($_POST['com_id']) ? (int)$_POST['com_id'] : 0;
if (empty($com_id)) {
exit();
}
/* @var XoopsCommentHandler $comment_handler */
$comment_handler = xoops_getHandler('comment');
$comment = $comment_handler->get($com_id);
$module_handler = xoops_getHandler('module');
$module = $module_handler->get($comment->getVar('com_modid'));
$comment_config = $module->getInfo('comments');
$com_modid = $module->getVar('mid');
$redirect_page = XOOPS_URL . '/modules/system/admin.php?fct=comments&com_modid=' . $com_modid . '&com_itemid';
$moddir = $module->getVar('dirname');
unset($comment);
} else {
$com_id = isset($_POST['com_id']) ? (int)$_POST['com_id'] : 0;
if (XOOPS_COMMENT_APPROVENONE == $xoopsModuleConfig['com_rule']) {
exit();
}
$comment_config = $xoopsModule->getInfo('comments');
$com_modid = $xoopsModule->getVar('mid');
$redirect_page = $comment_config['pageName'] . '?';
if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
$extra_params = '';
foreach ($comment_config['extraParams'] as $extra_param) {
$extra_params .= isset($_POST[$extra_param]) ? $extra_param . '=' . htmlspecialchars($_POST[$extra_param]) . '&' : $extra_param . '=&';
}
$redirect_page .= $extra_params;
}
$redirect_page .= $comment_config['itemName'];
$comment_url = $redirect_page;
$moddir = $xoopsModule->getVar('dirname');
}
$op = '';
$error_message = '';
$com_user = '';
$com_email = '';
$com_url = '';
if (!empty($_POST)) {
if (isset($_POST['com_dopost'])) {
$op = 'post';
} elseif (isset($_POST['com_dopreview'])) {
$op = 'preview';
}
if (isset($_POST['com_dodelete'])) {
$op = 'delete';
}
if ($op === 'preview' || $op === 'post') {
if (!$GLOBALS['xoopsSecurity']->check()) {
$op = '';
}
}
if ($op === 'post' && !is_object($xoopsUser)) {
xoops_load('XoopsCaptcha');
$xoopsCaptcha = XoopsCaptcha::getInstance();
if (!$xoopsCaptcha->verify()) {
$error_message .= $xoopsCaptcha->getMessage() . '
';
}
// Start add by voltan
xoops_load('XoopsUserUtility');
xoops_loadLanguage('user');
$myts = MyTextSanitizer::getInstance();
// Check user name
$search_arr = array(
' ',
"\t",
"\r\n",
"\r",
"\n",
',',
'.',
"'",
';',
':',
')',
'(',
'"',
'?',
'!',
'{',
'}',
'[',
']',
'<',
'>',
'/',
'+',
'-',
'_',
'\\',
'*',
'=',
'@',
'#',
'$',
'%',
'^',
'&');
$replace_arr = array(
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
' ',
'');
$com_user = trim($_POST['com_user']);
$com_user = $myts->stripSlashesGPC($com_user);
$com_user = $myts->xoopsCodeDecode($com_user);
$com_user = $myts->filterXss($com_user);
$com_user = strip_tags($com_user);
$com_user = strtolower($com_user);
$com_user = htmlentities($com_user, ENT_COMPAT, 'utf-8');
$com_user = preg_replace('`\[.*\]`U', ' ', $com_user);
$com_user = preg_replace('`&(amp;)?#?[a-z0-9]+;`i', ' ', $com_user);
$com_user = preg_replace('`&([a-z])(acute|uml|circ|grave|ring|cedil|slash|tilde|caron|lig);`i', '\\1', $com_user);
$com_user = str_replace($search_arr, $replace_arr, $com_user);
// Check Url
if (!empty($_POST['com_url'])) {
$com_url = trim($_POST['com_url']);
$com_url = filter_var($com_url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED);
}
// Check Email
$com_email = $myts->stripSlashesGPC(trim($_POST['com_email']));
$com_email = htmlspecialchars(trim($com_email), ENT_QUOTES);
$com_email = filter_var($com_email, FILTER_VALIDATE_EMAIL);
// Invalid email address
if (!checkEmail($com_email)) {
$error_message .= _US_INVALIDMAIL . '
';
}
if (strrpos($com_email, ' ') > 0) {
$error_message .= _US_EMAILNOSPACES . '
';
}
// Check forbidden email address if current operator is not an administrator
if (!$xoopsUser_isAdmin) {
foreach ($xoopsConfigUser['bad_emails'] as $be) {
if (!empty($be) && preg_match('/' . $be . '/i', $com_email)) {
$error_message .= _US_INVALIDMAIL . '
';
break;
}
}
}
if (!empty($error_message)) {
$op = 'preview';
}
// End add by voltan
}
$com_mode = isset($_POST['com_mode']) ? htmlspecialchars(trim($_POST['com_mode']), ENT_QUOTES) : 'flat';
$com_order = isset($_POST['com_order']) ? (int)$_POST['com_order'] : XOOPS_COMMENT_OLD1ST;
$com_itemid = isset($_POST['com_itemid']) ? (int)$_POST['com_itemid'] : 0;
$com_pid = isset($_POST['com_pid']) ? (int)$_POST['com_pid'] : 0;
$com_rootid = isset($_POST['com_rootid']) ? (int)$_POST['com_rootid'] : 0;
$com_status = isset($_POST['com_status']) ? (int)$_POST['com_status'] : 0;
$dosmiley = (isset($_POST['dosmiley']) && (int)$_POST['dosmiley'] > 0) ? 1 : 0;
$doxcode = (isset($_POST['doxcode']) && (int)$_POST['doxcode'] > 0) ? 1 : 0;
$dobr = (isset($_POST['dobr']) && (int)$_POST['dobr'] > 0) ? 1 : 0;
$dohtml = (isset($_POST['dohtml']) && (int)$_POST['dohtml'] > 0) ? 1 : 0;
$doimage = (isset($_POST['doimage']) && (int)$_POST['doimage'] > 0) ? 1 : 0;
$com_icon = isset($_POST['com_icon']) ? trim($_POST['com_icon']) : '';
} else {
exit();
}
/* @var XoopsUser $xoopsUser */
switch ($op) {
case 'delete':
include_once $GLOBALS['xoops']->path('include/comment_delete.php');
break;
case 'preview':
$myts = MyTextSanitizer::getInstance();
$doimage = 1;
$com_title = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['com_title']));
if ($dohtml != 0) {
if (is_object($xoopsUser)) {
if (!$xoopsUser->isAdmin($com_modid)) {
include_once $GLOBALS['xoops']->path('modules/system/constants.php');
/* @var XoopsGroupPermHandler $sysperm_handler */
$sysperm_handler = xoops_getHandler('groupperm');
if (!$sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, $xoopsUser->getGroups())) {
$dohtml = 0;
}
}
} else {
$dohtml = 0;
}
}
$p_comment =& $myts->previewTarea($_POST['com_text'], $dohtml, $dosmiley, $doxcode, $doimage, $dobr);
$noname = isset($noname) ? (int)$noname : 0;
$com_text = $myts->htmlSpecialChars($myts->stripSlashesGPC($_POST['com_text']));
if ($xoopsModule->getVar('dirname') !== 'system') {
include_once $GLOBALS['xoops']->path('header.php');
if (!empty($error_message)) {
xoops_error($error_message);
}
echo '
' . $com_title . ' |
' . $p_comment . ' |
' . $com_title . ' |
' . $p_comment . ' |