Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
drupal/discussion.php

316 lines
12 KiB
PHP
Raw Normal View History

* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
<?
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
2000-09-26 07:34:33 +00:00
function discussion_moderate($moderate) {
global $user, $comment_votes;
* removed poll.php - it's totally outdated. * fixed 2 bugs in the discussion forum.
2000-10-13 10:17:30 +00:00
if ($user->id && $moderate) {
This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ...
2000-10-24 07:24:24 +00:00
$none = $comment_votes[key($comment_votes)];
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
2000-09-26 07:34:33 +00:00
* removed poll.php - it's totally outdated. * fixed 2 bugs in the discussion forum.
2000-10-13 10:17:30 +00:00
foreach ($moderate as $id=>$vote) {
This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ...
2000-10-24 07:24:24 +00:00
if ($vote != $comment_votes[$none] && !user_getHistory($user->history, "c$id")) {
* removed poll.php - it's totally outdated. * fixed 2 bugs in the discussion forum.
2000-10-13 10:17:30 +00:00
### Update the comment's score:
$result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id");
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
2000-09-26 07:34:33 +00:00
* removed poll.php - it's totally outdated. * fixed 2 bugs in the discussion forum.
2000-10-13 10:17:30 +00:00
### Update the user's history:
user_setHistory($user, "c$id", $vote);
}
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
2000-09-26 07:34:33 +00:00
}
}
}
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
function discussion_kids($cid, $mode, $threshold, $level = 0, $dummy = 0) {
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
global $user, $theme;
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $threshold) ORDER BY c.timestamp, c.cid");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
if ($mode == "nested") {
while ($comment = db_fetch_object($result)) {
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
if ($comment->score >= $threshold) {
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
if ($level && !$comments) print "<UL>";
$comments++;
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
- fixed bug in search.php - fixed bug in discussion.php - theme update: comment() now takes 3 arguments: $comment - an object with comment data $link - a link to the reply form of that particular comment $thread - the subthread of that particular comment - theme 'marvin' and theme 'zaphod' are updated, theme 'unconed' is left to be done
2000-11-03 07:57:28 +00:00
$theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
discussion_kids($comment->cid, $mode, $threshold, $level + 1, $dummy + 1);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
}
}
* removed poll.php - it's totally outdated. * fixed 2 bugs in the discussion forum.
2000-10-13 10:17:30 +00:00
else { // mode == 'flat'
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
while ($comment = db_fetch_object($result)) {
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
if ($comment->score >= $threshold) {
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
- fixed bug in search.php - fixed bug in discussion.php - theme update: comment() now takes 3 arguments: $comment - an object with comment data $link - a link to the reply form of that particular comment $thread - the subthread of that particular comment - theme 'marvin' and theme 'zaphod' are updated, theme 'unconed' is left to be done
2000-11-03 07:57:28 +00:00
$theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
discussion_kids($comment->cid, $mode, $threshold);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
}
This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ...
2000-10-24 07:24:24 +00:00
if ($level && $comments) print "</UL>";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
function discussion_childs($cid, $threshold, $level = 0, $thread) {
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
global $theme, $user;
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Perform SQL query:
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $threshold) ORDER BY c.timestamp, c.cid");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
if ($level == 0) $thread = "";
while ($comment = db_fetch_object($result)) {
if ($level && !$comments) {
$thread .= "<UL>";
}
$comments++;
### Compose link:
- fixed bug in search.php - fixed bug in discussion.php - theme update: comment() now takes 3 arguments: $comment - an object with comment data $link - a link to the reply form of that particular comment $thread - the subthread of that particular comment - theme 'marvin' and theme 'zaphod' are updated, theme 'unconed' is left to be done
2000-11-03 07:57:28 +00:00
$thread .= "<LI><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> by ". format_username($comment->userid) ." <SMALL>(". discussion_score($comment) .")<SMALL></LI>";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Recursive:
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
discussion_childs($comment->cid, $threshold, $level + 1, &$thread);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
if ($level && $comments) {
$thread .= "</UL>";
}
return $thread;
}
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
function discussion_settings($mode, $order, $threshold) {
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
global $user;
Bugfixes, amongst them: - anonymous chicken was able to moderate commnets - "anonymous chicken" was displayed in the comment reply form - ... The only thing left to be done is to tackle (or continue tackling) the user accounts which in fact is quite some work. :o)
2000-10-12 06:44:11 +00:00
if ($user->id) {
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
$data[mode] = $mode;
$data[sort] = $order;
$data[threshold] = $threshold;
user_save($data, $user->id);
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
}
}
function discussion_display($sid, $pid, $cid, $level = 0) {
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
global $user, $theme;
### Pre-process variables:
$pid = (empty($pid)) ? 0 : $pid;
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
$cid = (empty($cid)) ? 0 : $cid;
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
$mode = ($user->id) ? $user->mode : "threaded";
$order = ($user->id) ? $user->sort : "1";
$threshold = ($user->id) ? $user->threshold : "0";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Compose story-query:
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status != 0 AND s.id = $sid");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$story = db_fetch_object($result);
### Display story:
* removed poll.php - it's totally outdated. * fixed 2 bugs in the discussion forum.
2000-10-13 10:17:30 +00:00
if ($story->status == 1) $theme->article($story, "[ <A HREF=\"submission.php\"><FONT COLOR=\"$theme->hlcolor2\">submission queue</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$story->id&pid=0\"><FONT COLOR=\"$theme->hlcolor2\">add a comment</FONT></A> ]");
else $theme->article($story, "[ <A HREF=\"\"><FONT COLOR=\"$theme->hlcolor2\">home</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$story->id&pid=0\"><FONT COLOR=\"$theme->hlcolor2\">add a comment</FONT></A> ]");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Display `comment control'-box:
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
if ($user->id) $theme->commentControl($sid, $title, $threshold, $mode, $order);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Compose query:
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
$query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.sid = $sid AND c.pid = $pid AND (c.votes = 0 OR c.score / c.votes >= $threshold)";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
if ($order == 1) $query .= " ORDER BY c.timestamp DESC";
if ($order == 2) $query .= " ORDER BY c.score DESC";
* removed poll.php - it's totally outdated. * fixed 2 bugs in the discussion forum.
2000-10-13 10:17:30 +00:00
$result = db_query($query);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
2000-09-26 07:34:33 +00:00
print "<FORM METHOD=\"post\" ACTION=\"discussion.php\">\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Display the comments:
while ($comment = db_fetch_object($result)) {
### Dynamically compose the `reply'-link:
if ($pid != 0) {
* removed poll.php - it's totally outdated. * fixed 2 bugs in the discussion forum.
2000-10-13 10:17:30 +00:00
list($pid) = db_fetch_row(db_query("SELECT pid FROM comments WHERE cid = $comment->pid"));
* Added some tags to ease navigation
2000-11-06 08:01:25 +00:00
$link = "<A HREF=\"discussion.php?id=$comment->sid&pid=$pid#$pid\"><FONT COLOR=\"$theme->hlcolor2\">return to parent</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
else {
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A> ";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
### Display the comments:
if (empty($mode) || $mode == "threaded") {
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
$thread = discussion_childs($comment->cid, $threshold);
- fixed bug in search.php - fixed bug in discussion.php - theme update: comment() now takes 3 arguments: $comment - an object with comment data $link - a link to the reply form of that particular comment $thread - the subthread of that particular comment - theme 'marvin' and theme 'zaphod' are updated, theme 'unconed' is left to be done
2000-11-03 07:57:28 +00:00
$theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link, $thread);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
else {
- fixed bug in search.php - fixed bug in discussion.php - theme update: comment() now takes 3 arguments: $comment - an object with comment data $link - a link to the reply form of that particular comment $thread - the subthread of that particular comment - theme 'marvin' and theme 'zaphod' are updated, theme 'unconed' is left to be done
2000-11-03 07:57:28 +00:00
$theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link);
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
discussion_kids($comment->cid, $mode, $threshold, $level);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
}
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
2000-09-26 07:34:33 +00:00
print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$sid\">\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Moderate comments\">\n";
print "</FORM>\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
function discussion_reply($pid, $sid) {
- Fixed quote bug in the comment tracker. (suggestion UnConeD) - Added anchors to comment links to easy comment navigation. (suggestion UnConeD) - Fixed duplicate `you voted' after moderating a story. (suggestion UnConeD) - Fixed quote bug in administration center. - Expanded user administration with timezone information. - Improved the theme system by eliminating the "preview" function. Let's not make the system more complex then it ought to be. - Refined watchdog administration. - ...
2000-11-02 09:23:07 +00:00
global $user, $theme, $allowed_html;
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Extract parent-information/data:
if ($pid) {
$item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid"));
- fixed bug in search.php - fixed bug in discussion.php - theme update: comment() now takes 3 arguments: $comment - an object with comment data $link - a link to the reply form of that particular comment $thread - the subthread of that particular comment - theme 'marvin' and theme 'zaphod' are updated, theme 'unconed' is left to be done
2000-11-03 07:57:28 +00:00
$theme->comment(new Comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->fake_email, discussion_score($comment), $comment->votes, $item->cid), "reply to this comment");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
else {
Bugfixes: (1) fixed SQL bug in search.php. (2) fixed SQL bug in discussion.php. (3) fixed theme-bug in submit.php. (4) fixed theme-bug in discussion.php. (5) fixed Dries2-theme: it more or less works now though I still have to change the look/layout. Important: (3) and (4) did fix the i-suddenly-seem-to-log-out behavior.
2000-07-12 07:15:09 +00:00
$item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid"));
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$theme->article($item, "");
}
### Build reply form:
$output .= "<FORM ACTION=\"discussion.php\" METHOD=\"post\">\n";
### Name field:
This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ...
2000-10-24 07:24:24 +00:00
$output .= "<P>\n";
$output .= " <B>Your name:</B><BR>\n";
$output .= format_username($user->userid);
$output .= "</P>\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Subject field:
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\">\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$output .= "</P>\n";
### Comment field:
$output .= "<P>\n";
$output .= " <B>Comment:</B><BR>\n";
This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ...
2000-10-24 07:24:24 +00:00
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_output(check_field($user->signature)) ."</TEXTAREA><BR>\n";
- Fixed quote bug in the comment tracker. (suggestion UnConeD) - Added anchors to comment links to easy comment navigation. (suggestion UnConeD) - Fixed duplicate `you voted' after moderating a story. (suggestion UnConeD) - Fixed quote bug in administration center. - Expanded user administration with timezone information. - Improved the theme system by eliminating the "preview" function. Let's not make the system more complex then it ought to be. - Refined watchdog administration. - ...
2000-11-02 09:23:07 +00:00
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$output .= "</P>\n";
### Hidden fields:
$output .= "<INPUT TYPE=\"hidden\" NAME=\"pid\" VALUE=\"$pid\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"sid\" VALUE=\"$sid\">\n";
### Preview button:
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview comment\"> (You must preview at least once before you can submit.)\n";
$output .= "</FORM>\n";
$theme->box("Reply", $output);
}
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
function comment_preview($pid, $sid, $subject, $comment) {
- Fixed quote bug in the comment tracker. (suggestion UnConeD) - Added anchors to comment links to easy comment navigation. (suggestion UnConeD) - Fixed duplicate `you voted' after moderating a story. (suggestion UnConeD) - Fixed quote bug in administration center. - Expanded user administration with timezone information. - Improved the theme system by eliminating the "preview" function. Let's not make the system more complex then it ought to be. - Refined watchdog administration. - ...
2000-11-02 09:23:07 +00:00
global $user, $theme, $allowed_html;
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Preview comment:
- fixed bug in search.php - fixed bug in discussion.php - theme update: comment() now takes 3 arguments: $comment - an object with comment data $link - a link to the reply form of that particular comment $thread - the subthread of that particular comment - theme 'marvin' and theme 'zaphod' are updated, theme 'unconed' is left to be done
2000-11-03 07:57:28 +00:00
$theme->comment(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, "", "", ""), "reply to this comment");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Build reply form:
$output .= "<FORM ACTION=\"discussion.php\" METHOD=\"post\">\n";
### Name field:
This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ...
2000-10-24 07:24:24 +00:00
$output .= "<P>\n";
$output .= " <B>Your name:</B><BR>\n";
$output .= format_username($user->userid);
$output .= "</P>\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Subject field:
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ...
2000-10-24 07:24:24 +00:00
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_output(check_field($subject)) ."\">\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$output .= "</P>\n";
### Comment field:
$output .= "<P>\n";
$output .= " <B>Comment:</B><BR>\n";
This significant commit fixes 99% of all known bugs and improves drop.org by means of better security checks in order to avoid malicious behavior. In addition, quite some code has been fine-tuned. However, as a result, every theme will require a small update ...
2000-10-24 07:24:24 +00:00
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_output(check_field($comment)) ."</TEXTAREA><BR>\n";
- Fixed quote bug in the comment tracker. (suggestion UnConeD) - Added anchors to comment links to easy comment navigation. (suggestion UnConeD) - Fixed duplicate `you voted' after moderating a story. (suggestion UnConeD) - Fixed quote bug in administration center. - Expanded user administration with timezone information. - Improved the theme system by eliminating the "preview" function. Let's not make the system more complex then it ought to be. - Refined watchdog administration. - ...
2000-11-02 09:23:07 +00:00
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$output .= "</P>\n";
### Hidden fields:
$output .= "<INPUT TYPE=\"hidden\" NAME=\"pid\" VALUE=\"$pid\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"sid\" VALUE=\"$sid\">\n";
if (empty($subject)) {
$output .= "<P>\n";
$output .= " <FONT COLOR=\"red\"><B>Warning:</B></FONT> you did not supply a <U>subject</U>.\n";
$outout .= "</P>\n";
}
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
### Preview and submit button:
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview comment\">\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Post comment\">\n";
$output .= " </FORM>\n";
$output .= "</P>\n";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$theme->box("Reply", $output);
}
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
function comment_post($pid, $sid, $subject, $comment) {
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
global $user, $theme;
### Check for fake threads:
- Redid most of account.php and fixed quite some bugs! Check out your new user account stuff and give me some feedback.
2000-11-25 12:56:04 +00:00
$fake = db_result(db_query("SELECT COUNT(id) FROM stories WHERE id = $sid"), 0);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
### Check for duplicate comments:
- Redid most of account.php and fixed quite some bugs! Check out your new user account stuff and give me some feedback.
2000-11-25 12:56:04 +00:00
$duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$pid' AND sid = '$sid' AND subject = '". check_input($subject) ."' AND comment = '". check_input($comment) ."'"), 0);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
if ($fake != 1) {
Another batch with a lot of internal updates, yet no visual changes to the site: - watchdog (rewrite): + the collected information provides more details and insights for post-mortem research + input limitation - database abstraction layer: + mysql errors are now verbose and is no longer displayed in a browser - fixes a possible security risk - admin.php: + updated watchdog page + fixed security flaw - diary.php: + fixed nl2br problem - themes: + fixed comment bug in all 3 themes. - misc: + renamed some global variables for sake of consistency: $sitename --> $site_name $siteurl --> $site_url + added input check where (a) exploitable and (b) possible + added input size check + various small improvements + fixed various typoes ... and much, much more in fact.
2000-11-13 08:17:45 +00:00
watchdog("error", "discussion: attempt to insert fake comment");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$theme->box("fake comment", "fake comment: $fake");
}
elseif ($duplicate != 0) {
Another batch with a lot of internal updates, yet no visual changes to the site: - watchdog (rewrite): + the collected information provides more details and insights for post-mortem research + input limitation - database abstraction layer: + mysql errors are now verbose and is no longer displayed in a browser - fixes a possible security risk - admin.php: + updated watchdog page + fixed security flaw - diary.php: + fixed nl2br problem - themes: + fixed comment bug in all 3 themes. - misc: + renamed some global variables for sake of consistency: $sitename --> $site_name $siteurl --> $site_url + added input check where (a) exploitable and (b) possible + added input size check + various small improvements + fixed various typoes ... and much, much more in fact.
2000-11-13 08:17:45 +00:00
watchdog("error", "discussion: attempt to insert duplicate comment");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$theme->box("duplicate comment", "duplicate comment: $duplicate");
}
else {
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
### Validate subject:
$subject = ($subject) ? $subject : substr($comment, 0, 29);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
Another batch with a lot of internal updates, yet no visual changes to the site: - watchdog (rewrite): + the collected information provides more details and insights for post-mortem research + input limitation - database abstraction layer: + mysql errors are now verbose and is no longer displayed in a browser - fixes a possible security risk - admin.php: + updated watchdog page + fixed security flaw - diary.php: + fixed nl2br problem - themes: + fixed comment bug in all 3 themes. - misc: + renamed some global variables for sake of consistency: $sitename --> $site_name $siteurl --> $site_url + added input check where (a) exploitable and (b) possible + added input size check + various small improvements + fixed various typoes ... and much, much more in fact.
2000-11-13 08:17:45 +00:00
### Add watchdog entry:
* tiny improvements (!= bug fixes)
2000-11-14 09:03:44 +00:00
watchdog("comment", "discussion: added comment with subject '$subject'");
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
Another batch with a lot of internal updates, yet no visual changes to the site: - watchdog (rewrite): + the collected information provides more details and insights for post-mortem research + input limitation - database abstraction layer: + mysql errors are now verbose and is no longer displayed in a browser - fixes a possible security risk - admin.php: + updated watchdog page + fixed security flaw - diary.php: + fixed nl2br problem - themes: + fixed comment bug in all 3 themes. - misc: + renamed some global variables for sake of consistency: $sitename --> $site_name $siteurl --> $site_url + added input check where (a) exploitable and (b) possible + added input size check + various small improvements + fixed various typoes ... and much, much more in fact.
2000-11-13 08:17:45 +00:00
### Add comment to database:
db_query("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '$user->id', '". check_input($subject) ."', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
### Compose header:
header("Location: discussion.php?id=$sid");
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
}
}
Yet another large batch of updates: - I rearranged some of the code and clean-up some of the mess. - Added "blocks" which can be user defined/controlled: check to see. The positioning of blocks is rather basic for the moment, so I'm all open for input on that.
2000-12-23 23:25:28 +00:00
include "includes/common.inc";
- fixed bug in search.php - fixed bug in discussion.php - theme update: comment() now takes 3 arguments: $comment - an object with comment data $link - a link to the reply form of that particular comment $thread - the subthread of that particular comment - theme 'marvin' and theme 'zaphod' are updated, theme 'unconed' is left to be done
2000-11-03 07:57:28 +00:00
include "includes/comment.inc";
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
Another batch with a lot of internal updates, yet no visual changes to the site: - watchdog (rewrite): + the collected information provides more details and insights for post-mortem research + input limitation - database abstraction layer: + mysql errors are now verbose and is no longer displayed in a browser - fixes a possible security risk - admin.php: + updated watchdog page + fixed security flaw - diary.php: + fixed nl2br problem - themes: + fixed comment bug in all 3 themes. - misc: + renamed some global variables for sake of consistency: $sitename --> $site_name $siteurl --> $site_url + added input check where (a) exploitable and (b) possible + added input size check + various small improvements + fixed various typoes ... and much, much more in fact.
2000-11-13 08:17:45 +00:00
### Security check:
if (strstr($id, " ") || strstr($pid, " ") || strstr($sid, " ") || strstr($mode, " ") || strstr($order, " ") || strstr($threshold, " ")) {
watchdog("error", "discussion: attempt to provide malicious input through URI");
exit();
}
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
2000-09-26 07:34:33 +00:00
switch($op) {
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
case "Preview comment":
$theme->header();
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
comment_preview($pid, $sid, $subject, $comment);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$theme->footer();
break;
case "Post comment":
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
comment_post($pid, $sid, $subject, $comment);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
break;
case "reply":
$theme->header();
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
discussion_reply($pid, $sid);
$theme->footer();
break;
case "Save":
A big, fat commit with a shitload of internal changes. Not that much visual changes: - removed redundant files user.class.php, calendar.class.php and backend.class.php. - converted *all* mysql queries to queries supported by the database abstraction layer. - expanded the watchdog to record more information on what actually happened. - bugfix: anonymous readers where not able to view comments. - bugfix: anonymous readers could gain read-only access to the submission queue. - bugfix: invalid includes in backend.php - bugfix: invalid use of '$user->block' and last but not least: - redid 50% of the user account system
2000-10-19 13:31:23 +00:00
discussion_settings($mode, $order, $threshold);
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
$theme->header();
discussion_display($id, $pid, $sid);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$theme->footer();
break;
I just commit everything what was queued in my backlog: - Added a basic implementation of comment moderation - Updated and renamed my 2 themes: I removed redundant boxes and tried to work towards simplicity. - Disabled the other themes as they are broken (I gave you sufficent time to update them). - Removed redundant files. - Added security checks with regard to the usage of HTML tags.
2000-09-26 07:34:33 +00:00
case "Moderate comments":
discussion_moderate($moderate);
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
$theme->header();
discussion_display($id, $pid, $sid);
$theme->footer();
break;
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
default:
$theme->header();
Changelog --------- - improved the user information page. - improved the story submission page. - fixed comments score bug: '.00' --> 'x.00' - tried fixing the calendar wrapping - UnConeD, is it fixed now? - provided a link back to the submission queue after having voted for a story. - fixed comment subject bug (and security flaw) by replacing quotes by &quot;. - updated theme 'zaphod': fixed 2 bugs. - updated theme 'marvin': fixed 1 bug and improved the layout so things wrap (hopefully) better in Windows. - comments have by default no subject pre-set - if no subject is provided, the user is warned and when a comment eventually got submitted without a subject, a subject is composed using the x first characters of the comment's body. - improved comments on submit.php - corrected a typo in the FAQ. UnConeD ------- - replace 'article.php' by 'discussion.php' - comment() still uses old references to account.php: the parameters you supply to account.php does no longer hold. You have to update those links to the new syntax. - commentcontrol() is outdated - copy paste the one of theme 'marvin' and adjust it to your likings.
2000-10-02 07:32:17 +00:00
discussion_display($id, $pid, $sid);
* discussion.php replaces both article.php and comments.php
2000-07-06 09:38:42 +00:00
$theme->footer();
}
Yet another large batch of updates: - I rearranged some of the code and clean-up some of the mess. - Added "blocks" which can be user defined/controlled: check to see. The positioning of blocks is rather basic for the moment, so I'm all open for input on that.
2000-12-23 23:25:28 +00:00
?>