[AppDB] comments
Jonathan Ernst
Jonathan at ErnstFamily.ch
Mon Dec 13 19:57:34 CST 2004
This patch implements the following entry in the todolist:
# when we delete a comment there should be a box to explain why you are
deleting this comment and an email should be sent to the submitter
As a side effect it fixes problem regarding superglobals.
CHANGELOG:
- when a comment is deleted, one can state the reason why he did this.
- the user that made the comment get's an e-mail
File changed:
- TODO
- addcomment.php
- appview.php
- deletecomment.php
- include/comments.php
-------------- next part --------------
Index: TODO
===================================================================
RCS file: /home/wine/appdb/TODO,v
retrieving revision 1.4
diff -u -r1.4 TODO
--- TODO 11 Dec 2004 19:40:01 -0000 1.4
+++ TODO 14 Dec 2004 01:52:35 -0000
@@ -9,9 +9,12 @@
submitter saying it timed out. If the admin/maintainer clicked on accept it
would go into the db like every other image.
-# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines). In particular globally registered vars should be replaced by superglobals and <? ?> should be replaced by <?php ?>.
+# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines).
+In particular globally registered vars should be replaced by superglobals (nearly finished)
+and <? ?> should be replaced by <?php ?>. (done)
-# when we delete a comment there should be a box to explain why you are deleting this comment and an email should be sent to the submitter
+# when we delete a comment there should be a box to explain why you are deleting this
+comment and an email should be sent to the submitter (done)
# Super Maintainers should be able to edit the main app and send a notify message like the versions have.
Index: addcomment.php
===================================================================
RCS file: /home/wine/appdb/addcomment.php,v
retrieving revision 1.7
diff -u -r1.7 addcomment.php
--- addcomment.php 12 Dec 2004 03:51:51 -0000 1.7
+++ addcomment.php 14 Dec 2004 01:13:41 -0000
@@ -22,32 +22,32 @@
exit;
}
-if(!$_REQUEST['versionId'])
+if(!isset($_REQUEST['versionId']))
{
- $versionId = 0;
+ $_REQUEST['versionId'] = 0;
}
-if(!$_REQUEST['thread'])
+if(!isset($_REQUEST['thread']))
{
- $thread = 0;
+ $_REQUEST['thread'] = 0;
}
############################
# ADDS COMMENT TO DATABASE #
############################
-if($_REQUEST[body])
+if(isset($_REQUEST['body']))
{
$hostname = get_remote();
- $subject = strip_tags($subject);
+ $subject = strip_tags($_REQUEST['subject']);
$subject = mysql_escape_string($subject);
- $body1 = mysql_escape_string($body);
+ $body1 = mysql_escape_string($_REQUEST['body']);
// get current userid
$userId = $_SESSION['current']->userid;
- $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ".
- "$appId, $versionId, $userId, '$hostname', '$subject', ".
+ $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, '".$_REQUEST['thread']."','".
+ $_REQUEST['appId']."', '".$_REQUEST['versionId']."', $userId, '$hostname', '$subject', ".
"'$body1', 0)");
if (!$result)
@@ -56,19 +56,19 @@
exit;
} else
{
- if ($originator)
+ if (isset($originator))
{
if (UserWantsEmail($originator))
{
$email = lookupEmail($originator);
- $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
- $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
+ $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+ $ms .= APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
$ms .= "\n";
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n";
$ms .= "\n";
$ms .= "Subject: ".$subject."\n";
$ms .= "\n";
- $ms .= $body."\n";
+ $ms .= $_REQUEST['body']."\n";
$ms .= "\n";
$ms .= "------- You are receiving this mail because: -------\n";
$ms .= "Someone posted a comment in responce to your comment\n";
@@ -79,17 +79,17 @@
addmsg("Comment message sent to original poster", "green");
}
}
- $email = getNotifyEmailAddressList($appId, $versionId);
+ $email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
if($email)
{
- $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
- $ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
+ $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+ $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
$ms .= "\n";
$ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";
$ms .= "\n";
$ms .= "Subject: ".$subject."\n";
$ms .= "\n";
- $ms .= $body."\n";
+ $ms .= $_REQUEST['body']."\n";
$ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER;
@@ -98,10 +98,10 @@
{
$email = "no one";
}
- addmsg("mesage sent to: ".$email, green);
+ addmsg("mesage sent to: ".$email, "green");
addmsg("New Comment Posted", "green");
- redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
+ redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
}
}
@@ -116,7 +116,7 @@
if($_REQUEST['thread'])
{
- $result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread");
+ $result = mysql_query("SELECT * FROM appComments WHERE commentId = ".$_REQUEST['thread']);
$ob = mysql_fetch_object($result);
if($ob)
{
@@ -128,7 +128,7 @@
}
}
- echo "<form method=POST action='addcomment.php'>\n";
+ echo "<form method=\"POST\" action=\"addcomment.php\">\n";
echo html_frame_start($mesTitle,500,"",0);
@@ -136,22 +136,22 @@
echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b> </td>\n";
echo " <td> ".$_SESSION['current']->username."</td></tr>\n";
echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b> </td>\n";
- echo " <td> <input type=text size=35 name=subject value='$subject'> </td></tr>\n";
- echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n";
+ echo " <td> <input type=\"text\" size=\"35\" name=\"subject\" value=\"".$_REQUEST['subject']."\" /> </td></tr>\n";
+ echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"body\" cols=\"70\" rows=\"15\" wrap=\"virtual\">".$_REQUEST['body']."</textarea></td></tr>\n";
echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
- echo " <input type=SUBMIT value='Post Comment' class=button>\n";
- echo " <input type=RESET value='Reset' class=button>\n";
+ echo " <input type=\"SUBMIT\" value=\"Post Comment\" class=\"button\" />\n";
+ echo " <input type=\"RESET\" value=\"Reset\" class=\"button\" />\n";
echo "</td></tr>\n";
echo "</table>\n";
echo html_frame_end();
- echo "<input type=HIDDEN name=thread value=$thread>\n";
- echo "<input type=HIDDEN name=appId value=$appId>\n";
- echo "<input type=HIDDEN name=versionId value=$versionId>\n";
- if ($thread)
+ echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
+ echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
+ echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
+ if (isset($_REQUEST['thread']))
{
- echo "<input type=HIDDEN name=originator value=$originator>\n";
+ echo "<input type=\"HIDDEN\" name=\"originator\" value=\"$originator\" />\n";
}
echo "</form>";
}
Index: appview.php
===================================================================
RCS file: /home/wine/appdb/appview.php,v
retrieving revision 1.15
diff -u -r1.15 appview.php
--- appview.php 12 Dec 2004 22:22:21 -0000 1.15
+++ appview.php 14 Dec 2004 01:24:59 -0000
@@ -635,6 +635,6 @@
<p> </p>
-<?
+<?php
apidb_footer();
?>
Index: deletecomment.php
===================================================================
RCS file: /home/wine/appdb/deletecomment.php,v
retrieving revision 1.6
diff -u -r1.6 deletecomment.php
--- deletecomment.php 12 Dec 2004 03:51:51 -0000 1.6
+++ deletecomment.php 14 Dec 2004 01:49:46 -0000
@@ -5,15 +5,14 @@
require(BASE."include/"."application.php");
-$appId = strip_tags($_POST['appId']);
-$versionId = strip_tags($_POST['versionId']);
-
-$commentId = strip_tags($_POST['commentId']);
-$commentId = mysql_escape_string($commentId);
+$_REQUEST['appId'] = strip_tags($_REQUEST['appId']);
+$_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
+$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
+$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);
/* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */
-if(!havepriv("admin") && !isMaintainer($appId, $versionId))
+if(!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))
{
errorpage('You don\'t have admin privilages');
exit;
@@ -23,7 +22,7 @@
/* retrieve the parentID of the comment we are deleting */
/* so we can fix up the parentIds of this comments children */
-$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '$commentId'");
+$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result)
{
errorpage('Internal error retrieving parent of commentId');
@@ -34,7 +33,7 @@
$deletedParentId = $ob->parentId;
/* get the subject and body from the comment */
-$result = mysql_query("select * FROM appComments WHERE commentId = '$commentId'");
+$result = mysql_query("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result)
{
errorpage('Internal Database Access Error',mysql_error());
@@ -44,28 +43,60 @@
$body = $ob->body;
$subject = $ob->subject;
-/* delete the comment from the database */
+if(!isset($_REQUEST['int_delete_it']))
+{
+ apidb_header("Delete Comment");
+ $mesTitle = "<b>Please state why you are deleting the following comment</b>";
+ echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
+ echo html_frame_start($mesTitle,500,"",0);
+ echo "<br />";
+ echo html_frame_start($ob->subject,500);
+ echo htmlify_urls($ob->body), "<br /><br />\n";
+ echo html_frame_end();
+ echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
+ echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"str_why\" cols=\"70\" rows=\"15\" wrap=\"virtual\"></textarea></td></tr>\n";
+ echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
+ echo " <input type=\"SUBMIT\" value=\"Delete Comment\" class=\"button\" />\n";
+ echo "</td></tr>\n";
+ echo "</table>\n";
+ echo html_frame_end();
+ echo "<input type=\"HIDDEN\" name=\"int_delete_it\" value=\"1\" />\n";
+ echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
+ echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
+ echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
+ echo "<input type=\"hidden\" name=\"commentId\" value=\"".$_REQUEST['commentId']."\" />";
+ echo "</form>";
+ ?>
-$result = mysql_query("DELETE FROM appComments WHERE commentId = '$commentId'");
+ <p> </p>
-if (!$result)
+ <?php
+ apidb_footer();
+} else
+{
+/* delete the comment from the database */
+$result = mysql_query("DELETE FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
+
+if (!isset($result))
{
errorpage('Internal Database Access Error',mysql_error());
exit;
}
/* fixup the child comments so the parentId points to a valid parent comment */
-$result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '$commentId'");
-if(!$result)
+$result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '".$_REQUEST['commentId']."'");
+if(!isset($result))
{
errorpage('Internal database error fixing up the parentId of child comments');
exit;
}
-$email = getNotifyEmailAddressList($appId, $versionId);
+$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
+$notify_user_email=lookupEmail($ob->userId);
+$email .= $notify_user_email;
if($email)
{
- $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
- $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId\n";
+ $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+ $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\n";
$ms .= "\n";
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." deleted comment from ".$fullAppName."\n";
$ms .= "\n";
@@ -73,17 +104,20 @@
$ms .= "\n";
$ms .= $body."\n";
$ms .= "\n";
+ $ms .= "Because:\n";
+ $ms .= stripslashes($_REQUEST['str_why'])."\n";
+ $ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
-
} else
{
$email = "no one";
}
-addmsg("mesage sent to: ".$email, green);
+addmsg("mesage sent to: ".$email, "green");
addmsg("Comment deleted", "green");
-redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
-
+redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
+}
?>
+
Index: include/comments.php
===================================================================
RCS file: /home/wine/appdb/include/comments.php,v
retrieving revision 1.9
diff -u -r1.9 comments.php
--- include/comments.php 12 Dec 2004 03:51:51 -0000 1.9
+++ include/comments.php 14 Dec 2004 01:47:00 -0000
@@ -67,10 +67,10 @@
if(havepriv("admin") || isMaintainer($ob->appId, $ob->versionId))
{
echo "<tr>";
- echo "<td><form method=post name=message action=$apidb_root/deletecomment.php><input type=submit value='Delete' class=button>\n";
- echo "<input type=hidden name='commentId' value=$ob->commentId>";
- echo "<input type=hidden name='appId' value=$ob->appId>";
- echo "<input type=hidden name='versionId' value=$ob->versionId></form></td>","\n";
+ echo "<td><form method=\"post\" name=\"message\" action=\"".$apidb_root."deletecomment.php\"><input type=submit value='Delete' class=button>\n";
+ echo "<input type=\"hidden\" name=\"commentId\" value=\"$ob->commentId\" />";
+ echo "<input type=\"hidden\" name=\"appId\" value=\"$ob->appId\" />";
+ echo "<input type=\"hidden\" name=\"versionId\" value=\"$ob->versionId\" /></form></td>","\n";
echo "</td></tr>";
}
@@ -200,8 +200,6 @@
function view_app_comments($appId, $versionId, $threadId = 0)
{
- global $cmode;
-
// count posts
$result = mysql_query("SELECT commentId FROM appComments WHERE appId = $appId AND versionId = $versionId");
$messageCount = mysql_num_rows($result);
@@ -216,8 +214,8 @@
if (loggedin())
{
// FIXME we need to change this so not logged in users can change current view as well
- if ($cmode)
- $_SESSION['current']->setpref("comments:mode", $cmode);
+ if (isset($_REQUEST['cmode']))
+ $_SESSION['current']->setpref("comments:mode", $_REQUEST['cmode']);
$sel[$_SESSION['current']->getpref("comments:mode")] = 'selected';
echo '<td><form method=get name=smode action="appview.php">',"\n";
More information about the wine-patches
mailing list