[AppDB] comments

Jonathan Ernst Jonathan at ErnstFamily.ch
Mon Dec 13 19:57:34 CST 2004


This patch implements the following entry in the todolist:
# when we delete a comment there should be a box to explain why you are 
deleting this comment and an email should be sent to the submitter
As a side effect it fixes problem regarding superglobals.

CHANGELOG:
- when a comment is deleted, one can state the reason why he did this.
- the user that made the comment get's an e-mail

File changed:
- TODO
- addcomment.php
- appview.php
- deletecomment.php
- include/comments.php






-------------- next part --------------
Index: TODO
===================================================================
RCS file: /home/wine/appdb/TODO,v
retrieving revision 1.4
diff -u -r1.4 TODO
--- TODO	11 Dec 2004 19:40:01 -0000	1.4
+++ TODO	14 Dec 2004 01:52:35 -0000
@@ -9,9 +9,12 @@
 submitter saying it timed out.  If the admin/maintainer clicked on accept it 
 would go into the db like every other image.
 
-# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines). In particular globally registered vars should be replaced by superglobals and <? ?> should be replaced by <?php ?>.
+# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines).
+In particular globally registered vars should be replaced by superglobals (nearly finished)
+and <? ?> should be replaced by <?php ?>. (done)
 
-# when we delete a comment there should be a box to explain why you are deleting this comment and an email should be sent to the submitter 
+# when we delete a comment there should be a box to explain why you are deleting this
+comment and an email should be sent to the submitter (done)
 
 # Super Maintainers should be able to edit the main app and send a notify message like the versions have.
 
Index: addcomment.php
===================================================================
RCS file: /home/wine/appdb/addcomment.php,v
retrieving revision 1.7
diff -u -r1.7 addcomment.php
--- addcomment.php	12 Dec 2004 03:51:51 -0000	1.7
+++ addcomment.php	14 Dec 2004 01:13:41 -0000
@@ -22,32 +22,32 @@
   exit;
 }
 
-if(!$_REQUEST['versionId'])
+if(!isset($_REQUEST['versionId']))
 {
-  $versionId = 0;
+  $_REQUEST['versionId'] = 0;
 }
 
-if(!$_REQUEST['thread'])
+if(!isset($_REQUEST['thread']))
 {
-  $thread = 0;
+  $_REQUEST['thread'] = 0;
 }
 
 ############################
 # ADDS COMMENT TO DATABASE #
 ############################
-if($_REQUEST[body])
+if(isset($_REQUEST['body']))
 {
     $hostname = get_remote();
     
-    $subject = strip_tags($subject);
+    $subject = strip_tags($_REQUEST['subject']);
     $subject = mysql_escape_string($subject);
-    $body1 = mysql_escape_string($body);
+    $body1 = mysql_escape_string($_REQUEST['body']);
 
     // get current userid
     $userId = $_SESSION['current']->userid;
 
-    $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ".
-			   "$appId, $versionId, $userId, '$hostname', '$subject', ".
+    $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, '".$_REQUEST['thread']."','".
+			   $_REQUEST['appId']."', '".$_REQUEST['versionId']."', $userId, '$hostname', '$subject', ".
 			   "'$body1', 0)");
 		
     if (!$result)
@@ -56,19 +56,19 @@
         exit;
     } else
     {
-        if ($originator)
+        if (isset($originator))
         {
             if (UserWantsEmail($originator))
             {
                 $email = lookupEmail($originator);
-                $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
-                $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
+                $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+                $ms .= APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
                 $ms .= "\n";
                 $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n";
                 $ms .= "\n";
                 $ms .= "Subject: ".$subject."\n";
                 $ms .= "\n";
-                $ms .= $body."\n";
+                $ms .= $_REQUEST['body']."\n";
                 $ms .= "\n";
                 $ms .= "------- You are receiving this mail because: -------\n";
                 $ms .= "Someone posted a comment in responce to your comment\n";
@@ -79,17 +79,17 @@
                 addmsg("Comment message sent to original poster", "green");                   
             }
         }
-        $email = getNotifyEmailAddressList($appId, $versionId);
+        $email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
         if($email)
         {
-            $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
-            $ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
+            $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+            $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
             $ms .= "\n";
             $ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";
             $ms .= "\n";
             $ms .= "Subject: ".$subject."\n";
             $ms .= "\n";
-            $ms .= $body."\n";
+            $ms .= $_REQUEST['body']."\n";
             $ms .= "\n";
             $ms .= STANDARD_NOTIFY_FOOTER;
 
@@ -98,10 +98,10 @@
         {
             $email = "no one";
         }
-        addmsg("mesage sent to: ".$email, green);
+        addmsg("mesage sent to: ".$email, "green");
 
         addmsg("New Comment Posted", "green");
-        redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
+        redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
     }
 }
 
@@ -116,7 +116,7 @@
 
   if($_REQUEST['thread'])
   {
-    $result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread");
+    $result = mysql_query("SELECT * FROM appComments WHERE commentId = ".$_REQUEST['thread']);
     $ob = mysql_fetch_object($result);
     if($ob)
     {
@@ -128,7 +128,7 @@
     }
   }
 
-  echo "<form method=POST action='addcomment.php'>\n";
+  echo "<form method=\"POST\" action=\"addcomment.php\">\n";
 
   echo html_frame_start($mesTitle,500,"",0);
     
@@ -136,22 +136,22 @@
   echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b>&nbsp;</td>\n";
   echo "	<td>&nbsp;".$_SESSION['current']->username."</td></tr>\n";
   echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b>&nbsp;</td>\n";
-  echo "	<td>&nbsp;<input type=text size=35 name=subject value='$subject'> </td></tr>\n";
-  echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n";
+  echo "	<td>&nbsp;<input type=\"text\" size=\"35\" name=\"subject\" value=\"".$_REQUEST['subject']."\" /> </td></tr>\n";
+  echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"body\" cols=\"70\" rows=\"15\" wrap=\"virtual\">".$_REQUEST['body']."</textarea></td></tr>\n";
   echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
-  echo "  <input type=SUBMIT value='Post Comment' class=button>\n";
-  echo "  <input type=RESET value='Reset' class=button>\n";
+  echo "  <input type=\"SUBMIT\" value=\"Post Comment\" class=\"button\" />\n";
+  echo "  <input type=\"RESET\" value=\"Reset\" class=\"button\" />\n";
   echo "</td></tr>\n";
   echo "</table>\n";
 
   echo html_frame_end();
 
-  echo "<input type=HIDDEN name=thread value=$thread>\n";
-  echo "<input type=HIDDEN name=appId value=$appId>\n";
-  echo "<input type=HIDDEN name=versionId value=$versionId>\n";
-  if ($thread)
+  echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
+  echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
+  echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
+  if (isset($_REQUEST['thread']))
   {
-    echo "<input type=HIDDEN name=originator value=$originator>\n";
+    echo "<input type=\"HIDDEN\" name=\"originator\" value=\"$originator\" />\n";
   }
   echo "</form>";
 }
Index: appview.php
===================================================================
RCS file: /home/wine/appdb/appview.php,v
retrieving revision 1.15
diff -u -r1.15 appview.php
--- appview.php	12 Dec 2004 22:22:21 -0000	1.15
+++ appview.php	14 Dec 2004 01:24:59 -0000
@@ -635,6 +635,6 @@
 
 <p>&nbsp;</p>
 
-<?
+<?php
 apidb_footer();
 ?>
Index: deletecomment.php
===================================================================
RCS file: /home/wine/appdb/deletecomment.php,v
retrieving revision 1.6
diff -u -r1.6 deletecomment.php
--- deletecomment.php	12 Dec 2004 03:51:51 -0000	1.6
+++ deletecomment.php	14 Dec 2004 01:49:46 -0000
@@ -5,15 +5,14 @@
 require(BASE."include/"."application.php");
 
 
-$appId = strip_tags($_POST['appId']);
-$versionId = strip_tags($_POST['versionId']);
-
-$commentId = strip_tags($_POST['commentId']);
-$commentId = mysql_escape_string($commentId);
+$_REQUEST['appId'] = strip_tags($_REQUEST['appId']);
+$_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
+$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
+$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);
 
 /* if we aren't an admin or the maintainer of this app we shouldn't be */
 /* allowed to delete any comments */
-if(!havepriv("admin") && !isMaintainer($appId, $versionId))
+if(!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))
 {
     errorpage('You don\'t have admin privilages');
     exit;
@@ -23,7 +22,7 @@
 
 /* retrieve the parentID of the comment we are deleting */
 /* so we can fix up the parentIds of this comments children */
-$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '$commentId'");
+$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
 if (!$result)
 {
     errorpage('Internal error retrieving parent of commentId');
@@ -34,7 +33,7 @@
 $deletedParentId = $ob->parentId;
 
 /* get the subject and body from the comment */
-$result = mysql_query("select * FROM appComments WHERE commentId = '$commentId'");
+$result = mysql_query("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
 if (!$result)
 {
     errorpage('Internal Database Access Error',mysql_error());
@@ -44,28 +43,60 @@
 $body = $ob->body;
 $subject = $ob->subject;
 
-/* delete the comment from the database */
+if(!isset($_REQUEST['int_delete_it']))
+{
+    apidb_header("Delete Comment");
+    $mesTitle = "<b>Please state why you are deleting the following comment</b>";
+    echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
+    echo html_frame_start($mesTitle,500,"",0);
+    echo "<br />";
+    echo html_frame_start($ob->subject,500);
+    echo htmlify_urls($ob->body), "<br /><br />\n";
+    echo html_frame_end();
+    echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
+    echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"str_why\" cols=\"70\" rows=\"15\" wrap=\"virtual\"></textarea></td></tr>\n";
+    echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
+    echo "  <input type=\"SUBMIT\" value=\"Delete Comment\" class=\"button\" />\n";
+    echo "</td></tr>\n";
+    echo "</table>\n";
+    echo html_frame_end();
+    echo "<input type=\"HIDDEN\" name=\"int_delete_it\" value=\"1\" />\n";
+    echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
+    echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
+    echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
+    echo "<input type=\"hidden\" name=\"commentId\" value=\"".$_REQUEST['commentId']."\" />";
+    echo "</form>";
+    ?>
 
-$result = mysql_query("DELETE FROM appComments WHERE commentId = '$commentId'");
+    <p>&nbsp;</p>
 
-if (!$result)
+    <?php
+    apidb_footer();
+} else
+{
+/* delete the comment from the database */
+$result = mysql_query("DELETE FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
+
+if (!isset($result))
 {
     errorpage('Internal Database Access Error',mysql_error());
     exit;
 }
 
 /* fixup the child comments so the parentId points to a valid parent comment */
-$result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '$commentId'");
-if(!$result)
+$result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '".$_REQUEST['commentId']."'");
+if(!isset($result))
 {
     errorpage('Internal database error fixing up the parentId of child comments');
     exit;
 }
-$email = getNotifyEmailAddressList($appId, $versionId);
+$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
+$notify_user_email=lookupEmail($ob->userId);
+$email .= $notify_user_email;
 if($email)
 {
-    $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
-    $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId\n";
+    $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+    $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\n";
     $ms .= "\n";
     $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." deleted comment from ".$fullAppName."\n";
     $ms .= "\n";
@@ -73,17 +104,20 @@
     $ms .= "\n";
     $ms .= $body."\n";
     $ms .= "\n";
+    $ms .= "Because:\n";
+    $ms .= stripslashes($_REQUEST['str_why'])."\n";
+    $ms .= "\n";
     $ms .= STANDARD_NOTIFY_FOOTER;
 
     mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
-
 } else
 {
    $email = "no one";
 }
-addmsg("mesage sent to: ".$email, green);
+addmsg("mesage sent to: ".$email, "green");
 
 addmsg("Comment deleted", "green");
-redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
-
+redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
+}
 ?>
+
Index: include/comments.php
===================================================================
RCS file: /home/wine/appdb/include/comments.php,v
retrieving revision 1.9
diff -u -r1.9 comments.php
--- include/comments.php	12 Dec 2004 03:51:51 -0000	1.9
+++ include/comments.php	14 Dec 2004 01:47:00 -0000
@@ -67,10 +67,10 @@
     if(havepriv("admin") || isMaintainer($ob->appId, $ob->versionId))
     {
         echo "<tr>";
-        echo "<td><form method=post name=message action=$apidb_root/deletecomment.php><input type=submit value='Delete' class=button>\n";
-        echo "<input type=hidden name='commentId' value=$ob->commentId>";
-        echo "<input type=hidden name='appId' value=$ob->appId>";
-        echo "<input type=hidden name='versionId' value=$ob->versionId></form></td>","\n";
+        echo "<td><form method=\"post\" name=\"message\" action=\"".$apidb_root."deletecomment.php\"><input type=submit value='Delete' class=button>\n";
+        echo "<input type=\"hidden\" name=\"commentId\" value=\"$ob->commentId\" />";
+        echo "<input type=\"hidden\" name=\"appId\" value=\"$ob->appId\" />";
+        echo "<input type=\"hidden\" name=\"versionId\" value=\"$ob->versionId\" /></form></td>","\n";
         echo "</td></tr>";
     }
 
@@ -200,8 +200,6 @@
 
 function view_app_comments($appId, $versionId, $threadId = 0)
 {
-    global $cmode;
-
     // count posts
     $result = mysql_query("SELECT commentId FROM appComments WHERE appId = $appId AND versionId = $versionId");
     $messageCount = mysql_num_rows($result);
@@ -216,8 +214,8 @@
     if (loggedin())
     {
     // FIXME we need to change this so not logged in users can change current view as well
-        if ($cmode)
-            $_SESSION['current']->setpref("comments:mode", $cmode);
+        if (isset($_REQUEST['cmode']))
+            $_SESSION['current']->setpref("comments:mode", $_REQUEST['cmode']);
 
             $sel[$_SESSION['current']->getpref("comments:mode")] = 'selected';
             echo '<td><form method=get name=smode action="appview.php">',"\n";


More information about the wine-patches mailing list