diff --git a/TODO b/TODO
index b579916..81195f8 100644
--- a/TODO
+++ b/TODO
@@ -9,9 +9,12 @@ sat for too long it would be rejected and an email would be send to the
submitter saying it timed out. If the admin/maintainer clicked on accept it
would go into the db like every other image.
-# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines). In particular globally registered vars should be replaced by superglobals and should be replaced by .
+# when deleting an application we should delete linked entries (screenshots, comments, etc.)
-# when we delete a comment there should be a box to explain why you are deleting this comment and an email should be sent to the submitter
+# when deleting a screenshot we should delete the image file as well
+
+# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines).
+In particular globally registered vars should be replaced by superglobals (nearly finished)
# Super Maintainers should be able to edit the main app and send a notify message like the versions have.
diff --git a/addcomment.php b/addcomment.php
index fdb04a1..439fceb 100644
--- a/addcomment.php
+++ b/addcomment.php
@@ -22,32 +22,32 @@ if(!isset($_REQUEST['appId']))
exit;
}
-if(!$_REQUEST['versionId'])
+if(!isset($_REQUEST['versionId']))
{
- $versionId = 0;
+ $_REQUEST['versionId'] = 0;
}
-if(!$_REQUEST['thread'])
+if(!isset($_REQUEST['thread']))
{
- $thread = 0;
+ $_REQUEST['thread'] = 0;
}
############################
# ADDS COMMENT TO DATABASE #
############################
-if($_REQUEST[body])
+if(isset($_REQUEST['body']))
{
$hostname = get_remote();
- $subject = strip_tags($subject);
+ $subject = strip_tags($_REQUEST['subject']);
$subject = mysql_escape_string($subject);
- $body1 = mysql_escape_string($body);
+ $body1 = mysql_escape_string($_REQUEST['body']);
// get current userid
$userId = $_SESSION['current']->userid;
- $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ".
- "$appId, $versionId, $userId, '$hostname', '$subject', ".
+ $result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, '".$_REQUEST['thread']."','".
+ $_REQUEST['appId']."', '".$_REQUEST['versionId']."', $userId, '$hostname', '$subject', ".
"'$body1', 0)");
if (!$result)
@@ -56,19 +56,19 @@ if($_REQUEST[body])
exit;
} else
{
- if ($originator)
+ if (isset($originator))
{
if (UserWantsEmail($originator))
{
$email = lookupEmail($originator);
- $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
- $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
+ $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+ $ms .= APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
$ms .= "\n";
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n";
$ms .= "\n";
$ms .= "Subject: ".$subject."\n";
$ms .= "\n";
- $ms .= $body."\n";
+ $ms .= $_REQUEST['body']."\n";
$ms .= "\n";
$ms .= "------- You are receiving this mail because: -------\n";
$ms .= "Someone posted a comment in responce to your comment\n";
@@ -79,17 +79,17 @@ if($_REQUEST[body])
addmsg("Comment message sent to original poster", "green");
}
}
- $email = getNotifyEmailAddressList($appId, $versionId);
+ $email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
if($email)
{
- $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
- $ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
+ $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+ $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
$ms .= "\n";
$ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";
$ms .= "\n";
$ms .= "Subject: ".$subject."\n";
$ms .= "\n";
- $ms .= $body."\n";
+ $ms .= $_REQUEST['body']."\n";
$ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER;
@@ -98,10 +98,10 @@ if($_REQUEST[body])
{
$email = "no one";
}
- addmsg("mesage sent to: ".$email, green);
+ addmsg("mesage sent to: ".$email, "green");
addmsg("New Comment Posted", "green");
- redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
+ redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
}
}
@@ -116,7 +116,7 @@ else if(loggedin())
if($_REQUEST['thread'])
{
- $result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread");
+ $result = mysql_query("SELECT * FROM appComments WHERE commentId = ".$_REQUEST['thread']);
$ob = mysql_fetch_object($result);
if($ob)
{
@@ -128,7 +128,7 @@ else if(loggedin())
}
}
- echo "";
}
diff --git a/appview.php b/appview.php
index d430b75..751838f 100644
--- a/appview.php
+++ b/appview.php
@@ -635,6 +635,6 @@ else if($appId && $versionId)
-
diff --git a/deletecomment.php b/deletecomment.php
index 68a335d..0d427ea 100644
--- a/deletecomment.php
+++ b/deletecomment.php
@@ -5,15 +5,14 @@ require(BASE."include/"."incl.php");
require(BASE."include/"."application.php");
-$appId = strip_tags($_POST['appId']);
-$versionId = strip_tags($_POST['versionId']);
-
-$commentId = strip_tags($_POST['commentId']);
-$commentId = mysql_escape_string($commentId);
+$_REQUEST['appId'] = strip_tags($_REQUEST['appId']);
+$_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
+$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
+$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);
/* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */
-if(!havepriv("admin") && !isMaintainer($appId, $versionId))
+if(!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))
{
errorpage('You don\'t have admin privilages');
exit;
@@ -23,7 +22,7 @@ opendb();
/* retrieve the parentID of the comment we are deleting */
/* so we can fix up the parentIds of this comments children */
-$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '$commentId'");
+$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result)
{
errorpage('Internal error retrieving parent of commentId');
@@ -34,7 +33,7 @@ $ob = mysql_fetch_object($result);
$deletedParentId = $ob->parentId;
/* get the subject and body from the comment */
-$result = mysql_query("select * FROM appComments WHERE commentId = '$commentId'");
+$result = mysql_query("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
if (!$result)
{
errorpage('Internal Database Access Error',mysql_error());
@@ -44,46 +43,88 @@ $ob = mysql_fetch_object($result);
$body = $ob->body;
$subject = $ob->subject;
+if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" &&
+ !isset($_REQUEST['int_delete_it']))
+{
+ apidb_header("Delete Comment");
+ $mesTitle = "Please state why you are deleting the following comment";
+ echo "";
+ ?>
+
+
+
+ userId);
+$notify_user_username=lookupUsername($ob->userId);
+$email .= $notify_user_email;
if($email)
{
- $fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
- $ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId\n";
+ $fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
+ $ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\n";
$ms .= "\n";
- $ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." deleted comment from ".$fullAppName."\n";
+ $ms .= $_SESSION['current']->username." deleted comment from ".$fullAppName."\n";
+ $ms .= "\n";
+ $ms .= "This comment was made on ".substr($ob->time,0,10)." by $notify_user_username \n";
$ms .= "\n";
$ms .= "Subject: ".$subject."\n";
$ms .= "\n";
$ms .= $body."\n";
$ms .= "\n";
+ $ms .= "Because:\n";
+ if($_REQUEST['str_why'])
+ $ms .= stripslashes($_REQUEST['str_why'])."\n";
+ else
+ $ms .= "No reason given.\n";
+ $ms .= "\n";
$ms .= STANDARD_NOTIFY_FOOTER;
-
+ echo $ms;
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
-
} else
{
$email = "no one";
}
-addmsg("mesage sent to: ".$email, green);
+addmsg("mesage sent to: ".$email, "green");
addmsg("Comment deleted", "green");
-redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
-
+redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
+}
?>
+
diff --git a/include/comments.php b/include/comments.php
index e566b6c..da212cb 100644
--- a/include/comments.php
+++ b/include/comments.php
@@ -67,10 +67,10 @@ function view_app_comment($ob)
if(havepriv("admin") || isMaintainer($ob->appId, $ob->versionId))
{
echo "";
- echo " | ","\n";
+ echo " | ","\n";
echo "
";
}
@@ -200,8 +200,6 @@ function display_comments_flat($appId, $versionId)
function view_app_comments($appId, $versionId, $threadId = 0)
{
- global $cmode;
-
// count posts
$result = mysql_query("SELECT commentId FROM appComments WHERE appId = $appId AND versionId = $versionId");
$messageCount = mysql_num_rows($result);
@@ -216,8 +214,8 @@ function view_app_comments($appId, $versionId, $threadId = 0)
if (loggedin())
{
// FIXME we need to change this so not logged in users can change current view as well
- if ($cmode)
- $_SESSION['current']->setpref("comments:mode", $cmode);
+ if (isset($_REQUEST['cmode']))
+ $_SESSION['current']->setpref("comments:mode", $_REQUEST['cmode']);
$sel[$_SESSION['current']->getpref("comments:mode")] = 'selected';
echo ' |