- when a comment is deleted, one can state the reason why he did this.
- the user that made the comment get's an e-mail
This commit is contained in:
Jonathan Ernst
WineHQ
7
TODO
7
TODO
@@ -9,9 +9,12 @@ sat for too long it would be rejected and an email would be send to the
|
||||
submitter saying it timed out. If the admin/maintainer clicked on accept it
|
||||
would go into the db like every other image.
|
||||
|
||||
# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines). In particular globally registered vars should be replaced by superglobals and <? ?> should be replaced by <?php ?>.
|
||||
# when deleting an application we should delete linked entries (screenshots, comments, etc.)
|
||||
|
||||
# when we delete a comment there should be a box to explain why you are deleting this comment and an email should be sent to the submitter
|
||||
# when deleting a screenshot we should delete the image file as well
|
||||
|
||||
# appdb engine - clean up the php backend (see CODING_STANDARD for code style guidelines).
|
||||
In particular globally registered vars should be replaced by superglobals (nearly finished)
|
||||
|
||||
# Super Maintainers should be able to edit the main app and send a notify message like the versions have.
|
||||
|
||||
|
||||
@@ -22,32 +22,32 @@ if(!isset($_REQUEST['appId']))
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!$_REQUEST['versionId'])
|
||||
if(!isset($_REQUEST['versionId']))
|
||||
{
|
||||
$versionId = 0;
|
||||
$_REQUEST['versionId'] = 0;
|
||||
}
|
||||
|
||||
if(!$_REQUEST['thread'])
|
||||
if(!isset($_REQUEST['thread']))
|
||||
{
|
||||
$thread = 0;
|
||||
$_REQUEST['thread'] = 0;
|
||||
}
|
||||
|
||||
############################
|
||||
# ADDS COMMENT TO DATABASE #
|
||||
############################
|
||||
if($_REQUEST[body])
|
||||
if(isset($_REQUEST['body']))
|
||||
{
|
||||
$hostname = get_remote();
|
||||
|
||||
$subject = strip_tags($subject);
|
||||
$subject = strip_tags($_REQUEST['subject']);
|
||||
$subject = mysql_escape_string($subject);
|
||||
$body1 = mysql_escape_string($body);
|
||||
$body1 = mysql_escape_string($_REQUEST['body']);
|
||||
|
||||
// get current userid
|
||||
$userId = $_SESSION['current']->userid;
|
||||
|
||||
$result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, $thread, ".
|
||||
"$appId, $versionId, $userId, '$hostname', '$subject', ".
|
||||
$result = mysql_query("INSERT INTO appComments VALUES (NOW(), null, '".$_REQUEST['thread']."','".
|
||||
$_REQUEST['appId']."', '".$_REQUEST['versionId']."', $userId, '$hostname', '$subject', ".
|
||||
"'$body1', 0)");
|
||||
|
||||
if (!$result)
|
||||
@@ -56,19 +56,19 @@ if($_REQUEST[body])
|
||||
exit;
|
||||
} else
|
||||
{
|
||||
if ($originator)
|
||||
if (isset($originator))
|
||||
{
|
||||
if (UserWantsEmail($originator))
|
||||
{
|
||||
$email = lookupEmail($originator);
|
||||
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
|
||||
$ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
|
||||
$fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
|
||||
$ms .= APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
|
||||
$ms .= "\n";
|
||||
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." added comment to ".$fullAppName."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= "Subject: ".$subject."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= $body."\n";
|
||||
$ms .= $_REQUEST['body']."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= "------- You are receiving this mail because: -------\n";
|
||||
$ms .= "Someone posted a comment in responce to your comment\n";
|
||||
@@ -79,17 +79,17 @@ if($_REQUEST[body])
|
||||
addmsg("Comment message sent to original poster", "green");
|
||||
}
|
||||
}
|
||||
$email = getNotifyEmailAddressList($appId, $versionId);
|
||||
$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
|
||||
if($email)
|
||||
{
|
||||
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
|
||||
$ms = APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId"."\n";
|
||||
$fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
|
||||
$ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId'].".\n";
|
||||
$ms .= "\n";
|
||||
$ms .= $_SESSION['current']->username." added comment to ".$fullAppName."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= "Subject: ".$subject."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= $body."\n";
|
||||
$ms .= $_REQUEST['body']."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= STANDARD_NOTIFY_FOOTER;
|
||||
|
||||
@@ -98,10 +98,10 @@ if($_REQUEST[body])
|
||||
{
|
||||
$email = "no one";
|
||||
}
|
||||
addmsg("mesage sent to: ".$email, green);
|
||||
addmsg("mesage sent to: ".$email, "green");
|
||||
|
||||
addmsg("New Comment Posted", "green");
|
||||
redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
|
||||
redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -116,7 +116,7 @@ else if(loggedin())
|
||||
|
||||
if($_REQUEST['thread'])
|
||||
{
|
||||
$result = mysql_query("SELECT * FROM appComments WHERE commentId = $thread");
|
||||
$result = mysql_query("SELECT * FROM appComments WHERE commentId = ".$_REQUEST['thread']);
|
||||
$ob = mysql_fetch_object($result);
|
||||
if($ob)
|
||||
{
|
||||
@@ -128,7 +128,7 @@ else if(loggedin())
|
||||
}
|
||||
}
|
||||
|
||||
echo "<form method=POST action='addcomment.php'>\n";
|
||||
echo "<form method=\"POST\" action=\"addcomment.php\">\n";
|
||||
|
||||
echo html_frame_start($mesTitle,500,"",0);
|
||||
|
||||
@@ -136,22 +136,22 @@ else if(loggedin())
|
||||
echo "<tr bgcolor=#E0E0E0><td align=right><b>From:</b> </td>\n";
|
||||
echo " <td> ".$_SESSION['current']->username."</td></tr>\n";
|
||||
echo "<tr bgcolor=#E0E0E0><td align=right><b>Subject:</b> </td>\n";
|
||||
echo " <td> <input type=text size=35 name=subject value='$subject'> </td></tr>\n";
|
||||
echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=body cols=70 rows=15 wrap=virtual>$body</textarea></td></tr>\n";
|
||||
echo " <td> <input type=\"text\" size=\"35\" name=\"subject\" value=\"".$_REQUEST['subject']."\" /> </td></tr>\n";
|
||||
echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"body\" cols=\"70\" rows=\"15\" wrap=\"virtual\">".$_REQUEST['body']."</textarea></td></tr>\n";
|
||||
echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
|
||||
echo " <input type=SUBMIT value='Post Comment' class=button>\n";
|
||||
echo " <input type=RESET value='Reset' class=button>\n";
|
||||
echo " <input type=\"SUBMIT\" value=\"Post Comment\" class=\"button\" />\n";
|
||||
echo " <input type=\"RESET\" value=\"Reset\" class=\"button\" />\n";
|
||||
echo "</td></tr>\n";
|
||||
echo "</table>\n";
|
||||
|
||||
echo html_frame_end();
|
||||
|
||||
echo "<input type=HIDDEN name=thread value=$thread>\n";
|
||||
echo "<input type=HIDDEN name=appId value=$appId>\n";
|
||||
echo "<input type=HIDDEN name=versionId value=$versionId>\n";
|
||||
if ($thread)
|
||||
echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
|
||||
echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
|
||||
echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
|
||||
if (isset($_REQUEST['thread']))
|
||||
{
|
||||
echo "<input type=HIDDEN name=originator value=$originator>\n";
|
||||
echo "<input type=\"HIDDEN\" name=\"originator\" value=\"$originator\" />\n";
|
||||
}
|
||||
echo "</form>";
|
||||
}
|
||||
|
||||
@@ -635,6 +635,6 @@ else if($appId && $versionId)
|
||||
|
||||
<p> </p>
|
||||
|
||||
<?
|
||||
<?php
|
||||
apidb_footer();
|
||||
?>
|
||||
|
||||
@@ -5,15 +5,14 @@ require(BASE."include/"."incl.php");
|
||||
require(BASE."include/"."application.php");
|
||||
|
||||
|
||||
$appId = strip_tags($_POST['appId']);
|
||||
$versionId = strip_tags($_POST['versionId']);
|
||||
|
||||
$commentId = strip_tags($_POST['commentId']);
|
||||
$commentId = mysql_escape_string($commentId);
|
||||
$_REQUEST['appId'] = strip_tags($_REQUEST['appId']);
|
||||
$_REQUEST['versionId'] = strip_tags($_REQUEST['versionId']);
|
||||
$_REQUEST['commentId'] = strip_tags($_REQUEST['commentId']);
|
||||
$_REQUEST['commentId'] = mysql_escape_string($_REQUEST['commentId']);
|
||||
|
||||
/* if we aren't an admin or the maintainer of this app we shouldn't be */
|
||||
/* allowed to delete any comments */
|
||||
if(!havepriv("admin") && !isMaintainer($appId, $versionId))
|
||||
if(!havepriv("admin") && !isMaintainer($_REQUEST['appId'], $_REQUEST['versionId']))
|
||||
{
|
||||
errorpage('You don\'t have admin privilages');
|
||||
exit;
|
||||
@@ -23,7 +22,7 @@ opendb();
|
||||
|
||||
/* retrieve the parentID of the comment we are deleting */
|
||||
/* so we can fix up the parentIds of this comments children */
|
||||
$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '$commentId'");
|
||||
$result = mysql_query("SELECT parentId FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
|
||||
if (!$result)
|
||||
{
|
||||
errorpage('Internal error retrieving parent of commentId');
|
||||
@@ -34,7 +33,7 @@ $ob = mysql_fetch_object($result);
|
||||
$deletedParentId = $ob->parentId;
|
||||
|
||||
/* get the subject and body from the comment */
|
||||
$result = mysql_query("select * FROM appComments WHERE commentId = '$commentId'");
|
||||
$result = mysql_query("select * FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
|
||||
if (!$result)
|
||||
{
|
||||
errorpage('Internal Database Access Error',mysql_error());
|
||||
@@ -44,46 +43,88 @@ $ob = mysql_fetch_object($result);
|
||||
$body = $ob->body;
|
||||
$subject = $ob->subject;
|
||||
|
||||
if($_SESSION['current']->getpref("confirm_comment_deletion") != "no" &&
|
||||
!isset($_REQUEST['int_delete_it']))
|
||||
{
|
||||
apidb_header("Delete Comment");
|
||||
$mesTitle = "<b>Please state why you are deleting the following comment</b>";
|
||||
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
|
||||
echo html_frame_start($mesTitle,500,"",0);
|
||||
echo "<br />";
|
||||
echo html_frame_start($ob->subject,500);
|
||||
echo htmlify_urls($ob->body), "<br /><br />\n";
|
||||
echo html_frame_end();
|
||||
echo '<table width="100%" border=0 cellpadding=0 cellspacing=1>',"\n";
|
||||
echo "<tr bgcolor=#C0C0C0><td colspan=2><textarea name=\"str_why\" cols=\"70\" rows=\"15\" wrap=\"virtual\"></textarea></td></tr>\n";
|
||||
echo "<tr bgcolor=#C0C0C0><td colspan=2 align=center>\n";
|
||||
echo " <input type=\"SUBMIT\" value=\"Delete Comment\" class=\"button\" />\n";
|
||||
echo "</td></tr>\n";
|
||||
echo "</table>\n";
|
||||
echo html_frame_end();
|
||||
echo "<input type=\"HIDDEN\" name=\"int_delete_it\" value=\"1\" />\n";
|
||||
echo "<input type=\"HIDDEN\" name=\"thread\" value=\"".$_REQUEST['thread']."\" />\n";
|
||||
echo "<input type=\"HIDDEN\" name=\"appId\" value=\"".$_REQUEST['appId']."\" />\n";
|
||||
echo "<input type=\"HIDDEN\" name=\"versionId\" value=\"".$_REQUEST['versionId']."\" />\n";
|
||||
echo "<input type=\"hidden\" name=\"commentId\" value=\"".$_REQUEST['commentId']."\" />";
|
||||
echo "</form>";
|
||||
?>
|
||||
|
||||
<p> </p>
|
||||
|
||||
<?php
|
||||
apidb_footer();
|
||||
} else
|
||||
{
|
||||
/* delete the comment from the database */
|
||||
$result = mysql_query("DELETE FROM appComments WHERE commentId = '".$_REQUEST['commentId']."'");
|
||||
|
||||
$result = mysql_query("DELETE FROM appComments WHERE commentId = '$commentId'");
|
||||
|
||||
if (!$result)
|
||||
if (!isset($result))
|
||||
{
|
||||
errorpage('Internal Database Access Error',mysql_error());
|
||||
exit;
|
||||
}
|
||||
|
||||
/* fixup the child comments so the parentId points to a valid parent comment */
|
||||
$result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '$commentId'");
|
||||
if(!$result)
|
||||
$result = mysql_query("UPDATE appComments set parentId = '$deletedParentId' WHERE parentId = '".$_REQUEST['commentId']."'");
|
||||
if(!isset($result))
|
||||
{
|
||||
errorpage('Internal database error fixing up the parentId of child comments');
|
||||
exit;
|
||||
}
|
||||
$email = getNotifyEmailAddressList($appId, $versionId);
|
||||
$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
|
||||
$notify_user_email=lookupEmail($ob->userId);
|
||||
$notify_user_username=lookupUsername($ob->userId);
|
||||
$email .= $notify_user_email;
|
||||
if($email)
|
||||
{
|
||||
$fullAppName = "Application: ".lookupAppName($appId)." Version: ".lookupVersionName($appId, $versionId);
|
||||
$ms .= APPDB_ROOT."appview.php?appId=$appId&versionId=$versionId\n";
|
||||
$fullAppName = "Application: ".lookupAppName($_REQUEST['appId'])." Version: ".lookupVersionName($_REQUEST['appId'], $_REQUEST['versionId']);
|
||||
$ms = APPDB_ROOT."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= ($_SESSION['current']->username ? $_SESSION['current']->username : "Anonymous")." deleted comment from ".$fullAppName."\n";
|
||||
$ms .= $_SESSION['current']->username." deleted comment from ".$fullAppName."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= "This comment was made on ".substr($ob->time,0,10)." by $notify_user_username \n";
|
||||
$ms .= "\n";
|
||||
$ms .= "Subject: ".$subject."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= $body."\n";
|
||||
$ms .= "\n";
|
||||
$ms .= "Because:\n";
|
||||
if($_REQUEST['str_why'])
|
||||
$ms .= stripslashes($_REQUEST['str_why'])."\n";
|
||||
else
|
||||
$ms .= "No reason given.\n";
|
||||
$ms .= "\n";
|
||||
$ms .= STANDARD_NOTIFY_FOOTER;
|
||||
|
||||
echo $ms;
|
||||
mail(stripslashes($email), "[AppDB] ".$fullAppName ,$ms);
|
||||
|
||||
} else
|
||||
{
|
||||
$email = "no one";
|
||||
}
|
||||
addmsg("mesage sent to: ".$email, green);
|
||||
addmsg("mesage sent to: ".$email, "green");
|
||||
|
||||
addmsg("Comment deleted", "green");
|
||||
redirect(apidb_fullurl("appview.php?appId=$appId&versionId=$versionId"));
|
||||
|
||||
redirect(apidb_fullurl("appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']));
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
@@ -67,10 +67,10 @@ function view_app_comment($ob)
|
||||
if(havepriv("admin") || isMaintainer($ob->appId, $ob->versionId))
|
||||
{
|
||||
echo "<tr>";
|
||||
echo "<td><form method=post name=message action=$apidb_root/deletecomment.php><input type=submit value='Delete' class=button>\n";
|
||||
echo "<input type=hidden name='commentId' value=$ob->commentId>";
|
||||
echo "<input type=hidden name='appId' value=$ob->appId>";
|
||||
echo "<input type=hidden name='versionId' value=$ob->versionId></form></td>","\n";
|
||||
echo "<td><form method=\"post\" name=\"message\" action=\"".$apidb_root."deletecomment.php\"><input type=submit value='Delete' class=button>\n";
|
||||
echo "<input type=\"hidden\" name=\"commentId\" value=\"$ob->commentId\" />";
|
||||
echo "<input type=\"hidden\" name=\"appId\" value=\"$ob->appId\" />";
|
||||
echo "<input type=\"hidden\" name=\"versionId\" value=\"$ob->versionId\" /></form></td>","\n";
|
||||
echo "</td></tr>";
|
||||
}
|
||||
|
||||
@@ -200,8 +200,6 @@ function display_comments_flat($appId, $versionId)
|
||||
|
||||
function view_app_comments($appId, $versionId, $threadId = 0)
|
||||
{
|
||||
global $cmode;
|
||||
|
||||
// count posts
|
||||
$result = mysql_query("SELECT commentId FROM appComments WHERE appId = $appId AND versionId = $versionId");
|
||||
$messageCount = mysql_num_rows($result);
|
||||
@@ -216,8 +214,8 @@ function view_app_comments($appId, $versionId, $threadId = 0)
|
||||
if (loggedin())
|
||||
{
|
||||
// FIXME we need to change this so not logged in users can change current view as well
|
||||
if ($cmode)
|
||||
$_SESSION['current']->setpref("comments:mode", $cmode);
|
||||
if (isset($_REQUEST['cmode']))
|
||||
$_SESSION['current']->setpref("comments:mode", $_REQUEST['cmode']);
|
||||
|
||||
$sel[$_SESSION['current']->getpref("comments:mode")] = 'selected';
|
||||
echo '<td><form method=get name=smode action="appview.php">',"\n";
|
||||
|
||||
@@ -17,7 +17,7 @@ INSERT INTO prefs_list VALUES (0, 'sidebar', 'left', 'left|right', 'Sidebar loca
|
||||
INSERT INTO prefs_list VALUES (0, 'window:query', 'no', 'yes|no', 'Display query results in a new window');
|
||||
INSERT INTO prefs_list VALUES (0, 'window:help', 'no', 'yes|no', 'Display help in a new window');
|
||||
INSERT INTO prefs_list VALUES (0, 'window:offsite', 'no', 'yes|no', 'Display offsite URLs in a new window');
|
||||
|
||||
INSERT INTO prefs_list VALUES (0, 'confirm_comment_deletion', 'yes', 'yes|no', 'Asks why you are deleting a comment before to delete it');
|
||||
INSERT INTO prefs_list VALUES (0, 'query:mode', 'view', 'view|edit', 'Default API details mode');
|
||||
INSERT INTO prefs_list VALUES (0, 'query:hide_header', 'no', 'yes|no', 'Hide apidb header in query results');
|
||||
INSERT INTO prefs_list VALUES (0, 'query:hide_sidebar', 'no', 'yes|no', 'Hide apidb sidebar in query results');
|
||||
|
||||
Reference in New Issue
Block a user