[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /*

   4   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)

   5   * Copyright (C) 2002-2007 The Nucleus Group

   6   *

   7   * This program is free software; you can redistribute it and/or

   8   * modify it under the terms of the GNU General Public License

   9   * as published by the Free Software Foundation; either version 2

  10   * of the License, or (at your option) any later version.

  11   * (see nucleus/documentation/index.html#license for more info)

  12   */
  13  /**

  14   * A class representing a single comment

  15   *

  16   * @license http://nucleuscms.org/license.txt GNU General Public License

  17   * @copyright Copyright (C) 2002-2007 The Nucleus Group

  18   * @version $Id: COMMENT.php 1370 2009-06-22 22:00:32Z ftruscot $

  19   */
  20  class COMMENT {
  21  
  22      /**

  23        * Returns the requested comment

  24        * 

  25        * @static

  26        */
  27  	function getComment($commentid) {
  28          $query =  'SELECT cnumber as commentid, cbody as body, cuser as user, cmail as userid, cemail as email, cmember as memberid, ctime, chost as host, mname as member, cip as ip, cblog as blogid'
  29                 . ' FROM '.sql_table('comment').' left outer join '.sql_table('member').' on cmember=mnumber'
  30                 . ' WHERE cnumber=' . intval($commentid);
  31          $comments = sql_query($query);
  32  
  33          $aCommentInfo = sql_fetch_assoc($comments);
  34          if ($aCommentInfo)
  35          {
  36              $aCommentInfo['timestamp'] = strtotime($aCommentInfo['ctime']);
  37          }
  38          return $aCommentInfo;
  39      }
  40  
  41      /**

  42        * Prepares a comment to be saved

  43        *       

  44        * @static

  45        */
  46  	function prepare($comment) {
  47          $comment['user'] = strip_tags($comment['user']);
  48          $comment['userid'] = strip_tags($comment['userid']);
  49          $comment['email'] = strip_tags($comment['email']);
  50  
  51          // remove quotes and newlines from user and userid

  52          $comment['user'] = strtr($comment['user'], "\'\"\n",'-- ');
  53          $comment['userid'] = strtr($comment['userid'], "\'\"\n",'-- ');
  54          $comment['email'] = strtr($comment['email'], "\'\"\n",'-- ');
  55  
  56          $comment['body'] = COMMENT::prepareBody($comment['body']);
  57  
  58          return $comment;
  59      }
  60  
  61      /**

  62       * Prepares the body of a comment

  63       *

  64       * @ static

  65       */         
  66  	function prepareBody($body) {
  67  
  68          // remove newlines when too many in a row

  69          $body = ereg_replace("\n.\n.\n","\n",$body);
  70  
  71          // encode special characters as entities

  72          $body = htmlspecialchars($body);
  73  
  74          // trim away whitespace and newlines at beginning and end

  75          $body = trim($body);
  76  
  77          // add <br /> tags

  78          $body = addBreaks($body);
  79  
  80          // create hyperlinks for http:// addresses

  81          // there's a testcase for this in /build/testcases/urllinking.txt

  82          $replaceFrom = array(
  83              '/([^:\/\/\w]|^)((https:\/\/)([\w\.-]+)([\/\w+\.~%&?@=_:;#,-]+))/ie',

  84              '/([^:\/\/\w]|^)((http:\/\/|www\.)([\w\.-]+)([\/\w+\.~%&?@=_:;#,-]+))/ie',

  85              '/([^:\/\/\w]|^)((ftp:\/\/|ftp\.)([\w\.-]+)([\/\w+\.~%&?@=_:;#,-]+))/ie',

  86              '/([^:\/\/\w]|^)(mailto:(([a-zA-Z\@\%\.\-\+_])+))/ie'
  87          );
  88          $replaceTo = array(
  89              'COMMENT::createLinkCode("\\1", "\\2","https")',
  90              'COMMENT::createLinkCode("\\1", "\\2","http")',
  91              'COMMENT::createLinkCode("\\1", "\\2","ftp")',
  92              'COMMENT::createLinkCode("\\1", "\\3","mailto")'
  93          );
  94          $body = preg_replace($replaceFrom, $replaceTo, $body);
  95  
  96          return $body;
  97      }
  98  
  99      /**

 100       * Creates a link code for unlinked URLs with different protocols

 101       *

 102       * @ static

 103       */    
 104  	function createLinkCode($pre, $url, $protocol = 'http') {
 105          $post = '';
 106  
 107          // it's possible that $url ends contains entities we don't want,

 108          // since htmlspecialchars is applied _before_ URL linking

 109          // move the part of URL, starting from the disallowed entity to the 'post' link part

 110          $aBadEntities = array('&quot;', '&gt;', '&lt;');
 111          foreach ($aBadEntities as $entity)
 112          {
 113              $pos = strpos($url, $entity);
 114              if ($pos)
 115              {
 116                  $post = substr($url, $pos) . $post;
 117                  $url = substr($url, 0, $pos);
 118  
 119              }
 120          }
 121  
 122          // remove entities at end (&&&&)

 123          if (preg_match('/(&\w+;)+$/i', $url, $matches)) {
 124              $post = $matches[0] . $post;    // found entities (1 or more)

 125              $url = substr($url, 0, strlen($url) - strlen($post));
 126          }
 127  
 128          // move ending comma from url to 'post' part

 129          if (substr($url, strlen($url) - 1) == ',')
 130          {
 131              $url = substr($url, 0, strlen($url) - 1);
 132              $post = ',' . $post;
 133          }
 134  
 135          if (!ereg('^'.$protocol.'://',$url))
 136              $linkedUrl = $protocol . (($protocol == 'mailto') ? ':' : '://') . $url;
 137          else
 138              $linkedUrl = $url;
 139  
 140  
 141          if ($protocol != 'mailto')
 142              $displayedUrl = $linkedUrl;
 143          else
 144              $displayedUrl = $url;
 145          return $pre . '<a href="'.$linkedUrl.'" rel="nofollow">'.shorten($displayedUrl,30,'...').'</a>' . $post;
 146      }
 147  
 148  }
 149  
 150  ?>