[pLog-svn] r6063 - in plugins/branches/lifetype-1.2/editcomments: class/action class/view templates
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Mon Nov 19 23:33:57 EST 2007
Author: jondaley
Date: 2007-11-19 23:33:57 -0500 (Mon, 19 Nov 2007)
New Revision: 6063
Modified:
plugins/branches/lifetype-1.2/editcomments/class/action/admineditcommentaction.class.php
plugins/branches/lifetype-1.2/editcomments/class/action/adminupdatecommentaction.class.php
plugins/branches/lifetype-1.2/editcomments/class/action/adminupdatetrackbackaction.class.php
plugins/branches/lifetype-1.2/editcomments/class/view/admineditcommentview.class.php
plugins/branches/lifetype-1.2/editcomments/class/view/adminedittrackbackview.class.php
plugins/branches/lifetype-1.2/editcomments/templates/editcomment.template
plugins/branches/lifetype-1.2/editcomments/templates/edittrackback.template
Log:
hrm, just requiring the update_comment permission doesn't give me all the security I need. Now this plugin is more careful about who can edit comments and trackbacks
Modified: plugins/branches/lifetype-1.2/editcomments/class/action/admineditcommentaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/editcomments/class/action/admineditcommentaction.class.php 2007-11-20 04:07:47 UTC (rev 6062)
+++ plugins/branches/lifetype-1.2/editcomments/class/action/admineditcommentaction.class.php 2007-11-20 04:33:57 UTC (rev 6063)
@@ -15,7 +15,7 @@
function perform(){
$commentId = $this->_request->getValue("commentId");
-
+
$this->_view = new AdminEditCommentView($this->_blogInfo, $commentId);
$this->setCommonData();
Modified: plugins/branches/lifetype-1.2/editcomments/class/action/adminupdatecommentaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/editcomments/class/action/adminupdatecommentaction.class.php 2007-11-20 04:07:47 UTC (rev 6062)
+++ plugins/branches/lifetype-1.2/editcomments/class/action/adminupdatecommentaction.class.php 2007-11-20 04:33:57 UTC (rev 6063)
@@ -107,45 +107,54 @@
$comments = new ArticleComments();
$comment = $comments->getComment($this->_commentId);
if(!$comment){
- $this->_view = new AdminEditCommentView($this->_blogInfo, $id);
+ $this->_view = new AdminEditCommentView($this->_blogInfo, $this->_commentId);
$this->_view->setErrorMessage( $this->_locale->tr("pluginEditCommentsFailed") );
}
- else if(!ArticleCommentStatus::isValidStatus($this->_commentStatus)){
- $this->_view = new AdminEditCommentView($this->_blogInfo, $id);
- $this->_view->setErrorMessage( $this->_locale->tr("pluginEditCommentsFailed") );
- }
else{
- $comment->setTopic($this->_commentTopic);
- $comment->setText($this->_commentText);
- $comment->setUserName($this->_authorName);
- $comment->setUserEmail($this->_authorEmail);
- $comment->setUserUrl($this->_authorUrl);
- $comment->setDate($this->_commentDateTime);
- $comment->setStatus($this->_commentStatus);
- $comment->setClientIp($this->_commentIp);
- $comment->setNormalizedTopic($this->_commentNormalizedTopic);
- $comment->setNormalizedText($this->_commentNormalizedText);
-
- if($comments->updateComment($comment)){
- if($this->_articleId){
- $articles = new Articles();
- $article = $articles->getBlogArticle($this->_articleId,
- $this->_blogInfo->getId());
- $this->_view = new AdminArticleCommentsListView(
- $this->_blogInfo,
- array("article" => $article));
+ $commBlogInfo = $comment->getBlogInfo();
+ if(!$commBlogInfo ||
+ ($commBlogInfo->getId() != $this->_blogInfo->getId()))
+ {
+ $this->_view = new AdminEditCommentView($this->_blogInfo, $this->_commentId);
+ $this->_view->setErrorMessage( $this->_locale->tr("pluginEditCommentsFailed") );
+ }
+ else if(!ArticleCommentStatus::isValidStatus($this->_commentStatus)){
+ $this->_view = new AdminEditCommentView($this->_blogInfo, $this->_commentId);
+ $this->_view->setErrorMessage( $this->_locale->tr("pluginEditCommentsFailed") );
+ }
+ else{
+ $comment->setTopic($this->_commentTopic);
+ $comment->setText($this->_commentText);
+ $comment->setUserName($this->_authorName);
+ $comment->setUserEmail($this->_authorEmail);
+ $comment->setUserUrl($this->_authorUrl);
+ $comment->setDate($this->_commentDateTime);
+ $comment->setStatus($this->_commentStatus);
+ $comment->setClientIp($this->_commentIp);
+ $comment->setNormalizedTopic($this->_commentNormalizedTopic);
+ $comment->setNormalizedText($this->_commentNormalizedText);
+
+ if($comments->updateComment($comment)){
+ if($this->_articleId){
+ $articles = new Articles();
+ $article = $articles->getBlogArticle($this->_articleId,
+ $this->_blogInfo->getId());
+ $this->_view = new AdminArticleCommentsListView(
+ $this->_blogInfo,
+ array("article" => $article));
+ }
+ else{
+ $this->_view = new AdminPostsListView( $this->_blogInfo );
+ }
+ $this->_view->setSuccessMessage( $this->_locale->tr("pluginEditCommentsOk") );
+ CacheControl::resetBlogCache( $this->_blogInfo->getId());
}
else{
- $this->_view = new AdminPostsListView( $this->_blogInfo );
+ $this->_view = new AdminArticleCommentsListView(
+ $this->_blogInfo);
+ $this->_view->setErrorMessage( $this->_locale->tr("pluginEditCommentsFailed") );
}
- $this->_view->setSuccessMessage( $this->_locale->tr("pluginEditCommentsOk") );
- CacheControl::resetBlogCache( $this->_blogInfo->getId());
}
- else{
- $this->_view = new AdminArticleCommentsListView(
- $this->_blogInfo);
- $this->_view->setErrorMessage( $this->_locale->tr("pluginEditCommentsFailed") );
- }
}
}
else if($this->_articleId){
Modified: plugins/branches/lifetype-1.2/editcomments/class/action/adminupdatetrackbackaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/editcomments/class/action/adminupdatetrackbackaction.class.php 2007-11-20 04:07:47 UTC (rev 6062)
+++ plugins/branches/lifetype-1.2/editcomments/class/action/adminupdatetrackbackaction.class.php 2007-11-20 04:33:57 UTC (rev 6063)
@@ -103,46 +103,54 @@
if($this->_op == "updateTrackback"){
$trackbacks = new Trackbacks();
$trackback = $trackbacks->getTrackback($this->_trackbackId);
-
if(!$trackback){
- $this->_view = new AdminEditTrackbackView($this->_blogInfo, $id);
+ $this->_view = new AdminEditTrackbackView($this->_blogInfo, $this->_trackbackId);
$this->_view->setErrorMessage( $this->_locale->tr("pluginEditTrackbacksFailed") );
}
- else if(!ArticleCommentStatus::isValidStatus($this->_commentStatus)){
- $this->_view = new AdminEditTrackbackView($this->_blogInfo, $id);
- $this->_view->setErrorMessage( $this->_locale->tr("pluginEditTrackbacksFailed") );
- }
else{
- $trackback->setTopic($this->_commentTopic);
- $trackback->setText($this->_commentText);
- $trackback->setUserName($this->_authorName);
- $trackback->setUserEmail($this->_authorEmail);
- $trackback->setUserUrl($this->_authorUrl);
- $trackback->setDate($this->_commentDateTime);
- $trackback->setStatus($this->_commentStatus);
- $trackback->setClientIp($this->_commentIp);
- $trackback->setNormalizedTopic($this->_commentNormalizedTopic);
- $trackback->setNormalizedText($this->_commentNormalizedText);
-
- if($trackbacks->updateComment($trackback)) {
- if($this->_articleId) {
- $articles = new Articles();
- $article = $articles->getBlogArticle($this->_articleId,
- $this->_blogInfo->getId());
- $this->_view = new AdminArticleTrackbacksListView(
- $this->_blogInfo,
- array("article" => $article));
+ $tbBlogInfo = $trackback->getBlogInfo();
+ if(!$tbBlogInfo ||
+ ($tbBlogInfo->getId() != $this->_blogInfo->getId()))
+ {
+ $this->_view = new AdminEditTrackbackView($this->_blogInfo, $this->_trackbackId);
+ $this->_view->setErrorMessage( $this->_locale->tr("pluginEditTrackbacksFailed") );
+ }
+ else if(!ArticleCommentStatus::isValidStatus($this->_commentStatus)){
+ $this->_view = new AdminEditTrackbackView($this->_blogInfo, $this->_trackbackId);
+ $this->_view->setErrorMessage( $this->_locale->tr("pluginEditTrackbacksFailed") );
+ }
+ else{
+ $trackback->setTopic($this->_commentTopic);
+ $trackback->setText($this->_commentText);
+ $trackback->setUserName($this->_authorName);
+ $trackback->setUserEmail($this->_authorEmail);
+ $trackback->setUserUrl($this->_authorUrl);
+ $trackback->setDate($this->_commentDateTime);
+ $trackback->setStatus($this->_commentStatus);
+ $trackback->setClientIp($this->_commentIp);
+ $trackback->setNormalizedTopic($this->_commentNormalizedTopic);
+ $trackback->setNormalizedText($this->_commentNormalizedText);
+
+ if($trackbacks->updateComment($trackback)) {
+ if($this->_articleId) {
+ $articles = new Articles();
+ $article = $articles->getBlogArticle($this->_articleId,
+ $this->_blogInfo->getId());
+ $this->_view = new AdminArticleTrackbacksListView(
+ $this->_blogInfo,
+ array("article" => $article));
+ }
+ else {
+ $this->_view = new AdminPostsListView( $this->_blogInfo );
+ }
+ $this->_view->setSuccessMessage( $this->_locale->tr("pluginEditTrackbacksOk") );
+ CacheControl::resetBlogCache( $this->_blogInfo->getId());
}
else {
- $this->_view = new AdminPostsListView( $this->_blogInfo );
+ $this->_view = new AdminArticleTrackbacksListView ($this->_blogInfo);
+ $this->_view->setErrorMessage( $this->_locale->tr("pluginEditTrackbacksFailed") );
}
- $this->_view->setSuccessMessage( $this->_locale->tr("pluginEditTrackbacksOk") );
- CacheControl::resetBlogCache( $this->_blogInfo->getId());
}
- else {
- $this->_view = new AdminArticleTrackbacksListView ($this->_blogInfo);
- $this->_view->setErrorMessage( $this->_locale->tr("pluginEditTrackbacksFailed") );
- }
}
}
else if($this->_articleId){
Modified: plugins/branches/lifetype-1.2/editcomments/class/view/admineditcommentview.class.php
===================================================================
--- plugins/branches/lifetype-1.2/editcomments/class/view/admineditcommentview.class.php 2007-11-20 04:07:47 UTC (rev 6062)
+++ plugins/branches/lifetype-1.2/editcomments/class/view/admineditcommentview.class.php 2007-11-20 04:33:57 UTC (rev 6063)
@@ -17,6 +17,15 @@
$articleComments = new ArticleComments();
$comment = $articleComments->getComment($this->_commentId);
+ $commBlogInfo = $comment ? $comment->getBlogInfo() : NULL;
+ if(!$commBlogInfo ||
+ ($commBlogInfo->getId() != $this->_blogInfo->getId()))
+ {
+ $text = "You are not allowed to edit this comment";
+ $this->setErrorMessage( $text );
+ unset($comment);
+ }
+
if($comment){
$t = $comment->getDateObject();
$this->setValue( "commentDateTime", $t->getDay()."/".
Modified: plugins/branches/lifetype-1.2/editcomments/class/view/adminedittrackbackview.class.php
===================================================================
--- plugins/branches/lifetype-1.2/editcomments/class/view/adminedittrackbackview.class.php 2007-11-20 04:07:47 UTC (rev 6062)
+++ plugins/branches/lifetype-1.2/editcomments/class/view/adminedittrackbackview.class.php 2007-11-20 04:33:57 UTC (rev 6063)
@@ -17,6 +17,15 @@
$trackbacks = new Trackbacks();
$tb = $trackbacks->getTrackBack($this->_trackbackId);
+ $tbBlogInfo = $tb ? $tb->getBlogInfo() : NULL;
+ if(!$tbBlogInfo ||
+ ($tbBlogInfo->getId() != $this->_blogInfo->getId()))
+ {
+ $text = "You are not allowed to edit this trackback";
+ $this->setErrorMessage( $text );
+ unset($tb);
+ }
+
if($tb){
$t = $tb->getDateObject();
$this->setValue( "commentDateTime", $t->getDay()."/".
Modified: plugins/branches/lifetype-1.2/editcomments/templates/editcomment.template
===================================================================
--- plugins/branches/lifetype-1.2/editcomments/templates/editcomment.template 2007-11-20 04:07:47 UTC (rev 6062)
+++ plugins/branches/lifetype-1.2/editcomments/templates/editcomment.template 2007-11-20 04:33:57 UTC (rev 6063)
@@ -9,6 +9,7 @@
<script type="text/javascript"
src="js/jscalendar/calendar-setup_stripped.js"></script>
+{if $editcomment}
<form id="editComment" action="admin.php" method="post">
<div id="list">
{include file="$admintemplatepath/successmessage.template"}
@@ -95,5 +96,8 @@
<input type="submit" name="cancel" value="{$locale->tr("pluginEditCommentsCancel")}" />
</div>
</form>
+{else}
+ {include file="$admintemplatepath/errormessage.template"}
+{/if}
{include file="$admintemplatepath/footer.template"}
Modified: plugins/branches/lifetype-1.2/editcomments/templates/edittrackback.template
===================================================================
--- plugins/branches/lifetype-1.2/editcomments/templates/edittrackback.template 2007-11-20 04:07:47 UTC (rev 6062)
+++ plugins/branches/lifetype-1.2/editcomments/templates/edittrackback.template 2007-11-20 04:33:57 UTC (rev 6063)
@@ -9,6 +9,7 @@
<script type="text/javascript"
src="js/jscalendar/calendar-setup_stripped.js"></script>
+{if $edittrackback}
<form id="editComment" action="admin.php" method="post">
<div id="list">
{include file="$admintemplatepath/successmessage.template"}
@@ -95,5 +96,8 @@
<input type="submit" name="cancel" value="{$locale->tr("pluginEditCommentsCancel")}" />
</div>
</form>
+{else}
+ {include file="$admintemplatepath/errormessage.template"}
+{/if}
{include file="$admintemplatepath/footer.template"}
More information about the pLog-svn
mailing list