Removed XHR stuff from comments handler.
This commit is contained in:
parent
d9c3ca1e5a
commit
053109fe4f
1 changed files with 34 additions and 82 deletions
|
@ -15,33 +15,30 @@ require_once '../misuzu.php';
|
||||||
|
|
||||||
// basing whether or not this is an xhr request on whether a referrer header is present
|
// basing whether or not this is an xhr request on whether a referrer header is present
|
||||||
// this page is never directy accessed, under normal circumstances
|
// this page is never directy accessed, under normal circumstances
|
||||||
$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : '';
|
$redirect = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : url('index');
|
||||||
$isXHR = !$redirect;
|
|
||||||
|
|
||||||
if($isXHR) {
|
if(!is_local_url($redirect)) {
|
||||||
header('Content-Type: application/json; charset=utf-8');
|
|
||||||
} elseif(!is_local_url($redirect)) {
|
|
||||||
echo render_info('Possible request forgery detected.', 403);
|
echo render_info('Possible request forgery detected.', 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!CSRF::validateRequest()) {
|
if(!CSRF::validateRequest()) {
|
||||||
echo render_info_or_json($isXHR, "Couldn't verify this request, please refresh the page and try again.", 403);
|
echo render_info("Couldn't verify this request, please refresh the page and try again.", 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$currentUserInfo = User::getCurrent();
|
$currentUserInfo = User::getCurrent();
|
||||||
if($currentUserInfo === null) {
|
if($currentUserInfo === null) {
|
||||||
echo render_info_or_json($isXHR, 'You must be logged in to manage comments.', 401);
|
echo render_info('You must be logged in to manage comments.', 401);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($currentUserInfo->isBanned()) {
|
if($currentUserInfo->isBanned()) {
|
||||||
echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403);
|
echo render_info('You have been banned, check your profile for more information.', 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if($currentUserInfo->isSilenced()) {
|
if($currentUserInfo->isSilenced()) {
|
||||||
echo render_info_or_json($isXHR, 'You have been silenced, check your profile for more information.', 403);
|
echo render_info('You have been silenced, check your profile for more information.', 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,7 +53,7 @@ if($commentId > 0)
|
||||||
try {
|
try {
|
||||||
$commentInfo2 = CommentsPost::byId($commentId);
|
$commentInfo2 = CommentsPost::byId($commentId);
|
||||||
} catch(CommentsPostNotFoundException $ex) {
|
} catch(CommentsPostNotFoundException $ex) {
|
||||||
echo render_info_or_json($isXHR, 'Post not found.', 404);
|
echo render_info('Post not found.', 404);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,52 +61,44 @@ switch($commentMode) {
|
||||||
case 'pin':
|
case 'pin':
|
||||||
case 'unpin':
|
case 'unpin':
|
||||||
if(!$commentPerms['can_pin'] && !$commentInfo2->isOwner($currentUserInfo)) {
|
if(!$commentPerms['can_pin'] && !$commentInfo2->isOwner($currentUserInfo)) {
|
||||||
echo render_info_or_json($isXHR, "You're not allowed to pin comments.", 403);
|
echo render_info("You're not allowed to pin comments.", 403);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($commentInfo2->isDeleted()) {
|
if($commentInfo2->isDeleted()) {
|
||||||
echo render_info_or_json($isXHR, "This comment doesn't exist!", 400);
|
echo render_info("This comment doesn't exist!", 400);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($commentInfo2->hasParent()) {
|
if($commentInfo2->hasParent()) {
|
||||||
echo render_info_or_json($isXHR, "You can't pin replies!", 400);
|
echo render_info("You can't pin replies!", 400);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$isPinning = $commentMode === 'pin';
|
$isPinning = $commentMode === 'pin';
|
||||||
|
|
||||||
if($isPinning && $commentInfo2->isPinned()) {
|
if($isPinning && $commentInfo2->isPinned()) {
|
||||||
echo render_info_or_json($isXHR, 'This comment is already pinned.', 400);
|
echo render_info('This comment is already pinned.', 400);
|
||||||
break;
|
break;
|
||||||
} elseif(!$isPinning && !$commentInfo2->isPinned()) {
|
} elseif(!$isPinning && !$commentInfo2->isPinned()) {
|
||||||
echo render_info_or_json($isXHR, "This comment isn't pinned yet.", 400);
|
echo render_info("This comment isn't pinned yet.", 400);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$commentInfo2->setPinned($isPinning);
|
$commentInfo2->setPinned($isPinning);
|
||||||
$commentInfo2->save();
|
$commentInfo2->save();
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
redirect($redirect . '#comment-' . $commentInfo2->getId());
|
redirect($redirect . '#comment-' . $commentInfo2->getId());
|
||||||
break;
|
break;
|
||||||
}
|
|
||||||
|
|
||||||
echo json_encode([
|
|
||||||
'comment_id' => $commentInfo2->getId(),
|
|
||||||
'comment_pinned' => ($time = $commentInfo2->getPinnedTime()) < 0 ? null : date('Y-m-d H:i:s', $time),
|
|
||||||
]);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'vote':
|
case 'vote':
|
||||||
if(!$commentPerms['can_vote'] && !$commentInfo2->isOwner($currentUserInfo)) {
|
if(!$commentPerms['can_vote'] && !$commentInfo2->isOwner($currentUserInfo)) {
|
||||||
echo render_info_or_json($isXHR, "You're not allowed to vote on comments.", 403);
|
echo render_info("You're not allowed to vote on comments.", 403);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($commentInfo2->isDeleted()) {
|
if($commentInfo2->isDeleted()) {
|
||||||
echo render_info_or_json($isXHR, "This comment doesn't exist!", 400);
|
echo render_info("This comment doesn't exist!", 400);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -120,23 +109,17 @@ switch($commentMode) {
|
||||||
else
|
else
|
||||||
$commentInfo2->removeVote($currentUserInfo);
|
$commentInfo2->removeVote($currentUserInfo);
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
redirect($redirect . '#comment-' . $commentInfo2->getId());
|
redirect($redirect . '#comment-' . $commentInfo2->getId());
|
||||||
break;
|
break;
|
||||||
}
|
|
||||||
|
|
||||||
echo json_encode($commentInfo2->votes());
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'delete':
|
case 'delete':
|
||||||
if(!$commentPerms['can_delete'] && !$commentInfo2->isOwner($currentUserInfo)) {
|
if(!$commentPerms['can_delete'] && !$commentInfo2->isOwner($currentUserInfo)) {
|
||||||
echo render_info_or_json($isXHR, "You're not allowed to delete comments.", 403);
|
echo render_info("You're not allowed to delete comments.", 403);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($commentInfo2->isDeleted()) {
|
if($commentInfo2->isDeleted()) {
|
||||||
echo render_info_or_json(
|
echo render_info(
|
||||||
$isXHR,
|
|
||||||
$commentPerms['can_delete_any'] ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
|
$commentPerms['can_delete_any'] ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
|
||||||
400
|
400
|
||||||
);
|
);
|
||||||
|
@ -147,7 +130,7 @@ switch($commentMode) {
|
||||||
$isModAction = $commentPerms['can_delete_any'] && !$isOwnComment;
|
$isModAction = $commentPerms['can_delete_any'] && !$isOwnComment;
|
||||||
|
|
||||||
if(!$isModAction && !$isOwnComment) {
|
if(!$isModAction && !$isOwnComment) {
|
||||||
echo render_info_or_json($isXHR, "You're not allowed to delete comments made by others.", 403);
|
echo render_info("You're not allowed to delete comments made by others.", 403);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -164,24 +147,17 @@ switch($commentMode) {
|
||||||
AuditLog::create(AuditLog::COMMENT_ENTRY_DELETE, [$commentInfo2->getId()]);
|
AuditLog::create(AuditLog::COMMENT_ENTRY_DELETE, [$commentInfo2->getId()]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if($redirect) {
|
|
||||||
redirect($redirect);
|
redirect($redirect);
|
||||||
break;
|
break;
|
||||||
}
|
|
||||||
|
|
||||||
echo json_encode([
|
|
||||||
'id' => $commentInfo2->getId(),
|
|
||||||
]);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'restore':
|
case 'restore':
|
||||||
if(!$commentPerms['can_delete_any']) {
|
if(!$commentPerms['can_delete_any']) {
|
||||||
echo render_info_or_json($isXHR, "You're not allowed to restore deleted comments.", 403);
|
echo render_info("You're not allowed to restore deleted comments.", 403);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$commentInfo2->isDeleted()) {
|
if(!$commentInfo2->isDeleted()) {
|
||||||
echo render_info_or_json($isXHR, "This comment isn't in a deleted state.", 400);
|
echo render_info("This comment isn't in a deleted state.", 400);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -194,24 +170,17 @@ switch($commentMode) {
|
||||||
($commentUserId < 1 ? '(Deleted User)' : $commentInfo2->getUser()->getUsername()),
|
($commentUserId < 1 ? '(Deleted User)' : $commentInfo2->getUser()->getUsername()),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
if($redirect) {
|
|
||||||
redirect($redirect . '#comment-' . $commentInfo2->getId());
|
redirect($redirect . '#comment-' . $commentInfo2->getId());
|
||||||
break;
|
break;
|
||||||
}
|
|
||||||
|
|
||||||
echo json_encode([
|
|
||||||
'id' => $commentInfo2->getId(),
|
|
||||||
]);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'create':
|
case 'create':
|
||||||
if(!$commentPerms['can_comment'] && !$commentInfo2->isOwner($currentUserInfo)) {
|
if(!$commentPerms['can_comment'] && !$commentInfo2->isOwner($currentUserInfo)) {
|
||||||
echo render_info_or_json($isXHR, "You're not allowed to post comments.", 403);
|
echo render_info("You're not allowed to post comments.", 403);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(empty($_POST['comment']) || !is_array($_POST['comment'])) {
|
if(empty($_POST['comment']) || !is_array($_POST['comment'])) {
|
||||||
echo render_info_or_json($isXHR, 'Missing data.', 400);
|
echo render_info('Missing data.', 400);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -222,12 +191,12 @@ switch($commentMode) {
|
||||||
: 0
|
: 0
|
||||||
);
|
);
|
||||||
} catch(CommentsCategoryNotFoundException $ex) {
|
} catch(CommentsCategoryNotFoundException $ex) {
|
||||||
echo render_info_or_json($isXHR, 'This comment category doesn\'t exist.', 404);
|
echo render_info('This comment category doesn\'t exist.', 404);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($categoryInfo->isLocked() && !$commentPerms['can_lock']) {
|
if($categoryInfo->isLocked() && !$commentPerms['can_lock']) {
|
||||||
echo render_info_or_json($isXHR, 'This comment category has been locked.', 403);
|
echo render_info('This comment category has been locked.', 403);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -245,15 +214,15 @@ switch($commentMode) {
|
||||||
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
|
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
|
||||||
} else {
|
} else {
|
||||||
if($commentPerms['can_lock']) {
|
if($commentPerms['can_lock']) {
|
||||||
echo render_info_or_json($isXHR, 'The action has been processed.');
|
echo render_info('The action has been processed.');
|
||||||
} else {
|
} else {
|
||||||
echo render_info_or_json($isXHR, 'Your comment is too short.', 400);
|
echo render_info('Your comment is too short.', 400);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(mb_strlen($commentText) > 5000) {
|
if(mb_strlen($commentText) > 5000) {
|
||||||
echo render_info_or_json($isXHR, 'Your comment is too long.', 400);
|
echo render_info('Your comment is too long.', 400);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -265,7 +234,7 @@ switch($commentMode) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!isset($parentCommentInfo) || $parentCommentInfo->isDeleted()) {
|
if(!isset($parentCommentInfo) || $parentCommentInfo->isDeleted()) {
|
||||||
echo render_info_or_json($isXHR, 'The comment you tried to reply to does not exist.', 404);
|
echo render_info('The comment you tried to reply to does not exist.', 404);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -282,30 +251,13 @@ switch($commentMode) {
|
||||||
try {
|
try {
|
||||||
$commentInfo2->save();
|
$commentInfo2->save();
|
||||||
} catch(CommentsPostSaveFailedException $ex) {
|
} catch(CommentsPostSaveFailedException $ex) {
|
||||||
echo render_info_or_json($isXHR, 'Something went horribly wrong.', 500);
|
echo render_info('Something went horribly wrong.', 500);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($redirect) {
|
|
||||||
redirect($redirect . '#comment-' . $commentInfo2->getId());
|
redirect($redirect . '#comment-' . $commentInfo2->getId());
|
||||||
break;
|
break;
|
||||||
}
|
|
||||||
|
|
||||||
echo json_encode([
|
|
||||||
'comment_id' => $commentInfo2->getId(),
|
|
||||||
'category_id' => $commentInfo2->getCategoryId(),
|
|
||||||
'comment_text' => $commentInfo2->getText(),
|
|
||||||
'comment_created' => ($time = $commentInfo2->getCreatedTime()) < 0 ? null : date('Y-m-d H:i:s', $time),
|
|
||||||
'comment_edited' => ($time = $commentInfo2->getEditedTime()) < 0 ? null : date('Y-m-d H:i:s', $time),
|
|
||||||
'comment_deleted' => ($time = $commentInfo2->getDeletedTime()) < 0 ? null : date('Y-m-d H:i:s', $time),
|
|
||||||
'comment_pinned' => ($time = $commentInfo2->getPinnedTime()) < 0 ? null : date('Y-m-d H:i:s', $time),
|
|
||||||
'comment_reply_to' => ($parent = $commentInfo2->getParentId()) < 1 ? null : $parent,
|
|
||||||
'user_id' => ($commentInfo2->getUserId() < 1 ? null : $commentInfo2->getUser()->getId()),
|
|
||||||
'username' => ($commentInfo2->getUserId() < 1 ? null : $commentInfo2->getUser()->getUsername()),
|
|
||||||
'user_colour' => ($commentInfo2->getUserId() < 1 ? 0x40000000 : $commentInfo2->getUser()->getColour()->getRaw()),
|
|
||||||
]);
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
echo render_info_or_json($isXHR, 'Not found.', 404);
|
echo render_info('Not found.', 404);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue