$comment, ]); break; case 'restore': if (!$commentPerms['can_delete_any']) { echo render_info_or_json($isXHR, "You're not allowed to restore deleted comments.", 403); break; } $comment = (int)($_GET['c'] ?? 0); $commentInfo = comments_post_get($comment, false); if (!$commentInfo) { echo render_info_or_json($isXHR, "This comment doesn't exist.", 400); break; } $currentUserId = user_session_current('user_id', 0); if ($commentInfo['comment_deleted'] === null) { echo render_info_or_json($isXHR, "This comment isn't in a deleted state.", 400); break; } if (!comments_post_delete($comment, false)) { echo render_info_or_json($isXHR, 'Failed to restore comment.', 500); break; } audit_log(MSZ_AUDIT_COMMENT_ENTRY_RESTORE, $currentUserId, [ $comment, (int)($commentInfo['user_id'] ?? 0), $commentInfo['username'] ?? '(Deleted User)', ]); if ($redirect) { header('Location: ' . $redirect . '#comment-' . $comment); break; } echo json_encode([ 'id' => $comment, ]); break; case 'create': if (!$commentPerms['can_comment']) { echo render_info_or_json($isXHR, "You're not allowed to post comments.", 403); break; } if (empty($_POST['comment']) || !is_array($_POST['comment'])) { echo render_info_or_json($isXHR, 'Missing data.', 400); break; } $categoryId = (int)($_POST['comment']['category'] ?? 0); $category = comments_category_info($categoryId); if (!$category) { echo render_info_or_json($isXHR, 'This comment category doesn\'t exist.', 404); break; } if (!is_null($category['category_locked']) && !$commentPerms['can_lock']) { echo render_info_or_json($isXHR, 'This comment category has been locked.', 403); break; } $commentText = $_POST['comment']['text'] ?? ''; $commentLock = !empty($_POST['comment']['lock']) && $commentPerms['can_lock']; $commentPin = !empty($_POST['comment']['pin']) && $commentPerms['can_pin']; $commentReply = (int)($_POST['comment']['reply'] ?? 0); if ($commentLock) { comments_category_lock($categoryId, is_null($category['category_locked'])); } if (strlen($commentText) > 0) { $commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText); } else { if ($commentPerms['can_lock']) { echo render_info_or_json($isXHR, 'The action has been processed.'); } else { echo render_info_or_json($isXHR, 'Your comment is too short.', 400); } break; } if (mb_strlen($commentText) > 5000) { echo render_info_or_json($isXHR, 'Your comment is too long.', 400); break; } if ($commentReply > 0 && !comments_post_exists($commentReply)) { echo render_info_or_json($isXHR, 'The comment you tried to reply to does not exist.', 404); break; } $commentId = comments_post_create( user_session_current('user_id', 0), $categoryId, $commentText, $commentPin, $commentReply ); if ($commentId < 1) { echo render_info_or_json($isXHR, 'Something went horribly wrong.', 500); break; } if ($redirect) { header('Location: ' . $redirect . '#comment-' . $commentId); break; } echo json_encode(comments_post_get($commentId)); break; default: echo render_info_or_json($isXHR, 'Not found.', 404); }