diff --git a/src/MicroweberPackages/Comment/CommentServiceProvider.php b/src/MicroweberPackages/Comment/CommentServiceProvider.php
index ca71027aa50..75405e636d1 100644
--- a/src/MicroweberPackages/Comment/CommentServiceProvider.php
+++ b/src/MicroweberPackages/Comment/CommentServiceProvider.php
@@ -14,6 +14,7 @@
use Illuminate\Support\Facades\View;
use Illuminate\Support\ServiceProvider;
+
class CommentServiceProvider extends ServiceProvider
{
/**
@@ -23,9 +24,10 @@ class CommentServiceProvider extends ServiceProvider
*/
public function boot()
{
+ include_once (__DIR__.'/helpers/comments_helpers.php');
$this->loadRoutesFrom(__DIR__ . '/routes/api.php');
View::addNamespace('comment', __DIR__.'/resources/views');
}
-}
\ No newline at end of file
+}
diff --git a/src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php b/src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php
index 2db944dda4d..48bfe0fcf6e 100644
--- a/src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php
+++ b/src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php
@@ -8,11 +8,18 @@
namespace MicroweberPackages\Comment\Http\Controllers\Admin;
+use GrahamCampbell\Markdown\Facades\Markdown;
use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Notification;
use MicroweberPackages\App\Http\Controllers\AdminController;
-use MicroweberPackages\Comment\Comment;
+use MicroweberPackages\Comment\Models\Comment;
+use MicroweberPackages\Comment\Events\NewComment;
+use MicroweberPackages\Comment\Notifications\NewCommentNotification;
+use MicroweberPackages\User\Models\User;
+use MicroweberPackages\Utils\Mail\MailSender;
class AdminCommentController extends AdminController
@@ -20,7 +27,7 @@ class AdminCommentController extends AdminController
public function index(Request $request)
{
$contents = Comment::filter($request->all())
- ->groupBy(['rel_id','rel_type'])
+ ->groupBy(['rel_id', 'rel_type'])
->paginate($request->get('limit', 30))
->appends($request->except('page'));
@@ -28,6 +35,175 @@ public function index(Request $request)
$content->allComments = Comment::where('rel_type', $content['rel_type'])->where('rel_id', $content['rel_id'])->get();
}
- return $this->view('comment::admin.comments.index', ['contents'=>$contents]);
+ return $this->view('comment::admin.comments.index', ['contents' => $contents]);
}
-}
\ No newline at end of file
+
+
+ public function saveCommentEdit(Request $request)
+ {
+
+ $is_del = false;
+ $table = 'comments';
+ mw_var('FORCE_SAVE', $table);
+
+ $data = $request->all();
+ if (!isset($data['rel_type']) and isset($data['rel'])) {
+ $data['rel_type'] = $data['rel'];
+ }
+
+ if (isset($data['reply_to_comment_id'])) {
+ $old_comment = $this->get_by_id($data['reply_to_comment_id']);
+ $data['id'] = 0;
+ if (!$old_comment) {
+ return array('error' => 'Error: invalid data');
+ }
+ if (isset($old_comment['rel_type'])) {
+ $data['rel_type'] = $old_comment['rel_type'];
+ }
+ if (isset($old_comment['rel_id'])) {
+ $data['rel_id'] = $old_comment['rel_id'];
+ }
+
+
+ }
+ if (!isset($data['id']) and !isset($data['is_moderated'])) {
+ $data['is_moderated'] = 1;
+ } else {
+ $require_moderation = get_option('require_moderation', 'comments');
+ if ($require_moderation != 'y') {
+ $data['is_moderated'] = 1;
+ }
+ }
+ if (isset($data['action']) and isset($data['id'])) {
+ $action = strtolower($data['action']);
+
+ switch ($action) {
+ case 'publish' :
+ $data['is_moderated'] = 1;
+ $data['is_spam'] = 0;
+
+
+ break;
+ case 'unpublish' :
+ $data['is_moderated'] = 0;
+
+ break;
+ case 'spam' :
+ $data['is_moderated'] = 0;
+ $data['is_spam'] = 1;
+
+ $this->__report_for_spam($data['id']);
+
+ break;
+
+ case 'delete' :
+ $is_del = true;
+ $del = mw()->database_manager->delete_by_id($table, $id = intval($data['id']), $field_name = 'id');
+
+ break;
+
+ default :
+ break;
+ }
+
+
+ } else {
+ if (!isset($data['id'])) {
+ if (!isset($data['rel_type'])) {
+ return array('error' => 'Error: invalid data rel_type');
+ }
+ if (!isset($data['rel_id'])) {
+ return array('error' => 'Error: invalid data rel_id');
+ } else {
+ if (trim($data['rel_id']) == '') {
+ return array('error' => 'Error: invalid data rel_id');
+ }
+ }
+ }
+ }
+
+ if($is_del){
+ return (new JsonResource($data))->response();
+ }
+
+ if (!isset($data['comment_body'])) {
+ $data['comment_body'] = '';
+ }
+
+ $comment_body = $data['comment_body'];
+
+ // Claer HTML
+ $comment_body = $this->app->format->clean_html($comment_body);
+
+ // Clear XSS
+ $evil = ['(?app->format->clean_xss($comment_body, true, $evil, 'removeEvilAttributes');
+
+ if (!empty($comment_body) and !empty($data['format']) and $data['format'] == 'markdown') {
+ $comment_body = Markdown::convertToHtml($comment_body);
+ }
+
+ $data['comment_body'] = $comment_body;
+ $data['allow_html'] = '1';
+
+ $saved_data_id = mw()->database_manager->save($table, $data);
+
+ $get_comment = get_comments("single=1&id=" . $saved_data_id);
+
+ return (new JsonResource($get_comment))->response();
+
+ }
+
+
+
+ private function __report_for_spam($comment_id)
+ {
+ if (defined("MW_UNIT_TEST")) {
+ return true;
+ }
+
+ $comment = $this->get_by_id($comment_id);
+ $report_url = 'https://spamchecker.microweberapi.com/';
+
+ if ($comment) {
+ $report = array();
+ $report['site_url'] = site_url();
+ $report['from_url'] = $comment['from_url'];
+ $report['is_spam'] = 1;
+ if (isset($comment['user_ip']) and $comment['user_ip']) {
+ $report['ip'] = trim($comment['user_ip']);
+ }
+ if (isset($comment['comment_email']) and $comment['comment_email']) {
+ $report['email'] = trim($comment['comment_email']);
+ }
+ if (isset($comment['created_by']) and $comment['created_by']) {
+ $report['is_logged'] = true;
+ $report['user_id'] = $comment['created_by'];
+ }
+ if (isset($comment['comment_name']) and $comment['comment_name']) {
+ $report['comment_name'] = $comment['comment_name'];
+ }
+ if (isset($comment['comment_body']) and $comment['comment_body']) {
+ $report['comment_body'] = $comment['comment_body'];
+ }
+ if (isset($comment['comment_website']) and $comment['comment_website']) {
+ $report['comment_website'] = $comment['comment_website'];
+ }
+ if (isset($comment['comment_subject']) and $comment['comment_subject']) {
+ $report['comment_subject'] = $comment['comment_subject'];
+ }
+
+ if (isset($comment['rel_type']) and $comment['rel_type']) {
+ $report['rel_type'] = $comment['rel_type'];
+ }
+ if (isset($comment['rel_id']) and $comment['rel_id']) {
+ $report['rel_id'] = $comment['rel_id'];
+ }
+ $http = new \MicroweberPackages\Utils\Http\Http();
+ $http->url($report_url);
+ $http->set_timeout(10);
+ return $http->post($report);
+
+ }
+ }
+}
diff --git a/src/MicroweberPackages/Comment/Http/Controllers/CommentController.php b/src/MicroweberPackages/Comment/Http/Controllers/CommentController.php
index 6effaafe66a..72772c9055e 100644
--- a/src/MicroweberPackages/Comment/Http/Controllers/CommentController.php
+++ b/src/MicroweberPackages/Comment/Http/Controllers/CommentController.php
@@ -15,7 +15,8 @@
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
-use MicroweberPackages\Comment\Comment;
+use MicroweberPackages\App\Http\RequestRoute;
+use MicroweberPackages\Comment\Models\Comment;
use MicroweberPackages\Comment\Events\NewComment;
use MicroweberPackages\Comment\Notifications\NewCommentNotification;
use MicroweberPackages\Option\Facades\Option;
@@ -33,23 +34,46 @@ public function postComment(Request $request)
}
+
+
+
$rules = [];
$inputs = $request->all();
+ if(isset($inputs['rel']) and !isset($inputs['rel_type'])){
+ $inputs['rel_type'] = $inputs['rel'];
+ unset($inputs['rel']);
+ }
+
+
+ if(isset($inputs['id'])) {
+ $comment = get_comments('single=1&id=' . $inputs['id']);
+ if (empty($comment)) {
+ return \Response::make(['errors' => ['Cannot find comment']]);
+ }
+ if (mw()->user_manager->session_id() != $comment['session_id']) {
+ return \Response::make(['errors' => ['Cannot edit comment']]);
+ }
+
+ }
+
$rules['rel_id'] = 'required';
$rules['rel_type'] = 'required';
$rules['comment_body'] = 'required';
- if (!empty($inputs['comment_email'])) {
- $inputs['email'] = $inputs['comment_email'];
+ if (!empty($inputs['email'])) {
+ $inputs['comment_email'] = $inputs['email'];
+ unset( $inputs['email']);
}
if (Option::getValue('require_terms', 'comments')) {
- $rules['terms'] = 'terms:terms_comments';
- if (isset($inputs['newsletter_subscribe']) and $inputs['newsletter_subscribe']) {
- $rules['terms'] = $rules['terms'] . ', terms_newsletter';
+ if(!isset($inputs['terms'])) {
+ $rules['terms'] = 'terms:terms_comments';
+ if (isset($inputs['newsletter_subscribe']) and $inputs['newsletter_subscribe']) {
+ $rules['terms'] = $rules['terms'] . ', terms_newsletter';
+ }
+ $rules['comment_email'] = 'required';
}
- $rules['comment_email'] = 'required';
}
$rules['captcha'] = 'captcha';
@@ -59,13 +83,23 @@ public function postComment(Request $request)
$validator = \Validator::make($inputs, $rules);
if ($validator->fails()) {
- return ['errors'=>$validator->messages()->toArray()];
+
+
+ $response = \Response::make(['errors'=>$validator->messages()->toArray()]);
+
+ $response->setStatusCode(422);
+
+ $response = RequestRoute::formatFrontendResponse($response);
+
+ return $response;
}
- $saveComment = $request->all();
+ $saveComment = $inputs;
$requireModeration = Option::getValue('require_moderation', 'comments');
if ($requireModeration) {
+ $saveComment['is_moderated'] = 0;
+ } else {
$saveComment['is_moderated'] = 1;
}
@@ -79,6 +113,9 @@ public function postComment(Request $request)
Notification::send(User::whereIsAdmin(1)->get(), new NewCommentNotification($save));
+ cache_clear('comments');
+
+
return (new JsonResource($save))->response();
}
-}
\ No newline at end of file
+}
diff --git a/src/MicroweberPackages/Comment/Comment.php b/src/MicroweberPackages/Comment/Models/Comment.php
similarity index 86%
rename from src/MicroweberPackages/Comment/Comment.php
rename to src/MicroweberPackages/Comment/Models/Comment.php
index 3f81cbfe7bf..20d2625ea6e 100644
--- a/src/MicroweberPackages/Comment/Comment.php
+++ b/src/MicroweberPackages/Comment/Models/Comment.php
@@ -1,11 +1,10 @@
provideFilter(ContentFilter::class);
}
-}
\ No newline at end of file
+}
diff --git a/src/MicroweberPackages/Comment/Models/CommentsCrud.php b/src/MicroweberPackages/Comment/Models/CommentsCrud.php
new file mode 100644
index 00000000000..2024169d6a2
--- /dev/null
+++ b/src/MicroweberPackages/Comment/Models/CommentsCrud.php
@@ -0,0 +1,76 @@
+database_manager->escape_string($params['content_id']);
+
+ }
+ $date_format = get_option('date_format', 'website');
+ if ($date_format == false) {
+ $date_format = "Y-m-d H:i:s";
+ }
+ $table = $this->table;
+ $params['table'] = $table;
+
+ $comments = db_get($params);
+
+ if (is_array($comments)) {
+ $i = 0;
+ foreach ($comments as $item) {
+ if (isset($params['count'])) {
+ if (isset($item['qty'])) {
+ return $item['qty'];
+ }
+ }
+ if (isset($item['created_by']) and intval($item['created_by']) > 0 and ($item['comment_name'] == false or $item['comment_name'] == '')) {
+ $comments[$i]['comment_name'] = user_name($item['created_by']);
+ }
+ if (isset($item['created_at']) and trim($item['created_at']) != '') {
+ $comments[$i]['created_at_display'] = date($date_format, strtotime($item['created_at']));
+ }
+ if (isset($item['updated_at']) and trim($item['updated_at']) != '') {
+ $comments[$i]['updated_at_display'] = date($date_format, strtotime($item['updated_at']));
+ }
+ if (isset($item['comment_body']) and ($item['comment_body'] != '')) {
+ $surl = site_url();
+ $item['comment_body'] = str_replace('{SITE_URL}', $surl, $item['comment_body']);
+ $comments[$i]['comment_body'] = $item['comment_body']; // mw()->format->autolink($item['comment_body']);
+ }
+
+ if (isset($params['single'])) {
+
+ return $comments;
+ }
+
+ $i++;
+ }
+ }
+
+
+ return $comments;
+ }
+
+
+
+
+}
diff --git a/src/MicroweberPackages/Comment/composer.json b/src/MicroweberPackages/Comment/composer.json
index 25d88732b08..4fb2257fc6e 100644
--- a/src/MicroweberPackages/Comment/composer.json
+++ b/src/MicroweberPackages/Comment/composer.json
@@ -16,7 +16,10 @@
"autoload": {
"psr-4": {
"MicroweberPackages\\Comment\\": ""
- }
+ },
+ "files": [
+ "helpers/comments_helpers.php"
+ ]
},
"config": {
"sort-packages": true
diff --git a/src/MicroweberPackages/Comment/helpers/comments_helpers.php b/src/MicroweberPackages/Comment/helpers/comments_helpers.php
new file mode 100644
index 00000000000..fb039bfd448
--- /dev/null
+++ b/src/MicroweberPackages/Comment/helpers/comments_helpers.php
@@ -0,0 +1,9 @@
+get($params);
+}
diff --git a/src/MicroweberPackages/Comment/routes/api.php b/src/MicroweberPackages/Comment/routes/api.php
index a1b34e9ef42..0c49f8e8944 100644
--- a/src/MicroweberPackages/Comment/routes/api.php
+++ b/src/MicroweberPackages/Comment/routes/api.php
@@ -1,14 +1,9 @@
prefix('api/comment')
+ ->prefix(ADMIN_PREFIX)
->middleware(['xss'])
->namespace('\MicroweberPackages\Comment\Http\Controllers')
->group(function () {
@@ -16,14 +11,19 @@
});
+Route::name('api.comment.admin.')
+ ->prefix(ADMIN_PREFIX)
+ ->middleware(['xss','admin'])
+ ->namespace('\MicroweberPackages\Comment\Http\Controllers\Admin')
+ ->group(function () {
+ Route::post('edit', 'AdminCommentController@saveCommentEdit')->name('edit');
+ });
Route::name('admin.')
->prefix(ADMIN_PREFIX)
- ->middleware(['admin'])
+ ->middleware(['xss','admin'])
->namespace('\MicroweberPackages\Comment\Http\Controllers\Admin')
->group(function () {
-
Route::resource('comment', 'AdminCommentController');
-
- });
\ No newline at end of file
+ });
diff --git a/src/MicroweberPackages/Comment/tests/CommentsTest.php b/src/MicroweberPackages/Comment/tests/CommentsTest.php
index a43a06d8759..462b50fad84 100644
--- a/src/MicroweberPackages/Comment/tests/CommentsTest.php
+++ b/src/MicroweberPackages/Comment/tests/CommentsTest.php
@@ -2,8 +2,11 @@
namespace MicroweberPackages\Helper\tests;
+use GrahamCampbell\Markdown\Facades\Markdown;
+use Illuminate\Support\Facades\Auth;
use MicroweberPackages\App\Http\RequestRoute;
use MicroweberPackages\Core\tests\TestCase;
+use MicroweberPackages\User\Models\User;
class CommentsTest extends TestCase
{
@@ -34,7 +37,8 @@ public function testPostComment()
);
$commentData = $response->getData();
- $this->assertEquals($save_post1, $commentData->data->rel_id);
+
+ $this->assertEquals($save_post1, $commentData->data->rel_id);
$this->assertEquals('content', $commentData->data->rel_type);
$this->assertEquals('Bozhidar', $commentData->data->comment_name);
$this->assertEquals('selfworksbg@gmail.com', $commentData->data->comment_email);
@@ -108,12 +112,12 @@ public function testPostCommentWithTerms()
'is_active' => 1,);
$save_post1 = save_content($params);
-
+ $some = 'html' . now() . rand() . '@user.com';
$req = [
'rel_id' => $save_post1,
'rel_type' => 'content',
'comment_name' => 'User for terms',
- 'comment_email' => 'html' . now() . rand() . '@user.com',
+ 'comment_email' => $some,
'comment_body' => 'Hello',
];
@@ -130,11 +134,13 @@ public function testPostCommentWithTerms()
$req['terms'] = 1;
- $commentData = RequestRoute::postJson(
+ $response = RequestRoute::postJson(
route('api.comment.post'),
$req
);
- $this->assertEquals(true, $commentData['success']);
+
+ $this->assertEquals($some, $response['data']['comment_email']);
+
}
@@ -272,6 +278,130 @@ public function testCommentNotLoggedUser()
}
+
+
+
+ public function testAdminEditComment()
+ {
+ $this->_setDisableMustBeLogged();
+ $this->_setDisableTerms();
+ $this->_setDisableCaptcha();
+
+ $user = User::where('is_admin', '=', '1')->first();
+ Auth::login($user);
+
+ $params = array(
+ 'title' => 'some post test for comments test'.uniqid(),
+ 'content_type' => 'post',
+ 'is_active' => 1);
+
+ $save_post1 = save_content($params);
+
+ $comment1 = 'Hello'.uniqid();
+ $comment2 = 'Hello2'.uniqid();
+
+ $response = $this->json(
+ 'POST',
+ route('api.comment.post'),
+ [
+ 'rel_id' => $save_post1,
+ 'rel_type' => 'content',
+ 'comment_name' => 'Some',
+ 'comment_email' => 'email@gmail.com',
+ 'comment_website' => 'test.com',
+ 'comment_body' => $comment1,
+ ]
+ );
+
+ $commentData = $response->getData();
+
+ $comment_id = $commentData->data->id;
+
+ $this->assertEquals($commentData->data->comment_body, $comment1);
+
+ $response = $this->json(
+ 'POST',
+ route('api.comment.admin.edit'),
+ [
+ 'id' => $comment_id,
+ 'comment_body' => $comment2,
+ ]
+ );
+ $commentData = $response->getData();
+ $this->assertEquals($commentData->data->comment_body, $comment2);
+
+
+ // save as markdown
+ $response = $this->json(
+ 'POST',
+ route('api.comment.admin.edit'),
+ [
+ 'id' => $comment_id,
+ 'comment_body' => $comment2,
+ 'format' => 'markdown',
+ ]
+ );
+ $commentData = $response->getData();
+ $this->assertEquals($commentData->data->comment_body, Markdown::convertToHtml($comment2));
+
+
+ // publish
+ $response = $this->json(
+ 'POST',
+ route('api.comment.admin.edit'),
+ [
+ 'id' => $comment_id,
+ 'action' => 'publish',
+ ]
+ );
+ $commentData = $response->getData();
+
+ $this->assertEquals($commentData->data->is_moderated, 1);
+ $this->assertEquals($commentData->data->is_spam, 0);
+
+
+ // unpublish
+ $response = $this->json(
+ 'POST',
+ route('api.comment.admin.edit'),
+ [
+ 'id' => $comment_id,
+ 'action' => 'unpublish',
+ ]
+ );
+ $commentData = $response->getData();
+ $this->assertEquals($commentData->data->is_moderated, 0); // unpublish
+
+ // mark as spam
+ $response = $this->json(
+ 'POST',
+ route('api.comment.admin.edit'),
+ [
+ 'id' => $comment_id,
+ 'action' => 'spam',
+ ]
+ );
+ $commentData = $response->getData();
+ $this->assertEquals($commentData->data->is_moderated, 0);
+ $this->assertEquals($commentData->data->is_spam, 1);
+
+
+ // delete
+ $response = $this->json(
+ 'POST',
+ route('api.comment.admin.edit'),
+ [
+ 'id' => $comment_id,
+ 'action' => 'delete',
+ ]
+ );
+
+ $get_comment = get_comments("single=1&id=" . $comment_id);
+ $this->assertFalse($get_comment);
+
+ }
+
+
private function _setDisableMustBeLogged()
{
diff --git a/userfiles/modules/comments/comments_admin.js b/userfiles/modules/comments/comments_admin.js
index ad9123a1a39..8b137891791 100644
--- a/userfiles/modules/comments/comments_admin.js
+++ b/userfiles/modules/comments/comments_admin.js
@@ -1,73 +1 @@
-
-alert('mw.adminComments is deprecated');
-
-mw.adminComments = {
- action: function (form, val) {
- var form = $(form);
- var field = form.find('.comment_state');
- var connected_id = mw.$('[name="connected_id"]', form[0]).val();
- field.val(val);
- var conf = true;
- if (val == 'delete') {
- var conf = confirm(mw.msg.to_delete_comment);
- }
- if (conf) {
- var id = form.attr('id');
- var data = form.serialize();
- $.post("", data, function (data) {
- mw.reload_module('#mw_comments_for_post_' + connected_id, function () {
- $('#mw_comments_for_post_' + connected_id).find(".comments-holder,.new-comments,.old-comments").show();
- });
- });
- }
- },
- toggleEdit: function (id) {
- mw.$(id).toggleClass('comment-edit-mode');
- if (mw.$(id).hasClass("comment-edit-mode")) {
- mw.$(id).find("textarea").focus();
- }
- },
- display: function (e, el, what) {
- mw.event.cancel(e);
- var _new = mw.tools.firstParentWithClass(el, 'comment-post').querySelector('.new-comments');
- var _old = mw.tools.firstParentWithClass(el, 'comment-post').querySelector('.old-comments');
- if (what == 'all') {
- $(_new).show();
- $(_old).show();
- }
- else if (what == 'new') {
- $(_new).show();
- $(_old).hide();
- }
- },
- toggleMaster: function (master, e) {
- if (master === null) {
- return false;
- }
- if (e != undefined) {
- mw.event.cancel(e);
- }
- var _new = master.parentNode.querySelector('.new-comments');
- var _old = master.parentNode.querySelector('.old-comments');
- if ($(_new).is(":visible") || $(_old).is(":visible")) {
- $([_new, _old]).hide();
- $(master).removeClass("active");
- }
- else {
- $([_new, _old]).show();
- $(master).addClass("active");
- var is_cont = $(master).attr('content-id')
- if (typeof is_cont != "undefined") {
- var mark_as_old = {}
- mark_as_old.content_id = is_cont;
- $.post(mw.settings.api_url+'mark_comments_as_old', mark_as_old, function (data) {
-
- });
- }
- }
- },
- mark_as_spam:function($comment_id){
-
- }
-}
diff --git a/userfiles/modules/comments/edit_comments.js b/userfiles/modules/comments/edit_comments.js
index ed404ebd267..2d1833b1583 100644
--- a/userfiles/modules/comments/edit_comments.js
+++ b/userfiles/modules/comments/edit_comments.js
@@ -3,19 +3,22 @@
mw.edit_comments = {
+ api_url : '',
+
save_form: function (form_id) {
- var url = mw.settings.api_url + 'post_comment';
+ var url = this.api_url;
mw.form.post(form_id, url)
mw.notification.success('Comment saved')
},
mark_as_spam: function (comment_id) {
- var url = mw.settings.api_url + 'mark_comment_as_spam';
+ var url = this.api_url;
var conf = confirm('Are you sure you want to mark this comment as spam?');
if (conf) {
var data = {};
data.comment_id = comment_id;
+ data.action = 'spam';
$.post(url, data, function (data) {
mw.notification.success('Comment is marked as spam')
@@ -24,7 +27,7 @@ mw.edit_comments = {
},
delete: function (comment_id) {
- var url = mw.settings.api_url + 'post_comment';
+ var url = this.api_url;
var conf = confirm('Are you sure you want to delete this comment?');
if (conf) {
var data = {};
@@ -38,7 +41,7 @@ mw.edit_comments = {
publish: function (comment_id) {
- var url = mw.settings.api_url + 'post_comment';
+ var url = this.api_url;
var conf = true;
if (conf) {
var data = {};
@@ -51,7 +54,7 @@ mw.edit_comments = {
},
unpublish: function (comment_id) {
- var url = mw.settings.api_url + 'post_comment';
+ var url = this.api_url;
var conf = true;
if (conf) {
var data = {};
@@ -125,4 +128,4 @@ mw.edit_comments = {
//
//
// });
-// });
\ No newline at end of file
+// });
diff --git a/userfiles/modules/comments/functions.php b/userfiles/modules/comments/functions.php
index 8ff1f355188..35f17126f73 100644
--- a/userfiles/modules/comments/functions.php
+++ b/userfiles/modules/comments/functions.php
@@ -1,21 +1,24 @@
mark_as_spam($params);
-
-});
-
-
-api_expose_admin('mark_comments_as_old', function ($params) {
- $comments = new \Microweber\Comments\Models\Comments();
- return $comments->mark_as_old($params);
-});
+//api_expose_admin('mark_comment_as_spam', function ($params) {
+// $comments = new \Microweber\Comments\Models\Comments();
+// return $comments->mark_as_spam($params);
+//
+//});
+//
+//
+//api_expose_admin('mark_comments_as_old', function ($params) {
+// $comments = new \Microweber\Comments\Models\Comments();
+// return $comments->mark_as_old($params);
+//});
api_expose_admin('mark_comment_post_notifications_as_read', function ($params) {
@@ -67,50 +70,17 @@
if (mw()->user_manager->session_id() == $commentSessionId) {
- $newCommentData = array();
- $newCommentData['id'] = $params['comment_id'];
-
- $commentBody = $params['comment_body'];
-
- // Claer HTML
- $commentBody = mw()->format->clean_html($commentBody);
-
- // Clear XSS
- $evil = ['(?format->clean_xss($commentBody, true, $evil, 'removeEvilAttributes');
-
- $commentBody = GrahamCampbell\Markdown\Facades\Markdown::convertToHtml($commentBody);
-
- $newCommentData['comment_body'] = $commentBody;
- $newCommentData['allow_html'] = '1';
- $newCommentData['allow_scripts'] = '1';
-
- mw()->database_manager->save('comments', $newCommentData);
+ $commentData = RequestRoute::postJson(
+ route('api.comment.post'),
+ $params
+ );
+ return $commentData;
}
});
-/**
- * post_comment
- */
-api_expose('post_comment');
-function post_comment($data)
-{
- // Save to database
- $comments = new \Microweber\Comments\Models\Comments();
- $comment_id = $comments->save($data);
-
- return $comment_id;
-}
-
-function get_comments($params = false)
-{
- $comments = new \Microweber\Comments\Models\Comments();
-
- return $comments->get($params);
-}
event_bind(
diff --git a/userfiles/modules/comments/index.php b/userfiles/modules/comments/index.php
index 3e3cf181692..d5dfbaa106f 100644
--- a/userfiles/modules/comments/index.php
+++ b/userfiles/modules/comments/index.php
@@ -178,7 +178,6 @@
-
$cur_user_data = array();
$cur_user = user_id();
if ($cur_user != false) {
@@ -239,7 +238,7 @@
$comments = $comments_new;
// }
}
-
+
$template = get_option('data-template', $params['id']);
if (($template == false or ($template == '')) and isset($params['template'])) {
$template = $params['template'];
@@ -258,7 +257,7 @@
mw.require("url.js", true);
mw.require("forms.js", true);
-
+
@@ -317,7 +316,7 @@ function delete_comment_user(id) {
}
mw.comments_is_saving = true;
- mw.form.post('form#comments-form-', '',
+ mw.form.post('form#comments-form-', '',
function (msg) {
mw.comments_is_saving = false;
var resp = this;
diff --git a/userfiles/modules/comments/src/Models/Comments.php b/userfiles/modules/comments/src/Models/Comments.php
index ad3cbfd8f34..00dcc77c9c0 100644
--- a/userfiles/modules/comments/src/Models/Comments.php
+++ b/userfiles/modules/comments/src/Models/Comments.php
@@ -80,360 +80,6 @@ public function get($params = false)
}
- public function save($data)
- {
-
- $adm = is_admin();
-
- $table = MODULE_DB_COMMENTS;
- mw_var('FORCE_SAVE', $table);
-
- if (isset($data['id'])) {
- if ($adm == false) {
- mw_error('Error: Only admin can edit comments!');
- }
- }
- if (!isset($data['rel_type']) and isset($data['rel'])) {
- $data['rel_type'] = $data['rel'];
- }
-
- if (isset($data['reply_to_comment_id'])) {
- $old_comment = $this->get_by_id($data['reply_to_comment_id']);
- $data['id'] = 0;
- if (!$old_comment) {
- return array('error' => 'Error: invalid data');
- }
- if (isset($old_comment['rel_type'])) {
- $data['rel_type'] = $old_comment['rel_type'];
- }
- if (isset($old_comment['rel_id'])) {
- $data['rel_id'] = $old_comment['rel_id'];
- }
-
-
- }
- if ($adm == true and !isset($data['id']) and !isset($data['is_moderated'])) {
- $data['is_moderated'] = 1;
- } else {
- $require_moderation = get_option('require_moderation', 'comments');
- if ($require_moderation != 'y') {
- $data['is_moderated'] = 1;
- }
- }
- if (isset($data['action']) and isset($data['id'])) {
- if ($adm == false) {
- mw_error('Error: Only admin can edit comments!');
- } else {
- $action = strtolower($data['action']);
-
- switch ($action) {
- case 'publish' :
- $data['is_moderated'] = 1;
- $data['is_spam'] = 0;
-
-
- break;
- case 'unpublish' :
- $data['is_moderated'] = 0;
-
- break;
- case 'spam' :
- $data['is_moderated'] = 0;
- $data['is_spam'] = 1;
-
- break;
-
- case 'delete' :
- $del = mw()->database_manager->delete_by_id($table, $id = intval($data['id']), $field_name = 'id');
- return $del;
- break;
-
- default :
- break;
- }
-
- }
- } else {
-
- if (!isset($data['rel_type'])) {
- return array('error' => 'Error: invalid data rel_type');
- }
- if (!isset($data['rel_id'])) {
- return array('error' => 'Error: invalid data rel_id');
- } else {
- if (trim($data['rel_id']) == '') {
- return array('error' => 'Error: invalid data rel_id');
- }
- }
-
- if (!is_admin()) {
-
-
- $needs_terms = get_option('require_terms', 'comments') == 'y';
-
-
- if ($needs_terms) {
- $user_id_or_email = $this->app->user_manager->id();
- if (!$user_id_or_email) {
- if (isset($data['comment_email'])) {
- $user_id_or_email = $data['comment_email'];
- }
- }
-
- if (!$user_id_or_email) {
- $checkout_errors['comments_needs_email'] = _e('You must provide email address', true);
- } else {
- $terms_and_conditions_name = 'terms_comments';
-
- $check_term = $this->app->user_manager->terms_check($terms_and_conditions_name, $user_id_or_email);
- if (!$check_term) {
- if (isset($data['terms']) and $data['terms']) {
- $this->app->user_manager->terms_accept($terms_and_conditions_name, $user_id_or_email);
- } else {
- return array(
- 'error' => _e('You must agree to terms and conditions', true),
- 'form_data_required' => 'terms',
- 'form_data_module' => 'users/terms'
- );
- }
- }
- }
- }
-
-
- if (!isset($data['captcha'])) {
- return array(
- 'error' => _e('Invalid captcha answer!', true),
- 'captcha_error' => true,
- 'form_data_required' => 'captcha',
- 'form_data_module' => 'captcha'
- );
-
- } else {
- $validate_captcha = $this->app->captcha_manager->validate($data['captcha']);
- if (!$validate_captcha) {
-
- return array(
- 'error' => _e('Invalid captcha answer!', true),
- 'captcha_error' => true,
- 'form_data_required' => 'captcha',
- 'form_data_module' => 'captcha'
- );
-
-
- }
- }
-
- }
-
-
- }
- if (!isset($data['id']) and isset($data['comment_body'])) {
-
- if (!isset($data['comment_email']) and user_id() == 0) {
- return array('error' => 'You must type your email or be logged in order to comment.');
- }
-
- $data['from_url'] = mw()->url_manager->current(1);
-
- }
-
- if (!isset($data['comment_body'])) {
- $data['comment_body'] = '';
- }
-
- $comment_body = $data['comment_body'];
-
- // Claer HTML
- $comment_body = $this->app->format->clean_html($comment_body);
-
- // Clear XSS
- $evil = ['(?app->format->clean_xss($comment_body, true, $evil, 'removeEvilAttributes');
-
- $comment_body = Markdown::convertToHtml($comment_body);
-
- $data['comment_body'] = $comment_body;
- $data['allow_html'] = '1';
- $data['allow_scripts'] = '1';
-
- $saved_data_id = mw()->database_manager->save($table, $data);
-
-
- if (!isset($data['id']) and isset($data['comment_body'])) {
- /* $notif = array();
- $notif['module'] = "comments";
- $notif['rel_type'] = $data['rel_type'];
- $notif['rel_id'] = $data['rel_id'];
- $notif['title'] = "You have new comment";
- $notif['description'] = "New comment is posted on " . mw()->url_manager->current(1);
- $notif['content'] = mw('format')->limit($data['comment_body'], 800);
- mw()->notifications_manager->save($notif);*/
-
- $email_on_new_comment = get_option('email_on_new_comment', 'comments') == 'y';
- $email_on_new_comment_value = get_option('email_on_new_comment_value', 'comments');
-
- $newComment = \MicroweberPackages\Comment\Comment::where('id',$saved_data_id)->first();
- if ($newComment) {
-
- event(new NewComment($newComment));
-
- Notification::send(User::whereIsAdmin(1)->get(), new NewCommentNotification($newComment));
-
- if ($email_on_new_comment == true) {
- // Anonymous notification
- }
-
- }
-
-
- if ($email_on_new_comment == true) {
- $subject = "You have new comment";
- $data2 = $data;
- unset($data2['rel_type']);
- unset($data2['rel_id']);
- $data3 = array();
- foreach ($data2 as $key => $value) {
- $key2 = str_ireplace('comment_', ' ', $key);
- if ($key2 == 'body') {
- $key2 = 'text';
- }
-
- $data3[$key2] = nl2br($value);
- }
-
-
- $message = "Hi,
You have new comment posted on " . mw()->url_manager->current(1) . '
';
- $message .= "IP:" . user_ip() . '
';
- $message .= mw('format')->array_to_ul($data3);
-
- $sender = new MailSender();
- $sender->setEmailTo($email_on_new_comment_value);
- $sender->setEmailSubject($subject);
- $sender->setEmailMessage($message);
- $sender->setEmailHostnameToSubject(1);
- $sender->send();
- }
-
-
- }
-
- $get_comment = get_comments("single=1&id=" . $saved_data_id);
-
- if (isset($get_comment['is_subscribed_for_notification']) && isset($get_comment['is_sent_email'])) {
-
- if ($get_comment['action'] == 'publish' && $get_comment['is_subscribed_for_notification'] == 1 && $get_comment['is_sent_email'] == 0) {
-
- // Send notification
- if (is_numeric($saved_data_id)) {
- $emailJob = (new \Microweber\Comments\Jobs\JobSendMailNotificationOnComment($saved_data_id))->onQueue('processing');
- \Queue::later(5, $emailJob);
- }
-
- }
- }
-
- return $saved_data_id;
- }
-
- public function mark_as_spam($data)
- {
-
- must_have_access();
- if (isset($data['comment_id'])) {
- $s = array();
- $s['id'] = $data['comment_id'];
- $s['is_moderated'] = 0;
- $s['is_spam'] = 1;
- $s['table'] = $this->table;
-
- $s = mw()->database_manager->save($s);
- if ($s) {
- $this->__report_for_spam($s);
- }
-
-
- }
-
-
- }
-
- public function mark_as_old($data)
- {
-
- must_have_access();
-
- if (isset($data['content_id'])) {
- $table = MODULE_DB_COMMENTS;
- mw_var('FORCE_SAVE', $table);
- $data['is_new'] = 1;
- $get_comm = get_comments($data);
- if (!empty($get_comm)) {
- foreach ($get_comm as $get_com) {
- $upd = array();
- $upd['is_new'] = 0;
-
- $upd['id'] = $get_com['id'];
- $upd['rel_type'] = 'content';
- $upd['rel_id'] = mw()->database_manager->escape_string($data['content_id']);
- mw()->database_manager->save($table, $upd);
- }
- }
- return $get_comm;
-
- }
-
- }
-
-
- private function __report_for_spam($comment_id)
- {
-
- $comment = $this->get_by_id($comment_id);
- $report_url = 'https://spamchecker.microweberapi.com/';
-
- if ($comment) {
- $report = array();
- $report['site_url'] = site_url();
- $report['from_url'] = $comment['from_url'];
- $report['is_spam'] = 1;
- if (isset($comment['user_ip']) and $comment['user_ip']) {
- $report['ip'] = trim($comment['user_ip']);
- }
- if (isset($comment['comment_email']) and $comment['comment_email']) {
- $report['email'] = trim($comment['comment_email']);
- }
- if (isset($comment['created_by']) and $comment['created_by']) {
- $report['is_logged'] = true;
- $report['user_id'] = $comment['created_by'];
- }
- if (isset($comment['comment_name']) and $comment['comment_name']) {
- $report['comment_name'] = $comment['comment_name'];
- }
- if (isset($comment['comment_body']) and $comment['comment_body']) {
- $report['comment_body'] = $comment['comment_body'];
- }
- if (isset($comment['comment_website']) and $comment['comment_website']) {
- $report['comment_website'] = $comment['comment_website'];
- }
- if (isset($comment['comment_subject']) and $comment['comment_subject']) {
- $report['comment_subject'] = $comment['comment_subject'];
- }
-
- if (isset($comment['rel_type']) and $comment['rel_type']) {
- $report['rel_type'] = $comment['rel_type'];
- }
- if (isset($comment['rel_id']) and $comment['rel_id']) {
- $report['rel_id'] = $comment['rel_id'];
- }
- $http = new \MicroweberPackages\Utils\Http\Http();
- $http->url($report_url);
- $http->set_timeout(10);
- return $http->post($report);
-
- }
- }
-
}
diff --git a/userfiles/modules/comments/src/views/admin.php b/userfiles/modules/comments/src/views/admin.php
index faee503ee7d..662e9b63055 100644
--- a/userfiles/modules/comments/src/views/admin.php
+++ b/userfiles/modules/comments/src/views/admin.php
@@ -1,8 +1,3 @@
-
diff --git a/userfiles/modules/comments/src/views/backend.php b/userfiles/modules/comments/src/views/backend.php
index 84a26c2bf97..5c74b63690f 100644
--- a/userfiles/modules/comments/src/views/backend.php
+++ b/userfiles/modules/comments/src/views/backend.php
@@ -113,7 +113,7 @@
if (conf) {
var id = form.attr('id');
var data = form.serialize();
- $.post("", data, function (data) {
+ $.post("", data, function (data) {
mw.reload_module('#mw_comments_for_post_' + connected_id, function () {
$('#mw_comments_for_post_' + connected_id).find(".comments-holder,.new-comments,.old-comments").show();
});
diff --git a/userfiles/modules/comments/src/views/comments_list.php b/userfiles/modules/comments/src/views/comments_list.php
index 2291b86bd96..ab9258b0297 100644
--- a/userfiles/modules/comments/src/views/comments_list.php
+++ b/userfiles/modules/comments/src/views/comments_list.php
@@ -73,9 +73,7 @@
$(document).ready(function () {
-
-
-
+ mw.edit_comments.api_url = '';
$('.new-close', '#').on('click', function (e) {
diff --git a/userfiles/modules/site_stats/dashboard_recent_comments.php b/userfiles/modules/site_stats/dashboard_recent_comments.php
index d7d33aa39e3..3d596f67567 100644
--- a/userfiles/modules/site_stats/dashboard_recent_comments.php
+++ b/userfiles/modules/site_stats/dashboard_recent_comments.php
@@ -95,7 +95,7 @@
save_comment_form = function (form_id) {
- mw.form.post(form_id, '')
+ mw.form.post(form_id, '')
mw.notification.success('Comment saved')
}