From 2cdf5714e57d5b192cb784c267f0ec86b3cfe3c6 Mon Sep 17 00:00:00 2001 From: Peter Ivanov Date: Wed, 27 Oct 2021 16:35:38 +0300 Subject: [PATCH] update --- .../Comment/CommentServiceProvider.php | 4 +- .../Admin/AdminCommentController.php | 184 ++++++++- .../Http/Controllers/CommentController.php | 57 ++- .../Comment/{ => Models}/Comment.php | 5 +- .../Comment/Models/CommentsCrud.php | 76 ++++ src/MicroweberPackages/Comment/composer.json | 5 +- .../Comment/helpers/comments_helpers.php | 9 + src/MicroweberPackages/Comment/routes/api.php | 22 +- .../Comment/tests/CommentsTest.php | 140 ++++++- userfiles/modules/comments/comments_admin.js | 72 ---- userfiles/modules/comments/edit_comments.js | 15 +- userfiles/modules/comments/functions.php | 68 +--- userfiles/modules/comments/index.php | 11 +- .../modules/comments/src/Models/Comments.php | 354 ------------------ .../modules/comments/src/views/admin.php | 5 - .../modules/comments/src/views/backend.php | 2 +- .../comments/src/views/comments_list.php | 4 +- .../site_stats/dashboard_recent_comments.php | 2 +- 18 files changed, 503 insertions(+), 532 deletions(-) rename src/MicroweberPackages/Comment/{ => Models}/Comment.php (86%) create mode 100644 src/MicroweberPackages/Comment/Models/CommentsCrud.php create mode 100644 src/MicroweberPackages/Comment/helpers/comments_helpers.php diff --git a/src/MicroweberPackages/Comment/CommentServiceProvider.php b/src/MicroweberPackages/Comment/CommentServiceProvider.php index ca71027aa50..75405e636d1 100644 --- a/src/MicroweberPackages/Comment/CommentServiceProvider.php +++ b/src/MicroweberPackages/Comment/CommentServiceProvider.php @@ -14,6 +14,7 @@ use Illuminate\Support\Facades\View; use Illuminate\Support\ServiceProvider; + class CommentServiceProvider extends ServiceProvider { /** @@ -23,9 +24,10 @@ class CommentServiceProvider extends ServiceProvider */ public function boot() { + include_once (__DIR__.'/helpers/comments_helpers.php'); $this->loadRoutesFrom(__DIR__ . '/routes/api.php'); View::addNamespace('comment', __DIR__.'/resources/views'); } -} \ No newline at end of file +} diff --git a/src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php b/src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php index 2db944dda4d..48bfe0fcf6e 100644 --- a/src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php +++ b/src/MicroweberPackages/Comment/Http/Controllers/Admin/AdminCommentController.php @@ -8,11 +8,18 @@ namespace MicroweberPackages\Comment\Http\Controllers\Admin; +use GrahamCampbell\Markdown\Facades\Markdown; use Illuminate\Http\Request; +use Illuminate\Http\Resources\Json\JsonResource; use Illuminate\Support\Facades\Auth; +use Illuminate\Support\Facades\Notification; use MicroweberPackages\App\Http\Controllers\AdminController; -use MicroweberPackages\Comment\Comment; +use MicroweberPackages\Comment\Models\Comment; +use MicroweberPackages\Comment\Events\NewComment; +use MicroweberPackages\Comment\Notifications\NewCommentNotification; +use MicroweberPackages\User\Models\User; +use MicroweberPackages\Utils\Mail\MailSender; class AdminCommentController extends AdminController @@ -20,7 +27,7 @@ class AdminCommentController extends AdminController public function index(Request $request) { $contents = Comment::filter($request->all()) - ->groupBy(['rel_id','rel_type']) + ->groupBy(['rel_id', 'rel_type']) ->paginate($request->get('limit', 30)) ->appends($request->except('page')); @@ -28,6 +35,175 @@ public function index(Request $request) $content->allComments = Comment::where('rel_type', $content['rel_type'])->where('rel_id', $content['rel_id'])->get(); } - return $this->view('comment::admin.comments.index', ['contents'=>$contents]); + return $this->view('comment::admin.comments.index', ['contents' => $contents]); } -} \ No newline at end of file + + + public function saveCommentEdit(Request $request) + { + + $is_del = false; + $table = 'comments'; + mw_var('FORCE_SAVE', $table); + + $data = $request->all(); + if (!isset($data['rel_type']) and isset($data['rel'])) { + $data['rel_type'] = $data['rel']; + } + + if (isset($data['reply_to_comment_id'])) { + $old_comment = $this->get_by_id($data['reply_to_comment_id']); + $data['id'] = 0; + if (!$old_comment) { + return array('error' => 'Error: invalid data'); + } + if (isset($old_comment['rel_type'])) { + $data['rel_type'] = $old_comment['rel_type']; + } + if (isset($old_comment['rel_id'])) { + $data['rel_id'] = $old_comment['rel_id']; + } + + + } + if (!isset($data['id']) and !isset($data['is_moderated'])) { + $data['is_moderated'] = 1; + } else { + $require_moderation = get_option('require_moderation', 'comments'); + if ($require_moderation != 'y') { + $data['is_moderated'] = 1; + } + } + if (isset($data['action']) and isset($data['id'])) { + $action = strtolower($data['action']); + + switch ($action) { + case 'publish' : + $data['is_moderated'] = 1; + $data['is_spam'] = 0; + + + break; + case 'unpublish' : + $data['is_moderated'] = 0; + + break; + case 'spam' : + $data['is_moderated'] = 0; + $data['is_spam'] = 1; + + $this->__report_for_spam($data['id']); + + break; + + case 'delete' : + $is_del = true; + $del = mw()->database_manager->delete_by_id($table, $id = intval($data['id']), $field_name = 'id'); + + break; + + default : + break; + } + + + } else { + if (!isset($data['id'])) { + if (!isset($data['rel_type'])) { + return array('error' => 'Error: invalid data rel_type'); + } + if (!isset($data['rel_id'])) { + return array('error' => 'Error: invalid data rel_id'); + } else { + if (trim($data['rel_id']) == '') { + return array('error' => 'Error: invalid data rel_id'); + } + } + } + } + + if($is_del){ + return (new JsonResource($data))->response(); + } + + if (!isset($data['comment_body'])) { + $data['comment_body'] = ''; + } + + $comment_body = $data['comment_body']; + + // Claer HTML + $comment_body = $this->app->format->clean_html($comment_body); + + // Clear XSS + $evil = ['(?app->format->clean_xss($comment_body, true, $evil, 'removeEvilAttributes'); + + if (!empty($comment_body) and !empty($data['format']) and $data['format'] == 'markdown') { + $comment_body = Markdown::convertToHtml($comment_body); + } + + $data['comment_body'] = $comment_body; + $data['allow_html'] = '1'; + + $saved_data_id = mw()->database_manager->save($table, $data); + + $get_comment = get_comments("single=1&id=" . $saved_data_id); + + return (new JsonResource($get_comment))->response(); + + } + + + + private function __report_for_spam($comment_id) + { + if (defined("MW_UNIT_TEST")) { + return true; + } + + $comment = $this->get_by_id($comment_id); + $report_url = 'https://spamchecker.microweberapi.com/'; + + if ($comment) { + $report = array(); + $report['site_url'] = site_url(); + $report['from_url'] = $comment['from_url']; + $report['is_spam'] = 1; + if (isset($comment['user_ip']) and $comment['user_ip']) { + $report['ip'] = trim($comment['user_ip']); + } + if (isset($comment['comment_email']) and $comment['comment_email']) { + $report['email'] = trim($comment['comment_email']); + } + if (isset($comment['created_by']) and $comment['created_by']) { + $report['is_logged'] = true; + $report['user_id'] = $comment['created_by']; + } + if (isset($comment['comment_name']) and $comment['comment_name']) { + $report['comment_name'] = $comment['comment_name']; + } + if (isset($comment['comment_body']) and $comment['comment_body']) { + $report['comment_body'] = $comment['comment_body']; + } + if (isset($comment['comment_website']) and $comment['comment_website']) { + $report['comment_website'] = $comment['comment_website']; + } + if (isset($comment['comment_subject']) and $comment['comment_subject']) { + $report['comment_subject'] = $comment['comment_subject']; + } + + if (isset($comment['rel_type']) and $comment['rel_type']) { + $report['rel_type'] = $comment['rel_type']; + } + if (isset($comment['rel_id']) and $comment['rel_id']) { + $report['rel_id'] = $comment['rel_id']; + } + $http = new \MicroweberPackages\Utils\Http\Http(); + $http->url($report_url); + $http->set_timeout(10); + return $http->post($report); + + } + } +} diff --git a/src/MicroweberPackages/Comment/Http/Controllers/CommentController.php b/src/MicroweberPackages/Comment/Http/Controllers/CommentController.php index 6effaafe66a..72772c9055e 100644 --- a/src/MicroweberPackages/Comment/Http/Controllers/CommentController.php +++ b/src/MicroweberPackages/Comment/Http/Controllers/CommentController.php @@ -15,7 +15,8 @@ use Illuminate\Http\Request; use Illuminate\Http\Resources\Json\JsonResource; -use MicroweberPackages\Comment\Comment; +use MicroweberPackages\App\Http\RequestRoute; +use MicroweberPackages\Comment\Models\Comment; use MicroweberPackages\Comment\Events\NewComment; use MicroweberPackages\Comment\Notifications\NewCommentNotification; use MicroweberPackages\Option\Facades\Option; @@ -33,23 +34,46 @@ public function postComment(Request $request) } + + + $rules = []; $inputs = $request->all(); + if(isset($inputs['rel']) and !isset($inputs['rel_type'])){ + $inputs['rel_type'] = $inputs['rel']; + unset($inputs['rel']); + } + + + if(isset($inputs['id'])) { + $comment = get_comments('single=1&id=' . $inputs['id']); + if (empty($comment)) { + return \Response::make(['errors' => ['Cannot find comment']]); + } + if (mw()->user_manager->session_id() != $comment['session_id']) { + return \Response::make(['errors' => ['Cannot edit comment']]); + } + + } + $rules['rel_id'] = 'required'; $rules['rel_type'] = 'required'; $rules['comment_body'] = 'required'; - if (!empty($inputs['comment_email'])) { - $inputs['email'] = $inputs['comment_email']; + if (!empty($inputs['email'])) { + $inputs['comment_email'] = $inputs['email']; + unset( $inputs['email']); } if (Option::getValue('require_terms', 'comments')) { - $rules['terms'] = 'terms:terms_comments'; - if (isset($inputs['newsletter_subscribe']) and $inputs['newsletter_subscribe']) { - $rules['terms'] = $rules['terms'] . ', terms_newsletter'; + if(!isset($inputs['terms'])) { + $rules['terms'] = 'terms:terms_comments'; + if (isset($inputs['newsletter_subscribe']) and $inputs['newsletter_subscribe']) { + $rules['terms'] = $rules['terms'] . ', terms_newsletter'; + } + $rules['comment_email'] = 'required'; } - $rules['comment_email'] = 'required'; } $rules['captcha'] = 'captcha'; @@ -59,13 +83,23 @@ public function postComment(Request $request) $validator = \Validator::make($inputs, $rules); if ($validator->fails()) { - return ['errors'=>$validator->messages()->toArray()]; + + + $response = \Response::make(['errors'=>$validator->messages()->toArray()]); + + $response->setStatusCode(422); + + $response = RequestRoute::formatFrontendResponse($response); + + return $response; } - $saveComment = $request->all(); + $saveComment = $inputs; $requireModeration = Option::getValue('require_moderation', 'comments'); if ($requireModeration) { + $saveComment['is_moderated'] = 0; + } else { $saveComment['is_moderated'] = 1; } @@ -79,6 +113,9 @@ public function postComment(Request $request) Notification::send(User::whereIsAdmin(1)->get(), new NewCommentNotification($save)); + cache_clear('comments'); + + return (new JsonResource($save))->response(); } -} \ No newline at end of file +} diff --git a/src/MicroweberPackages/Comment/Comment.php b/src/MicroweberPackages/Comment/Models/Comment.php similarity index 86% rename from src/MicroweberPackages/Comment/Comment.php rename to src/MicroweberPackages/Comment/Models/Comment.php index 3f81cbfe7bf..20d2625ea6e 100644 --- a/src/MicroweberPackages/Comment/Comment.php +++ b/src/MicroweberPackages/Comment/Models/Comment.php @@ -1,11 +1,10 @@ provideFilter(ContentFilter::class); } -} \ No newline at end of file +} diff --git a/src/MicroweberPackages/Comment/Models/CommentsCrud.php b/src/MicroweberPackages/Comment/Models/CommentsCrud.php new file mode 100644 index 00000000000..2024169d6a2 --- /dev/null +++ b/src/MicroweberPackages/Comment/Models/CommentsCrud.php @@ -0,0 +1,76 @@ +database_manager->escape_string($params['content_id']); + + } + $date_format = get_option('date_format', 'website'); + if ($date_format == false) { + $date_format = "Y-m-d H:i:s"; + } + $table = $this->table; + $params['table'] = $table; + + $comments = db_get($params); + + if (is_array($comments)) { + $i = 0; + foreach ($comments as $item) { + if (isset($params['count'])) { + if (isset($item['qty'])) { + return $item['qty']; + } + } + if (isset($item['created_by']) and intval($item['created_by']) > 0 and ($item['comment_name'] == false or $item['comment_name'] == '')) { + $comments[$i]['comment_name'] = user_name($item['created_by']); + } + if (isset($item['created_at']) and trim($item['created_at']) != '') { + $comments[$i]['created_at_display'] = date($date_format, strtotime($item['created_at'])); + } + if (isset($item['updated_at']) and trim($item['updated_at']) != '') { + $comments[$i]['updated_at_display'] = date($date_format, strtotime($item['updated_at'])); + } + if (isset($item['comment_body']) and ($item['comment_body'] != '')) { + $surl = site_url(); + $item['comment_body'] = str_replace('{SITE_URL}', $surl, $item['comment_body']); + $comments[$i]['comment_body'] = $item['comment_body']; // mw()->format->autolink($item['comment_body']); + } + + if (isset($params['single'])) { + + return $comments; + } + + $i++; + } + } + + + return $comments; + } + + + + +} diff --git a/src/MicroweberPackages/Comment/composer.json b/src/MicroweberPackages/Comment/composer.json index 25d88732b08..4fb2257fc6e 100644 --- a/src/MicroweberPackages/Comment/composer.json +++ b/src/MicroweberPackages/Comment/composer.json @@ -16,7 +16,10 @@ "autoload": { "psr-4": { "MicroweberPackages\\Comment\\": "" - } + }, + "files": [ + "helpers/comments_helpers.php" + ] }, "config": { "sort-packages": true diff --git a/src/MicroweberPackages/Comment/helpers/comments_helpers.php b/src/MicroweberPackages/Comment/helpers/comments_helpers.php new file mode 100644 index 00000000000..fb039bfd448 --- /dev/null +++ b/src/MicroweberPackages/Comment/helpers/comments_helpers.php @@ -0,0 +1,9 @@ +get($params); +} diff --git a/src/MicroweberPackages/Comment/routes/api.php b/src/MicroweberPackages/Comment/routes/api.php index a1b34e9ef42..0c49f8e8944 100644 --- a/src/MicroweberPackages/Comment/routes/api.php +++ b/src/MicroweberPackages/Comment/routes/api.php @@ -1,14 +1,9 @@ prefix('api/comment') + ->prefix(ADMIN_PREFIX) ->middleware(['xss']) ->namespace('\MicroweberPackages\Comment\Http\Controllers') ->group(function () { @@ -16,14 +11,19 @@ }); +Route::name('api.comment.admin.') + ->prefix(ADMIN_PREFIX) + ->middleware(['xss','admin']) + ->namespace('\MicroweberPackages\Comment\Http\Controllers\Admin') + ->group(function () { + Route::post('edit', 'AdminCommentController@saveCommentEdit')->name('edit'); + }); Route::name('admin.') ->prefix(ADMIN_PREFIX) - ->middleware(['admin']) + ->middleware(['xss','admin']) ->namespace('\MicroweberPackages\Comment\Http\Controllers\Admin') ->group(function () { - Route::resource('comment', 'AdminCommentController'); - - }); \ No newline at end of file + }); diff --git a/src/MicroweberPackages/Comment/tests/CommentsTest.php b/src/MicroweberPackages/Comment/tests/CommentsTest.php index a43a06d8759..462b50fad84 100644 --- a/src/MicroweberPackages/Comment/tests/CommentsTest.php +++ b/src/MicroweberPackages/Comment/tests/CommentsTest.php @@ -2,8 +2,11 @@ namespace MicroweberPackages\Helper\tests; +use GrahamCampbell\Markdown\Facades\Markdown; +use Illuminate\Support\Facades\Auth; use MicroweberPackages\App\Http\RequestRoute; use MicroweberPackages\Core\tests\TestCase; +use MicroweberPackages\User\Models\User; class CommentsTest extends TestCase { @@ -34,7 +37,8 @@ public function testPostComment() ); $commentData = $response->getData(); - $this->assertEquals($save_post1, $commentData->data->rel_id); + + $this->assertEquals($save_post1, $commentData->data->rel_id); $this->assertEquals('content', $commentData->data->rel_type); $this->assertEquals('Bozhidar', $commentData->data->comment_name); $this->assertEquals('selfworksbg@gmail.com', $commentData->data->comment_email); @@ -108,12 +112,12 @@ public function testPostCommentWithTerms() 'is_active' => 1,); $save_post1 = save_content($params); - + $some = 'html' . now() . rand() . '@user.com'; $req = [ 'rel_id' => $save_post1, 'rel_type' => 'content', 'comment_name' => 'User for terms', - 'comment_email' => 'html' . now() . rand() . '@user.com', + 'comment_email' => $some, 'comment_body' => 'Hello', ]; @@ -130,11 +134,13 @@ public function testPostCommentWithTerms() $req['terms'] = 1; - $commentData = RequestRoute::postJson( + $response = RequestRoute::postJson( route('api.comment.post'), $req ); - $this->assertEquals(true, $commentData['success']); + + $this->assertEquals($some, $response['data']['comment_email']); + } @@ -272,6 +278,130 @@ public function testCommentNotLoggedUser() } + + + + public function testAdminEditComment() + { + $this->_setDisableMustBeLogged(); + $this->_setDisableTerms(); + $this->_setDisableCaptcha(); + + $user = User::where('is_admin', '=', '1')->first(); + Auth::login($user); + + $params = array( + 'title' => 'some post test for comments test'.uniqid(), + 'content_type' => 'post', + 'is_active' => 1); + + $save_post1 = save_content($params); + + $comment1 = 'Hello'.uniqid(); + $comment2 = 'Hello2'.uniqid(); + + $response = $this->json( + 'POST', + route('api.comment.post'), + [ + 'rel_id' => $save_post1, + 'rel_type' => 'content', + 'comment_name' => 'Some', + 'comment_email' => 'email@gmail.com', + 'comment_website' => 'test.com', + 'comment_body' => $comment1, + ] + ); + + $commentData = $response->getData(); + + $comment_id = $commentData->data->id; + + $this->assertEquals($commentData->data->comment_body, $comment1); + + $response = $this->json( + 'POST', + route('api.comment.admin.edit'), + [ + 'id' => $comment_id, + 'comment_body' => $comment2, + ] + ); + $commentData = $response->getData(); + $this->assertEquals($commentData->data->comment_body, $comment2); + + + // save as markdown + $response = $this->json( + 'POST', + route('api.comment.admin.edit'), + [ + 'id' => $comment_id, + 'comment_body' => $comment2, + 'format' => 'markdown', + ] + ); + $commentData = $response->getData(); + $this->assertEquals($commentData->data->comment_body, Markdown::convertToHtml($comment2)); + + + // publish + $response = $this->json( + 'POST', + route('api.comment.admin.edit'), + [ + 'id' => $comment_id, + 'action' => 'publish', + ] + ); + $commentData = $response->getData(); + + $this->assertEquals($commentData->data->is_moderated, 1); + $this->assertEquals($commentData->data->is_spam, 0); + + + // unpublish + $response = $this->json( + 'POST', + route('api.comment.admin.edit'), + [ + 'id' => $comment_id, + 'action' => 'unpublish', + ] + ); + $commentData = $response->getData(); + $this->assertEquals($commentData->data->is_moderated, 0); // unpublish + + // mark as spam + $response = $this->json( + 'POST', + route('api.comment.admin.edit'), + [ + 'id' => $comment_id, + 'action' => 'spam', + ] + ); + $commentData = $response->getData(); + $this->assertEquals($commentData->data->is_moderated, 0); + $this->assertEquals($commentData->data->is_spam, 1); + + + // delete + $response = $this->json( + 'POST', + route('api.comment.admin.edit'), + [ + 'id' => $comment_id, + 'action' => 'delete', + ] + ); + + $get_comment = get_comments("single=1&id=" . $comment_id); + $this->assertFalse($get_comment); + + } + + private function _setDisableMustBeLogged() { diff --git a/userfiles/modules/comments/comments_admin.js b/userfiles/modules/comments/comments_admin.js index ad9123a1a39..8b137891791 100644 --- a/userfiles/modules/comments/comments_admin.js +++ b/userfiles/modules/comments/comments_admin.js @@ -1,73 +1 @@ - -alert('mw.adminComments is deprecated'); - -mw.adminComments = { - action: function (form, val) { - var form = $(form); - var field = form.find('.comment_state'); - var connected_id = mw.$('[name="connected_id"]', form[0]).val(); - field.val(val); - var conf = true; - if (val == 'delete') { - var conf = confirm(mw.msg.to_delete_comment); - } - if (conf) { - var id = form.attr('id'); - var data = form.serialize(); - $.post("", data, function (data) { - mw.reload_module('#mw_comments_for_post_' + connected_id, function () { - $('#mw_comments_for_post_' + connected_id).find(".comments-holder,.new-comments,.old-comments").show(); - }); - }); - } - }, - toggleEdit: function (id) { - mw.$(id).toggleClass('comment-edit-mode'); - if (mw.$(id).hasClass("comment-edit-mode")) { - mw.$(id).find("textarea").focus(); - } - }, - display: function (e, el, what) { - mw.event.cancel(e); - var _new = mw.tools.firstParentWithClass(el, 'comment-post').querySelector('.new-comments'); - var _old = mw.tools.firstParentWithClass(el, 'comment-post').querySelector('.old-comments'); - if (what == 'all') { - $(_new).show(); - $(_old).show(); - } - else if (what == 'new') { - $(_new).show(); - $(_old).hide(); - } - }, - toggleMaster: function (master, e) { - if (master === null) { - return false; - } - if (e != undefined) { - mw.event.cancel(e); - } - var _new = master.parentNode.querySelector('.new-comments'); - var _old = master.parentNode.querySelector('.old-comments'); - if ($(_new).is(":visible") || $(_old).is(":visible")) { - $([_new, _old]).hide(); - $(master).removeClass("active"); - } - else { - $([_new, _old]).show(); - $(master).addClass("active"); - var is_cont = $(master).attr('content-id') - if (typeof is_cont != "undefined") { - var mark_as_old = {} - mark_as_old.content_id = is_cont; - $.post(mw.settings.api_url+'mark_comments_as_old', mark_as_old, function (data) { - - }); - } - } - }, - mark_as_spam:function($comment_id){ - - } -} diff --git a/userfiles/modules/comments/edit_comments.js b/userfiles/modules/comments/edit_comments.js index ed404ebd267..2d1833b1583 100644 --- a/userfiles/modules/comments/edit_comments.js +++ b/userfiles/modules/comments/edit_comments.js @@ -3,19 +3,22 @@ mw.edit_comments = { + api_url : '', + save_form: function (form_id) { - var url = mw.settings.api_url + 'post_comment'; + var url = this.api_url; mw.form.post(form_id, url) mw.notification.success('Comment saved') }, mark_as_spam: function (comment_id) { - var url = mw.settings.api_url + 'mark_comment_as_spam'; + var url = this.api_url; var conf = confirm('Are you sure you want to mark this comment as spam?'); if (conf) { var data = {}; data.comment_id = comment_id; + data.action = 'spam'; $.post(url, data, function (data) { mw.notification.success('Comment is marked as spam') @@ -24,7 +27,7 @@ mw.edit_comments = { }, delete: function (comment_id) { - var url = mw.settings.api_url + 'post_comment'; + var url = this.api_url; var conf = confirm('Are you sure you want to delete this comment?'); if (conf) { var data = {}; @@ -38,7 +41,7 @@ mw.edit_comments = { publish: function (comment_id) { - var url = mw.settings.api_url + 'post_comment'; + var url = this.api_url; var conf = true; if (conf) { var data = {}; @@ -51,7 +54,7 @@ mw.edit_comments = { }, unpublish: function (comment_id) { - var url = mw.settings.api_url + 'post_comment'; + var url = this.api_url; var conf = true; if (conf) { var data = {}; @@ -125,4 +128,4 @@ mw.edit_comments = { // // // }); -// }); \ No newline at end of file +// }); diff --git a/userfiles/modules/comments/functions.php b/userfiles/modules/comments/functions.php index 8ff1f355188..35f17126f73 100644 --- a/userfiles/modules/comments/functions.php +++ b/userfiles/modules/comments/functions.php @@ -1,21 +1,24 @@ mark_as_spam($params); - -}); - - -api_expose_admin('mark_comments_as_old', function ($params) { - $comments = new \Microweber\Comments\Models\Comments(); - return $comments->mark_as_old($params); -}); +//api_expose_admin('mark_comment_as_spam', function ($params) { +// $comments = new \Microweber\Comments\Models\Comments(); +// return $comments->mark_as_spam($params); +// +//}); +// +// +//api_expose_admin('mark_comments_as_old', function ($params) { +// $comments = new \Microweber\Comments\Models\Comments(); +// return $comments->mark_as_old($params); +//}); api_expose_admin('mark_comment_post_notifications_as_read', function ($params) { @@ -67,50 +70,17 @@ if (mw()->user_manager->session_id() == $commentSessionId) { - $newCommentData = array(); - $newCommentData['id'] = $params['comment_id']; - - $commentBody = $params['comment_body']; - - // Claer HTML - $commentBody = mw()->format->clean_html($commentBody); - - // Clear XSS - $evil = ['(?format->clean_xss($commentBody, true, $evil, 'removeEvilAttributes'); - - $commentBody = GrahamCampbell\Markdown\Facades\Markdown::convertToHtml($commentBody); - - $newCommentData['comment_body'] = $commentBody; - $newCommentData['allow_html'] = '1'; - $newCommentData['allow_scripts'] = '1'; - - mw()->database_manager->save('comments', $newCommentData); + $commentData = RequestRoute::postJson( + route('api.comment.post'), + $params + ); + return $commentData; } }); -/** - * post_comment - */ -api_expose('post_comment'); -function post_comment($data) -{ - // Save to database - $comments = new \Microweber\Comments\Models\Comments(); - $comment_id = $comments->save($data); - - return $comment_id; -} - -function get_comments($params = false) -{ - $comments = new \Microweber\Comments\Models\Comments(); - - return $comments->get($params); -} event_bind( diff --git a/userfiles/modules/comments/index.php b/userfiles/modules/comments/index.php index 3e3cf181692..d5dfbaa106f 100644 --- a/userfiles/modules/comments/index.php +++ b/userfiles/modules/comments/index.php @@ -178,7 +178,6 @@ - $cur_user_data = array(); $cur_user = user_id(); if ($cur_user != false) { @@ -239,7 +238,7 @@ $comments = $comments_new; // } } - + $template = get_option('data-template', $params['id']); if (($template == false or ($template == '')) and isset($params['template'])) { $template = $params['template']; @@ -258,7 +257,7 @@ mw.require("url.js", true); mw.require("forms.js", true); - + @@ -317,7 +316,7 @@ function delete_comment_user(id) { } mw.comments_is_saving = true; - mw.form.post('form#comments-form-', '', + mw.form.post('form#comments-form-', '', function (msg) { mw.comments_is_saving = false; var resp = this; diff --git a/userfiles/modules/comments/src/Models/Comments.php b/userfiles/modules/comments/src/Models/Comments.php index ad3cbfd8f34..00dcc77c9c0 100644 --- a/userfiles/modules/comments/src/Models/Comments.php +++ b/userfiles/modules/comments/src/Models/Comments.php @@ -80,360 +80,6 @@ public function get($params = false) } - public function save($data) - { - - $adm = is_admin(); - - $table = MODULE_DB_COMMENTS; - mw_var('FORCE_SAVE', $table); - - if (isset($data['id'])) { - if ($adm == false) { - mw_error('Error: Only admin can edit comments!'); - } - } - if (!isset($data['rel_type']) and isset($data['rel'])) { - $data['rel_type'] = $data['rel']; - } - - if (isset($data['reply_to_comment_id'])) { - $old_comment = $this->get_by_id($data['reply_to_comment_id']); - $data['id'] = 0; - if (!$old_comment) { - return array('error' => 'Error: invalid data'); - } - if (isset($old_comment['rel_type'])) { - $data['rel_type'] = $old_comment['rel_type']; - } - if (isset($old_comment['rel_id'])) { - $data['rel_id'] = $old_comment['rel_id']; - } - - - } - if ($adm == true and !isset($data['id']) and !isset($data['is_moderated'])) { - $data['is_moderated'] = 1; - } else { - $require_moderation = get_option('require_moderation', 'comments'); - if ($require_moderation != 'y') { - $data['is_moderated'] = 1; - } - } - if (isset($data['action']) and isset($data['id'])) { - if ($adm == false) { - mw_error('Error: Only admin can edit comments!'); - } else { - $action = strtolower($data['action']); - - switch ($action) { - case 'publish' : - $data['is_moderated'] = 1; - $data['is_spam'] = 0; - - - break; - case 'unpublish' : - $data['is_moderated'] = 0; - - break; - case 'spam' : - $data['is_moderated'] = 0; - $data['is_spam'] = 1; - - break; - - case 'delete' : - $del = mw()->database_manager->delete_by_id($table, $id = intval($data['id']), $field_name = 'id'); - return $del; - break; - - default : - break; - } - - } - } else { - - if (!isset($data['rel_type'])) { - return array('error' => 'Error: invalid data rel_type'); - } - if (!isset($data['rel_id'])) { - return array('error' => 'Error: invalid data rel_id'); - } else { - if (trim($data['rel_id']) == '') { - return array('error' => 'Error: invalid data rel_id'); - } - } - - if (!is_admin()) { - - - $needs_terms = get_option('require_terms', 'comments') == 'y'; - - - if ($needs_terms) { - $user_id_or_email = $this->app->user_manager->id(); - if (!$user_id_or_email) { - if (isset($data['comment_email'])) { - $user_id_or_email = $data['comment_email']; - } - } - - if (!$user_id_or_email) { - $checkout_errors['comments_needs_email'] = _e('You must provide email address', true); - } else { - $terms_and_conditions_name = 'terms_comments'; - - $check_term = $this->app->user_manager->terms_check($terms_and_conditions_name, $user_id_or_email); - if (!$check_term) { - if (isset($data['terms']) and $data['terms']) { - $this->app->user_manager->terms_accept($terms_and_conditions_name, $user_id_or_email); - } else { - return array( - 'error' => _e('You must agree to terms and conditions', true), - 'form_data_required' => 'terms', - 'form_data_module' => 'users/terms' - ); - } - } - } - } - - - if (!isset($data['captcha'])) { - return array( - 'error' => _e('Invalid captcha answer!', true), - 'captcha_error' => true, - 'form_data_required' => 'captcha', - 'form_data_module' => 'captcha' - ); - - } else { - $validate_captcha = $this->app->captcha_manager->validate($data['captcha']); - if (!$validate_captcha) { - - return array( - 'error' => _e('Invalid captcha answer!', true), - 'captcha_error' => true, - 'form_data_required' => 'captcha', - 'form_data_module' => 'captcha' - ); - - - } - } - - } - - - } - if (!isset($data['id']) and isset($data['comment_body'])) { - - if (!isset($data['comment_email']) and user_id() == 0) { - return array('error' => 'You must type your email or be logged in order to comment.'); - } - - $data['from_url'] = mw()->url_manager->current(1); - - } - - if (!isset($data['comment_body'])) { - $data['comment_body'] = ''; - } - - $comment_body = $data['comment_body']; - - // Claer HTML - $comment_body = $this->app->format->clean_html($comment_body); - - // Clear XSS - $evil = ['(?app->format->clean_xss($comment_body, true, $evil, 'removeEvilAttributes'); - - $comment_body = Markdown::convertToHtml($comment_body); - - $data['comment_body'] = $comment_body; - $data['allow_html'] = '1'; - $data['allow_scripts'] = '1'; - - $saved_data_id = mw()->database_manager->save($table, $data); - - - if (!isset($data['id']) and isset($data['comment_body'])) { - /* $notif = array(); - $notif['module'] = "comments"; - $notif['rel_type'] = $data['rel_type']; - $notif['rel_id'] = $data['rel_id']; - $notif['title'] = "You have new comment"; - $notif['description'] = "New comment is posted on " . mw()->url_manager->current(1); - $notif['content'] = mw('format')->limit($data['comment_body'], 800); - mw()->notifications_manager->save($notif);*/ - - $email_on_new_comment = get_option('email_on_new_comment', 'comments') == 'y'; - $email_on_new_comment_value = get_option('email_on_new_comment_value', 'comments'); - - $newComment = \MicroweberPackages\Comment\Comment::where('id',$saved_data_id)->first(); - if ($newComment) { - - event(new NewComment($newComment)); - - Notification::send(User::whereIsAdmin(1)->get(), new NewCommentNotification($newComment)); - - if ($email_on_new_comment == true) { - // Anonymous notification - } - - } - - - if ($email_on_new_comment == true) { - $subject = "You have new comment"; - $data2 = $data; - unset($data2['rel_type']); - unset($data2['rel_id']); - $data3 = array(); - foreach ($data2 as $key => $value) { - $key2 = str_ireplace('comment_', ' ', $key); - if ($key2 == 'body') { - $key2 = 'text'; - } - - $data3[$key2] = nl2br($value); - } - - - $message = "Hi,
You have new comment posted on " . mw()->url_manager->current(1) . '
'; - $message .= "IP:" . user_ip() . '
'; - $message .= mw('format')->array_to_ul($data3); - - $sender = new MailSender(); - $sender->setEmailTo($email_on_new_comment_value); - $sender->setEmailSubject($subject); - $sender->setEmailMessage($message); - $sender->setEmailHostnameToSubject(1); - $sender->send(); - } - - - } - - $get_comment = get_comments("single=1&id=" . $saved_data_id); - - if (isset($get_comment['is_subscribed_for_notification']) && isset($get_comment['is_sent_email'])) { - - if ($get_comment['action'] == 'publish' && $get_comment['is_subscribed_for_notification'] == 1 && $get_comment['is_sent_email'] == 0) { - - // Send notification - if (is_numeric($saved_data_id)) { - $emailJob = (new \Microweber\Comments\Jobs\JobSendMailNotificationOnComment($saved_data_id))->onQueue('processing'); - \Queue::later(5, $emailJob); - } - - } - } - - return $saved_data_id; - } - - public function mark_as_spam($data) - { - - must_have_access(); - if (isset($data['comment_id'])) { - $s = array(); - $s['id'] = $data['comment_id']; - $s['is_moderated'] = 0; - $s['is_spam'] = 1; - $s['table'] = $this->table; - - $s = mw()->database_manager->save($s); - if ($s) { - $this->__report_for_spam($s); - } - - - } - - - } - - public function mark_as_old($data) - { - - must_have_access(); - - if (isset($data['content_id'])) { - $table = MODULE_DB_COMMENTS; - mw_var('FORCE_SAVE', $table); - $data['is_new'] = 1; - $get_comm = get_comments($data); - if (!empty($get_comm)) { - foreach ($get_comm as $get_com) { - $upd = array(); - $upd['is_new'] = 0; - - $upd['id'] = $get_com['id']; - $upd['rel_type'] = 'content'; - $upd['rel_id'] = mw()->database_manager->escape_string($data['content_id']); - mw()->database_manager->save($table, $upd); - } - } - return $get_comm; - - } - - } - - - private function __report_for_spam($comment_id) - { - - $comment = $this->get_by_id($comment_id); - $report_url = 'https://spamchecker.microweberapi.com/'; - - if ($comment) { - $report = array(); - $report['site_url'] = site_url(); - $report['from_url'] = $comment['from_url']; - $report['is_spam'] = 1; - if (isset($comment['user_ip']) and $comment['user_ip']) { - $report['ip'] = trim($comment['user_ip']); - } - if (isset($comment['comment_email']) and $comment['comment_email']) { - $report['email'] = trim($comment['comment_email']); - } - if (isset($comment['created_by']) and $comment['created_by']) { - $report['is_logged'] = true; - $report['user_id'] = $comment['created_by']; - } - if (isset($comment['comment_name']) and $comment['comment_name']) { - $report['comment_name'] = $comment['comment_name']; - } - if (isset($comment['comment_body']) and $comment['comment_body']) { - $report['comment_body'] = $comment['comment_body']; - } - if (isset($comment['comment_website']) and $comment['comment_website']) { - $report['comment_website'] = $comment['comment_website']; - } - if (isset($comment['comment_subject']) and $comment['comment_subject']) { - $report['comment_subject'] = $comment['comment_subject']; - } - - if (isset($comment['rel_type']) and $comment['rel_type']) { - $report['rel_type'] = $comment['rel_type']; - } - if (isset($comment['rel_id']) and $comment['rel_id']) { - $report['rel_id'] = $comment['rel_id']; - } - $http = new \MicroweberPackages\Utils\Http\Http(); - $http->url($report_url); - $http->set_timeout(10); - return $http->post($report); - - } - } - } diff --git a/userfiles/modules/comments/src/views/admin.php b/userfiles/modules/comments/src/views/admin.php index faee503ee7d..662e9b63055 100644 --- a/userfiles/modules/comments/src/views/admin.php +++ b/userfiles/modules/comments/src/views/admin.php @@ -1,8 +1,3 @@ - diff --git a/userfiles/modules/comments/src/views/backend.php b/userfiles/modules/comments/src/views/backend.php index 84a26c2bf97..5c74b63690f 100644 --- a/userfiles/modules/comments/src/views/backend.php +++ b/userfiles/modules/comments/src/views/backend.php @@ -113,7 +113,7 @@ if (conf) { var id = form.attr('id'); var data = form.serialize(); - $.post("", data, function (data) { + $.post("", data, function (data) { mw.reload_module('#mw_comments_for_post_' + connected_id, function () { $('#mw_comments_for_post_' + connected_id).find(".comments-holder,.new-comments,.old-comments").show(); }); diff --git a/userfiles/modules/comments/src/views/comments_list.php b/userfiles/modules/comments/src/views/comments_list.php index 2291b86bd96..ab9258b0297 100644 --- a/userfiles/modules/comments/src/views/comments_list.php +++ b/userfiles/modules/comments/src/views/comments_list.php @@ -73,9 +73,7 @@ $(document).ready(function () { - - - + mw.edit_comments.api_url = ''; $('.new-close', '#').on('click', function (e) { diff --git a/userfiles/modules/site_stats/dashboard_recent_comments.php b/userfiles/modules/site_stats/dashboard_recent_comments.php index d7d33aa39e3..3d596f67567 100644 --- a/userfiles/modules/site_stats/dashboard_recent_comments.php +++ b/userfiles/modules/site_stats/dashboard_recent_comments.php @@ -95,7 +95,7 @@ save_comment_form = function (form_id) { - mw.form.post(form_id, '') + mw.form.post(form_id, '') mw.notification.success('Comment saved') }