COMMENT.php Source File | Doxygen Source Document

00001 <?php
00002 
00003 /*
00004  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
00005  * Copyright (C) 2002-2007 The Nucleus Group
00006  *
00007  * This program is free software; you can redistribute it and/or
00008  * modify it under the terms of the GNU General Public License
00009  * as published by the Free Software Foundation; either version 2
00010  * of the License, or (at your option) any later version.
00011  * (see nucleus/documentation/index.html#license for more info)
00012  */
00021 class COMMENT {
00022 
00026         function getComment($commentid) {
00027                 $query =  'SELECT cnumber as commentid, cbody as body, cuser as user, cmail as userid, cemail as email, cmember as memberid, ctime, chost as host, mname as member, cip as ip, cblog as blogid'
00028                            . ' FROM '.sql_table('comment').' left outer join '.sql_table('member').' on cmember=mnumber'
00029                            . ' WHERE cnumber=' . intval($commentid);
00030                 $comments = sql_query($query);
00031 
00032                 $aCommentInfo = mysql_fetch_assoc($comments);
00033                 if ($aCommentInfo)
00034                 {
00035                         $aCommentInfo['timestamp'] = strtotime($aCommentInfo['ctime']);
00036                 }
00037                 return $aCommentInfo;
00038         }
00039 
00044         function prepare($comment) {
00045                 $comment['user'] = strip_tags($comment['user']);
00046                 $comment['userid'] = strip_tags($comment['userid']);
00047                 $comment['email'] = strip_tags($comment['email']);
00048 
00049                 // remove quotes and newlines from user and userid
00050                 $comment['user'] = strtr($comment['user'], "\'\"\n",'-- ');
00051                 $comment['userid'] = strtr($comment['userid'], "\'\"\n",'-- ');
00052                 $comment['email'] = strtr($comment['email'], "\'\"\n",'-- ');
00053 
00054                 $comment['body'] = COMMENT::prepareBody($comment['body']);
00055 
00056                 return $comment;
00057         }
00058 
00059         // prepares the body of a comment (static)
00060         function prepareBody($body) {
00061 
00062                 // remove newlines when too many in a row
00063                 $body = ereg_replace("\n.\n.\n","\n",$body);
00064 
00065                 // encode special characters as entities
00066                 $body = htmlspecialchars($body);
00067 
00068                 // trim away whitespace and newlines at beginning and end
00069                 $body = trim($body);
00070 
00071                 // add <br /> tags
00072                 $body = addBreaks($body);
00073 
00074                 // create hyperlinks for http:// addresses
00075                 // there's a testcase for this in /build/testcases/urllinking.txt
00076                 $replaceFrom = array(
00077                         '/([^:\/\/\w]|^)((https:\/\/)([\w\.-]+)([\/\w+\.~%&?@=_:;#,-]+))/ie',
00078                         '/([^:\/\/\w]|^)((http:\/\/|www\.)([\w\.-]+)([\/\w+\.~%&?@=_:;#,-]+))/ie',
00079                         '/([^:\/\/\w]|^)((ftp:\/\/|ftp\.)([\w\.-]+)([\/\w+\.~%&?@=_:;#,-]+))/ie',
00080                         '/([^:\/\/\w]|^)(mailto:(([a-zA-Z\@\%\.\-\+_])+))/ie'
00081                 );
00082                 $replaceTo = array(
00083                         'COMMENT::createLinkCode("\\1", "\\2","https")',
00084                         'COMMENT::createLinkCode("\\1", "\\2","http")',
00085                         'COMMENT::createLinkCode("\\1", "\\2","ftp")',
00086                         'COMMENT::createLinkCode("\\1", "\\3","mailto")'
00087                 );
00088                 $body = preg_replace($replaceFrom, $replaceTo, $body);
00089 
00090                 return $body;
00091         }
00092 
00093         function createLinkCode($pre, $url, $protocol = 'http') {
00094                 $post = '';
00095 
00096                 // it's possible that $url ends contains entities we don't want,
00097                 // since htmlspecialchars is applied _before_ URL linking
00098                 // move the part of URL, starting from the disallowed entity to the 'post' link part
00099                 $aBadEntities = array('&quot;', '&gt;', '&lt;');
00100                 foreach ($aBadEntities as $entity)
00101                 {
00102                         $pos = strpos($url, $entity);
00103                         if ($pos)
00104                         {
00105                                 $post = substr($url, $pos) . $post;
00106                                 $url = substr($url, 0, $pos);
00107 
00108                         }
00109                 }
00110 
00111                 // remove entities at end (&&&&)
00112                 if (preg_match('/(&\w+;)+$/i', $url, $matches)) {
00113                         $post = $matches[0] . $post;    // found entities (1 or more)
00114                         $url = substr($url, 0, strlen($url) - strlen($post));
00115                 }
00116 
00117                 // move ending comma from url to 'post' part
00118                 if (substr($url, strlen($url) - 1) == ',')
00119                 {
00120                         $url = substr($url, 0, strlen($url) - 1);
00121                         $post = ',' . $post;
00122                 }
00123 
00124                 if (!ereg('^'.$protocol.'://',$url))
00125                         $linkedUrl = $protocol . (($protocol == 'mailto') ? ':' : '://') . $url;
00126                 else
00127                         $linkedUrl = $url;
00128 
00129 
00130                 if ($protocol != 'mailto')
00131                         $displayedUrl = $linkedUrl;
00132                 else
00133                         $displayedUrl = $url;
00134                 return $pre . '<a href="'.$linkedUrl.'" rel="nofollow">'.shorten($displayedUrl,30,'...').'</a>' . $post;
00135         }
00136 
00137 }
00138 
00139 ?>