\r
/*\r
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
- * Copyright (C) 2002-2009 The Nucleus Group\r
+ * Copyright (C) 2002-2012 The Nucleus Group\r
*\r
* This program is free software; you can redistribute it and/or\r
* modify it under the terms of the GNU General Public License\r
* A class representing the comments (all of them) for a certain post on a ceratin blog\r
*\r
* @license http://nucleuscms.org/license.txt GNU General Public License\r
- * @copyright Copyright (C) 2002-2009 The Nucleus Group\r
+ * @copyright Copyright (C) 2002-2012 The Nucleus Group\r
* @version $Id: COMMENTS.php 1527 2011-06-21 10:43:44Z sakamocchi $\r
*/\r
\r
global $CONF, $manager;\r
\r
// create parser object & action handler\r
- $actions = new CommentActions($this);\r
- $parser = new Parser($actions->getDefinedActions(),$actions);\r
- $actions->setTemplate($template);\r
- $actions->setParser($parser);\r
-\r
+ $handler = new CommentActions($this);\r
+ $handler->setTemplate($template);\r
+ \r
+ $parser = new Parser($handler);\r
+ \r
if ($maxToShow == 0) {\r
$this->commentcount = $this->amountComments();\r
} else {\r
. ' WHERE c.citem=' . $this->itemid\r
. ' ORDER BY c.ctime';\r
\r
- $comments = sql_query($query);\r
- $this->commentcount = sql_num_rows($comments);\r
+ $comments = DB::getResult($query);\r
+ $this->commentcount = $comments->rowCount();\r
}\r
\r
// if no result was found\r
\r
$parser->parse($template['COMMENTS_HEADER']);\r
\r
- while ( $comment = sql_fetch_assoc($comments) ) {\r
+ foreach ( $comments as $comment ) {\r
$comment['timestamp'] = strtotime($comment['ctime']);\r
- $actions->setCurrentComment($comment);\r
- $actions->setHighlight($highlight);\r
+ $handler->setCurrentComment($comment);\r
+ $handler->setHighlight($highlight);\r
$manager->notify('PreComment', array('comment' => &$comment));\r
$parser->parse($template['COMMENTS_BODY']);\r
$manager->notify('PostComment', array('comment' => &$comment));\r
\r
$parser->parse($template['COMMENTS_FOOTER']);\r
\r
- sql_free_result($comments);\r
+ $comments->closeCursor();\r
\r
return $this->commentcount;\r
}\r
$query = 'SELECT COUNT(*)'\r
. ' FROM '.sql_table('comment').' as c'\r
. ' WHERE c.citem='. $this->itemid;\r
- $res = sql_query($query);\r
- $arr = sql_fetch_row($res);\r
+ $res = DB::getValue($query);\r
\r
- return $arr[0];\r
+ return $res;\r
}\r
\r
/**\r
{\r
global $CONF, $member, $manager;\r
\r
- $blogid = getBlogIDFromItemID($this->itemid);\r
- \r
- $settings =& $manager->getBlog($blogid);\r
+ $item =& $manager->getItem($this->itemid, 0, 0);\r
+ $settings =& $manager->getBlog($item['blogid']);\r
$settings->readSettings();\r
\r
// begin if: comments disabled\r
$p = $manager->getPlugin($plugin);\r
$continue = $continue || $p->supportsFeature('handleSpam');\r
}\r
-\r
+ \r
$spamcheck = array(\r
'type' => 'comment',\r
'body' => $comment['body'],\r
$message .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";\r
$message .= NOTIFICATION::get_mail_footer();\r
\r
- $item =& $manager->getItem($this->itemid, 0, 0);\r
$subject = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';\r
\r
$from = $member->getNotifyFromMailAddress($comment['email']);\r
\r
$manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck) );\r
\r
- $name = sql_real_escape_string($comment['user']);\r
- $url = sql_real_escape_string($comment['userid']);\r
- $email = sql_real_escape_string($comment['email']);\r
- $body = sql_real_escape_string($comment['body']);\r
- $host = sql_real_escape_string($comment['host']);\r
- $ip = sql_real_escape_string($comment['ip']);\r
- $memberid = intval($comment['memberid']);\r
- $timestamp = date('Y-m-d H:i:s', $comment['timestamp']);\r
+ $name = DB::quoteValue($comment['user']);\r
+ $url = DB::quoteValue($comment['userid']);\r
+ $email = DB::quoteValue($comment['email']);\r
+ $body = DB::quoteValue($comment['body']);\r
+ $host = DB::quoteValue($comment['host']);\r
+ $ip = DB::quoteValue($comment['ip']);\r
+ $memberid = (integer) $comment['memberid'];\r
+ $timestamp = DB::formatDateTime($comment['timestamp']);\r
$itemid = $this->itemid;\r
\r
$qSql = 'SELECT COUNT(*) AS result '\r
. 'FROM ' . sql_table('comment')\r
. ' WHERE '\r
- . 'cmail = "' . $url . '"'\r
- . ' AND cmember = "' . $memberid . '"'\r
- . ' AND cbody = "' . $body . '"'\r
- . ' AND citem = "' . $itemid . '"'\r
- . ' AND cblog = "' . $blogid . '"';\r
- $result = (integer) quickQuery($qSql);\r
+ . 'cmail = ' . $url\r
+ . ' AND cmember = ' . $memberid\r
+ . ' AND cbody = ' . $body\r
+ . ' AND citem = ' . $itemid\r
+ . ' AND cblog = ' . $item['blogid'];\r
+ $result = (integer) DB::getValue($qSql);\r
\r
if ( $result > 0 )\r
{\r
return _ERROR_BADACTION;\r
}\r
\r
- $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '\r
- . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')";\r
+ $query = sprintf('INSERT INTO %s (cuser, cmail, cemail, cmember, cbody, citem, ctime, chost, cip, cblog) '\r
+ . 'VALUES (%s, %s, %s, %d, %s, %d, %s, %s, %s, %d)'\r
+ , sql_table('comment'), $name, $url, $email, $memberid, $body, $itemid, $timestamp, $host, $ip, $item['blogid']);\r
\r
- sql_query($query);\r
+ DB::execute($query);\r
\r
// post add comment\r
- $commentid = sql_insert_id();\r
+ $commentid = DB::getInsertId();\r
$manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck) );\r
\r
// succeeded !\r