https://www.mediawiki.org/wiki/Special:Code/MediaWiki/108296
Revision: 108296 Author: ashley Date: 2012-01-07 00:48:27 +0000 (Sat, 07 Jan 2012) Log Message: ----------- Comments: version 2.5: *ResourceLoader compatibility; lots of JS refactoring + associated PHP changes *dropped backwards compatibility, MediaWiki 1.18 is now required *removed $wgTitle usage *removed key cruft; unused legacy security thing? *removed DIY escaping functions; useless, bad design, etc. *added some comments *added some paranoia checks to AJAX functions file Modified Paths: -------------- trunk/extensions/Comments/Comment.js trunk/extensions/Comments/Comment.php trunk/extensions/Comments/CommentClass.php trunk/extensions/Comments/Comments_AjaxFunctions.php Modified: trunk/extensions/Comments/Comment.js =================================================================== --- trunk/extensions/Comments/Comment.js 2012-01-07 00:39:08 UTC (rev 108295) +++ trunk/extensions/Comments/Comment.js 2012-01-07 00:48:27 UTC (rev 108296) @@ -4,7 +4,7 @@ * object-oriented. * * @file - * @date 19 June 2011 + * @date 7 January 2012 */ var Comment = { submitted: 0, @@ -16,58 +16,14 @@ pause: 0, /** - * Change the opacity of an element in a cross-browser compatible manner. - * - * @param opacity Integer: opacity - * @param id String: element ID - */ - changeOpacity: function( opacity, id ) { - var object = document.getElementById( id ).style; - object.opacity = ( opacity / 100 ); - object.MozOpacity = ( opacity / 100 ); - object.KhtmlOpacity = ( opacity / 100 ); - object.filter = 'alpha(opacity=' + opacity + ')'; - }, - - /** - * Code from http://brainerror.net/scripts/javascript/blendtrans/ - * - * @param id String: element ID - * @param opacStart Integer - * @param opacEnd Integer - * @param millisec Integer - */ - opacity: function( id, opacStart, opacEnd, millisec ) { - // speed for each frame - var speed = Math.round( millisec / 100 ); - var timer = 0; - var i; - - // determine the direction for the blending, if start and end are the same nothing happens - if( opacStart > opacEnd ) { - for( i = opacStart; i >= opacEnd; i-- ) { - setTimeout( "Comment.changeOpacity(" + i + ",'" + id + "')", ( timer * speed ) ); - timer++; - document.getElementById( id ).style.display = 'none'; // added by Jack - } - } else if( opacStart < opacEnd ) { - for( i = opacStart; i <= opacEnd; i++ ) { - setTimeout( "Comment.changeOpacity(" + i + ",'" + id + "')", ( timer * speed ) ); - timer++; - document.getElementById( id ).style.display = 'block'; // added by Jack - } - } - }, - - /** * When a comment's author is ignored, "Show Comment" link will be * presented to the user. * If the user clicks on it, this function is called to show the hidden * comment. */ show: function( id ) { - Comment.opacity( 'ignore-' + id, 100, 0, 6500 ); - Comment.opacity( 'comment-' + id, 0, 100, 500 ); + jQuery( '#ignore-' + id ).hide( 100 ); + jQuery( '#comment-' + id ).show( 500 ); }, /** @@ -78,18 +34,16 @@ * @param user_id Integer: user ID number of the user whose comments we * want to block * @param c_id Integer: comment ID number - * @param mk String: vote key (MD5-hashed combination of comment ID, the - * string 'pants' and user's name); unused */ - blockUser: function( user_name, user_id, c_id, mk ) { + blockUser: function( user_name, user_id, c_id ) { if( !user_name ) { - user_name = _COMMENT_BLOCK_ANON; + user_name = mw.msg( 'comment-block-anon' ); } else { - user_name = _COMMENT_BLOCK_USER + ' ' + user_name; + user_name = mw.msg( 'comment-block-user' ) + ' ' + user_name; } - if( confirm( _COMMENT_BLOCK_WARNING + ' ' + user_name + ' ?' ) ) { + if( confirm( mw.msg( 'comment-block-warning' ) + ' ' + user_name + ' ?' ) ) { sajax_request_type = 'POST'; - sajax_do_call( 'wfCommentBlock', [ c_id, user_id, mk ], function( response ) { + sajax_do_call( 'wfCommentBlock', [ c_id, user_id ], function( response ) { alert( response.responseText ); window.location.href = window.location; }); @@ -102,20 +56,19 @@ * * @param cid Integer: comment ID number * @param vt Integer: vote value - * @param mk String: vote key (MD5-hashed combination of comment ID, the - * string 'pants' and user's name); unused * @param vg */ - vote: function( cid, vt, mk, vg ) { + vote: function( cid, vt, vg ) { sajax_request_type = 'POST'; sajax_do_call( 'wfCommentVote', - [ cid, vt, mk, ( ( vg ) ? vg : 0 ), document.commentform.pid.value ], + [ cid, vt, ( ( vg ) ? vg : 0 ), document.commentform.pid.value ], function( response ) { document.getElementById( 'Comment' + cid ).innerHTML = response.responseText; var img = '<img src="' + wgScriptPath + '/extensions/Comments/images/voted.gif" alt="" />'; document.getElementById( 'CommentBtn' + cid ).innerHTML = - img + '<span class="CommentVoted">' + _COMMENT_VOTED + '</span>'; + img + '<span class="CommentVoted">' + + mw.msg( 'comment-voted-label' ) + '</span>'; } ); }, @@ -129,7 +82,7 @@ * @param end */ viewComments: function( pid, ord, end ) { - document.getElementById( 'allcomments' ).innerHTML = _COMMENT_LOADING + '<br /><br />'; + document.getElementById( 'allcomments' ).innerHTML = mw.msg( 'comment-loading' ) + '<br /><br />'; var x = sajax_init_object(); var url = wgServer + wgScriptPath + '/index.php?title=Special:CommentListGet&pid=' + pid + '&ord=' + @@ -153,25 +106,12 @@ }, /** - * HTML-encodes ampersands and plus signs in the given input string. - * - * @param str String: input - * @return String: input with ampersands and plus signs encoded - */ - fixString: function( str ) { - str = str.replace( /&/gi, '%26' ); - str = str.replace( /\+/gi, '%2B' ); - return str; - }, - - /** * Submit a new comment. */ submit: function() { if( Comment.submitted === 0 ) { Comment.submitted = 1; - // Moved variables here... var pidVal = document.commentform.pid.value; var parentId; if ( !document.commentform.comment_parent_id.value ) { @@ -179,16 +119,12 @@ } else { parentId = document.commentform.comment_parent_id.value; } - var fixedStr = Comment.fixString( document.commentform.comment_text.value ); - var sid = document.commentform.sid.value; - var mk = document.commentform.mk.value; + var commentText = document.commentform.comment_text.value; - // @todo CHECKME: possible double-encoding - // (fixString func + encodeURIComponent, which sajax object does) sajax_request_type = 'POST'; sajax_do_call( 'wfCommentSubmit', - [ pidVal, parentId, fixedStr, sid, mk ], + [ pidVal, parentId, commentText ], function( response ) { document.commentform.comment_text.value = ''; Comment.viewComments( document.commentform.pid.value, 0, 1 ); @@ -199,40 +135,31 @@ }, /** - * I'm not sure what is the purpose of this function. This is used in - * toggleLiveComments() below. - * AFAIK we can do document.getElementById( 'spy' ).innerHTML and get the - * desired results in all browsers, including Internet Explorer. + * Toggle comment auto-refreshing on or off + * + * @param status */ - Ob: function( e, f ) { - if( document.all ) { - return ( ( f ) ? document.all[e].style : document.all[e] ); - } else { - return ( ( f ) ? document.getElementById( e ).style : document.getElementById( e ) ); - } - }, - toggleLiveComments: function( status ) { - var Pause; - // @todo FIXME/CHECKME: maybe this should be Comment.pause instead? if( status ) { - Pause = 0; + Comment.pause = 0; } else { - Pause = 1; + Comment.pause = 1; } var msg; if ( status ) { - msg = _COMMENT_PAUSE_REFRESHER; + msg = mw.msg( 'comment-auto-refresher-pause' ); } else { - msg = _COMMENT_ENABLE_REFRESHER; + msg = mw.msg( 'comment-auto-refresher-enable' ); } - Comment.Ob( 'spy' ).innerHTML = - '<a href="javascript:Comment.toggleLiveComments(' + ( ( status ) ? 0 : 1 ) + - ')" style="font-size: 10px">' + msg + '</a>'; + + jQuery( 'div#spy a' ).click( function() { + Comment.toggleLiveComments( ( status ) ? 0 : 1 ); + } ).css( 'font-size', '10px' ).text( msg ); + if( !Comment.pause ) { Comment.LatestCommentID = document.commentform.lastcommentid.value; Comment.timer = setTimeout( - 'Comment.checkUpdate()', + function() { Comment.checkUpdate(); }, Comment.updateDelay ); } @@ -267,7 +194,10 @@ Comment.isBusy = false; if( !Comment.pause ) { clearTimeout( Comment.timer ); - Comment.timer = setTimeout( 'Comment.checkUpdate()', Comment.updateDelay ); + Comment.timer = setTimeout( + function() { Comment.checkUpdate(); }, + Comment.updateDelay + ); } }, @@ -278,9 +208,23 @@ * @param poster String: name of the person whom we're replying to */ reply: function( parentId, poster ) { - document.getElementById( 'replyto' ).innerHTML = _COMMENT_REPLY_TO + - ' ' + poster + ' (<a href="javascript:Comment.cancelReply()">' + - _COMMENT_CANCEL_REPLY + '</a>) <br />'; + jQuery( '#replyto' ).text( + mw.msg( 'comment-reply-to' ) + ' ' + poster + ' (' + ); + jQuery( '<a>', { + href: 'javascript:void(0);', + 'class': 'comments-cancel-reply-link', + click: function() { + // Calling Comments.cancelReply(); here, like in the original + // code, does not work for some reason so we have to duplicate + // its functionality here. Ah well, it's only two lines. + document.getElementById( 'replyto' ).innerHTML = ''; + document.commentform.comment_parent_id.value = ''; + }, + text: mw.msg( 'comment-cancel-reply' ) + } ).appendTo( '#replyto' ); + jQuery( '#replyto' ).append( ') <br />' ); + document.commentform.comment_parent_id.value = parentId; }, @@ -288,4 +232,66 @@ document.getElementById( 'replyto' ).innerHTML = ''; document.commentform.comment_parent_id.value = ''; } -}; \ No newline at end of file +}; + +jQuery( document ).ready( function() { + // "Sort by X" feature + jQuery( 'select[name="TheOrder"]' ).change( function() { + Comment.viewComments( + mw.config.get( 'wgArticleId' ), // or we could use jQuery( 'input[name="pid"]' ).val(), too + jQuery( this ).val() + ); + } ); + + // Comment auto-refresher + jQuery( 'div#spy a' ).click( function() { + Comment.toggleLiveComments( 1 ); + } ); + + // Voting links + jQuery( 'a#comment-vote-link' ).click( function() { + var that = jQuery( this ); + Comment.vote( + that.data( 'comment-id' ), + that.data( 'vote-type' ), + that.data( 'voting' ) + ); + } ); + + // "Block this user" links + jQuery( 'a.comments-block-user' ).each( function( index ) { + var that = jQuery( this ); + that.click( function() { + Comment.blockUser( + that.data( 'comments-safe-username' ), + that.data( 'comments-user-id' ), + that.data( 'comments-comment-id' ) + ); + } ); + } ); + + // "Show this hidden comment" -- comments made by people on the user's + // personal block list + jQuery( 'div.c-ignored-links a' ).each( function( index ) { + var that = jQuery( this ); + that.click( function() { + Comment.show( that.data( 'comment-id' ) ); + } ); + } ); + + // Reply links + jQuery( 'a.comments-reply-to' ).each( function( index ) { + var that = jQuery( this ); + that.bind( 'click', function() { + Comment.reply( + that.data( 'comment-id' ), + that.data( 'comments-safe-username' ) + ); + } ); + } ); + + // Handle clicks on the submit button (previously this was an onclick attr) + jQuery( 'div.c-form-button input[type="button"]' ).click( function() { + Comment.submit(); + } ); +} ); \ No newline at end of file Modified: trunk/extensions/Comments/Comment.php =================================================================== --- trunk/extensions/Comments/Comment.php 2012-01-07 00:39:08 UTC (rev 108295) +++ trunk/extensions/Comments/Comment.php 2012-01-07 00:48:27 UTC (rev 108296) @@ -4,12 +4,12 @@ * * @file * @ingroup Extensions - * @version 2.4.1 + * @version 2.5 * @author David Pean <david.p...@gmail.com> * @author Misza <mi...@shoutwiki.com> * @author Jack Phoenix <j...@countervandalism.net> - * @copyright Copyright © 2008-2011 David Pean, Misza and Jack Phoenix - * @link http://www.mediawiki.org/wiki/Extension:Comments Documentation + * @copyright Copyright © 2008-2012 David Pean, Misza and Jack Phoenix + * @link https://www.mediawiki.org/wiki/Extension:Comments Documentation * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License 2.0 or later */ @@ -24,7 +24,7 @@ // Extension credits that will show up on Special:Version $wgExtensionCredits['parserhook'][] = array( 'name' => 'Comments', - 'version' => '2.4.1', + 'version' => '2.5', 'author' => array( 'David Pean', 'Misza', 'Jack Phoenix' ), 'description' => 'Adds <tt><comments></tt> parser hook that allows commenting on articles', 'url' => 'https://www.mediawiki.org/wiki/Extension:Comments' @@ -34,6 +34,12 @@ $wgResourceModules['ext.comments'] = array( 'scripts' => 'Comment.js', 'styles' => 'Comments.css', + 'messages' => array( + 'comment-voted-label', 'comment-loading', + 'comment-auto-refresher-pause', 'comment-auto-refresher-enable', + 'comment-cancel-reply', 'comment-reply-to', 'comment-block-warning', + 'comment-block-anon', 'comment-block-user' + ), 'localBasePath' => dirname( __FILE__ ), 'remoteExtPath' => 'Comments', 'position' => 'top' // available since r85616 @@ -91,24 +97,24 @@ } function displayComments( $input, $args, $parser ) { - global $wgTitle, $wgOut, $wgScriptPath, $wgHooks; + global $wgOut; wfProfileIn( __METHOD__ ); $parser->disableCache(); - // Add required CSS & JS - if ( defined( 'MW_SUPPORTS_RESOURCE_MODULES' ) ) { - $wgOut->addModules( 'ext.comments' ); - } else { - $wgOut->addScriptFile( $wgScriptPath . '/extensions/Comments/Comment.js' ); - $wgOut->addExtensionStyle( $wgScriptPath . '/extensions/Comments/Comments.css' ); - } + // Add required CSS & JS via ResourceLoader + $wgOut->addModules( 'ext.comments' ); - // Add i18n for JS - $wgHooks['MakeGlobalVariablesScript'][] = 'wfAddCommentJSVars'; - // Parse arguments + // The preg_match() lines here are to support the old-style way of + // adding arguments: + // <comments> + // Allow=Foo,Bar + // Voting=Plus + // </comments> + // whereas the normal, standard MediaWiki style, which this extension + // also supports is: <comments allow="Foo,Bar" voting="Plus" /> $allow = ''; if( preg_match( '/^\s*Allow\s*=\s*(.*)/mi', $input, $matches ) ) { $allow = htmlspecialchars( $matches[1] ); @@ -127,7 +133,7 @@ $voting = $args['voting']; } - $comment = new Comment( $wgTitle->getArticleID() ); + $comment = new Comment( $wgOut->getTitle()->getArticleID() ); $comment->setAllow( $allow ); $comment->setVoting( $voting ); @@ -141,6 +147,8 @@ $output .= '<div id="allcomments">' . $comment->display() . '</div>'; + // If the database is in read-only mode, display a message informing the + // user about that, otherwise allow them to comment if( !wfReadOnly() ) { $output .= $comment->displayForm(); } else { @@ -152,26 +160,6 @@ return $output; } -/** - * Add some i18n messages to the array of JS globals. This is called from - * displayComments() (the callback function for wfComments). - * - * @param $vars Array: array of pre-existing JavaScript global variables - * @return Boolean: true - */ -function wfAddCommentJSVars( $vars ) { - $vars['_COMMENT_VOTED'] = wfMsg( 'comment-voted-label' ); - $vars['_COMMENT_LOADING'] = wfMsg( 'comment-loading' ); - $vars['_COMMENT_PAUSE_REFRESHER'] = wfMsg( 'comment-auto-refresher-pause' ); - $vars['_COMMENT_ENABLE_REFRESHER'] = wfMsg( 'comment-auto-refresher-enable' ); - $vars['_COMMENT_CANCEL_REPLY'] = wfMsg( 'comment-cancel-reply' ); - $vars['_COMMENT_REPLY_TO'] = wfMsg( 'comment-reply-to' ); - $vars['_COMMENT_BLOCK_WARNING'] = wfMsg( 'comment-block-warning' ); - $vars['_COMMENT_BLOCK_ANON'] = wfMsg( 'comment-block-anon' ); - $vars['_COMMENT_BLOCK_USER'] = wfMsg( 'comment-block-user' ); - return true; -} - // Translations for {{NUMBEROFCOMMENTS}} //$wgExtensionMessagesFiles['NumberOfComments'] = $dir . 'Comments.i18n.magic.php'; Modified: trunk/extensions/Comments/CommentClass.php =================================================================== --- trunk/extensions/Comments/CommentClass.php 2012-01-07 00:39:08 UTC (rev 108295) +++ trunk/extensions/Comments/CommentClass.php 2012-01-07 00:48:27 UTC (rev 108296) @@ -112,22 +112,19 @@ } function getCommentText( $comment_text ) { - global $wgTitle, $wgOut, $wgParser; + global $wgOut, $wgParser; - $comment_text = trim( str_replace( """, "'", $comment_text ) ); + $comment_text = trim( str_replace( '"', "'", $comment_text ) ); $comment_text_parts = explode( "\n", $comment_text ); $comment_text_fix = ''; foreach( $comment_text_parts as $part ) { $comment_text_fix .= ( ( $comment_text_fix ) ? "\n" : '' ) . trim( $part ); } - if( $wgTitle->getArticleID() > 0 ) { + if( $wgOut->getTitle()->getArticleID() > 0 ) { $comment_text = $wgParser->recursiveTagParse( $comment_text_fix ); } else { - $comment_text = $wgParser->parse( - $comment_text_fix, $wgTitle, $wgOut->parserOptions(), true - ); - $comment_text = $comment_text->getText(); + $comment_text = $wgOut->parse( $comment_text_fix ); } // really bad hack because we want to parse=firstline, but don't want wrapping <p> tags @@ -264,9 +261,7 @@ global $wgUser; $dbw = wfGetDB( DB_MASTER ); - // @todo FIXME/CHECKME: hurr durr legacy DIY security...still needed? - // I sure hope not... - $text = /*$this->fixStr( str_replace( "'", '"',*/ $this->CommentText /*) )*/; + $text = $this->CommentText; wfSuppressWarnings(); $commentDate = date( 'Y-m-d H:i:s' ); wfRestoreWarnings(); @@ -651,7 +646,7 @@ $output = '<div class="c-order"> <div class="c-order-select"> <form name="ChangeOrder" action=""> - <select name="TheOrder" onchange="Comment.viewComments(' . $this->PageID . ',this.value)"> + <select name="TheOrder"> <option value="0">' . wfMsg( 'comment-sort-by-date' ) . '</option> @@ -662,7 +657,7 @@ </form> </div> <div id="spy" class="c-spy"> - <a href="javascript:Comment.toggleLiveComments(1)">' . + <a href="javascript:void(0)">' . wfMsg( 'comment-auto-refresher-enable' ) . '</a> </div> @@ -682,11 +677,10 @@ } $voteLink = ''; - $voteKey = md5( $commentID . 'pants' . $wgUser->getName() ); if ( $wgUser->isLoggedIn() ) { - $voteLink .= '<a href=\'javascript:Comment.vote(' . $commentID . - ',' . $voteType . ',"' . $voteKey . '","' . $this->Voting . - '")\'>'; + $voteLink .= '<a id="comment-vote-link" data-comment-id="' . + $commentID . '" data-vote-type="' . $voteType . + '" data-voting="' . $this->Voting . '" href="javascript:void(0);">'; } else { // Anonymous users need to log in before they can vote $login = SpecialPage::getTitleFor( 'Userlogin' ); @@ -757,7 +751,8 @@ if( $comment['Comment_user_id'] != 0 ) { $title = Title::makeTitle( NS_USER, $comment['Comment_Username'] ); - $CommentPoster = '<a href="' . $title->escapeFullURL() . '" rel="nofollow">' . $comment['Comment_Username'] . '</a>'; + $CommentPoster = '<a href="' . $title->escapeFullURL() . + '" rel="nofollow">' . $comment['Comment_Username'] . '</a>'; $CommentReplyTo = $comment['Comment_Username']; @@ -788,8 +783,8 @@ if( $replyRow ) { $replyRow .= ' | '; } - $replyRow .= " | <a href=\"#end\" rel=\"nofollow\" onclick=\"javascript:Comment.reply({$comment['CommentID']},'" . - htmlspecialchars( $CommentReplyTo, ENT_QUOTES ) . "')\">" . + $replyRow .= " | <a href=\"#end\" rel=\"nofollow\" class=\"comments-reply-to\" data-comment-id=\"{$comment['CommentID']}\" data-comments-safe-username=\"" . + htmlspecialchars( $CommentReplyTo, ENT_QUOTES ) . '">' . wfMsg( 'comment-reply' ) . '</a>'; } @@ -801,17 +796,18 @@ $comment_class = 'r-message'; } - // Display Block icon for logged in users for comments of users that are already not in your block list + // Display Block icon for logged in users for comments of users + // that are already not in your block list $block_link = ''; if( $wgUser->getID() != 0 && $wgUser->getID() != $comment['Comment_user_id'] && !( in_array( $comment['Comment_Username'], $block_list ) ) ) { - $block_link = "<a href=\"javascript:void(0)\" rel=\"nofollow\" onclick=\"javascript:Comment.blockUser('" . + $block_link = '<a href="javascript:void(0);" rel="nofollow" class="comments-block-user" data-comments-safe-username="' . htmlspecialchars( $comment['Comment_Username'], ENT_QUOTES ) . - "',{$comment['Comment_user_id']},{$comment['CommentID']},'" . - md5( $comment['Comment_Username'] . '-' . $comment['Comment_user_id'] ) . "')\"> + '" data-comments-comment-id="' . $comment['CommentID'] . '" data-comments-user-id="' . + $comment['Comment_user_id'] . "\"> <img src=\"{$wgScriptPath}/extensions/Comments/images/block.png\" border=\"0\" alt=\"\"/> </a>"; } @@ -828,7 +824,7 @@ $output .= "<div id=\"ignore-{$comment['CommentID']}\" class=\"c-ignored {$container_class}\">\n"; $output .= wfMsgExt( 'comment-ignore-message', 'parsemag' ); $output .= '<div class="c-ignored-links">' . "\n"; - $output .= "<a href=\"javascript:Comment.show({$comment['CommentID']});\">" . + $output .= "<a href=\"javascript:void(0);\" data-comment-id=\"{$comment['CommentID']}\">" . wfMsg( 'comment-show-comment-link' ) . '</a> | '; $output .= "<a href=\"{$blockListTitle->escapeFullURL()}\">" . wfMsg( 'comment-manage-blocklist-link' ) . '</a>'; @@ -910,7 +906,8 @@ $output .= $this->getCommentText( $comment['Comment_Text'] ); $output .= '</div>' . "\n"; $output .= '<div class="c-actions">' . "\n"; - $output .= '<a href="' . $title->escapeFullURL() . "#comment-{$comment['CommentID']}\" rel=\"nofollow\">" . wfMsg( 'comment-permalink' ) . '</a> '; + $output .= '<a href="' . $title->escapeFullURL() . "#comment-{$comment['CommentID']}\" rel=\"nofollow\">" . + wfMsg( 'comment-permalink' ) . '</a> '; if( $replyRow || $dlt ) { $output .= "{$replyRow} {$dlt}" . "\n"; } @@ -925,25 +922,13 @@ } /** - * "Fixes" a string - replaces urlencoded entries with proper characters - * - * @param $str String: string to fix - * @return $str String: fixed string - */ - function fixStr( $str ) { - $str = str_replace( '%26', '&', $str ); - $str = str_replace( '%2B', '+', $str ); - $str = str_replace( '%5C', "\\", $str ); - return $str; - } - - /** * Displays the form for adding new comments * * @return $output Mixed: HTML output */ function displayForm() { global $wgUser; + $output = '<form action="" method="post" name="commentform">' . "\n"; if( $this->Allow ) { @@ -952,7 +937,6 @@ strtoupper( addslashes( $wgUser->getName() ) ) ); } - $commentKey = md5( $this->PageID . 'pants' . $wgUser->getName() ); // 'comment' user right is required to add new comments if( !$wgUser->isAllowed( 'comment' ) ) { @@ -962,8 +946,10 @@ // and maybe there's a list of users who should be allowed to post // comments if( $wgUser->isBlocked() == false && ( $this->Allow == '' || $pos !== false ) ) { - $output .= '<div class="c-form-title">' . wfMsg( 'comment-submit' ) . '</div>' . "\n"; + $output .= '<div class="c-form-title">' . + wfMsg( 'comment-submit' ) . '</div>' . "\n"; $output .= '<div id="replyto" class="c-form-reply-to"></div>' . "\n"; + // Show a message to anons, prompting them to register or log in if ( !$wgUser->isLoggedIn() ) { $login_title = SpecialPage::getTitleFor( 'Userlogin' ); $register_title = SpecialPage::getTitleFor( 'Userlogin', 'signup' ); @@ -976,15 +962,14 @@ } $output .= '<textarea name="comment_text" id="comment" rows="5" cols="64"></textarea>' . "\n"; - $output .= '<div class="c-form-button"><input type="button" value="' . wfMsg( 'comment-post' ) . '" onclick="javascript:Comment.submit()" class="site-button" /></div>' . "\n"; + $output .= '<div class="c-form-button"><input type="button" value="' . + wfMsg( 'comment-post' ) . '" class="site-button" /></div>' . "\n"; } $output .= '<input type="hidden" name="action" value="purge" />' . "\n"; $output .= '<input type="hidden" name="pid" value="' . $this->PageID . '" />' . "\n"; $output .= '<input type="hidden" name="commentid" />' . "\n"; $output .= '<input type="hidden" name="lastcommentid" value="' . $this->getLatestCommentID() . '" />' . "\n"; $output .= '<input type="hidden" name="comment_parent_id" />' . "\n"; - $output .= '<input type="hidden" name="sid" value="' . session_id() . '" />' . "\n"; - $output .= '<input type="hidden" name="mk" value="' . $commentKey . '" />' . "\n"; } $output .= '</form>' . "\n"; return $output; Modified: trunk/extensions/Comments/Comments_AjaxFunctions.php =================================================================== --- trunk/extensions/Comments/Comments_AjaxFunctions.php 2012-01-07 00:39:08 UTC (rev 108295) +++ trunk/extensions/Comments/Comments_AjaxFunctions.php 2012-01-07 00:48:27 UTC (rev 108296) @@ -4,7 +4,14 @@ */ $wgAjaxExportList[] = 'wfCommentSubmit'; -function wfCommentSubmit( $page_id, $parent_id, $comment_text, $sid, $mk ) { +function wfCommentSubmit( $page_id, $parent_id, $comment_text ) { + global $wgUser; + + // Blocked users cannot submit new comments + if( $wgUser->isBlocked() ) { + return ''; + } + if( $comment_text != '' ) { $comment = new Comment( $page_id ); $comment->setCommentText( $comment_text ); @@ -12,7 +19,6 @@ $comment->add(); if( class_exists( 'UserStatsTrack' ) ) { - global $wgUser; $stats = new UserStatsTrack( $wgUser->getID(), $wgUser->getName() ); $stats->incStatField( 'comment' ); } @@ -21,7 +27,14 @@ } $wgAjaxExportList[] = 'wfCommentVote'; -function wfCommentVote( $comment_id, $vote_value, $mk, $vg, $page_id ) { +function wfCommentVote( $comment_id, $vote_value, $vg, $page_id ) { + global $wgUser; + + // Blocked users cannot vote, obviously + if( $wgUser->isBlocked() ) { + return ''; + } + if( is_numeric( $comment_id ) && is_numeric( $vote_value ) ) { $dbr = wfGetDB( DB_SLAVE ); $res = $dbr->select( @@ -41,7 +54,6 @@ $out = $comment->getCommentScore(); if( class_exists( 'UserStatsTrack' ) ) { - global $wgUser; $stats = new UserStatsTrack( $wgUser->getID(), $wgUser->getName() ); // Must update stats for user doing the voting @@ -96,7 +108,7 @@ } $wgAjaxExportList[] = 'wfCommentBlock'; -function wfCommentBlock( $comment_id, $user_id, $mk ) { +function wfCommentBlock( $comment_id, $user_id ) { // Load user_name and user_id for person we want to block from the comment it originated from $dbr = wfGetDB( DB_SLAVE ); $s = $dbr->selectRow( _______________________________________________ MediaWiki-CVS mailing list MediaWiki-CVS@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs