From 0b49de36483523127a9434a919dbeff3f647424d Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Wed, 1 Apr 2015 17:12:47 +1300 Subject: [PATCH] ENHANCEMENT If a user posts a spamcomment and it's saved, ensure the form is correctly redirected to --- code/controllers/CommentingController.php | 64 +++++++++++++------- templates/CommentsInterface.ss | 28 ++++----- templates/CommentsInterface_singlecomment.ss | 10 +-- 3 files changed, 61 insertions(+), 41 deletions(-) diff --git a/code/controllers/CommentingController.php b/code/controllers/CommentingController.php index 107046ea..d135430b 100644 --- a/code/controllers/CommentingController.php +++ b/code/controllers/CommentingController.php @@ -373,27 +373,30 @@ public function doPostComment($data, $form) { $this->extend('onBeforePostComment', $form); // If commenting can only be done by logged in users, make sure the user is logged in - $member = Member::currentUser(); - - if(Commenting::can_member_post($class) && $member) { - $form->Fields()->push(new HiddenField("AuthorID", "Author ID", $member->ID)); - } - if(!Commenting::can_member_post($class)) { - echo _t('CommentingController.PERMISSIONFAILURE', "You're not able to post comments to this page. Please ensure you are logged in and have an appropriate permission level."); - - return; + return Security::permissionFailure( + $this, + _t( + 'CommentingController.PERMISSIONFAILURE', + "You're not able to post comments to this page. Please ensure you are logged in and have an " + . "appropriate permission level." + ) + ); } + if($member = Member::currentUser()) { + $form->Fields()->push(new HiddenField("AuthorID", "Author ID", $member->ID)); + } + // is moderation turned on - $moderated = Commenting::get_config_value($class, 'require_moderation'); - if(!$moderated){ - $moderated_nonmembers = Commenting::get_config_value($class, 'require_moderation_nonmembers'); - $moderated = $moderated_nonmembers ? !Member::currentUser() : false; + $requireModeration = Commenting::get_config_value($class, 'require_moderation'); + if(!$requireModeration){ + $requireModerationNonmembers = Commenting::get_config_value($class, 'require_moderation_nonmembers'); + $requireModeration = $requireModerationNonmembers ? !Member::currentUser() : false; } // we want to show a notification if comments are moderated - if ($moderated) { + if ($requireModeration) { Session::set('CommentsModerated', 1); } @@ -402,7 +405,7 @@ public function doPostComment($data, $form) { $form->saveInto($comment); $comment->AllowHtml = Commenting::get_config_value($class, 'html_allowed'); - $comment->Moderated = ($moderated) ? false : true; + $comment->Moderated = !$requireModeration; // Save into DB, or call pre-save hooks to give accurate preview if($isPreview) { @@ -410,19 +413,36 @@ public function doPostComment($data, $form) { } else { $comment->write(); - // extend hook to allow extensions. Also see onBeforePostComment - $this->extend('onAfterPostComment', $comment); + // extend hook to allow extensions. Also see onBeforePostComment + $this->extend('onAfterPostComment', $comment); } // clear the users comment since it passed validation Cookie::set('CommentsForm_Comment', false); - $holder = Commenting::get_config_value($comment->BaseClass, 'comments_holder_id'); + // Find parent link + if(!empty($data['ReturnURL'])) { + $url = $data['ReturnURL']; + } elseif($parent = $comment->getParent()) { + $url = $parent->Link(); + } else { + return $this->redirectBack(); + } + + // Given a redirect page exists, attempt to link to the correct anchor + if(!$comment->Moderated) { + // Display the "awaiting moderation" text + $holder = Commenting::get_config_value($comment->BaseClass, 'comments_holder_id'); + $hash = "{$holder}_PostCommentForm_error"; + } elseif($comment->IsSpam) { + // Link to the form with the error message contained + $hash = $form->FormName(); + } else { + // Link to the moderated, non-spam comment + $hash = $comment->Permalink(); + } - $hash = ($moderated) ? $holder : $comment->Permalink(); - $url = (isset($data['ReturnURL'])) ? $data['ReturnURL'] : false; - - return ($url) ? $this->redirect($url .'#'. $hash) : $this->redirectBack(); + return $this->redirect(Controller::join_links($url, "#{$hash}")); } public function doPreviewComment($data, $form) { diff --git a/templates/CommentsInterface.ss b/templates/CommentsInterface.ss index 3dd19831..f0dca8af 100755 --- a/templates/CommentsInterface.ss +++ b/templates/CommentsInterface.ss @@ -1,11 +1,11 @@ -<% if CommentsEnabled %> +<% if $CommentsEnabled %>

<% _t('CommentsInterface_ss.POSTCOM','Post your comment') %>

- <% if AddCommentForm %> - <% if CanPost %> - <% if ModeratedSubmitted %> -

<% _t('CommentsInterface_ss.AWAITINGMODERATION', 'Your comment has been submitted and is now awaiting moderation.') %>

+ <% if $AddCommentForm %> + <% if $CanPost %> + <% if $ModeratedSubmitted %> +

<% _t('CommentsInterface_ss.AWAITINGMODERATION', 'Your comment has been submitted and is now awaiting moderation.') %>

<% end_if %> $AddCommentForm <% else %> @@ -20,25 +20,25 @@

<% _t('CommentsInterface_ss.COMMENTS','Comments') %>

- <% if Comments %> + <% if $Comments %>
    - <% loop Comments %> + <% loop $Comments %>
  • <% include CommentsInterface_singlecomment %>
  • <% end_loop %>
- <% if Comments.MoreThanOnePage %> + <% if $Comments.MoreThanOnePage %>

- <% if Comments.PrevLink %> + <% if $Comments.PrevLink %> <% end_if %> - <% if Comments.Pages %> - <% loop Comments.Pages %> - <% if CurrentBool %> + <% if $Comments.Pages %> + <% loop $Comments.Pages %> + <% if $CurrentBool %> $PageNum <% else %> $PageNum @@ -46,7 +46,7 @@ <% end_loop %> <% end_if %> - <% if Comments.NextLink %> + <% if $Comments.NextLink %> <% end_if %>

@@ -58,7 +58,7 @@
- <% if DeleteAllLink %> + <% if $DeleteAllLink %>

<% _t('CommentsInterface_ss.PageCommentInterface.DELETEALLCOMMENTS','Delete all comments on this page') %>

diff --git a/templates/CommentsInterface_singlecomment.ss b/templates/CommentsInterface_singlecomment.ss index f4266d6c..acff806b 100755 --- a/templates/CommentsInterface_singlecomment.ss +++ b/templates/CommentsInterface_singlecomment.ss @@ -1,4 +1,4 @@ -
+
<% if $Gravatar %>Gravatar for $Name<% end_if %> $EscapedComment
@@ -14,16 +14,16 @@ <% if $ApproveLink || $SpamLink || $HamLink || $DeleteLink %>