validate ajax input
This commit is contained in:
parent
cace16f606
commit
d70f109776
|
@ -1,82 +1,130 @@
|
||||||
$(document).ready(function () {
|
jQuery(document).ready(function () {
|
||||||
|
var commentForm = $(document).find('.comments-form');
|
||||||
function PhpComment(element) {
|
var commentSection = $(document).find('.comments').first();
|
||||||
this.element = element;
|
var commentAlert = commentForm.closest('.alert');
|
||||||
this.init();
|
//var newMedia;
|
||||||
}
|
//hide form, show link
|
||||||
|
commentForm.hide();
|
||||||
PhpComment.prototype.init = function () {
|
$(document).find('.comment-add-new').show();
|
||||||
this.setupVariables();
|
//get template for inserting new comments
|
||||||
this.setupEvents();
|
/*
|
||||||
}
|
$.ajax({
|
||||||
|
|
||||||
PhpComment.prototype.setupVariables = function () {
|
|
||||||
this.commentForm = this.element.find(".comments-form");
|
|
||||||
this.titleField = this.element.find("#comment_title");
|
|
||||||
this.bodyField = this.element.find("#comment_body");
|
|
||||||
}
|
|
||||||
|
|
||||||
PhpComment.prototype.setupEvents = function () {
|
|
||||||
var phpComment = this,
|
|
||||||
newMedia;
|
|
||||||
|
|
||||||
$.ajax({
|
|
||||||
url: '/media_template.php',
|
url: '/media_template.php',
|
||||||
method: 'GET',
|
method: 'GET',
|
||||||
dataType: 'html',
|
dataType: 'html',
|
||||||
success: function (data) {
|
success: function (data) {
|
||||||
newMedia = data;
|
newMedia = data;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
*/
|
||||||
phpComment.commentForm.on("submit", function (e) {
|
$('body').on('click', '.comment-add-new-sadf', function (e) {
|
||||||
e.preventDefault();
|
e.preventDefault();
|
||||||
var parentId = 0,
|
alert('asdf');
|
||||||
title = phpComment.titleField.val(),
|
$('span').stop().css('opacity', 1).text('myName = ' + e.name).fadeIn(30).fadeOut(1000);
|
||||||
body = phpComment.bodyField.val();
|
});
|
||||||
|
//show comment form above comments section (new comment thread)
|
||||||
if(phpComment.commentForm.parents(".comment").length > 0){
|
$('body').on('click', '.comment-add-new', function (e) {
|
||||||
parentId = phpComment.commentForm.closest(".comment").attr("data-Id");
|
e.preventDefault();
|
||||||
|
//commentForm.hide(1000);
|
||||||
|
//commentSection.before(commentForm);
|
||||||
|
$(this).before(commentForm);
|
||||||
|
commentForm.show('slow');
|
||||||
|
//$(this).slideUp();
|
||||||
|
});
|
||||||
|
//show comment form below selected comment (reply to existing comment)
|
||||||
|
$('body').on('click', '.comment-add-reply', function (e) {
|
||||||
|
e.preventDefault();
|
||||||
|
var media = $(this).closest('.comment');
|
||||||
|
commentForm.hide();
|
||||||
|
media.find('>.comment-body>.comment-text').after(commentForm);
|
||||||
|
commentForm.show('slow');
|
||||||
|
});
|
||||||
|
// Attach a submit handler to the form
|
||||||
|
$(commentForm).on('submit', function (event) {
|
||||||
|
event.preventDefault();
|
||||||
|
// Get some values from elements on the page:
|
||||||
|
//var term = $(this).find( "input[name='s']" ).val();
|
||||||
|
//var data = $(this).serializeArray();
|
||||||
|
var data = $(this).serialize();
|
||||||
|
console.log("Form Data (submit)", JSON.parse(JSON.stringify(data)));
|
||||||
|
//var url = $(this).attr( "action" );
|
||||||
|
var url = '/nested-comments';
|
||||||
|
var parentId = 0;
|
||||||
|
if ($(this).parents('.comment').length > 0) {
|
||||||
|
parentId = $(this).closest('.comment').attr('data-Id');
|
||||||
}
|
}
|
||||||
|
// Send the data using post
|
||||||
|
|
||||||
$.ajax({
|
//var posting = $.post(url, { parentId: parentId, data: data }, null, 'json');
|
||||||
url: phpComment.commentForm.attr("action"),
|
var posting = $.post(url, data + '&parentID=' + parentId, null, 'json');
|
||||||
method: 'POST',
|
//$.post( "test.php", $( "#testform" ).serialize() );
|
||||||
dataType: 'json',
|
// Put the results in a div
|
||||||
data: {title: title, body: body, parentId: parentId},
|
posting.done(function (response) {
|
||||||
success: function (data) {
|
alert('success');
|
||||||
if(!data.created){
|
console.log("Response Data (done)", JSON.parse(JSON.stringify(response)));
|
||||||
alert("Couldn't create comment");
|
//response = JSON.parse(response);
|
||||||
|
var message = response.status ? response.message : 'Error: ' + response.message;
|
||||||
|
commentForm.after(commentAlert);
|
||||||
|
commentAlert.empty().append(message);
|
||||||
|
if (!response.status) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if (response.status) {
|
||||||
newMedia = newMedia.replace("{{id}}", data.id);
|
var newMedia = `
|
||||||
newMedia = newMedia.replace("{{title}}", title);
|
<div class='comment comment-level-{{comment.level|e}}' data-Id='{{comment.id}}' >
|
||||||
newMedia = newMedia.replace("{{body}}", body);
|
<div class='comment-left'>
|
||||||
newMedia = newMedia.replace("{{nested}}", '');
|
<a href='#'>
|
||||||
phpComment.commentForm.before(newMedia);
|
<img class='comment-object' src='https://www.gravatar.com/avatar/{{comment.email|trim|lower|md5}}?d=identicon' alt='user icon'>
|
||||||
phpComment.titleField.val("");
|
</a>
|
||||||
phpComment.bodyField.val("");
|
</div>
|
||||||
|
<div class='comment-body'>
|
||||||
|
<div class='comment-heading'>
|
||||||
|
<div class='comment-title'><h4>{{comment.title}}</h4></div>
|
||||||
|
<div class='comment-reply'><a class='comment-add-reply' href='#'>{{'PLUGIN_COMMENTS.ADD_REPLY'|t}}</a></div>
|
||||||
|
<div class='comment-meta'>{{'PLUGIN_COMMENTS.WRITTEN_ON'|t}} {{comment.date|e}} {{'PLUGIN_COMMENTS.BY'|t}} {{comment.author}}</div>
|
||||||
|
</div>
|
||||||
|
<div class='comment-text' >
|
||||||
|
{{comment.text}}
|
||||||
|
</div>
|
||||||
|
{{nested}}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
`;
|
||||||
|
newMedia = newMedia.replace('{{comment.id}}', response.id);
|
||||||
|
newMedia = newMedia.replace('{{comment.level|e}}', response.level);
|
||||||
|
newMedia = newMedia.replace('{{comment.email|trim|lower|md5}}', response.hash);
|
||||||
|
newMedia = newMedia.replace('{{parent_id}}', response.data.parent_id);
|
||||||
|
newMedia = newMedia.replace('{{comment.title}}', response.data.title);
|
||||||
|
newMedia = newMedia.replace('{{comment.text}}', response.data.text);
|
||||||
|
newMedia = newMedia.replace('{{comment.author}}', response.data.name);
|
||||||
|
//newMedia = newMedia.replace('{{comment.date|e}}', response.data.name);
|
||||||
|
if ($( "div[data-Id='" + response.data.parent_id + "']" ).length > 0) {
|
||||||
|
$( "div[data-Id='" + response.data.parent_id + "']" ).first().after(newMedia);
|
||||||
|
} else {
|
||||||
|
$( "div.comments" ).last().prepend(newMedia);
|
||||||
}
|
}
|
||||||
});
|
//phpComment.commentForm.before(newMedia);
|
||||||
});
|
//phpComment.titleField.val("");
|
||||||
|
//phpComment.bodyField.val("");
|
||||||
$(document).on("click", ".comment-add-new", function (e) {
|
|
||||||
e.preventDefault();
|
|
||||||
$(this).find(".comments").before(phpComment.commentForm);
|
|
||||||
});
|
|
||||||
$(document).on("click", ".comment-add-reply", function (e) {
|
|
||||||
e.preventDefault();
|
|
||||||
var media = $(this).closest(".comment");
|
|
||||||
media.find(">.comment-body>.comment-text").after(phpComment.commentForm);
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
setTimeout(function () {
|
||||||
$.fn.phpComment = function (options) {
|
commentForm.hide(3000);
|
||||||
new PhpComment(this);
|
}, 5000);
|
||||||
return this;
|
});
|
||||||
}
|
posting.fail(function (status, error, title) {
|
||||||
|
alert('error');
|
||||||
$(".comments").phpComment();
|
console.log("Response Data (fail)", JSON.parse(JSON.stringify(status)));
|
||||||
|
commentForm.after(commentAlert);
|
||||||
|
commentAlert.empty().append("<p>TEST</p>");
|
||||||
|
commentAlert.append("<p>" + status + "</p>");
|
||||||
|
commentAlert.append("<p>" + error + "</p>");
|
||||||
|
commentAlert.append("<p>" + title + "</p>");
|
||||||
|
});
|
||||||
|
posting.always(function (test) {
|
||||||
|
//alert("finished, be it successful or not");
|
||||||
|
//test = JSON.parse(test);
|
||||||
|
//test = test.serialize();
|
||||||
|
//alert(test);
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
131
comments.php
131
comments.php
|
@ -73,9 +73,15 @@ class CommentsPlugin extends Plugin
|
||||||
|
|
||||||
$disable_on_routes = (array) $this->config->get('plugins.comments.disable_on_routes');
|
$disable_on_routes = (array) $this->config->get('plugins.comments.disable_on_routes');
|
||||||
$enable_on_routes = (array) $this->config->get('plugins.comments.enable_on_routes');
|
$enable_on_routes = (array) $this->config->get('plugins.comments.enable_on_routes');
|
||||||
|
$callback = $this->config->get('plugins.comments.ajax_callback');
|
||||||
|
|
||||||
$path = $uri->path();
|
$path = $uri->path();
|
||||||
|
|
||||||
|
if ($callback === $path) {
|
||||||
|
$this->enable = true;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (!in_array($path, $disable_on_routes)) {
|
if (!in_array($path, $disable_on_routes)) {
|
||||||
if (in_array($path, $enable_on_routes)) {
|
if (in_array($path, $enable_on_routes)) {
|
||||||
$this->enable = true;
|
$this->enable = true;
|
||||||
|
@ -163,58 +169,126 @@ class CommentsPlugin extends Plugin
|
||||||
*/
|
*/
|
||||||
public function onPageInitialized()
|
public function onPageInitialized()
|
||||||
{
|
{
|
||||||
|
$is_ajax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
|
||||||
// initialize with page settings (post-cache)
|
// initialize with page settings (post-cache)
|
||||||
// if (!$this->isAdmin() && isset($this->grav['page']->header()->{'star-ratings'})) {
|
// if (!$this->isAdmin() && isset($this->grav['page']->header()->{'star-ratings'})) {
|
||||||
// // if not in admin merge potential page-level configs
|
// // if not in admin merge potential page-level configs
|
||||||
// $this->config->set('plugins.star-ratings', $this->mergeConfig($page));
|
// $this->config->set('plugins.star-ratings', $this->mergeConfig($page));
|
||||||
// }
|
// }
|
||||||
$this->callback = 'nested-comments';
|
|
||||||
// $this->callback = $this->config->get('plugins.star-ratings.callback');
|
// $this->callback = $this->config->get('plugins.star-ratings.callback');
|
||||||
// $this->total_stars = $this->config->get('plugins.star-ratings.total_stars');
|
// $this->total_stars = $this->config->get('plugins.star-ratings.total_stars');
|
||||||
// $this->only_full_stars = $this->config->get('plugins.star-ratings.only_full_stars');
|
// $this->only_full_stars = $this->config->get('plugins.star-ratings.only_full_stars');
|
||||||
|
$callback = $this->config->get('plugins.comments.ajax_callback');
|
||||||
// Process comment if required
|
// Process comment if required
|
||||||
if ($this->callback === $this->grav['uri']->path()) {
|
if ($is_ajax || $callback === $this->grav['uri']->path()) {
|
||||||
// try to add the comment
|
// try to add the comment
|
||||||
$result = $this->addComment();
|
$result = $this->addComment();
|
||||||
echo json_encode(['status' => $result[0], 'message' => $result[1], 'data' => ['score' => $result[2][0], 'count' => $result[2][1]]]);
|
echo json_encode([
|
||||||
exit();
|
'status' => $result[0],
|
||||||
|
'message' => $result[1],
|
||||||
|
'data' => $result[2],
|
||||||
|
// 'data' => [
|
||||||
|
// 'score' => $result[2][0],
|
||||||
|
// 'count' => $result[2][1]
|
||||||
|
// ]
|
||||||
|
]);
|
||||||
|
exit(); //prevents the page frontend from beeing displayed.
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function addComment()
|
public function addComment()
|
||||||
{
|
{
|
||||||
$nonce = $this->grav['uri']->param('nonce');
|
if (!$_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
if (!Utils::verifyNonce($nonce, 'comments')) {
|
// Not a POST request, set a 403 (forbidden) response code.
|
||||||
return [false, 'Invalid security nonce', [0, 0]];
|
http_response_code(403);
|
||||||
|
return [false, 'There was a problem with your submission, please try again.', [0, 0]];
|
||||||
}
|
}
|
||||||
$language = $this->grav['language'];
|
|
||||||
// get and filter the data
|
// get and filter the data
|
||||||
$parent_id = filter_input(INPUT_POST, 'parent_id', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
if (!isset($_POST['data']) || !is_array($_POST['data'])) {
|
||||||
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
|
// Set a 400 (bad request) response code and exit.
|
||||||
$text = filter_input(INPUT_POST, 'text', FILTER_SANITIZE_STRING);
|
http_response_code(400);
|
||||||
$title = filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING);
|
return [false, 'missing data', [0, 0]];
|
||||||
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
|
}
|
||||||
//$data = $this->getStars($id);
|
$input = array();
|
||||||
$data = array(
|
$input['parent_id'] = filter_input(INPUT_POST, 'parentID', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
||||||
['parent_id'] => $parent_id,
|
$input['name'] = isset($_POST['data']['name']) ? filter_var($_POST['data']['name'], FILTER_SANITIZE_STRING) : null;
|
||||||
['email'] => $email,
|
$input['email'] = isset($_POST['data']['email']) ? filter_var($_POST['data']['email'], FILTER_SANITIZE_EMAIL) : null;
|
||||||
['text'] => $text,
|
$input['text'] = isset($_POST['data']['text']) ? filter_var($_POST['data']['text'], FILTER_SANITIZE_STRING) : null;
|
||||||
['title'] => $title,
|
$input['date'] = isset($_POST['data']['date']) ? filter_var($_POST['data']['date'], FILTER_SANITIZE_STRING) : null;
|
||||||
['name'] => $name,
|
$input['title'] = isset($_POST['data']['title']) ? filter_var($_POST['data']['title'], FILTER_SANITIZE_STRING) : null;
|
||||||
);
|
$input['lang'] = isset($_POST['data']['lang']) ? filter_var($_POST['data']['lang'], FILTER_SANITIZE_STRING) : null;
|
||||||
|
$input['path'] = isset($_POST['data']['path']) ? filter_var($_POST['data']['path'], FILTER_SANITIZE_STRING) : null;
|
||||||
|
$input['form-name'] = filter_input(INPUT_POST, 'form-name', FILTER_SANITIZE_STRING);
|
||||||
|
$input['form-nonce'] = filter_input(INPUT_POST, 'form-nonce', FILTER_SANITIZE_STRING);
|
||||||
|
/*
|
||||||
|
foreach ($_POST['data'] as $field) {
|
||||||
|
if (isset($field['name']) && isset($field['value'])) {
|
||||||
|
switch ($field['name']) {
|
||||||
|
case 'data[name]':
|
||||||
|
$input['name'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||||
|
break;
|
||||||
|
case 'data[email]':
|
||||||
|
$input['email'] = filter_var($field['value'], FILTER_SANITIZE_EMAIL);
|
||||||
|
break;
|
||||||
|
case 'data[text]':
|
||||||
|
$input['text'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||||
|
break;
|
||||||
|
case 'data[date]':
|
||||||
|
$input['date'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||||
|
break;
|
||||||
|
case 'data[title]':
|
||||||
|
$input['title'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||||
|
break;
|
||||||
|
case 'data[lang]':
|
||||||
|
$input['lang'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||||
|
break;
|
||||||
|
case 'data[path]':
|
||||||
|
$input['path'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||||
|
break;
|
||||||
|
case '__form-name__':
|
||||||
|
$input['form-name'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||||
|
break;
|
||||||
|
case 'form-nonce':
|
||||||
|
$input['form-nonce'] = filter_var($field['value'], FILTER_SANITIZE_STRING); //$this->grav['uri']->param('nonce');
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
//ignore unexpected fields.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
if (!Utils::verifyNonce($input['form-nonce'], 'comments')) {
|
||||||
|
http_response_code(403);
|
||||||
|
return [false, 'Invalid security nonce', [$_POST, $input['form-nonce']]];
|
||||||
|
}
|
||||||
// ensure both values are sent
|
// ensure both values are sent
|
||||||
if (is_null($title) || is_null($text)) {
|
if (is_null($input['title']) || is_null($input['text'])) {
|
||||||
|
// Set a 400 (bad request) response code and exit.
|
||||||
|
http_response_code(400);
|
||||||
return [false, 'missing either text or title', [0, 0]];
|
return [false, 'missing either text or title', [0, 0]];
|
||||||
//return [false, $language->translate('PLUGIN_COMMENTS.FAIL'), $data];
|
//return [false, $language->translate('PLUGIN_COMMENTS.FAIL'), $data];
|
||||||
}
|
}
|
||||||
|
$language = $this->grav['language'];
|
||||||
|
//$data = $this->getStars($id);
|
||||||
|
$data = array(
|
||||||
|
'parent_id' => $input['parent_id'],
|
||||||
|
'email' => $input['email'],
|
||||||
|
'text' => $input['text'],
|
||||||
|
'title' => $input['title'],
|
||||||
|
'name' => $input['name'],
|
||||||
|
'id' => 99,
|
||||||
|
'level' => 0,
|
||||||
|
'hash' => md5(strtolower(trim($input['email']))),
|
||||||
|
);
|
||||||
// sanity checks for parents
|
// sanity checks for parents
|
||||||
if ($parent_id < 0) {
|
if ($data['parent_id'] < 0) {
|
||||||
$parent_id = 0;
|
$data['parent_id'] = 0;
|
||||||
} elseif ($parent_id > 999 ) { //TODO: Change to 'exists in list of comment ids
|
} elseif ($data['parent_id'] > 999 ) { //TODO: Change to 'exists in list of comment ids
|
||||||
$parent_id = 0;
|
$data['parent_id'] = 0;
|
||||||
}
|
}
|
||||||
//$this->saveVoteData($id, $rating);
|
//$this->saveVoteData($id, $rating);
|
||||||
|
// Set a 500 (internal server error) response code.
|
||||||
|
// http_response_code(500);
|
||||||
//$data = $this->getStars($id);
|
//$data = $this->getStars($id);
|
||||||
return [true, $language->translate('PLUGIN_COMMENTS.SUCCESS'), $data];
|
return [true, $language->translate('PLUGIN_COMMENTS.SUCCESS'), $data];
|
||||||
}
|
}
|
||||||
|
@ -485,6 +559,9 @@ class CommentsPlugin extends Plugin
|
||||||
* Return the latest commented pages
|
* Return the latest commented pages
|
||||||
*/
|
*/
|
||||||
private function setCommentLevels($comments) {
|
private function setCommentLevels($comments) {
|
||||||
|
if(!is_array($comments)) {
|
||||||
|
return $comments;
|
||||||
|
}
|
||||||
$levelsflat = array();
|
$levelsflat = array();
|
||||||
foreach($comments as $key => $comment) {
|
foreach($comments as $key => $comment) {
|
||||||
$levelsflat[$comment['id']]['parent'] = $comment['parent'];
|
$levelsflat[$comment['id']]['parent'] = $comment['parent'];
|
||||||
|
|
Loading…
Reference in New Issue