validate ajax input
This commit is contained in:
parent
cace16f606
commit
d70f109776
|
@ -1,82 +1,130 @@
|
|||
$(document).ready(function () {
|
||||
|
||||
function PhpComment(element) {
|
||||
this.element = element;
|
||||
this.init();
|
||||
}
|
||||
|
||||
PhpComment.prototype.init = function () {
|
||||
this.setupVariables();
|
||||
this.setupEvents();
|
||||
}
|
||||
|
||||
PhpComment.prototype.setupVariables = function () {
|
||||
this.commentForm = this.element.find(".comments-form");
|
||||
this.titleField = this.element.find("#comment_title");
|
||||
this.bodyField = this.element.find("#comment_body");
|
||||
}
|
||||
|
||||
PhpComment.prototype.setupEvents = function () {
|
||||
var phpComment = this,
|
||||
newMedia;
|
||||
|
||||
$.ajax({
|
||||
url: '/media_template.php',
|
||||
method: 'GET',
|
||||
dataType: 'html',
|
||||
success: function (data) {
|
||||
newMedia = data;
|
||||
}
|
||||
});
|
||||
|
||||
phpComment.commentForm.on("submit", function (e) {
|
||||
e.preventDefault();
|
||||
var parentId = 0,
|
||||
title = phpComment.titleField.val(),
|
||||
body = phpComment.bodyField.val();
|
||||
|
||||
if(phpComment.commentForm.parents(".comment").length > 0){
|
||||
parentId = phpComment.commentForm.closest(".comment").attr("data-Id");
|
||||
}
|
||||
|
||||
$.ajax({
|
||||
url: phpComment.commentForm.attr("action"),
|
||||
method: 'POST',
|
||||
dataType: 'json',
|
||||
data: {title: title, body: body, parentId: parentId},
|
||||
success: function (data) {
|
||||
if(!data.created){
|
||||
alert("Couldn't create comment");
|
||||
return;
|
||||
}
|
||||
|
||||
newMedia = newMedia.replace("{{id}}", data.id);
|
||||
newMedia = newMedia.replace("{{title}}", title);
|
||||
newMedia = newMedia.replace("{{body}}", body);
|
||||
newMedia = newMedia.replace("{{nested}}", '');
|
||||
phpComment.commentForm.before(newMedia);
|
||||
phpComment.titleField.val("");
|
||||
phpComment.bodyField.val("");
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
$(document).on("click", ".comment-add-new", function (e) {
|
||||
e.preventDefault();
|
||||
$(this).find(".comments").before(phpComment.commentForm);
|
||||
});
|
||||
$(document).on("click", ".comment-add-reply", function (e) {
|
||||
e.preventDefault();
|
||||
var media = $(this).closest(".comment");
|
||||
media.find(">.comment-body>.comment-text").after(phpComment.commentForm);
|
||||
});
|
||||
}
|
||||
|
||||
$.fn.phpComment = function (options) {
|
||||
new PhpComment(this);
|
||||
return this;
|
||||
}
|
||||
|
||||
$(".comments").phpComment();
|
||||
|
||||
jQuery(document).ready(function () {
|
||||
var commentForm = $(document).find('.comments-form');
|
||||
var commentSection = $(document).find('.comments').first();
|
||||
var commentAlert = commentForm.closest('.alert');
|
||||
//var newMedia;
|
||||
//hide form, show link
|
||||
commentForm.hide();
|
||||
$(document).find('.comment-add-new').show();
|
||||
//get template for inserting new comments
|
||||
/*
|
||||
$.ajax({
|
||||
url: '/media_template.php',
|
||||
method: 'GET',
|
||||
dataType: 'html',
|
||||
success: function (data) {
|
||||
newMedia = data;
|
||||
}
|
||||
});
|
||||
*/
|
||||
$('body').on('click', '.comment-add-new-sadf', function (e) {
|
||||
e.preventDefault();
|
||||
alert('asdf');
|
||||
$('span').stop().css('opacity', 1).text('myName = ' + e.name).fadeIn(30).fadeOut(1000);
|
||||
});
|
||||
//show comment form above comments section (new comment thread)
|
||||
$('body').on('click', '.comment-add-new', function (e) {
|
||||
e.preventDefault();
|
||||
//commentForm.hide(1000);
|
||||
//commentSection.before(commentForm);
|
||||
$(this).before(commentForm);
|
||||
commentForm.show('slow');
|
||||
//$(this).slideUp();
|
||||
});
|
||||
//show comment form below selected comment (reply to existing comment)
|
||||
$('body').on('click', '.comment-add-reply', function (e) {
|
||||
e.preventDefault();
|
||||
var media = $(this).closest('.comment');
|
||||
commentForm.hide();
|
||||
media.find('>.comment-body>.comment-text').after(commentForm);
|
||||
commentForm.show('slow');
|
||||
});
|
||||
// Attach a submit handler to the form
|
||||
$(commentForm).on('submit', function (event) {
|
||||
event.preventDefault();
|
||||
// Get some values from elements on the page:
|
||||
//var term = $(this).find( "input[name='s']" ).val();
|
||||
//var data = $(this).serializeArray();
|
||||
var data = $(this).serialize();
|
||||
console.log("Form Data (submit)", JSON.parse(JSON.stringify(data)));
|
||||
//var url = $(this).attr( "action" );
|
||||
var url = '/nested-comments';
|
||||
var parentId = 0;
|
||||
if ($(this).parents('.comment').length > 0) {
|
||||
parentId = $(this).closest('.comment').attr('data-Id');
|
||||
}
|
||||
// Send the data using post
|
||||
|
||||
//var posting = $.post(url, { parentId: parentId, data: data }, null, 'json');
|
||||
var posting = $.post(url, data + '&parentID=' + parentId, null, 'json');
|
||||
//$.post( "test.php", $( "#testform" ).serialize() );
|
||||
// Put the results in a div
|
||||
posting.done(function (response) {
|
||||
alert('success');
|
||||
console.log("Response Data (done)", JSON.parse(JSON.stringify(response)));
|
||||
//response = JSON.parse(response);
|
||||
var message = response.status ? response.message : 'Error: ' + response.message;
|
||||
commentForm.after(commentAlert);
|
||||
commentAlert.empty().append(message);
|
||||
if (!response.status) {
|
||||
return;
|
||||
}
|
||||
if (response.status) {
|
||||
var newMedia = `
|
||||
<div class='comment comment-level-{{comment.level|e}}' data-Id='{{comment.id}}' >
|
||||
<div class='comment-left'>
|
||||
<a href='#'>
|
||||
<img class='comment-object' src='https://www.gravatar.com/avatar/{{comment.email|trim|lower|md5}}?d=identicon' alt='user icon'>
|
||||
</a>
|
||||
</div>
|
||||
<div class='comment-body'>
|
||||
<div class='comment-heading'>
|
||||
<div class='comment-title'><h4>{{comment.title}}</h4></div>
|
||||
<div class='comment-reply'><a class='comment-add-reply' href='#'>{{'PLUGIN_COMMENTS.ADD_REPLY'|t}}</a></div>
|
||||
<div class='comment-meta'>{{'PLUGIN_COMMENTS.WRITTEN_ON'|t}} {{comment.date|e}} {{'PLUGIN_COMMENTS.BY'|t}} {{comment.author}}</div>
|
||||
</div>
|
||||
<div class='comment-text' >
|
||||
{{comment.text}}
|
||||
</div>
|
||||
{{nested}}
|
||||
</div>
|
||||
</div>
|
||||
`;
|
||||
newMedia = newMedia.replace('{{comment.id}}', response.id);
|
||||
newMedia = newMedia.replace('{{comment.level|e}}', response.level);
|
||||
newMedia = newMedia.replace('{{comment.email|trim|lower|md5}}', response.hash);
|
||||
newMedia = newMedia.replace('{{parent_id}}', response.data.parent_id);
|
||||
newMedia = newMedia.replace('{{comment.title}}', response.data.title);
|
||||
newMedia = newMedia.replace('{{comment.text}}', response.data.text);
|
||||
newMedia = newMedia.replace('{{comment.author}}', response.data.name);
|
||||
//newMedia = newMedia.replace('{{comment.date|e}}', response.data.name);
|
||||
if ($( "div[data-Id='" + response.data.parent_id + "']" ).length > 0) {
|
||||
$( "div[data-Id='" + response.data.parent_id + "']" ).first().after(newMedia);
|
||||
} else {
|
||||
$( "div.comments" ).last().prepend(newMedia);
|
||||
}
|
||||
//phpComment.commentForm.before(newMedia);
|
||||
//phpComment.titleField.val("");
|
||||
//phpComment.bodyField.val("");
|
||||
}
|
||||
setTimeout(function () {
|
||||
commentForm.hide(3000);
|
||||
}, 5000);
|
||||
});
|
||||
posting.fail(function (status, error, title) {
|
||||
alert('error');
|
||||
console.log("Response Data (fail)", JSON.parse(JSON.stringify(status)));
|
||||
commentForm.after(commentAlert);
|
||||
commentAlert.empty().append("<p>TEST</p>");
|
||||
commentAlert.append("<p>" + status + "</p>");
|
||||
commentAlert.append("<p>" + error + "</p>");
|
||||
commentAlert.append("<p>" + title + "</p>");
|
||||
});
|
||||
posting.always(function (test) {
|
||||
//alert("finished, be it successful or not");
|
||||
//test = JSON.parse(test);
|
||||
//test = test.serialize();
|
||||
//alert(test);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
133
comments.php
133
comments.php
|
@ -73,9 +73,15 @@ class CommentsPlugin extends Plugin
|
|||
|
||||
$disable_on_routes = (array) $this->config->get('plugins.comments.disable_on_routes');
|
||||
$enable_on_routes = (array) $this->config->get('plugins.comments.enable_on_routes');
|
||||
$callback = $this->config->get('plugins.comments.ajax_callback');
|
||||
|
||||
$path = $uri->path();
|
||||
|
||||
if ($callback === $path) {
|
||||
$this->enable = true;
|
||||
return;
|
||||
}
|
||||
|
||||
if (!in_array($path, $disable_on_routes)) {
|
||||
if (in_array($path, $enable_on_routes)) {
|
||||
$this->enable = true;
|
||||
|
@ -163,58 +169,126 @@ class CommentsPlugin extends Plugin
|
|||
*/
|
||||
public function onPageInitialized()
|
||||
{
|
||||
$is_ajax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
|
||||
// initialize with page settings (post-cache)
|
||||
// if (!$this->isAdmin() && isset($this->grav['page']->header()->{'star-ratings'})) {
|
||||
// // if not in admin merge potential page-level configs
|
||||
// $this->config->set('plugins.star-ratings', $this->mergeConfig($page));
|
||||
// }
|
||||
$this->callback = 'nested-comments';
|
||||
// $this->callback = $this->config->get('plugins.star-ratings.callback');
|
||||
// $this->total_stars = $this->config->get('plugins.star-ratings.total_stars');
|
||||
// $this->only_full_stars = $this->config->get('plugins.star-ratings.only_full_stars');
|
||||
|
||||
$callback = $this->config->get('plugins.comments.ajax_callback');
|
||||
// Process comment if required
|
||||
if ($this->callback === $this->grav['uri']->path()) {
|
||||
if ($is_ajax || $callback === $this->grav['uri']->path()) {
|
||||
// try to add the comment
|
||||
$result = $this->addComment();
|
||||
echo json_encode(['status' => $result[0], 'message' => $result[1], 'data' => ['score' => $result[2][0], 'count' => $result[2][1]]]);
|
||||
exit();
|
||||
echo json_encode([
|
||||
'status' => $result[0],
|
||||
'message' => $result[1],
|
||||
'data' => $result[2],
|
||||
// 'data' => [
|
||||
// 'score' => $result[2][0],
|
||||
// 'count' => $result[2][1]
|
||||
// ]
|
||||
]);
|
||||
exit(); //prevents the page frontend from beeing displayed.
|
||||
}
|
||||
}
|
||||
|
||||
public function addComment()
|
||||
{
|
||||
$nonce = $this->grav['uri']->param('nonce');
|
||||
if (!Utils::verifyNonce($nonce, 'comments')) {
|
||||
return [false, 'Invalid security nonce', [0, 0]];
|
||||
}
|
||||
$language = $this->grav['language'];
|
||||
if (!$_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
// Not a POST request, set a 403 (forbidden) response code.
|
||||
http_response_code(403);
|
||||
return [false, 'There was a problem with your submission, please try again.', [0, 0]];
|
||||
}
|
||||
// get and filter the data
|
||||
$parent_id = filter_input(INPUT_POST, 'parent_id', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
||||
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
|
||||
$text = filter_input(INPUT_POST, 'text', FILTER_SANITIZE_STRING);
|
||||
$title = filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING);
|
||||
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
|
||||
//$data = $this->getStars($id);
|
||||
$data = array(
|
||||
['parent_id'] => $parent_id,
|
||||
['email'] => $email,
|
||||
['text'] => $text,
|
||||
['title'] => $title,
|
||||
['name'] => $name,
|
||||
);
|
||||
if (!isset($_POST['data']) || !is_array($_POST['data'])) {
|
||||
// Set a 400 (bad request) response code and exit.
|
||||
http_response_code(400);
|
||||
return [false, 'missing data', [0, 0]];
|
||||
}
|
||||
$input = array();
|
||||
$input['parent_id'] = filter_input(INPUT_POST, 'parentID', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
|
||||
$input['name'] = isset($_POST['data']['name']) ? filter_var($_POST['data']['name'], FILTER_SANITIZE_STRING) : null;
|
||||
$input['email'] = isset($_POST['data']['email']) ? filter_var($_POST['data']['email'], FILTER_SANITIZE_EMAIL) : null;
|
||||
$input['text'] = isset($_POST['data']['text']) ? filter_var($_POST['data']['text'], FILTER_SANITIZE_STRING) : null;
|
||||
$input['date'] = isset($_POST['data']['date']) ? filter_var($_POST['data']['date'], FILTER_SANITIZE_STRING) : null;
|
||||
$input['title'] = isset($_POST['data']['title']) ? filter_var($_POST['data']['title'], FILTER_SANITIZE_STRING) : null;
|
||||
$input['lang'] = isset($_POST['data']['lang']) ? filter_var($_POST['data']['lang'], FILTER_SANITIZE_STRING) : null;
|
||||
$input['path'] = isset($_POST['data']['path']) ? filter_var($_POST['data']['path'], FILTER_SANITIZE_STRING) : null;
|
||||
$input['form-name'] = filter_input(INPUT_POST, 'form-name', FILTER_SANITIZE_STRING);
|
||||
$input['form-nonce'] = filter_input(INPUT_POST, 'form-nonce', FILTER_SANITIZE_STRING);
|
||||
/*
|
||||
foreach ($_POST['data'] as $field) {
|
||||
if (isset($field['name']) && isset($field['value'])) {
|
||||
switch ($field['name']) {
|
||||
case 'data[name]':
|
||||
$input['name'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||
break;
|
||||
case 'data[email]':
|
||||
$input['email'] = filter_var($field['value'], FILTER_SANITIZE_EMAIL);
|
||||
break;
|
||||
case 'data[text]':
|
||||
$input['text'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||
break;
|
||||
case 'data[date]':
|
||||
$input['date'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||
break;
|
||||
case 'data[title]':
|
||||
$input['title'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||
break;
|
||||
case 'data[lang]':
|
||||
$input['lang'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||
break;
|
||||
case 'data[path]':
|
||||
$input['path'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||
break;
|
||||
case '__form-name__':
|
||||
$input['form-name'] = filter_var($field['value'], FILTER_SANITIZE_STRING);
|
||||
break;
|
||||
case 'form-nonce':
|
||||
$input['form-nonce'] = filter_var($field['value'], FILTER_SANITIZE_STRING); //$this->grav['uri']->param('nonce');
|
||||
break;
|
||||
default:
|
||||
//ignore unexpected fields.
|
||||
}
|
||||
}
|
||||
}
|
||||
*/
|
||||
if (!Utils::verifyNonce($input['form-nonce'], 'comments')) {
|
||||
http_response_code(403);
|
||||
return [false, 'Invalid security nonce', [$_POST, $input['form-nonce']]];
|
||||
}
|
||||
// ensure both values are sent
|
||||
if (is_null($title) || is_null($text)) {
|
||||
if (is_null($input['title']) || is_null($input['text'])) {
|
||||
// Set a 400 (bad request) response code and exit.
|
||||
http_response_code(400);
|
||||
return [false, 'missing either text or title', [0, 0]];
|
||||
//return [false, $language->translate('PLUGIN_COMMENTS.FAIL'), $data];
|
||||
}
|
||||
$language = $this->grav['language'];
|
||||
//$data = $this->getStars($id);
|
||||
$data = array(
|
||||
'parent_id' => $input['parent_id'],
|
||||
'email' => $input['email'],
|
||||
'text' => $input['text'],
|
||||
'title' => $input['title'],
|
||||
'name' => $input['name'],
|
||||
'id' => 99,
|
||||
'level' => 0,
|
||||
'hash' => md5(strtolower(trim($input['email']))),
|
||||
);
|
||||
// sanity checks for parents
|
||||
if ($parent_id < 0) {
|
||||
$parent_id = 0;
|
||||
} elseif ($parent_id > 999 ) { //TODO: Change to 'exists in list of comment ids
|
||||
$parent_id = 0;
|
||||
if ($data['parent_id'] < 0) {
|
||||
$data['parent_id'] = 0;
|
||||
} elseif ($data['parent_id'] > 999 ) { //TODO: Change to 'exists in list of comment ids
|
||||
$data['parent_id'] = 0;
|
||||
}
|
||||
//$this->saveVoteData($id, $rating);
|
||||
// Set a 500 (internal server error) response code.
|
||||
// http_response_code(500);
|
||||
//$data = $this->getStars($id);
|
||||
return [true, $language->translate('PLUGIN_COMMENTS.SUCCESS'), $data];
|
||||
}
|
||||
|
@ -485,6 +559,9 @@ class CommentsPlugin extends Plugin
|
|||
* Return the latest commented pages
|
||||
*/
|
||||
private function setCommentLevels($comments) {
|
||||
if(!is_array($comments)) {
|
||||
return $comments;
|
||||
}
|
||||
$levelsflat = array();
|
||||
foreach($comments as $key => $comment) {
|
||||
$levelsflat[$comment['id']]['parent'] = $comment['parent'];
|
||||
|
|
Loading…
Reference in New Issue