diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions.inc.php | 16 | ||||
| -rw-r--r-- | include/functions_comment.inc.php | 16 | ||||
| -rw-r--r-- | include/picture_comment.inc.php | 7 |
3 files changed, 36 insertions, 3 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index 12be821e7..14ee6b42c 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1692,4 +1692,20 @@ function mobile_theme() return $is_mobile_theme; } + +/** + * check url format + */ +function url_check_format($url) +{ + if (version_compare(PHP_VERSION, '5.2.0') >= 0) + { + return filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED)!==false; + } + else + { + // http://mathiasbynens.be/demo/url-regex @imme_emosol + return (bool)preg_match('@^https?://(-\.)?([^\s/?\.#-]+\.?)+(/[^\s]*)?$@iS', $url); + } +} ?>
\ No newline at end of file diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 51e83cd81..e812a1c6f 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -127,6 +127,17 @@ SELECT COUNT(*) AS user_exists $_POST['cr'][] = 'key'; // rvelices: I use this outside to see how spam robots work } + // website + if ( !empty($comm['website_url']) and !preg_match('/^https?/i', $comm['website_url']) ) + { + $comm['website_url'] = 'http://'.$comm['website_url']; + } + if ( !empty($comm['website_url']) and !url_check_format($comm['website_url']) ) + { + array_push($infos, l10n('Your website URL is invalid')); + $comment_action='reject'; + } + // anonymous id = ip address $ip_components = explode('.', $comm['ip']); if (count($ip_components) > 3) @@ -168,7 +179,7 @@ SELECT count(1) FROM '.COMMENTS_TABLE.' { $query = ' INSERT INTO '.COMMENTS_TABLE.' - (author, author_id, anonymous_id, content, date, validated, validation_date, image_id) + (author, author_id, anonymous_id, content, date, validated, validation_date, image_id, website_url) VALUES ( \''.$comm['author'].'\', '.$comm['author_id'].', @@ -177,7 +188,8 @@ INSERT INTO '.COMMENTS_TABLE.' NOW(), \''.($comment_action=='validate' ? 'true':'false').'\', '.($comment_action=='validate' ? 'NOW()':'NULL').', - '.$comm['image_id'].' + '.$comm['image_id'].', + '.(!empty($comm['website_url']) ? '\''.$comm['website_url'].'\'' : 'NULL').' ) '; diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index 380a66d5a..631f85596 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -48,6 +48,7 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) $comm = array( 'author' => trim( @$_POST['author'] ), 'content' => trim( $_POST['content'] ), + 'website_url' => trim( $_POST['website_url'] ), 'image_id' => $page['image_id'], ); @@ -145,6 +146,7 @@ SELECT '.$conf['user_fields']['username'].' AS username, date, image_id, + website_url, content, validated FROM '.COMMENTS_TABLE.' AS com @@ -178,6 +180,7 @@ SELECT 'AUTHOR' => trigger_event('render_comment_author', $author), 'DATE' => format_date($row['date'], true), 'CONTENT' => trigger_event('render_comment_content',$row['content']), + 'WEBSITE_URL' => $row['website_url'], ); if (can_manage_comment('delete', $row['author_id'])) @@ -241,11 +244,12 @@ SELECT if ($show_add_comment_form) { $key = get_ephemeral_key(3, $page['image_id']); - $content = $author = ''; + $content = $author = $website_url = ''; if ('reject'===@$comment_action) { $content = htmlspecialchars( stripslashes($comm['content']) ); $author = htmlspecialchars( stripslashes($comm['author']) ); + $website_url = htmlspecialchars( stripslashes($comm['website_url']) ); } $template->assign('comment_add', array( @@ -254,6 +258,7 @@ SELECT 'CONTENT' => $content, 'SHOW_AUTHOR' => !is_classic_user(), 'AUTHOR' => $author , + 'WEBSITE_URL' => $website_url, )); } } |