Skip to content
This repository has been archived by the owner on Nov 23, 2021. It is now read-only.

Commit

Permalink
Merge branch 'release/1.5.1'
Browse files Browse the repository at this point in the history
  • Loading branch information
florianpircher committed Oct 29, 2017
2 parents 0a6676c + 0c53d29 commit 1025404
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 60 deletions.
9 changes: 5 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -266,10 +266,10 @@ The following minimal example fulfills all of the requirements above.

Note: The session ID ensures that no duplicated comment is submitted to the page by refreshing the page after having submitted a comment and prevents cross-site request forgery.

For security reasons and to prevent spam, you should not render the form after a comment was submitted. For this, wrap your form in an `if` block checking `$comments->userHasSubmitted()`.
For security reasons and to prevent spam, you should not render the form after a comment was submitted. For this, wrap your form in an `if` block checking `$comments->isSuccessfulSubmission()`.

```html
<?php if ($comments->userHasSubmitted()): ?>
<?php if ($comments->isSuccessfulSubmission()): ?>
<p>Thank you for your comment!</p>
<?php else: ?>
<form ...>
Expand All @@ -296,7 +296,7 @@ Kirby Comments will block any comment submission with a honeypot value other tha

#### Jumping to the Comment

When submitting the form, the page will reload and your scroll position is lost. You can make the browser scroll automatically to the new comment by giving the new comment a unique ID and referencing it in the forms `action` attribute.
When submitting the form, the page will reload and your scroll position is lost. You can make the browser scroll automatically to the new comment by giving the new comment a unique ID and referencing it in the form’s `action` attribute.

```html
<?php foreach ($comments as $comment): ?>
Expand Down Expand Up @@ -835,12 +835,13 @@ This hook is invoked after a comment preview has been successfully generated.
- `$comments`: Comments list containing the previewed comment.
- `$comment`: The previewed comment.

#### `did-save-comment($comments : Comments, $comment : Comment)`
#### `did-save-comment($comments : Comments, $comment : Comment, $commentPage : Page)`

This hook is invoked after a comment has been saved as file.

- `$comments`: Comments list containing the new comment.
- `$comment`: The new comment.
- `$commentPage`: The Kirby page storing the data of the comment.

#### `decide-comments-page-title($page : Page) : string`

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"description": "File-based comments stored as subpages for the Kirby CMS.",
"author": "Florian Pircher <[email protected]>",
"license": "MIT",
"version": "1.5.0",
"version": "1.5.1",
"type": "kirby-plugin",
"repository": {
"type": "git",
Expand Down
83 changes: 68 additions & 15 deletions plugin/Comment.php
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,20 @@ private static function nc($array, $key, $default)
return $default;
}

/**
* Returns `null` for a value of `null` or a whitespace only string. Other
* values are escaped using `strip_tags(trim($value))`.
*
* @param string|null $value
* @return string|null
*/
private static function null_empty_escape($value) {
if ($value === null || trim($value) === '') {
return null;
}
return strip_tags(trim($value));
}

/**
* Constructs a `Comment` from `$_POST`.
*
Expand Down Expand Up @@ -180,16 +194,63 @@ public static function from_post($content_page, $id, $datetime)
return new Comment($content_page, $id, $name, $email_address, $website, $message, $custom_fields, $datetime, $is_preview);
}

/**
* Constructs a `Comment` from a comment page.
*
* @param Page $page A comment page.
* @return Comment
* @throws Exception if no comment could be constructed from `$page`.
*/
public static function form_page($page) {
try {
$content_page = $page->parent()->parent();

// Read custom fields
$custom_fields = array();

if ($page->customfields()->exists()) {
$custom_fields_data = $page->customfields()->yaml();

foreach ($custom_fields_data as $field_name => $value) {
// Construct and add custom field
$type = CommentsFieldType::named($field_name);
// Ignore undefined custom fields
if ($type === null) { continue; }

$field = new CommentsField($type, $value, $content_page, false);
$custom_fields[] = $field;
}
}

$name = $page->name()->exists() ? $page->name()->value() : null;
$email_address = $page->email()->exists() ? $page->email()->value() : null;
$website = $page->website()->exists() ? $page->website()->value() : null;

return new Comment(
$content_page,
$page->cid()->int(),
$name,
$email_address,
$website,
$page->text()->value(),
$custom_fields,
new DateTime(date('c', $page->date()))
);
} catch (Exception $e) {
throw new Exception('Could not construct `Comment` from page.', 102, $e);
}
}

/**
* Comment constructor. Trims the `$name`, `$email_address`, `$website` and
* `$message` values and strips HTML tags from the name, email address and
* website.
*
* @param Page $content_page
* @param integer $id
* @param string $name
* @param string $email_address
* @param string $website
* @param string|null $name
* @param string|null $email_address
* @param string|null $website
* @param string $message
* @param CommentsField[string] $custom_fields
* @param \DateTime $datetime
Expand All @@ -199,23 +260,15 @@ function __construct($content_page, $id, $name, $email_address, $website, $messa
{
$this->content_page = $content_page;
$this->id = $id;
$this->name = trim(strip_tags($name));
$this->email_address = trim(strip_tags($email_address));
$this->website = trim(strip_tags($website));
$this->name = Comment::null_empty_escape($name);
$this->email_address = Comment::null_empty_escape($email_address);
$this->website = Comment::null_empty_escape($website);
$this->message = trim($message);
$this->custom_fields = $custom_fields;
$this->datetime = $datetime;
$this->is_preview = $is_preview === true;

if ($this->email_address === '') {
// Replace empty string value with `null`
$this->email_address = null;
}

if ($this->website === '') {
// Replace empty string value with `null`
$this->website = null;
} elseif (!preg_match('/^https?:/', $this->website)) {
if ($this->website !== null && !preg_match('/^https?:/', $this->website)) {
// Make address absolute (e.g. "example.org" to "http://example.org")
$this->website = 'http://'.$this->website;
}
Expand Down
57 changes: 17 additions & 40 deletions plugin/Comments.php
Original file line number Diff line number Diff line change
Expand Up @@ -182,38 +182,7 @@ function __construct($page)
// Check for existence of stored comments
if ($comments_page != null) {
foreach ($comments_page->children() as $comment_page) {
try {
// Read custom fields
$custom_fields = array();

if ($comment_page->customfields()->exists()) {
$custom_fields_data = $comment_page->customfields()->yaml();

foreach ($custom_fields_data as $field_name => $value) {
// Construct and add custom field
$type = CommentsFieldType::named($field_name);
// Ignore undefined custom fields
if ($type === null) { continue; }

$field = new CommentsField($type, $value, $this->page, false);
$custom_fields[] = $field;
}
}

// Read Main Fields
$this->comments[] = new Comment(
$this->page,
intval(strval($comment_page->cid())),
strval($comment_page->name()),
strval($comment_page->email()),
strval($comment_page->website()),
strval($comment_page->text()),
$custom_fields,
new DateTime(date('c', $comment_page->date()))
);
} catch (Exception $e) {
throw new Exception('Could not construct `Comment` from page.', 102, $e);
}
$this->comments[] = Comment::form_page($comment_page);
}
}

Expand Down Expand Up @@ -358,6 +327,7 @@ public function process()

// Prepare new comment
$new_comment = null;
$comment_page = null;
$new_comment_id = $this->nextCommentId();

try {
Expand Down Expand Up @@ -419,14 +389,21 @@ public function process()

// Save main fields
$contents = array(
'cid' => $new_comment_id,
'date' => $new_comment->date('Y-m-d H:i:s'),
'name' => $new_comment->rawName(),
'email' => $new_comment->rawEmail(),
'website' => $new_comment->rawWebsite(),
'text' => $new_comment->rawMessage(),
'cid' => $new_comment_id,
'date' => $new_comment->date('Y-m-d H:i:s'),
'text' => $new_comment->rawMessage()
);

if ($new_comment->rawName() !== null) {
$contents['name'] = $new_comment->rawName();
}
if ($new_comment->rawEmail() !== null) {
$contents['email'] = $new_comment->rawEmail();
}
if ($new_comment->rawWebsite() !== null) {
$contents['website'] = $new_comment->rawWebsite();
}

// Save custom fields
$custom_fields = $new_comment->customFields();

Expand All @@ -441,7 +418,7 @@ public function process()
}

// Save comment as page
$comments_page->children()->create(
$comment_page = $comments_page->children()->create(
$dirname,
$template,
$contents
Expand All @@ -457,7 +434,7 @@ public function process()

// Did save comment hook
try {
Comments::invokeHook('did-save-comment', array($this, $new_comment));
Comments::invokeHook('did-save-comment', array($this, $new_comment, $comment_page));
} catch (Exception $e) {
$this->status = new CommentsStatus($e->getCode(), $e);
return $this->status;
Expand Down

0 comments on commit 1025404

Please sign in to comment.