* Allow comment sidebar plugin to only show coments for entries
that are allowed to be viewed by the current visitor.
This commit is contained in:
Garvin Hicking
@ -3,6 +3,9 @@
|
|||||||
Version 1.5 ()
|
Version 1.5 ()
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
* Allow comment sidebar plugin to only show coments for entries
|
||||||
|
that are allowed to be viewed by the current visitor.
|
||||||
|
|
||||||
* Also use htmlspecialchars() for the Recent Entries sidebar plugin
|
* Also use htmlspecialchars() for the Recent Entries sidebar plugin
|
||||||
(Anson)
|
(Anson)
|
||||||
|
|
||||||
|
|||||||
@ -22,7 +22,7 @@ class serendipity_plugin_comments extends serendipity_plugin
|
|||||||
$propbag->add('description', PLUGIN_COMMENTS_BLAHBLAH);
|
$propbag->add('description', PLUGIN_COMMENTS_BLAHBLAH);
|
||||||
$propbag->add('stackable', true);
|
$propbag->add('stackable', true);
|
||||||
$propbag->add('author', 'Garvin Hicking, Tadashi Jokagi, Judebert, G. Brockhaus');
|
$propbag->add('author', 'Garvin Hicking, Tadashi Jokagi, Judebert, G. Brockhaus');
|
||||||
$propbag->add('version', '1.13');
|
$propbag->add('version', '1.14');
|
||||||
$propbag->add('requirements', array(
|
$propbag->add('requirements', array(
|
||||||
'serendipity' => '0.8',
|
'serendipity' => '0.8',
|
||||||
'smarty' => '2.6.7',
|
'smarty' => '2.6.7',
|
||||||
@ -36,12 +36,31 @@ class serendipity_plugin_comments extends serendipity_plugin
|
|||||||
'max_entries',
|
'max_entries',
|
||||||
'dateformat',
|
'dateformat',
|
||||||
'viewmode',
|
'viewmode',
|
||||||
'showurls'));
|
'showurls',
|
||||||
|
'authorid'));
|
||||||
}
|
}
|
||||||
|
|
||||||
function introspect_config_item($name, &$propbag)
|
function introspect_config_item($name, &$propbag)
|
||||||
{
|
{
|
||||||
switch($name) {
|
switch($name) {
|
||||||
|
case 'authorid':
|
||||||
|
$authors = array('all' => ALL_AUTHORS, 'login' => CURRENT_AUTHOR);
|
||||||
|
/*
|
||||||
|
$row_authors = serendipity_db_query("SELECT realname, authorid FROM {$serendipity['dbPrefix']}authors");
|
||||||
|
if (is_array($row_authors)) {
|
||||||
|
foreach($row_authors as $row) {
|
||||||
|
$authors[$row['authorid']] = $row['realname'];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
$propbag->add('type', 'select');
|
||||||
|
$propbag->add('name', CATEGORIES_TO_FETCH);
|
||||||
|
$propbag->add('description', CATEGORIES_TO_FETCH_DESC);
|
||||||
|
$propbag->add('select_values', $authors);
|
||||||
|
$propbag->add('default', 'all');
|
||||||
|
break;
|
||||||
|
|
||||||
case 'showurls':
|
case 'showurls':
|
||||||
$urltypes = array(
|
$urltypes = array(
|
||||||
'none' => NONE,
|
'none' => NONE,
|
||||||
@ -137,32 +156,40 @@ class serendipity_plugin_comments extends serendipity_plugin
|
|||||||
|
|
||||||
$viewtype = '';
|
$viewtype = '';
|
||||||
if ($this->get_config('viewmode') == 'comments') {
|
if ($this->get_config('viewmode') == 'comments') {
|
||||||
$viewtype .= ' AND c.type = \'NORMAL\'';
|
$viewtype .= ' AND co.type = \'NORMAL\'';
|
||||||
} elseif ($this->get_config('viewmode') == 'trackbacks') {
|
} elseif ($this->get_config('viewmode') == 'trackbacks') {
|
||||||
$viewtype .= ' AND (c.type = \'TRACKBACK\' OR c.type = \'PINGBACK\')';
|
$viewtype .= ' AND (co.type = \'TRACKBACK\' OR co.type = \'PINGBACK\')';
|
||||||
}
|
}
|
||||||
|
|
||||||
$q = 'SELECT c.body AS comment,
|
$cond = array();
|
||||||
c.timestamp AS stamp,
|
$cond['and'] = ' AND e.isdraft = \'false\' ';
|
||||||
c.author AS user,
|
if ($this->get_config('authorid') == 'login') {
|
||||||
|
serendipity_ACL_SQL($cond, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
$q = 'SELECT co.body AS comment,
|
||||||
|
co.timestamp AS stamp,
|
||||||
|
co.author AS user,
|
||||||
e.title AS subject,
|
e.title AS subject,
|
||||||
e.timestamp AS entrystamp,
|
e.timestamp AS entrystamp,
|
||||||
e.id AS entry_id,
|
e.id AS entry_id,
|
||||||
c.id AS comment_id,
|
co.id AS comment_id,
|
||||||
c.type AS comment_type,
|
co.type AS comment_type,
|
||||||
c.url AS comment_url,
|
co.url AS comment_url,
|
||||||
c.title AS comment_title,
|
co.title AS comment_title,
|
||||||
c.email AS comment_email
|
co.email AS comment_email
|
||||||
FROM '.$serendipity['dbPrefix'].'comments AS c,
|
FROM '.$serendipity['dbPrefix'].'comments AS co,
|
||||||
'.$serendipity['dbPrefix'].'entries AS e
|
'.$serendipity['dbPrefix'].'entries AS e
|
||||||
WHERE e.id = c.entry_id
|
' . $cond['joins'] . '
|
||||||
AND NOT (c.type = \'TRACKBACK\' AND c.author = \'' . serendipity_db_escape_string($serendipity['blogTitle']) . '\' AND c.title != \'\')
|
WHERE e.id = co.entry_id
|
||||||
AND e.isdraft = \'false\'
|
AND NOT (co.type = \'TRACKBACK\' AND co.author = \'' . serendipity_db_escape_string($serendipity['blogTitle']) . '\' AND co.title != \'\')
|
||||||
AND c.status = \'approved\'
|
AND co.status = \'approved\'
|
||||||
' . $viewtype . '
|
' . $viewtype . '
|
||||||
ORDER BY c.timestamp DESC
|
' . $cond['and'] . '
|
||||||
|
ORDER BY co.timestamp DESC
|
||||||
LIMIT ' . $max_entries;
|
LIMIT ' . $max_entries;
|
||||||
$sql = serendipity_db_query($q);
|
$sql = serendipity_db_query($q);
|
||||||
|
// echo $q;
|
||||||
|
|
||||||
if ($sql && is_array($sql)) {
|
if ($sql && is_array($sql)) {
|
||||||
foreach($sql AS $key => $row) {
|
foreach($sql AS $key => $row) {
|
||||||
|
|||||||
Reference in New Issue
Block a user