local cuid="$1" username="$2" text="$3"
local db="$comments_file"
+ [ ! "$cuid" -o ! "$username" -o ! "$text" ] \
+ && REDIRECT "${_BASE}${PATH_INFO}#ERROR_COMMENT_INVALID"
+
mkdir -p "${comments_file%/*}" || REDIRECT "${_BASE}${PATH_INFO}#ERROR_COMMENT_NOCREAT"
if LOCK "$db"; then
if grep -qE "^${cuid} " "$db"; then
local db="$comments_file"
local ousername sid time otext
+ [ ! "$cuid" -o ! "$username" -o ! "$text" ] \
+ && REDIRECT "${_BASE}${PATH_INFO}#ERROR_COMMENT_INVALID"
+
mkdir -p "${comments_file%/*}" || REDIRECT "${_BASE}${PATH_INFO}#ERROR_COMMENT_NOCREAT"
if LOCK "$db"; then
read -r cuid ousername sid time otext <<-EOF
}
[ "$REQUEST_METHOD" = POST ] && case "$(POST action)" in
- postcomment) comments_postcomment "$(POST cuid)" "$(POST username)" "$(POST text)";;
- updatecomment) comments_updatecomment "$(POST cuid)" "$(POST updatekey)" "$(POST username)" "$(POST text)";;
+ postcomment) comments_postcomment \
+ "$(POST cuid |checkid)" \
+ "$(POST username |grep -m1 -oE '[^[:space:]].*[^[:space:]]')" \
+ "$(POST text)";;
+ updatecomment) comments_updatecomment \
+ "$(POST cuid |checkid)" "$(POST updatekey)" \
+ "$(POST username |grep -m1 -oE '[^[:space:]].*[^[:space:]]')" \
+ "$(POST text)";;
cancelcommentpost) REDIRECT "${_BASE}${PATH_INFO}#comments";;
- cancelcommentedit) REDIRECT "${_BASE}${PATH_INFO}#comment_$(POST cuid)";;
+ cancelcommentedit) REDIRECT "${_BASE}${PATH_INFO}#comment_$(POST cuid |checkid)";;
esac
w_comments() {
[hidden "cuid" "$(timeid)"]
[input name=username placeholder="Your Name" autocomplete=off]
[textarea name=text placeholder="Your Text"]
+ [label .legend You can use Markdown formatting for the comment text. Comments can be edited up to a short time after they have been posted.]
[submit "action" "cancelcommentpost" Cancel][submit "action" "postcomment" . Post Comment]
]
EOF
[submit "action" "cancelcommentedit" Cancel][submit "action" "updatecomment" . Update Comment]
]' "$cuid" "$cuid" "$(session_mac "${username}|${time}|${text}")" \
"$(UNSTRING "$username" |HTML)" "$(UNSTRING "$text" |HTML)"
- elif [ "$username" -a "$edit" = "$cuid" ]; then
- printf '[div .comment #comment_%s [h3 . %s, %s:][span .error You cannot edit this comment][div . %s]]' \
- "$cuid" "$(UNSTRING "$username" |HTML)" "$(date -d "@${time%%,*}")" \
- "$(UNSTRING "$text" |markdown)"
- elif [ "$username" -a "$sid" = "$SESSION_ID" ]; then
- printf '[div .comment #comment_%s [h3 . %s, %s:][a href="?editcomment=%s#comment_%s" edit][div . %s]]' \
- "$cuid" "$(UNSTRING "$username" |HTML)" "$(date -d "@${time%%,*}")" \
- "$cuid" "$cuid" "$(UNSTRING "$text" |markdown)"
elif [ "$username" -a "$text" ]; then
- printf '[div .comment #comment_%s [h3 . %s, %s:][div . %s]]' \
- "$cuid" "$(UNSTRING "$username" |HTML)" "$(date -d "@${time%%,*}")" \
- "$(UNSTRING "$text" |markdown)"
+ printf '[div .comment #comment_%s [h3 . %s:]' "$cuid" "$(UNSTRING "$username" |HTML)"
+ printf '[span .time [label posted] %s]' "$(date -d "@${time%,*}")"
+ [ "${time}" != "${time%,*}" ] \
+ && printf '[span .update [label updated] %s]' "$(date -d "@${time#*,}")"
+ [ "$edit" = "$cuid" ] \
+ && printf '[span .error You cannot edit this comment]'
+ [ "$sid" = "$SESSION_ID" ] \
+ && printf '[a .edit href="?editcomment=%s#comment_%s" edit]' "$cuid" "$cuid"
+ printf '[div . %s]]' "$(UNSTRING "$text" |markdown)"
else
printf '[div .comment .deleted #comment_%s [h3 (deleted)]]' "$cuid"
fi
projects / webpoll / commitdiff