paulj/hpr_hub
1
0
Fork 0
forked from HPR/hpr_hub
Code Pull Requests Activity

A series of fixes related to stuff I came across

Browse Source
This commit is contained in:
Ken Fallon
2023-12-28 20:00:28 +01:00
parent 90d0b435a5
commit e2474d07ca
7 changed files with 122 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
cms/comment_process.php
View File

@@ -37,7 +37,7 @@ else {
naughty("868d9cc49b2f1e4a9319a8e8755d6189 wrong key type");
}
if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) {
if ( !in_array($_GET["action"], array('publish','approve','delete','block'), true ) ) {
naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df wrong action");
}
else {
@@ -81,17 +81,33 @@ if ( $action === 'delete' ) {
http_response_code(202);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
unlink( "${file}" );
exit;
}
if ( $action === 'approve' ) {
unlink( "${file}" );
$db["http_code"] = "200";
$db["action"] = "approve";
http_response_code(200);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
exit;
}
if ( $action === 'publish' ) {
$comment = file_get_contents("$file");
$json = json_decode($comment, true);
require "/home/hpr/public_html_hub/cms/comment_checks.php";
$ep_num = mysqli_real_escape_string( $connection, $ep_num );
$comment_timestamp_db = mysqli_real_escape_string( $connection, $comment_timestamp_db );
$comment_author_name = mysqli_real_escape_string( $connection, $comment_author_name );
$comment_title = mysqli_real_escape_string( $connection, $comment_title );
$comment_text = mysqli_real_escape_string( $connection,$comment_text );
// OK I believe you
if ( strcmp($justification, "No justification is asked for or required.") !== 0 ) {
@@ -106,6 +122,7 @@ if ( $action === 'approve' ) {
}
}
$query_add = "INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text) VALUES ( '{$ep_num}', '{$comment_timestamp_db}', '{$comment_author_name}', '{$comment_title}', '{$comment_text}')";
$result = mysqli_query($connection, $query_add );
@@ -124,12 +141,12 @@ if ( $action === 'approve' ) {
if ( empty($db["id"]) ) {
naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
}
unlink( "${file}" );
$db["http_code"] = "200";
$db["action"] = "approve";
$db["action"] = "publish";
http_response_code(200);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
unlink( "${file}" );
exit;
}