summaryrefslogtreecommitdiffstats
path: root/web/lib/pkgbasefuncs.inc.php
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2017-04-23 12:46:48 +0200
committerLukas Fleischer <lfleischer@archlinux.org>2017-04-23 18:43:26 +0200
commit016b40f99d679f0787f7c8a5f61f4a411b6c3632 (patch)
tree587e6326208d2b241a4f719e6db55b765b92df4b /web/lib/pkgbasefuncs.inc.php
parent4abde895a5b579fb798e062806c8fef2289f0d8f (diff)
downloadaur-016b40f99d679f0787f7c8a5f61f4a411b6c3632.tar.gz
aur-016b40f99d679f0787f7c8a5f61f4a411b6c3632.tar.xz
Render comments when storing them in the database
Instead of converting package comments from plain text to HTML code when they are displayed, do the conversion when the comment is posted and store the rendered result in the database. The conversion itself is done by a Python script which uses Bleach for sanitizing the text. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/lib/pkgbasefuncs.inc.php')
-rw-r--r--web/lib/pkgbasefuncs.inc.php40
1 files changed, 36 insertions, 4 deletions
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 57933e86..3e783094 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -54,7 +54,7 @@ function pkgbase_comments($base_id, $limit, $include_deleted, $only_pinned=false
$dbh = DB::connect();
$q = "SELECT PackageComments.ID, A.UserName AS UserName, UsersID, Comments, ";
$q.= "PackageBaseID, CommentTS, DelTS, EditedTS, B.UserName AS EditUserName, ";
- $q.= "DelUsersID, C.UserName AS DelUserName, ";
+ $q.= "DelUsersID, C.UserName AS DelUserName, RenderedComment, ";
$q.= "PinnedTS FROM PackageComments ";
$q.= "LEFT JOIN Users A ON PackageComments.UsersID = A.ID ";
$q.= "LEFT JOIN Users B ON PackageComments.EditedUsersID = B.ID ";
@@ -79,6 +79,36 @@ function pkgbase_comments($base_id, $limit, $include_deleted, $only_pinned=false
return $result->fetchAll();
}
+/*
+ * Invoke the comment rendering script.
+ *
+ * @param int $id ID of the comment to render
+ *
+ * @return void
+ */
+function render_comment($id) {
+ $cmd = config_get('options', 'render-comment-cmd');
+ $cmd .= ' ' . intval($id);
+
+ $descspec = array(
+ 0 => array('pipe', 'r'),
+ 1 => array('pipe', 'w'),
+ 2 => array('pipe', 'w')
+ );
+
+ $p = proc_open($cmd, $descspec, $pipes);
+
+ if (!is_resource($p)) {
+ return false;
+ }
+
+ fclose($pipes[0]);
+ fclose($pipes[1]);
+ fclose($pipes[2]);
+
+ return proc_close($p);
+}
+
/**
* Add a comment to a package page and send out appropriate notifications
*
@@ -96,12 +126,14 @@ function pkgbase_add_comment($base_id, $uid, $comment) {
}
$q = "INSERT INTO PackageComments ";
- $q.= "(PackageBaseID, UsersID, Comments, CommentTS) VALUES (";
- $q.= intval($base_id) . ", " . $uid . ", ";
- $q.= $dbh->quote($comment) . ", " . strval(time()) . ")";
+ $q.= "(PackageBaseID, UsersID, Comments, RenderedComment, CommentTS) ";
+ $q.= "VALUES (" . intval($base_id) . ", " . $uid . ", ";
+ $q.= $dbh->quote($comment) . ", '', " . strval(time()) . ")";
$dbh->exec($q);
$comment_id = $dbh->lastInsertId();
+ render_comment($comment_id);
+
notify(array('comment', $uid, $base_id, $comment_id));
return array(true, __('Comment has been added.'));