aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/bookmarks-vote.inc.tpl.php26
-rw-r--r--data/templates/bookmarks.tpl.php1
-rw-r--r--src/SemanticScuttle/functions.php24
-rw-r--r--www/vote.php69
4 files changed, 120 insertions, 0 deletions
diff --git a/data/templates/bookmarks-vote.inc.tpl.php b/data/templates/bookmarks-vote.inc.tpl.php
new file mode 100644
index 0000000..89818f8
--- /dev/null
+++ b/data/templates/bookmarks-vote.inc.tpl.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Bookmark voting badge.
+ * Shows the number of votes and buttons to vote for or
+ * against a bookmark.
+ * Expects a $row variable with bookmark data
+ */
+if (!$GLOBALS['enableVoting']) {
+ return;
+}
+echo '<span class="vote-badge">';
+if (!$row['hasVoted']) {
+ echo '<a class="vote-for" href="'
+ . createVoteURL(true, $row['bId']) . '">+</a>';
+} else {
+ echo '<span class="vote-against-i">+</span>';
+}
+echo '<span class="voting">' . $row['bVoting'] . '</span>';
+if (!$row['hasVoted']) {
+ echo '<a class="vote-against" href="'
+ . createVoteURL(false, $row['bId']) . '">-</a>';
+} else {
+ echo '<span class="vote-against-i">-</span>';
+}
+echo '</span>';
+?> \ No newline at end of file
diff --git a/data/templates/bookmarks.tpl.php b/data/templates/bookmarks.tpl.php
index 2314b75..f35139a 100644
--- a/data/templates/bookmarks.tpl.php
+++ b/data/templates/bookmarks.tpl.php
@@ -301,6 +301,7 @@ if($currenttag!= '') {
//echo '<a href="'. $address .'"'. $rel .' ><img class="thumbnail" src="http://www.artviper.net/screenshots/screener.php?url='.$address.'&w=120&sdx=1280&userID='.$GLOBALS['thumbnailsUserId'].'&hash='.$thumbnailHash.'" />';
echo '<img class="thumbnail" onclick="window.location.href=\''.$address.'\'" src="http://www.artviper.net/screenshots/screener.php?url='.$address.'&w=120&sdx=1280&userID='.$GLOBALS['thumbnailsUserId'].'&hash='.$thumbnailHash.'" />';
}
+ include 'bookmarks-vote.inc.tpl.php';
echo '<div '.$adminBgClass.' >';;
diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php
index 663ed25..8823752 100644
--- a/src/SemanticScuttle/functions.php
+++ b/src/SemanticScuttle/functions.php
@@ -92,6 +92,30 @@ function createURL($page = '', $ending = '') {
return ROOT . $page;
}
}
+/**
+ * Creates a "vote for/against this bookmark" URL.
+ * Also runs htmlspecialchars() on them to prevent XSS.
+ * We need to use ENT_QUOTES since otherwise we would not be
+ * protected when the attribute is used in single quotes.
+ *
+ * @param boolean $for For the bookmark (true) or against (false)
+ * @param integer $bId Bookmark ID
+ *
+ * @return string URL to use
+ */
+function createVoteURL($for, $bId)
+{
+ //FIXME: we need a "current url" variable that is
+ //filled with a safe version of the current url.
+ //all this specialchars stuff is bit of a hack.
+ return htmlspecialchars(
+ createURL(
+ 'vote',
+ ($for ? 'for' : 'against') . '/' . $bId
+ ) . '?from=' . urlencode($_SERVER['REQUEST_URI']),
+ ENT_QUOTES
+ );
+}
/* Shorten a string like a URL for example by cutting the middle of it */
function shortenString($string, $maxSize=75) {
diff --git a/www/vote.php b/www/vote.php
new file mode 100644
index 0000000..91f5c34
--- /dev/null
+++ b/www/vote.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ * We do expect three parameters:
+ * - type (for/against)
+ * - bookmark id
+ * - url we shall redirect to (?from=)
+ *
+ * vote/for/123?from=xyz
+ */
+require_once '../src/SemanticScuttle/header.php';
+
+if (!$GLOBALS['enableVoting']) {
+ header('HTTP/1.0 501 Not implemented');
+ echo 'voting is disabled';
+ exit(1);
+}
+
+
+$us = SemanticScuttle_Service_Factory::get('User');
+$vs = SemanticScuttle_Service_Factory::get('Vote');
+
+if (!$us->isLoggedOn()) {
+ header('HTTP/1.0 400 Bad Request');
+ echo 'need a logged on user';
+ exit(1);
+}
+$user = $us->getCurrentUser();
+$user = $user['uId'];
+
+if (!isset($_SERVER['PATH_INFO'])) {
+ //we got a problem
+ header('HTTP/1.0 500 Internal Server Error');
+ echo 'PATH_INFO not found';
+ exit(2);
+}
+
+//we should really use net_url_mapper here
+list($url, $type, $bookmark) = explode('/', $_SERVER['PATH_INFO']);
+
+if ($type != 'for' && $type != 'against') {
+ header('HTTP/1.0 400 Bad Request');
+ echo 'type has to be "for" or "against"';
+ exit(3);
+}
+if (!is_numeric($bookmark)) {
+ header('HTTP/1.0 400 Bad Request');
+ echo 'Bookmark must be numeric';
+ exit(4);
+}
+$bookmark = (int)$bookmark;
+
+if (!isset($_GET['from']) || $_GET['from'] == '') {
+ header('HTTP/1.0 400 Bad Request');
+ echo 'Missing "from" parameter';
+ exit(5);
+}
+$from = $_GET['from'];
+
+
+if ($vs->hasVoted($bookmark, $user)) {
+ //already voted
+ header('HTTP/1.0 412 Precondition failed');
+ echo 'Bookmark has been already voted for';
+ exit(6);
+}
+
+$vs->vote($bookmark, $user, $type == 'for' ? 1 : -1);
+header('Location: ' . $from);
+?> \ No newline at end of file