diff options
| -rw-r--r-- | data/templates/bookmarks-vote.inc.tpl.php | 26 | ||||
| -rw-r--r-- | data/templates/bookmarks.tpl.php | 1 | ||||
| -rw-r--r-- | src/SemanticScuttle/functions.php | 24 | ||||
| -rw-r--r-- | www/vote.php | 69 | 
4 files changed, 120 insertions, 0 deletions
| diff --git a/data/templates/bookmarks-vote.inc.tpl.php b/data/templates/bookmarks-vote.inc.tpl.php new file mode 100644 index 0000000..89818f8 --- /dev/null +++ b/data/templates/bookmarks-vote.inc.tpl.php @@ -0,0 +1,26 @@ +<?php +/** + * Bookmark voting badge. + * Shows the number of votes and buttons to vote for or + * against a bookmark. + * Expects a $row variable with bookmark data + */ +if (!$GLOBALS['enableVoting']) { +    return; +} +echo '<span class="vote-badge">'; +if (!$row['hasVoted']) { +    echo '<a class="vote-for" href="' +        . createVoteURL(true, $row['bId']) . '">+</a>'; +} else { +    echo '<span class="vote-against-i">+</span>'; +} +echo '<span class="voting">' . $row['bVoting'] . '</span>'; +if (!$row['hasVoted']) { +    echo '<a class="vote-against" href="' +        . createVoteURL(false, $row['bId']) . '">-</a>'; +} else { +    echo '<span class="vote-against-i">-</span>'; +} +echo '</span>'; +?>
\ No newline at end of file diff --git a/data/templates/bookmarks.tpl.php b/data/templates/bookmarks.tpl.php index 2314b75..f35139a 100644 --- a/data/templates/bookmarks.tpl.php +++ b/data/templates/bookmarks.tpl.php @@ -301,6 +301,7 @@ if($currenttag!= '') {  			//echo '<a href="'. $address .'"'. $rel .' ><img class="thumbnail" src="http://www.artviper.net/screenshots/screener.php?url='.$address.'&w=120&sdx=1280&userID='.$GLOBALS['thumbnailsUserId'].'&hash='.$thumbnailHash.'" />';  			echo '<img class="thumbnail" onclick="window.location.href=\''.$address.'\'" src="http://www.artviper.net/screenshots/screener.php?url='.$address.'&w=120&sdx=1280&userID='.$GLOBALS['thumbnailsUserId'].'&hash='.$thumbnailHash.'" />';  		} +        include 'bookmarks-vote.inc.tpl.php';  		echo '<div '.$adminBgClass.' >';; diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php index 663ed25..8823752 100644 --- a/src/SemanticScuttle/functions.php +++ b/src/SemanticScuttle/functions.php @@ -92,6 +92,30 @@ function createURL($page = '', $ending = '') {  		return ROOT . $page;  	}  } +/** + * Creates a "vote for/against this bookmark" URL. + * Also runs htmlspecialchars() on them to prevent XSS. + * We need to use ENT_QUOTES since otherwise we would not be + * protected when the attribute is used in single quotes. + * + * @param boolean $for For the bookmark (true) or against (false) + * @param integer $bId Bookmark ID + * + * @return string URL to use + */ +function createVoteURL($for, $bId) +{ +    //FIXME: we need a "current url" variable that is +    //filled with a safe version of the current url. +    //all this specialchars stuff is bit of a hack. +    return htmlspecialchars( +        createURL( +            'vote', +            ($for ? 'for' : 'against') . '/' . $bId +        ) . '?from=' . urlencode($_SERVER['REQUEST_URI']), +        ENT_QUOTES +    ); +}  /* Shorten a string like a URL for example by cutting the middle of it */  function shortenString($string, $maxSize=75) { diff --git a/www/vote.php b/www/vote.php new file mode 100644 index 0000000..91f5c34 --- /dev/null +++ b/www/vote.php @@ -0,0 +1,69 @@ +<?php +/** + * We do expect three parameters: + * - type (for/against) + * - bookmark id + * - url we shall redirect to (?from=) + * + * vote/for/123?from=xyz + */ +require_once '../src/SemanticScuttle/header.php'; + +if (!$GLOBALS['enableVoting']) { +    header('HTTP/1.0 501 Not implemented'); +    echo 'voting is disabled'; +    exit(1); +} + + +$us = SemanticScuttle_Service_Factory::get('User'); +$vs = SemanticScuttle_Service_Factory::get('Vote'); + +if (!$us->isLoggedOn()) { +    header('HTTP/1.0 400 Bad Request'); +    echo 'need a logged on user'; +    exit(1); +} +$user = $us->getCurrentUser(); +$user = $user['uId']; + +if (!isset($_SERVER['PATH_INFO'])) { +    //we got a problem +    header('HTTP/1.0 500 Internal Server Error'); +    echo 'PATH_INFO not found'; +    exit(2); +} + +//we should really use net_url_mapper here +list($url, $type, $bookmark) = explode('/', $_SERVER['PATH_INFO']); + +if ($type != 'for' && $type != 'against') { +    header('HTTP/1.0 400 Bad Request'); +    echo 'type has to be "for" or "against"'; +    exit(3); +} +if (!is_numeric($bookmark)) { +    header('HTTP/1.0 400 Bad Request'); +    echo 'Bookmark must be numeric'; +    exit(4); +} +$bookmark = (int)$bookmark; + +if (!isset($_GET['from']) || $_GET['from'] == '') { +    header('HTTP/1.0 400 Bad Request'); +    echo 'Missing "from" parameter'; +    exit(5); +} +$from = $_GET['from']; + + +if ($vs->hasVoted($bookmark, $user)) { +    //already voted +    header('HTTP/1.0 412 Precondition failed'); +    echo 'Bookmark has been already voted for'; +    exit(6); +} + +$vs->vote($bookmark, $user, $type == 'for' ? 1 : -1); +header('Location: ' . $from); +?>
\ No newline at end of file | 
