Minahito
minah****@users*****
2006年 1月 25日 (水) 16:10:46 JST
Index: xoops2jp/html/include/comment_view.php
diff -u xoops2jp/html/include/comment_view.php:1.2 xoops2jp/html/include/comment_view.php:1.2.8.1
--- xoops2jp/html/include/comment_view.php:1.2 Fri Mar 18 21:51:55 2005
+++ xoops2jp/html/include/comment_view.php Wed Jan 25 16:10:46 2006
@@ -1,5 +1,5 @@
<?php
-// $Id: comment_view.php,v 1.2 2005/03/18 12:51:55 onokazu Exp $
+// $Id: comment_view.php,v 1.2.8.1 2006/01/25 07:10:46 minahito Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
@@ -148,67 +148,59 @@
}
}
}
-
- // assign comment nav bar
- $navbar = '
-<form method="get" action="'.$comment_config['pageName'].'">
-<table width="95%" class="outer" cellspacing="1">
- <tr>
- <td class="even" align="center"><select name="com_mode"><option value="flat"';
- if ($com_mode == 'flat') {
- $navbar .= ' selected="selected"';
- }
- $navbar .= '>'._FLAT.'</option><option value="thread"';
- if ($com_mode == 'thread' || $com_mode == '') {
- $navbar .= ' selected="selected"';
- }
- $navbar .= '>'. _THREADED .'</option><option value="nest"';
- if ($com_mode == 'nest') {
- $navbar .= ' selected="selected"';
- }
- $navbar .= '>'. _NESTED .'</option></select> <select name="com_order"><option value="'.XOOPS_COMMENT_OLD1ST.'"';
- if ($com_order == XOOPS_COMMENT_OLD1ST) {
- $navbar .= ' selected="selected"';
- }
- $navbar .= '>'. _OLDESTFIRST .'</option><option value="'.XOOPS_COMMENT_NEW1ST.'"';
- if ($com_order == XOOPS_COMMENT_NEW1ST) {
- $navbar .= ' selected="selected"';
- }
- unset($postcomment_link);
- $navbar .= '>'. _NEWESTFIRST .'</option></select><input type="hidden" name="'.$comment_config['itemName'].'" value="'.$com_itemid.'" /> <input type="submit" value="'. _CM_REFRESH .'" class="formButton" />';
+
+ $renderTarget =& new Legacy_RenderTargetMain();
+ $renderTarget->setTemplateName("legacy_comment_navi.html");
+ $renderTarget->setAttribute("pageName", $comment_config['pageName']);
+
+ $modeOptions = array("nest" => _NESTED, "flat" => _FLAT, "thread" => _THREADED);
+ $renderTarget->setAttribute('modeOptions', $modeOptions);
+ $renderTarget->setAttribute('com_mode', $com_mode);
+
+ $orderOptions = array(0 => _OLDESTFIRST, 1 => _NEWESTFIRST);
+ $renderTarget->setAttribute('orderOptions', $orderOptions);
+ $renderTarget->setAttribute('com_order', $com_order);
+
+ $renderTarget->setAttribute('itemName', $comment_config['itemName']);
+ $renderTarget->setAttribute('com_itemid', $com_itemid);
+ $renderTarget->setAttribute('com_anonpost', $xoopsModuleConfig['com_anonpost']);
+
if (!empty($xoopsModuleConfig['com_anonpost']) || is_object($xoopsUser)) {
- $postcomment_link = 'comment_new.php?com_itemid='.$com_itemid.'&com_order='.$com_order.'&com_mode='.$com_mode;
-
- $xoopsTpl->assign('anon_canpost', true);
+ $postcomment_link = 'comment_new.php?com_itemid=' . $com_itemid . '&com_order=' . $com_order . '&com_mode=' . $com_mode;
}
+
$link_extra = '';
+ $fetchParams = array();
if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
foreach ($comment_config['extraParams'] as $extra_param) {
- if (isset(${$extra_param})) {
- $link_extra .= '&'.$extra_param.'='.${$extra_param};
- $hidden_value = htmlspecialchars(${$extra_param}, ENT_QUOTES);
- $extra_param_val = ${$extra_param};
- } elseif (isset($_POST[$extra_param])) {
- $extra_param_val = $_POST[$extra_param];
- } elseif (isset($_GET[$extra_param])) {
- $extra_param_val = $_GET[$extra_param];
+ //
+ // We deprecate that a developer depends on the following line.
+ //
+ if (isset($GLOBALS[$extra_param])) {
+ $fetchParams[$extra_param] = $GLOBALS[$extra_param];
+ } elseif (isset($_REQUEST[$extra_param])) {
+ $fetchParams[$extra_param] = xoops_getrequest($extra_param);
}
- if (isset($extra_param_val)) {
- $link_extra .= '&'.$extra_param.'='.$extra_param_val;
- $hidden_value = htmlspecialchars($extra_param_val, ENT_QUOTES);
- $navbar .= '<input type="hidden" name="'.$extra_param.'" value="'.$hidden_value.'" />';
- }
+ }
+
+ //
+ // Composite link_extra
+ //
+ foreach ($fetchParams as $key => $value) {
+ $link_extra .= "&" . $key . "=" . $value;
}
}
- if (isset($postcomment_link)) {
- $navbar .= ' <input type="button" onclick="self.location.href=\''.$postcomment_link.''.$link_extra.'\'" class="formButton" value="'._CM_POSTCOMMENT.'" />';
- }
- $navbar .= '
- </td>
- </tr>
-</table>
-</form>';
- $xoopsTpl->assign(array('commentsnav' => $navbar, 'editcomment_link' => 'comment_edit.php?com_itemid='.$com_itemid.'&com_order='.$com_order.'&com_mode='.$com_mode.''.$link_extra, 'deletecomment_link' => 'comment_delete.php?com_itemid='.$com_itemid.'&com_order='.$com_order.'&com_mode='.$com_mode.''.$link_extra, 'replycomment_link' => 'comment_reply.php?com_itemid='.$com_itemid.'&com_order='.$com_order.'&com_mode='.$com_mode.''.$link_extra));
+
+ $renderTarget->setAttribute("extraParams", $fetchParams);
+ $renderTarget->setAttribute("link_extra", $link_extra);
+
+ $renderer =& $root->getRenderSystem('Legacy_RenderSystem');
+ $renderer->renderWithTarget($renderTarget);
+
+ //
+ // TODO We change raw string data, we must change template for guarding XSS.
+ //
+ $xoopsTpl->assign(array('commentsnav' => $renderTarget->getResult(), 'editcomment_link' => 'comment_edit.php?com_itemid='.$com_itemid.'&com_order='.$com_order.'&com_mode='.$com_mode.''.htmlspecialchars($link_extra, ENT_QUOTES), 'deletecomment_link' => 'comment_delete.php?com_itemid='.$com_itemid.'&com_order='.$com_order.'&com_mode='.$com_mode.''.$link_extra, 'replycomment_link' => 'comment_reply.php?com_itemid='.$com_itemid.'&com_order='.$com_order.'&com_mode='.$com_mode.''.$link_extra));
// assign some lang variables
$xoopsTpl->assign(array('lang_from' => _CM_FROM, 'lang_joined' => _CM_JOINED, 'lang_posts' => _CM_POSTS, 'lang_poster' => _CM_POSTER, 'lang_thread' => _CM_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_subject' => _CM_REPLIES, 'lang_posted' => _CM_POSTED, 'lang_updated' => _CM_UPDATED, 'lang_notice' => _CM_NOTICE));