From 053109fe4fc38e4925de8d4401d159125d408882 Mon Sep 17 00:00:00 2001 From: flashwave Date: Mon, 2 Jan 2023 22:59:24 +0000 Subject: [PATCH] Removed XHR stuff from comments handler. --- public/comments.php | 116 +++++++++++++------------------------------- 1 file changed, 34 insertions(+), 82 deletions(-) diff --git a/public/comments.php b/public/comments.php index 6d426f4..a550836 100644 --- a/public/comments.php +++ b/public/comments.php @@ -15,33 +15,30 @@ require_once '../misuzu.php'; // basing whether or not this is an xhr request on whether a referrer header is present // this page is never directy accessed, under normal circumstances -$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : ''; -$isXHR = !$redirect; +$redirect = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : url('index'); -if($isXHR) { - header('Content-Type: application/json; charset=utf-8'); -} elseif(!is_local_url($redirect)) { +if(!is_local_url($redirect)) { echo render_info('Possible request forgery detected.', 403); return; } if(!CSRF::validateRequest()) { - echo render_info_or_json($isXHR, "Couldn't verify this request, please refresh the page and try again.", 403); + echo render_info("Couldn't verify this request, please refresh the page and try again.", 403); return; } $currentUserInfo = User::getCurrent(); if($currentUserInfo === null) { - echo render_info_or_json($isXHR, 'You must be logged in to manage comments.', 401); + echo render_info('You must be logged in to manage comments.', 401); return; } if($currentUserInfo->isBanned()) { - echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403); + echo render_info('You have been banned, check your profile for more information.', 403); return; } if($currentUserInfo->isSilenced()) { - echo render_info_or_json($isXHR, 'You have been silenced, check your profile for more information.', 403); + echo render_info('You have been silenced, check your profile for more information.', 403); return; } @@ -56,7 +53,7 @@ if($commentId > 0) try { $commentInfo2 = CommentsPost::byId($commentId); } catch(CommentsPostNotFoundException $ex) { - echo render_info_or_json($isXHR, 'Post not found.', 404); + echo render_info('Post not found.', 404); return; } @@ -64,52 +61,44 @@ switch($commentMode) { case 'pin': case 'unpin': if(!$commentPerms['can_pin'] && !$commentInfo2->isOwner($currentUserInfo)) { - echo render_info_or_json($isXHR, "You're not allowed to pin comments.", 403); + echo render_info("You're not allowed to pin comments.", 403); break; } if($commentInfo2->isDeleted()) { - echo render_info_or_json($isXHR, "This comment doesn't exist!", 400); + echo render_info("This comment doesn't exist!", 400); break; } if($commentInfo2->hasParent()) { - echo render_info_or_json($isXHR, "You can't pin replies!", 400); + echo render_info("You can't pin replies!", 400); break; } $isPinning = $commentMode === 'pin'; if($isPinning && $commentInfo2->isPinned()) { - echo render_info_or_json($isXHR, 'This comment is already pinned.', 400); + echo render_info('This comment is already pinned.', 400); break; } elseif(!$isPinning && !$commentInfo2->isPinned()) { - echo render_info_or_json($isXHR, "This comment isn't pinned yet.", 400); + echo render_info("This comment isn't pinned yet.", 400); break; } $commentInfo2->setPinned($isPinning); $commentInfo2->save(); - if(!$isXHR) { - redirect($redirect . '#comment-' . $commentInfo2->getId()); - break; - } - - echo json_encode([ - 'comment_id' => $commentInfo2->getId(), - 'comment_pinned' => ($time = $commentInfo2->getPinnedTime()) < 0 ? null : date('Y-m-d H:i:s', $time), - ]); + redirect($redirect . '#comment-' . $commentInfo2->getId()); break; case 'vote': if(!$commentPerms['can_vote'] && !$commentInfo2->isOwner($currentUserInfo)) { - echo render_info_or_json($isXHR, "You're not allowed to vote on comments.", 403); + echo render_info("You're not allowed to vote on comments.", 403); break; } if($commentInfo2->isDeleted()) { - echo render_info_or_json($isXHR, "This comment doesn't exist!", 400); + echo render_info("This comment doesn't exist!", 400); break; } @@ -120,23 +109,17 @@ switch($commentMode) { else $commentInfo2->removeVote($currentUserInfo); - if(!$isXHR) { - redirect($redirect . '#comment-' . $commentInfo2->getId()); - break; - } - - echo json_encode($commentInfo2->votes()); + redirect($redirect . '#comment-' . $commentInfo2->getId()); break; case 'delete': if(!$commentPerms['can_delete'] && !$commentInfo2->isOwner($currentUserInfo)) { - echo render_info_or_json($isXHR, "You're not allowed to delete comments.", 403); + echo render_info("You're not allowed to delete comments.", 403); break; } if($commentInfo2->isDeleted()) { - echo render_info_or_json( - $isXHR, + echo render_info( $commentPerms['can_delete_any'] ? 'This comment is already marked for deletion.' : "This comment doesn't exist.", 400 ); @@ -147,7 +130,7 @@ switch($commentMode) { $isModAction = $commentPerms['can_delete_any'] && !$isOwnComment; if(!$isModAction && !$isOwnComment) { - echo render_info_or_json($isXHR, "You're not allowed to delete comments made by others.", 403); + echo render_info("You're not allowed to delete comments made by others.", 403); break; } @@ -164,24 +147,17 @@ switch($commentMode) { AuditLog::create(AuditLog::COMMENT_ENTRY_DELETE, [$commentInfo2->getId()]); } - if($redirect) { - redirect($redirect); - break; - } - - echo json_encode([ - 'id' => $commentInfo2->getId(), - ]); + redirect($redirect); break; case 'restore': if(!$commentPerms['can_delete_any']) { - echo render_info_or_json($isXHR, "You're not allowed to restore deleted comments.", 403); + echo render_info("You're not allowed to restore deleted comments.", 403); break; } if(!$commentInfo2->isDeleted()) { - echo render_info_or_json($isXHR, "This comment isn't in a deleted state.", 400); + echo render_info("This comment isn't in a deleted state.", 400); break; } @@ -194,24 +170,17 @@ switch($commentMode) { ($commentUserId < 1 ? '(Deleted User)' : $commentInfo2->getUser()->getUsername()), ]); - if($redirect) { - redirect($redirect . '#comment-' . $commentInfo2->getId()); - break; - } - - echo json_encode([ - 'id' => $commentInfo2->getId(), - ]); + redirect($redirect . '#comment-' . $commentInfo2->getId()); break; case 'create': if(!$commentPerms['can_comment'] && !$commentInfo2->isOwner($currentUserInfo)) { - echo render_info_or_json($isXHR, "You're not allowed to post comments.", 403); + echo render_info("You're not allowed to post comments.", 403); break; } if(empty($_POST['comment']) || !is_array($_POST['comment'])) { - echo render_info_or_json($isXHR, 'Missing data.', 400); + echo render_info('Missing data.', 400); break; } @@ -222,12 +191,12 @@ switch($commentMode) { : 0 ); } catch(CommentsCategoryNotFoundException $ex) { - echo render_info_or_json($isXHR, 'This comment category doesn\'t exist.', 404); + echo render_info('This comment category doesn\'t exist.', 404); break; } if($categoryInfo->isLocked() && !$commentPerms['can_lock']) { - echo render_info_or_json($isXHR, 'This comment category has been locked.', 403); + echo render_info('This comment category has been locked.', 403); break; } @@ -245,15 +214,15 @@ switch($commentMode) { $commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText); } else { if($commentPerms['can_lock']) { - echo render_info_or_json($isXHR, 'The action has been processed.'); + echo render_info('The action has been processed.'); } else { - echo render_info_or_json($isXHR, 'Your comment is too short.', 400); + echo render_info('Your comment is too short.', 400); } break; } if(mb_strlen($commentText) > 5000) { - echo render_info_or_json($isXHR, 'Your comment is too long.', 400); + echo render_info('Your comment is too long.', 400); break; } @@ -265,7 +234,7 @@ switch($commentMode) { } if(!isset($parentCommentInfo) || $parentCommentInfo->isDeleted()) { - echo render_info_or_json($isXHR, 'The comment you tried to reply to does not exist.', 404); + echo render_info('The comment you tried to reply to does not exist.', 404); break; } } @@ -282,30 +251,13 @@ switch($commentMode) { try { $commentInfo2->save(); } catch(CommentsPostSaveFailedException $ex) { - echo render_info_or_json($isXHR, 'Something went horribly wrong.', 500); + echo render_info('Something went horribly wrong.', 500); break; } - if($redirect) { - redirect($redirect . '#comment-' . $commentInfo2->getId()); - break; - } - - echo json_encode([ - 'comment_id' => $commentInfo2->getId(), - 'category_id' => $commentInfo2->getCategoryId(), - 'comment_text' => $commentInfo2->getText(), - 'comment_created' => ($time = $commentInfo2->getCreatedTime()) < 0 ? null : date('Y-m-d H:i:s', $time), - 'comment_edited' => ($time = $commentInfo2->getEditedTime()) < 0 ? null : date('Y-m-d H:i:s', $time), - 'comment_deleted' => ($time = $commentInfo2->getDeletedTime()) < 0 ? null : date('Y-m-d H:i:s', $time), - 'comment_pinned' => ($time = $commentInfo2->getPinnedTime()) < 0 ? null : date('Y-m-d H:i:s', $time), - 'comment_reply_to' => ($parent = $commentInfo2->getParentId()) < 1 ? null : $parent, - 'user_id' => ($commentInfo2->getUserId() < 1 ? null : $commentInfo2->getUser()->getId()), - 'username' => ($commentInfo2->getUserId() < 1 ? null : $commentInfo2->getUser()->getUsername()), - 'user_colour' => ($commentInfo2->getUserId() < 1 ? 0x40000000 : $commentInfo2->getUser()->getColour()->getRaw()), - ]); + redirect($redirect . '#comment-' . $commentInfo2->getId()); break; default: - echo render_info_or_json($isXHR, 'Not found.', 404); + echo render_info('Not found.', 404); }