public void ProcessRequest( HttpContext context )
{
if( context.Request.ContentType =="text/xml" &&
context.Request.RequestType =="POST" &&
context.Request.QueryString["guid"] != null )
{
try
{
ILoggingDataService logService = LoggingDataServiceFactory.GetService(SiteConfig.GetLogPathFromCurrentContext());
IBlogDataService dataService = BlogDataServiceFactory.GetService(SiteConfig.GetContentPathFromCurrentContext(), logService);
DataCache cache = CacheFactory.GetCache();
Entry entry = dataService.GetEntry(context.Request.QueryString["guid"]);
if (entry != null && DasBlog.Web.Core.SiteUtilities.AreCommentsAllowed(entry, SiteConfig.GetSiteConfig()))
{
XmlSerializer ser = new XmlSerializer(typeof(RssItem));
RssItem item = (RssItem)ser.Deserialize(context.Request.InputStream);
if ( item != null )
{
Comment c = new Comment();
c.Initialize();
foreach( XmlElement el in item.anyElements )
{
if ( el.NamespaceURI == "http://purl.org/dc/elements/1.1/" &&
el.LocalName == "creator")
{
c.Author = el.InnerText;
break;
}
}
c.AuthorEmail = item.Author;
c.AuthorHomepage = item.Link;
c.AuthorIPAddress = context.Request.UserHostAddress;
c.Content = context.Server.HtmlEncode(item.Description);
c.TargetEntryId = entry.EntryId;
c.TargetTitle = "";
dataService.AddComment(c);
// TODO: no comment mail?
// break the caching
cache.Remove("BlogCoreData");
context.Response.StatusCode = 200;
context.Response.SuppressContent = true;
context.Response.End();
}
}
else if (entry != null && !entry.AllowComments)
{
context.Response.StatusCode = 403; // Forbidden
context.Response.SuppressContent = true;
context.Response.End();
}
else if (entry == null)
{
context.Response.StatusCode = 404; // Not Found
context.Response.SuppressContent = true;
context.Response.End();
}
}
catch(Exception exc)
{
ErrorTrace.Trace(System.Diagnostics.TraceLevel.Error,exc);
}
}
}
public void AddNewComment(string name, string email, string homepage, string comment, string entryId, bool openid)
{
SharedBasePage requestPage = Page as SharedBasePage;
// if we allow tags, use the allowed tags, otherwise use an empty array
ValidTagCollection allowedTags = (requestPage.SiteConfig.CommentsAllowHtml ? requestPage.SiteConfig.AllowedTags : new ValidTagCollection(null));
Entry entry = requestPage.DataService.GetEntry(entryId);
if ((entry != null) && SiteUtilities.AreCommentsAllowed(entry, requestPage.SiteConfig))
{
Comment c = new Comment();
c.Initialize();
c.OpenId = openid;
c.Author = HttpUtility.HtmlEncode(name);
c.AuthorEmail = HttpUtility.HtmlEncode(email);
c.AuthorHomepage = FixUrl(homepage);
c.AuthorIPAddress = Request.UserHostAddress;
c.AuthorUserAgent = Request.UserAgent;
c.Referer = Request.UrlReferrer != null ? Request.UrlReferrer.ToString() : String.Empty;
// clean the code from html tags
c.TargetEntryId = entryId;
c.TargetTitle = entry.Title;
if (requestPage.SiteConfig.CommentsRequireApproval == true &&
(requestPage.SiteConfig.SmtpServer == null || requestPage.SiteConfig.SmtpServer.Length == 0))
{
requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.Error, "ERROR: Comment Moderation is turned on, but you haven't configured an SMTP Server for sending mail!", ""));
}
// if comments require moderation, they are not public.
// except when the commenter is a contributor
if (SiteSecurity.IsValidContributor() )
{
c.IsPublic = true;
}
else
{
// bypass spam when the comment is authenticated by openid en openid doesn't require approval
if (requestPage.SiteConfig.EnableSpamBlockingService && (requestPage.SiteConfig.BypassSpamOpenIdComment && openid) == false)
{
// make sure to send the unfiltered comment for analysis by external service
c.Content = comment;
bool externalServiceSucceeded = false;
try
{
if (requestPage.SiteConfig.SpamBlockingService.IsSpam(c))
{
potentialSpamSubmitted = true;
if (!requestPage.SiteConfig.EnableSpamModeration)
{
// abort saving the comment
requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.CommentBlocked, String.Format("Blocking suspected spam from {0} {1} [{2}].", c.Author, c.AuthorEmail, c.AuthorIPAddress), SiteUtilities.GetPermaLinkUrl(entryId)));
clearCommentInput();
return;
}
c.SpamState = SpamState.Spam;
c.IsPublic = false;
}
else
{
c.SpamState = SpamState.NotSpam;
c.IsPublic = true;
}
externalServiceSucceeded = true;
}
catch (Exception ex)
{
requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.Error, String.Format("The external spam blocking service failed for comment {0}. Original exception: {1}", c.EntryId, ex), SiteUtilities.GetPermaLinkUrl(entryId)));
}
if (!externalServiceSucceeded)
{
// If the external service fails, we will hide the comment, but not delete it,
// even if moderation is disabled.
c.SpamState = SpamState.NotChecked;
if (doesFeedbackHaveSpamPotential(c))
{
potentialSpamSubmitted = true;
c.IsPublic = false;
}
else
{
c.IsPublic = true;
}
}
}
else
{
c.IsPublic = true;
}
// If comment moderation enabled, hide all comments regardless of the what the external spam service says
if (requestPage.SiteConfig.CommentsRequireApproval)
{
c.IsPublic = false;
}
}
// FilterHtml html encodes anything we don't like
string filteredText = SiteUtilities.FilterHtml(comment, allowedTags);
c.Content = filteredText;
if (requestPage.SiteConfig.SendCommentsByEmail &&
requestPage.SiteConfig.SmtpServer != null &&
requestPage.SiteConfig.SmtpServer.Length > 0)
{
SendMailInfo defaultMailInfo = ComposeMail(c);
requestPage.DataService.AddComment(c, defaultMailInfo);
requestPage.DataService.RunActions(ComposeMailForUsers(entry, c));
string commentShort = c.Content.Replace("\n", "");
if (commentShort.Length > 50)
{
commentShort = commentShort.Substring(0, 50) + "...";
}
requestPage.LoggingService.AddEvent(
new EventDataItem(
EventCodes.CommentAdded, commentShort, SiteUtilities.GetCommentViewUrl(entryId)));
}
else
{
requestPage.DataService.AddComment(c);
}
clearCommentInput();
// break the caching
requestPage.DataCache.Remove("BlogCoreData");
Session.Remove("pendingComment");
Session.Remove("pendingEntryId");
//Send the user to the comment they JUST posted.
if (!potentialSpamSubmitted)
{
Response.Redirect(SiteUtilities.GetCommentViewUrl(c.TargetEntryId) + "#" + c.EntryId);
}
}
}
