public void ProcessRequest( HttpContext context ) { if( context.Request.ContentType =="text/xml" && context.Request.RequestType =="POST" && context.Request.QueryString["guid"] != null ) { try { ILoggingDataService logService = LoggingDataServiceFactory.GetService(SiteConfig.GetLogPathFromCurrentContext()); IBlogDataService dataService = BlogDataServiceFactory.GetService(SiteConfig.GetContentPathFromCurrentContext(), logService); DataCache cache = CacheFactory.GetCache(); Entry entry = dataService.GetEntry(context.Request.QueryString["guid"]); if (entry != null && DasBlog.Web.Core.SiteUtilities.AreCommentsAllowed(entry, SiteConfig.GetSiteConfig())) { XmlSerializer ser = new XmlSerializer(typeof(RssItem)); RssItem item = (RssItem)ser.Deserialize(context.Request.InputStream); if ( item != null ) { Comment c = new Comment(); c.Initialize(); foreach( XmlElement el in item.anyElements ) { if ( el.NamespaceURI == "http://purl.org/dc/elements/1.1/" && el.LocalName == "creator") { c.Author = el.InnerText; break; } } c.AuthorEmail = item.Author; c.AuthorHomepage = item.Link; c.AuthorIPAddress = context.Request.UserHostAddress; c.Content = context.Server.HtmlEncode(item.Description); c.TargetEntryId = entry.EntryId; c.TargetTitle = ""; dataService.AddComment(c); // TODO: no comment mail? // break the caching cache.Remove("BlogCoreData"); context.Response.StatusCode = 200; context.Response.SuppressContent = true; context.Response.End(); } } else if (entry != null && !entry.AllowComments) { context.Response.StatusCode = 403; // Forbidden context.Response.SuppressContent = true; context.Response.End(); } else if (entry == null) { context.Response.StatusCode = 404; // Not Found context.Response.SuppressContent = true; context.Response.End(); } } catch(Exception exc) { ErrorTrace.Trace(System.Diagnostics.TraceLevel.Error,exc); } } }
public void AddNewComment(string name, string email, string homepage, string comment, string entryId, bool openid) { SharedBasePage requestPage = Page as SharedBasePage; // if we allow tags, use the allowed tags, otherwise use an empty array ValidTagCollection allowedTags = (requestPage.SiteConfig.CommentsAllowHtml ? requestPage.SiteConfig.AllowedTags : new ValidTagCollection(null)); Entry entry = requestPage.DataService.GetEntry(entryId); if ((entry != null) && SiteUtilities.AreCommentsAllowed(entry, requestPage.SiteConfig)) { Comment c = new Comment(); c.Initialize(); c.OpenId = openid; c.Author = HttpUtility.HtmlEncode(name); c.AuthorEmail = HttpUtility.HtmlEncode(email); c.AuthorHomepage = FixUrl(homepage); c.AuthorIPAddress = Request.UserHostAddress; c.AuthorUserAgent = Request.UserAgent; c.Referer = Request.UrlReferrer != null ? Request.UrlReferrer.ToString() : String.Empty; // clean the code from html tags c.TargetEntryId = entryId; c.TargetTitle = entry.Title; if (requestPage.SiteConfig.CommentsRequireApproval == true && (requestPage.SiteConfig.SmtpServer == null || requestPage.SiteConfig.SmtpServer.Length == 0)) { requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.Error, "ERROR: Comment Moderation is turned on, but you haven't configured an SMTP Server for sending mail!", "")); } // if comments require moderation, they are not public. // except when the commenter is a contributor if (SiteSecurity.IsValidContributor() ) { c.IsPublic = true; } else { // bypass spam when the comment is authenticated by openid en openid doesn't require approval if (requestPage.SiteConfig.EnableSpamBlockingService && (requestPage.SiteConfig.BypassSpamOpenIdComment && openid) == false) { // make sure to send the unfiltered comment for analysis by external service c.Content = comment; bool externalServiceSucceeded = false; try { if (requestPage.SiteConfig.SpamBlockingService.IsSpam(c)) { potentialSpamSubmitted = true; if (!requestPage.SiteConfig.EnableSpamModeration) { // abort saving the comment requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.CommentBlocked, String.Format("Blocking suspected spam from {0} {1} [{2}].", c.Author, c.AuthorEmail, c.AuthorIPAddress), SiteUtilities.GetPermaLinkUrl(entryId))); clearCommentInput(); return; } c.SpamState = SpamState.Spam; c.IsPublic = false; } else { c.SpamState = SpamState.NotSpam; c.IsPublic = true; } externalServiceSucceeded = true; } catch (Exception ex) { requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.Error, String.Format("The external spam blocking service failed for comment {0}. Original exception: {1}", c.EntryId, ex), SiteUtilities.GetPermaLinkUrl(entryId))); } if (!externalServiceSucceeded) { // If the external service fails, we will hide the comment, but not delete it, // even if moderation is disabled. c.SpamState = SpamState.NotChecked; if (doesFeedbackHaveSpamPotential(c)) { potentialSpamSubmitted = true; c.IsPublic = false; } else { c.IsPublic = true; } } } else { c.IsPublic = true; } // If comment moderation enabled, hide all comments regardless of the what the external spam service says if (requestPage.SiteConfig.CommentsRequireApproval) { c.IsPublic = false; } } // FilterHtml html encodes anything we don't like string filteredText = SiteUtilities.FilterHtml(comment, allowedTags); c.Content = filteredText; if (requestPage.SiteConfig.SendCommentsByEmail && requestPage.SiteConfig.SmtpServer != null && requestPage.SiteConfig.SmtpServer.Length > 0) { SendMailInfo defaultMailInfo = ComposeMail(c); requestPage.DataService.AddComment(c, defaultMailInfo); requestPage.DataService.RunActions(ComposeMailForUsers(entry, c)); string commentShort = c.Content.Replace("\n", ""); if (commentShort.Length > 50) { commentShort = commentShort.Substring(0, 50) + "..."; } requestPage.LoggingService.AddEvent( new EventDataItem( EventCodes.CommentAdded, commentShort, SiteUtilities.GetCommentViewUrl(entryId))); } else { requestPage.DataService.AddComment(c); } clearCommentInput(); // break the caching requestPage.DataCache.Remove("BlogCoreData"); Session.Remove("pendingComment"); Session.Remove("pendingEntryId"); //Send the user to the comment they JUST posted. if (!potentialSpamSubmitted) { Response.Redirect(SiteUtilities.GetCommentViewUrl(c.TargetEntryId) + "#" + c.EntryId); } } }