Esempio n. 1
0
        protected void CommentView_PreRender(object sender, System.EventArgs e)
        {
            SharedBasePage requestPage    = Page as SharedBasePage;
            string         entryId        = (string)ViewState["entryId"];
            bool           obfuscateEmail = requestPage.SiteConfig.ObfuscateEmail;

            Entry entry = requestPage.DataService.GetEntry(entryId);

            if (entry != null)
            {
                //Modified 10-3-03 HPierson
                //Render the day template with just the single entry, rather than the item template
                //Modified 12-8-03 HPierson
                //Using entry.CreatedLocalTime causes a bug when dasBlog is not configured to be in
                //the same time zone as the server. Instead, we use the configured WindowsTimeZone
                //to calculate the dasBlog configured local time for the entry
                requestPage.WeblogEntries.Add(entry);
                if (requestPage.SiteConfig.AdjustDisplayTimeZone)
                {
                    newtelligence.DasBlog.Util.WindowsTimeZone wtz = requestPage.SiteConfig.GetConfiguredTimeZone();
                    requestPage.ProcessDayTemplate(wtz.ToLocalTime(entry.CreatedUtc), commentViewContent);
                }
                else
                {
                    requestPage.ProcessDayTemplate(entry.CreatedUtc, commentViewContent);
                }

                HtmlAnchor commentStart = new HtmlAnchor();
                commentStart.Name = "commentstart";
                commentViewContent.Controls.Add(commentStart);

                // Show all public comments, or all contents if you can approve them
                // This way all non-public comments remain hidden, when you no longer require approval.
                bool allComments = SiteSecurity.IsValidContributor();

                foreach (Comment c in requestPage.DataService.GetCommentsFor(entryId, allComments))
                {
                    SingleCommentView view = (SingleCommentView)LoadControl("SingleCommentView.ascx");
                    view.Comment        = c;
                    view.ObfuscateEmail = obfuscateEmail;
                    commentViewContent.Controls.Add(view);
                }

                commentsClosed.Visible   = false;
                commentViewTable.Visible = true;
                // only show the openid option when allowed in the config
                openIdTable.Visible = requestPage.SiteConfig.AllowOpenIdComments;

                commentsGravatarEnabled.Visible = requestPage.SiteConfig.CommentsAllowGravatar;

                // show the comments require approval warning when moderating, or suspected spam,
                // maybe users won't post multiple comments when their comment won't show immediately
                commentsModerated.Visible = (requestPage.SiteConfig.CommentsRequireApproval || potentialSpamSubmitted);
                if (potentialSpamSubmitted)
                {
                    labelCommentsModerated.Text = resmgr.GetString("text_comment_potential_spam");
                }
                // display no/some html
                labelCommentHtml.Visible = requestPage.SiteConfig.CommentsAllowHtml && (requestPage.SiteConfig.AllowedTags.AllowedTagsCount > 0);
                labelComment.Visible     = !labelCommentHtml.Visible;
                labelCommentHtml.Text    = String.Format(resmgr.GetString("text_comment_content_html"), requestPage.SiteConfig.AllowedTags.ToString());

                if (SiteUtilities.AreCommentsAllowed(entry, requestPage.SiteConfig) == false)
                {
                    commentsClosed.Visible   = true;
                    commentViewTable.Visible = false;
                    openIdTable.Visible      = false;
                    // if comments are not allow, there is no need to show the approval warning
                    commentsModerated.Visible = false;
                }

                if (Page.ClientScript.IsClientScriptBlockRegistered(this.GetType(), "coCommentScript") == false && requestPage.SiteConfig.EnableCoComment == true)
                {
                    string coCommentScript = String.Format(@"

					<script type=""text/javascript"">
// this ensures coComment gets the correct values
coco =
{{
     tool          : ""dasBlog"",
     siteurl       : ""{0}"",
     sitetitle     : ""{1}"",
     pageurl       : ""{2}"",
     pagetitle     : ""{3}"",
     author        : ""{4}"",
     formID        : ""{5}"",
     textareaID    : ""{6}"",
     buttonID      : ""{7}""
}}
</script>
<script id=""cocomment-fetchlet"" src=""http://www.cocomment.com/js/enabler.js"" type=""text/javascript"">
// this activates coComment
</script>
  ",
                                                           requestPage.SiteConfig.Root,
                                                           Server.HtmlEncode(requestPage.SiteConfig.Title),
                                                           Request.Url.ToString(),
                                                           Server.HtmlEncode(entry.Title),
                                                           Server.HtmlEncode(entry.Author),
                                                           this.Page.Form.ClientID,
                                                           this.comment.ClientID,
                                                           this.add.ClientID
                                                           );
                    Page.ClientScript.RegisterClientScriptBlock(this.GetType(), "coComment", coCommentScript);
                }
            }
        }
Esempio n. 2
0
        public void AddNewComment(string name, string email, string homepage, string comment, string entryId, bool openid)
        {
            SharedBasePage requestPage = Page as SharedBasePage;

            // if we allow tags, use the allowed tags, otherwise use an empty array
            ValidTagCollection allowedTags = (requestPage.SiteConfig.CommentsAllowHtml ? requestPage.SiteConfig.AllowedTags : new ValidTagCollection(null));

            Entry entry = requestPage.DataService.GetEntry(entryId);

            if ((entry != null) && SiteUtilities.AreCommentsAllowed(entry, requestPage.SiteConfig))
            {
                Comment c = new Comment();
                c.Initialize();
                c.OpenId          = openid;
                c.Author          = HttpUtility.HtmlEncode(name);
                c.AuthorEmail     = HttpUtility.HtmlEncode(email);
                c.AuthorHomepage  = FixUrl(homepage);
                c.AuthorIPAddress = Request.UserHostAddress;
                c.AuthorUserAgent = Request.UserAgent;
                c.Referer         = Request.UrlReferrer != null?Request.UrlReferrer.ToString() : String.Empty;

                // clean the code from html tags


                c.TargetEntryId = entryId;
                c.TargetTitle   = entry.Title;

                if (requestPage.SiteConfig.CommentsRequireApproval == true &&
                    (requestPage.SiteConfig.SmtpServer == null || requestPage.SiteConfig.SmtpServer.Length == 0))
                {
                    requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.Error, "ERROR: Comment Moderation is turned on, but you haven't configured an SMTP Server for sending mail!", ""));
                }

                // if comments require moderation, they are not public.
                // except when the commenter is a contributor
                if (SiteSecurity.IsValidContributor())
                {
                    c.IsPublic = true;
                }
                else
                {
                    // bypass spam when the comment is authenticated by openid en openid doesn't require approval
                    if (requestPage.SiteConfig.EnableSpamBlockingService && (requestPage.SiteConfig.BypassSpamOpenIdComment && openid) == false)
                    {
                        // make sure to send the unfiltered comment for analysis by external service
                        c.Content = comment;
                        bool externalServiceSucceeded = false;
                        try
                        {
                            if (requestPage.SiteConfig.SpamBlockingService.IsSpam(c))
                            {
                                potentialSpamSubmitted = true;
                                if (!requestPage.SiteConfig.EnableSpamModeration)
                                {
                                    // abort saving the comment
                                    requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.CommentBlocked, String.Format("Blocking suspected spam from {0} {1} [{2}].", c.Author, c.AuthorEmail, c.AuthorIPAddress), SiteUtilities.GetPermaLinkUrl(entryId)));
                                    clearCommentInput();
                                    return;
                                }
                                c.SpamState = SpamState.Spam;
                                c.IsPublic  = false;
                            }
                            else
                            {
                                c.SpamState = SpamState.NotSpam;
                                c.IsPublic  = true;
                            }
                            externalServiceSucceeded = true;
                        }
                        catch (Exception ex)
                        {
                            requestPage.LoggingService.AddEvent(new EventDataItem(EventCodes.Error, String.Format("The external spam blocking service failed for comment {0}. Original exception: {1}", c.EntryId, ex), SiteUtilities.GetPermaLinkUrl(entryId)));
                        }
                        if (!externalServiceSucceeded)
                        {
                            // If the external service fails, we will hide the comment, but not delete it,
                            // even if moderation is disabled.
                            c.SpamState = SpamState.NotChecked;
                            if (doesFeedbackHaveSpamPotential(c))
                            {
                                potentialSpamSubmitted = true;
                                c.IsPublic             = false;
                            }
                            else
                            {
                                c.IsPublic = true;
                            }
                        }
                    }
                    else
                    {
                        c.IsPublic = true;
                    }
                    // If comment moderation enabled, hide all comments regardless of the what the external spam service says
                    if (requestPage.SiteConfig.CommentsRequireApproval)
                    {
                        c.IsPublic = false;
                    }
                }

                // FilterHtml html encodes anything we don't like
                string filteredText = SiteUtilities.FilterHtml(comment, allowedTags);
                c.Content = filteredText;


                if (requestPage.SiteConfig.SendCommentsByEmail &&
                    requestPage.SiteConfig.SmtpServer != null &&
                    requestPage.SiteConfig.SmtpServer.Length > 0)
                {
                    SendMailInfo defaultMailInfo = ComposeMail(c);
                    requestPage.DataService.AddComment(c, defaultMailInfo);
                    requestPage.DataService.RunActions(ComposeMailForUsers(entry, c));

                    string commentShort = c.Content.Replace("\n", "");
                    if (commentShort.Length > 50)
                    {
                        commentShort = commentShort.Substring(0, 50) + "...";
                    }
                    requestPage.LoggingService.AddEvent(
                        new EventDataItem(
                            EventCodes.CommentAdded, commentShort, SiteUtilities.GetCommentViewUrl(entryId)));
                }
                else
                {
                    requestPage.DataService.AddComment(c);
                }

                clearCommentInput();

                // break the caching
                requestPage.DataCache.Remove("BlogCoreData");
                Session.Remove("pendingComment");
                Session.Remove("pendingEntryId");

                //Send the user to the comment they JUST posted.
                if (!potentialSpamSubmitted)
                {
                    Response.Redirect(SiteUtilities.GetCommentViewUrl(c.TargetEntryId) + "#" + c.EntryId);
                }
            }
        }
Esempio n. 3
0
 public static bool AreCommentsAllowed(Entry entry, SiteConfig siteConfig)
 {
     return(SiteUtilities.AreCommentsAllowed(entry, siteConfig));
 }