comment-add-2.tcl

Confirms a comment for an object_id

Location:

/packages/general-comments/www/comment-add-2.tcl

Authors:

Phong Nguyen

Pascal Scheffers <pascal@scheffers.net>

Created:

2000-10-12

CVS ID:

$Id: comment-add-2.tcl,v 1.8.2.6 2023/03/23 15:41:37 antoniop Exp $

Related Files

• packages/general-comments/www/comment-add-2.tcl

[ hide source ] | [ make this the default ]

File Contents

# /packages/general-comments/www/comment-add-2.tcl

ad_page_contract {
    Confirms a comment for an object_id

    @author Phong Nguyen <phong@arsdigita.com>
    @author Pascal Scheffers (pascal@scheffers.net)
    @creation-date 2000-10-12
    @cvs-id $Id: comment-add-2.tcl,v 1.8.2.6 2023/03/23 15:41:37 antoniop Exp $
} {
    object_id:naturalnum,notnull
    { object_name "[acs_object_name $object_id]" }
    title:notnull,printable,string_length(max|200)
    content:html,notnull
    comment_mime_type:oneof(text/plain|text/html),notnull
    { context_id:naturalnum "$object_id" }
    { category {} }
    { return_url:localurl {} }
} -properties {
    page_title:onevalue
    context:onevalue
    comment_mime_type:onevalue
    title:onevalue
    content:onevalue
    target:onevalue
    object_id:onevalue
    object_name:onevalue
    category:onevalue
    return_url:onevalue
} -validate {
    no_js_in_content {
        #
        # We do not allow any javascript in the content, including
        # event handlers.
        #
        if {![ad_dom_sanitize_html \
                  -allowed_tags * \
                  -allowed_attributes * \
                  -allowed_protocols * \
                  -html $content \
                  -no_js \
                  -validate]} {
            ad_complain [_ acs-tcl.lt_name_contains_invalid \
                             [list name [_ general-comments.Comment]]]
        }
    }
}
auth::require_login
# check to see if the user can create comments on this object
permission::require_permission -object_id $object_id -privilege general_comments_create

# ad_page_contract does not set object_name to
# [acs_object_name $object_id] if object_name is passed
# in as an empty string.
if { $object_name eq "" } {
    set object_name [acs_object_name $object_id]
}

set comment_id [db_nextval acs_object_id_seq]
set page_title "[_ general-comments.Confirm_comment_on] $object_name"
set context "\"[_ general-comments.Confirm_comment]\""
set target "comment-add-3"
set html_content [ad_html_text_convert -from $comment_mime_type -- $content]

ad_return_template "comment-ae-2"

# Local variables:
#    mode: tcl
#    tcl-indent-level: 4
#    indent-tabs-mode: nil
# End: