function comment_upload_comment in Comment Upload 5

Same name and namespace in other branches

1. 6 comment_upload.module \comment_upload_comment()

Implementation of hook_comment.

File

./comment_upload.module, line 6

Code

function comment_upload_comment(&$comment, $op) {
  $cid = is_object($comment) ? $comment->cid : $comment['cid'];
  $cid = is_array($cid) ? $cid['#value'] : $cid;
  switch ($op) {
    case 'form':
      $node = node_load($comment['nid']['#value']);
      if (!user_access('upload files') || !variable_get('comment_upload_' . $node->type, 1)) {
        break;
      }
      $cobj->cid = $cid;
      $cobj->files = _comment_upload_load_files($cid);
      _upload_prepare($cobj);
      $form = array(
        '#attributes' => array(
          'enctype' => 'multipart/form-data',
        ),
      );
      if (variable_get('comment_upload_single', 0)) {
        $form['upload'] = array(
          '#type' => 'file',
          '#title' => t('Attachment'),
          '#size' => 50,
          '#description' => !empty($cobj->files) ? t('You already have a file uploaded, if you upload another it will overwrite the current one.') : '',
        );
      }
      else {
        drupal_add_js('misc/progress.js');
        drupal_add_js('misc/upload.js');

        // Attachments fieldset
        $form['attachments'] = array(
          '#type' => 'fieldset',
          '#title' => t('File attachments'),
          '#collapsible' => TRUE,
          '#collapsed' => empty($cobj->files),
          '#description' => t('Changes made to the attachments are not permanent until you save this post.'),
          '#prefix' => '<div class="attachments">',
          '#suffix' => '</div>',
          '#weight' => 10,
        );

        // Wrapper for fieldset contents (used by upload JS).
        $form['attachments']['wrapper'] = array(
          '#prefix' => '<div id="attach-wrapper">',
          '#suffix' => '</div>',
        );
        $form['attachments']['wrapper'] += _upload_form($cobj);

        // Enable the upload_preview module (when enabled) to modify the attachment display.
        if (module_exists('upload_preview')) {
          _upload_preview_node_form($form['attachments']['wrapper']['files'], 0);
        }
        $form['attachments']['wrapper']['attach-url']['#value'] = url('comment_upload/js', NULL, NULL, TRUE);
        $form['current']['cid'] = array(
          '#type' => 'hidden',
          '#value' => $cid,
        );
        unset($form['attachments']['wrapper']['current']['vid']);
      }
      return $form;
    case 'validate':

      // When $op == 'validate', $comment is an array, whereas _upload_validate
      // expects an object. We cast a copy of $comment to an object, as it is
      // passed by reference and we don't want to affect other hook_comment
      // implementations.
      // Failure to implement the cast led to a security issue, see
      // "SA-2008-015 - Comment Upload - Arbitrary file upload" for details.
      $comment_copy = (object) $comment;
      _upload_validate($comment_copy);
      break;
    case 'insert':
    case 'update':
      $node = node_load($comment['nid']);
      if (user_access('upload files') && variable_get('comment_upload_' . $node->type, 1)) {
        _comment_upload_save_files($comment);
      }
      break;
    case 'delete':
      _comment_upload_delete($cid);
      break;
    case 'view':
      if (!user_access('view uploaded files')) {
        break;
      }
      if (!isset($comment->files)) {
        $comment->files = _comment_upload_load_files($cid, $comment->nid);
      }
      elseif (is_array($comment->files) && variable_get('comment_upload_single', 0)) {

        // Simulate overwrite for preview
        foreach ($comment->files as $file) {
          if (strpos($file['fid'], 'upload') !== false) {
            unset($comment->files[0]);
            break;
          }
        }
      }
      if ($comment->files) {
        $comment->comment .= theme('comment_attachments', $comment->files);
      }
      break;
  }
}