Commit message needs to be changed. Would also be nice to add 1-2 sentences that explain how this is used. On Tue, 21 Jul 2015 at 21:56:58, Marcel Korpel wrote:
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- Changes since v2: * Drop save_comment() method. * Rename load_comment() to get_comment_form(). * Provide JSDoc. * Always use the actual parameter $http_data instead of superglobals. * Always use intval() on integer parameters. * Provide a better error handling interface. * Use early returns to be able to use less deep nesting.
web/lib/aurjson.class.php | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index a272741..6a51597 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -14,7 +14,7 @@ class AurJSON { private $version = 1; private static $exposed_methods = array( 'search', 'info', 'multiinfo', 'msearch', 'suggest', - 'suggest-pkgbase' + 'suggest-pkgbase', 'get-comment-form' ); private static $exposed_fields = array( 'name', 'name-desc' @@ -477,5 +477,46 @@ class AurJSON {
return json_encode($result_array); } + + /** + * Get the HTML markup of the comment form. + * + * @param string $http_data Query parameters. + * + * @return string The JSON formatted response. + */ + private function get_comment_form($http_data) { + $comment_id = intval($http_data['arg']);
Can we move this further down so that $comment_id, $base_id and $pkgbase_name are obtained (and sanitized) at the "same time"?
+ + if (!isset($http_data['base_id']) && isset($http_data['pkgbase_name'])) {
This check looks wrong. Did you forget to amend the second part of the condition?
+ return json_encode(false); + } + + $base_id = intval($http_data['base_id']); + $pkgbase_name = $http_data['pkgbase_name']; + + list($user_id, $comment) = comment_by_id($comment_id); + + if (!has_credential(CRED_COMMENT_EDIT, array($user_id))) { + $output = array( + 'success' => 0, + 'error' => __('You do not have the right to edit this comment.'));
Just a minor nit but we usually indent multiline arrays like this: $output = array( 'success' => 0, 'error' => __('You do not have the right to edit this comment.') );
+ return json_encode($output); + } elseif (is_null($comment)) { + $output = array( + 'success' => 0, + 'error' => __('Comment does not exist.'));
Same here.
+ return json_encode($output); + } + + ob_start(); + include('pkg_comment_form.php'); + $html = ob_get_clean(); + $output = array( + 'success' => 1, + 'form' => $html);
Same here.
+ + return json_encode($output); + } }
-- 2.4.6