getUser(); // Blocked users cannot submit new comments, and neither can those users // without the necessary privileges. Also prevent obvious cross-site request // forgeries (CSRF) if ( $user->isBlocked() || !$user->isAllowed( 'comment' ) || wfReadOnly() ) { return true; } $commentText = $this->getMain()->getVal( 'commentText' ); if ( $commentText != '' ) { // To protect against spam, it's necessary to check the supplied text // against spam filters (but comment admins are allowed to bypass the // spam filters) if ( !$user->isAllowed( 'commentadmin' ) && CommentFunctions::isSpam( $commentText ) ) { $this->dieUsage( wfMessage( 'comments-is-spam' )->plain(), 'comments-is-spam' ); } // If the comment contains links but the user isn't allowed to post // links, reject the submission if ( !$user->isAllowed( 'commentlinks' ) && CommentFunctions::haveLinks( $commentText ) ) { $this->dieUsage( wfMessage( 'comments-links-are-forbidden' )->plain(), 'comments-links-are-forbidden' ); } $page = new CommentsPage( $this->getMain()->getVal( 'pageID' ), $this->getContext() ); Comment::add( $commentText, $page, $user, $this->getMain()->getVal( 'parentID' ) ); if ( class_exists( 'UserStatsTrack' ) ) { $stats = new UserStatsTrack( $user->getID(), $user->getName() ); $stats->incStatField( 'comment' ); } } $kok_username = $this->getMain()->getVal( 'UsernameKOK' ); $result = $this->getResult(); $result->addValue( $this->getModuleName(), 'ok', 'ok' ); return true; } public function needsToken() { return 'csrf'; } public function isWriteMode() { return true; } public function getAllowedParams() { return array( 'pageID' => array( ApiBase::PARAM_REQUIRED => true, ApiBase::PARAM_TYPE => 'integer' ), 'parentID' => array( ApiBase::PARAM_REQUIRED => false, ApiBase::PARAM_TYPE => 'integer' ), 'commentText' => array( ApiBase::PARAM_REQUIRED => true, ApiBase::PARAM_TYPE => 'string' ), 'UsernameKOK' => array( ApiBase::PARAM_REQUIRED => false, ApiBase::PARAM_TYPE => 'string' ) ); } }