getUser(); // Blocked users cannot submit new comments, and neither can those users // without the necessary privileges. Also prevent obvious cross-site request // forgeries (CSRF) if ( $user->isBlocked() || !$user->isAllowed( 'comment' ) || wfReadOnly() ) { return true; } $commentText = $this->getMain()->getVal( 'commentText' ); if ( $commentText != '' ) { // To protect against spam, it's necessary to check the supplied text // against spam filters (but comment admins are allowed to bypass the // spam filters) if ( !$user->isAllowed( 'commentadmin' ) && CommentFunctions::isSpam( $commentText ) ) { $this->dieWithError( $this->msg( 'comments-is-spam' )->plain(), 'comments-is-spam' ); } // If the comment contains links but the user isn't allowed to post // links, reject the submission if ( !$user->isAllowed( 'commentlinks' ) && CommentFunctions::haveLinks( $commentText ) ) { $this->dieWithError( $this->msg( 'comments-links-are-forbidden' )->plain(), 'comments-links-are-forbidden' ); } $page = new CommentsPage( $this->getMain()->getVal( 'pageID' ), $this->getContext() ); Comment::add( $commentText, $page, $user, $this->getMain()->getVal( 'parentID' ) ); if ( class_exists( 'UserStatsTrack' ) ) { $stats = new UserStatsTrack( $user->getId(), $user->getName() ); $stats->incStatField( 'comment' ); } } $result = $this->getResult(); $result->addValue( $this->getModuleName(), 'ok', 'ok' ); return true; } public function needsToken() { return 'csrf'; } public function isWriteMode() { return true; } public function getAllowedParams() { return [ 'pageID' => [ ApiBase::PARAM_REQUIRED => true, ApiBase::PARAM_TYPE => 'integer' ], 'parentID' => [ ApiBase::PARAM_REQUIRED => false, ApiBase::PARAM_TYPE => 'integer' ], 'commentText' => [ ApiBase::PARAM_REQUIRED => true, ApiBase::PARAM_TYPE => 'string' ] ]; } }