in app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/CommentServlet.java [158:420]
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
String error = null;
String dispatch_url;
Weblog weblog;
WeblogEntry entry;
String message = null;
RollerMessages messages = new RollerMessages();
// are we doing a preview? or a post?
String method = request.getParameter("method");
final boolean preview;
if (method != null && method.equals("preview")) {
preview = true;
messages.addMessage("commentServlet.previewCommentOnly");
log.debug("Handling comment preview post");
} else {
preview = false;
log.debug("Handling regular comment post");
}
// throttling protection against spammers
if (commentThrottle != null
&& commentThrottle.processHit(request.getRemoteAddr())) {
log.debug("ABUSIVE " + request.getRemoteAddr());
IPBanList.getInstance().addBannedIp(request.getRemoteAddr());
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
WeblogCommentRequest commentRequest;
try {
commentRequest = new WeblogCommentRequest(request);
weblog = commentRequest.getWeblog();
if (weblog == null) {
throw new WebloggerException("unable to lookup weblog: "
+ commentRequest.getWeblogHandle());
}
// lookup entry specified by comment request
entry = commentRequest.getWeblogEntry();
if (entry == null) {
throw new WebloggerException("unable to lookup entry: "
+ commentRequest.getWeblogAnchor());
}
// we know what the weblog entry is, so setup our urls
dispatch_url = "/roller-ui/rendering/page/" + weblog.getHandle();
if (commentRequest.getLocale() != null) {
dispatch_url += "/" + commentRequest.getLocale();
}
dispatch_url += "/entry/"
+ URLUtilities.encode(commentRequest.getWeblogAnchor());
} catch (Exception e) {
// some kind of error parsing the request or looking up weblog
log.debug("error creating page request", e);
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
log.debug("Doing comment posting for entry = " + entry.getPermalink());
// collect input from request params and construct new comment object
// fields: name, email, url, content, notify
// TODO: data validation on collected comment data
WeblogEntryComment comment = new WeblogEntryComment();
comment.setName(commentRequest.getName());
comment.setEmail(commentRequest.getEmail());
// Validate url
if (StringUtils.isNotEmpty(commentRequest.getUrl())) {
String theUrl = commentRequest.getUrl().trim().toLowerCase();
StringBuilder url = new StringBuilder();
if (theUrl.startsWith("http://")) {
url.append(theUrl);
} else if (theUrl.startsWith("https://")) {
url.append(theUrl);
} else {
url.append("http://").append(theUrl);
}
comment.setUrl(url.toString());
} else {
comment.setUrl("");
}
comment.setContent(commentRequest.getContent());
comment.setNotify(commentRequest.isNotify());
comment.setWeblogEntry(entry);
comment.setRemoteHost(request.getRemoteHost());
comment.setPostTime(new Timestamp(System.currentTimeMillis()));
// set comment content-type depending on if html is allowed
if (WebloggerRuntimeConfig
.getBooleanProperty("users.comments.htmlenabled")) {
comment.setContentType("text/html");
} else {
comment.setContentType("text/plain");
}
// set whatever comment plugins are configured
comment.setPlugins(WebloggerRuntimeConfig
.getProperty("users.comments.plugins"));
WeblogEntryCommentForm cf = new WeblogEntryCommentForm();
cf.setData(comment);
if (preview) {
cf.setPreview(comment);
}
I18nMessages messageUtils = I18nMessages.getMessages(commentRequest
.getLocaleInstance());
// check if comments are allowed for this entry
// this checks site-wide settings, weblog settings, and entry settings
if (!entry.getCommentsStillAllowed() || !entry.isPublished()) {
error = messageUtils.getString("comments.disabled");
// Must have an email and also must be valid
} else if (StringUtils.isEmpty(commentRequest.getEmail())
|| StringUtils.isNotEmpty(commentRequest.getEmail())
&& !Utilities.isValidEmailAddress(commentRequest.getEmail())) {
error = messageUtils
.getString("error.commentPostFailedEmailAddress");
log.debug("Email Adddress is invalid : "
+ commentRequest.getEmail());
// if there is an URL it must be valid
} else if (StringUtils.isNotEmpty(comment.getUrl())
&& !new UrlValidator(new String[] { "http", "https" })
.isValid(comment.getUrl())) {
error = messageUtils.getString("error.commentPostFailedURL");
log.debug("URL is invalid : " + comment.getUrl());
// if this is a real comment post then authenticate request
} else if (!preview && !this.authenticator.authenticate(request)) {
error = messageUtils.getString("error.commentAuthFailed");
log.debug("Comment failed authentication");
}
// bail now if we have already found an error
if (error != null) {
cf.setError(error);
request.setAttribute("commentForm", cf);
RequestDispatcher dispatcher = request
.getRequestDispatcher(dispatch_url);
dispatcher.forward(request, response);
return;
}
int validationScore = commentValidationManager.validateComment(comment,
messages);
log.debug("Comment Validation score: " + validationScore);
if (!preview) {
if (validationScore == RollerConstants.PERCENT_100
&& weblog.getCommentModerationRequired()) {
// Valid comments go into moderation if required
comment.setStatus(ApprovalStatus.PENDING);
message = messageUtils
.getString("commentServlet.submittedToModerator");
} else if (validationScore == RollerConstants.PERCENT_100) {
// else they're approved
comment.setStatus(ApprovalStatus.APPROVED);
message = messageUtils
.getString("commentServlet.commentAccepted");
} else {
// Invalid comments are marked as spam
log.debug("Comment marked as spam");
comment.setStatus(ApprovalStatus.SPAM);
error = messageUtils
.getString("commentServlet.commentMarkedAsSpam");
// add specific error messages if they exist
if (messages.getErrorCount() > 0) {
Iterator<RollerMessage> errors = messages.getErrors();
RollerMessage errorKey;
StringBuilder buf = new StringBuilder();
buf.append("<ul>");
while (errors.hasNext()) {
errorKey = errors.next();
buf.append("<li>");
if (errorKey.getArgs() != null) {
buf.append(messageUtils.getString(
errorKey.getKey(), errorKey.getArgs()));
} else {
buf.append(messageUtils.getString(errorKey.getKey()));
}
buf.append("</li>");
}
buf.append("</ul>");
error += buf.toString();
}
}
try {
if (!ApprovalStatus.SPAM.equals(comment.getStatus())
|| !WebloggerRuntimeConfig
.getBooleanProperty("comments.ignoreSpam.enabled")) {
WeblogEntryManager mgr = WebloggerFactory.getWeblogger()
.getWeblogEntryManager();
mgr.saveComment(comment);
WebloggerFactory.getWeblogger().flush();
// Send email notifications only to subscribers if comment
// is 100% valid
boolean notifySubscribers = (validationScore == RollerConstants.PERCENT_100);
MailUtil.sendEmailNotification(comment, messages,
messageUtils, notifySubscribers);
// only re-index/invalidate the cache if comment isn't
// moderated
if (!weblog.getCommentModerationRequired()) {
IndexManager manager = WebloggerFactory.getWeblogger()
.getIndexManager();
// remove entry before (re)adding it, or in case it
// isn't Published
manager.removeEntryIndexOperation(entry);
// if published, index the entry
if (entry.isPublished()) {
manager.addEntryIndexOperation(entry);
}
// Clear all caches associated with comment
CacheManager.invalidate(comment);
}
// comment was successful, clear the comment form
cf = new WeblogEntryCommentForm();
}
} catch (WebloggerException re) {
log.error("Error saving comment", re);
error = re.getMessage();
}
}
// the work has been done, now send the user back to the entry page
if (error != null) {
cf.setError(error);
}
if (message != null) {
cf.setMessage(message);
}
request.setAttribute("commentForm", cf);
log.debug("comment processed, forwarding to " + dispatch_url);
RequestDispatcher dispatcher = request
.getRequestDispatcher(dispatch_url);
dispatcher.forward(request, response);
}