#98 Limit on comment length

[Anonymous]

As of now, guests and anyone else can make comments as lengthy as they want. Now if someone wanted to attack the site, take up space, etc, they could just spam the comments with the first million digits of pie or something, over and over. That wouldn't really be nice, but I'm sure there are some people who do that, so this is kinda important.

[nabber00]

Actually PHP does have a POST_MAX_SIZE variable which should limit any comment postings. However this is usually a pretty large value, somewhere in the MB range.

So, just limiting the comment size to something smaller doesn't really solve the problem of the "over and over" part. But it does mean that more "over and over" is required.

[Herb]

Summary of changes to implement "maximum comment size":
setup.php
Add input box to form in setup.php

setup_cgi.php
Add code to update max_comment_length in configuration file.

configuration.php
Added tag MAX_COMMENT_LENGTH to configuration.php (define it, and set default to 0). This makes
MAX_COMMENT_LENGTH a key in the configuration 'tags' array and available to PHP via $blog_config->getTag.

index.tpl
Add javascript code to add 'max_comment_length' element to javascript blogSettings array, using the
MAX_COMMENT_LENGHT tag. This makes max_comment_length available to javascript.

strings.php
Add $lang_string['max_comment_length'] = 'Maximum comment length'; to strings.php (in English folder)
(strings.php defines the function 'sb_language')
Modified setup_cgi.php to capture MAX_COMMENT_LENGTH.

comments.php
Add onkeyup attribute to textarea element for comment.

Add javascript onkeyup handler to show remaining character count and truncate an over-long comment (if a limit has been set)

comment_add_cgi.php
Modified code to test comment length, truncating it if it exceeds the maximum.

sb_formatting
Add code to recognize the template tag "{MAX_COMMENT_LENGTH}"

Code from setup.php (with context)
]['blog_comments_popup'] ); ?><p />

<!-- HJM -->
<label for="max_comment_length"><?php echo( $GLOBALS['lang_string']['max_comment_length']); ?> </label>
<input type="text" id="max_comment_length" name="max_comment_length" value="<?php echo($blog_config->getTag('MAX_COMMENT_LENGTH'));?>" autocomplete="OFF" size="5"> <p />
<!-- HJM -->

<label for="blog_comment_days_expiry"><?php echo( $GLOBALS['lang_string']['blog_comment_days_expiry']

changes to setup_cgi.php:
$temp_blog_comment_days_expiry = 0;
}

//hjm
$temp_max_comment_length = intval($_POST['max_comment_length' ] );
if ( $temp_max_comment_length < 0) {
$temp_max_comment_length = 0;
}
//hjm
$temp_blog_counter_hours = intval($_POST['blog_counter_hours' ] );
if ( $temp_blog_counter_hours < 1) {
$temp_blog_counter_hours = 1;
}

// Handle 'tags to allow in comments' section //hjm
$tag_array = array( 'b', 'i', 'strong', 'em', 'del', 'ins', 'strike', 'img', 'url', 'blockquote', 'hN', 'pre', 'code', 'html','center' );

Changes to configuration.php

array_push($this->tags, 'USE_JS_EDITOR');
array_push($this->tags, 'MAX_COMMENT_LENGTH'); //HJM
// Cache Excluded Tags
...

$this->setTag('MAX_COMMENT_LENGTH',0); //HJM

changes to index.tpl (I include other changes I made earlier as well)
<script type="text/javascript">
// Some 'blogSettings' values (I'm not sure which, but one is 'img_path') are needed for show/hide code.
blogSettings = [];
blogSettings['theme'] = '{BLOG_THEME}';
blogSettings['img_path'] = 'themes/{BLOG_THEME}/images/';
blogSettings['content_width'] = {CONTENT_WIDTH} ;
blogSettings['menu_width'] = {MENU_WIDTH} ;
blogSettings['max_comment_length'] = {MAX_COMMENT_LENGTH};
</script>

strings.php (English only):

$lang_string['comment_moderation'] = "Moderation Options"; // New in 0.5.0
$lang_string['max_comment_length'] = 'Maximum comment length (0 means no limit)'; //hjm
// end case 'setup' hjm (useful in figuring out why it didn't work the first time)

comments.php
// This may need some testing; I had text between the label and the break (until i
// pasted this in here). Without the junk content, IE may not create a text node there,
// and the onkeyup will not be able to insert text. Don't know for certain.
<!-- HJM added ID to label tag -->
<label for="comment_text" id="label_comment_text"><?php echo( $GLOBALS['lang_string']['comment_text'] ); ?></label><br />
<textarea onkeyup="sb_javascript.showRmngCharCount();" style="width: <?php global $theme_vars; echo( $theme_vars[ 'max_image_width' ] ); ?>px;" id="comment_text" name="comment_text" rows="20" cols="50" autocomplete="off"></textarea><br /><br />
...
...
<script type="text/javascript">
// <!--
// Validate the Form
function validate_comment(theform) {
if ( theform.comment_text.value=="" || theform.comment_name.value=="" || theform.comment_capcha.value=="" ) {
alert("<?php echo( $GLOBALS['lang_string']['form_error'] ); ?>");
return false;
} else {
return true;
}
}

//HJM
sb_javascript.showRmngCharCount = function() {
// Purpose:
// Calculate the number of additional characters allowed in the comment.
// Successfully tested in IE 7 and firefox 8.0.
var countEl, /* element where the count will be displayed */
cmtEl, /* element containing the comment*/
charsRmng; /* characters remaining */
countEl = document.getElementById("label_comment_text");
cmtEl = document.getElementById("comment_text");
charsRmng = blogSettings['max_comment_length'] - cmtEl.value.length;
if (charsRmng < 0) {
charsRmng = 0;
cmtEl.value = cmtEl.value.substring(0,blogSettings['max_comment_length']);
}
countEl.nextSibling.nodeValue = " (Chars remaining: " + charsRmng + ")";
};
// -->
</script>
<?php
$page_template->appendTag('{JAVASCRIPT}', ob_get_clean());

comment_add_cgi.php
$comment_text = sb_stripslashes( $_POST[ 'comment_text' ] );
// hjm
if (strlen($comment_text) > $blog_config->getTag('MAX_COMMENT_LENGTH') ) {
$comment_text = substr($comment_text, 0, $blog_config->getTag('MAX_COMMENT_LENGTH') );
}
//hjm
$result = write_comment( $_POST[ 'y' ], $_POST[ 'm' ], $_POST[ 'entry' ],

sb_formatting.php: (this also contains some stuff I added earlier, to support show/hide menus):

function get_init_code(&$page_template) {
global $blog_config;
global $theme_vars; //hjm
....
....
$page_template->setTag('{SEARCH_URI}', dirname($page_template->getTag('{URI}')) . '/plugins/search.php');

// HJM
// content_width, menu_width, blog theme and image_path (which can be constructed from the blog_theme and constants) are stored in javascript variables. The theme is already replaced elsewhere in this code, so for javascript in the template (tpl) file, we need onl y content_width and menu_width.
$aList = array('content_width','menu_width');
foreach ($aList as $key) {
$tplKey = "{" . strtoupper($key) . "}";
if (isset($theme_vars[$key])){
$page_template->setTag($tplKey,$theme_vars[$key]);
} else {
$page_template->setTag($tplKey,0);
}
}
$page_template->setTag('{MAX_COMMENT_LENGTH}', $blog_config->getTag('MAX_COMMENT_LENGTH') );
// end HJM
// Theme Style Sheet
$page_template->setTag('{BLOG_THEME}', $GLOBALS['blog_theme']);

Notes:
Anticipating doing this more globally, I wrapped some javascript in an object named sb_javascript. Nothing wrapped by that should create a javascript global (unless I forgot to declare a VAR somewhere). That requires a statement defining sb_javascript. In my own code, i put it here, in sb_javascript.js:

// SET COOKIE
sb_javascript = {};

I hope you can figure this all out! It isn't complicated, but there are lots of little bits sort of scattered everywhere. If you have a question, ask.

Plus, of course, I hope it works, and I haven't sort of missed the point...

herb