/**
* Gets the latest comments with the specified fetch size.
*
* <p>The returned comments content is plain text.
*
* @param fetchSize the specified fetch size
* @return the latest comments, returns an empty list if not found
* @throws ServiceException service exception
*/
public List<JSONObject> getLatestComments(final int fetchSize) throws ServiceException {
final Query query =
new Query()
.addSort(Comment.COMMENT_CREATE_TIME, SortDirection.DESCENDING)
.setCurrentPageNum(1)
.setPageSize(fetchSize)
.setPageCount(1);
try {
final JSONObject result = commentRepository.get(query);
final List<JSONObject> ret =
CollectionUtils.<JSONObject>jsonArrayToList(result.optJSONArray(Keys.RESULTS));
for (final JSONObject comment : ret) {
comment.put(Comment.COMMENT_CREATE_TIME, comment.optLong(Comment.COMMENT_CREATE_TIME));
final String articleId = comment.optString(Comment.COMMENT_ON_ARTICLE_ID);
final JSONObject article = articleRepository.get(articleId);
comment.put(
Comment.COMMENT_T_ARTICLE_TITLE,
Emotions.clear(article.optString(Article.ARTICLE_TITLE)));
comment.put(
Comment.COMMENT_T_ARTICLE_PERMALINK, article.optString(Article.ARTICLE_PERMALINK));
final String commenterId = comment.optString(Comment.COMMENT_AUTHOR_ID);
final JSONObject commenter = userRepository.get(commenterId);
if (UserExt.USER_STATUS_C_INVALID == commenter.optInt(UserExt.USER_STATUS)
|| Comment.COMMENT_STATUS_C_INVALID == comment.optInt(Comment.COMMENT_STATUS)) {
comment.put(Comment.COMMENT_CONTENT, langPropsService.get("commentContentBlockLabel"));
}
if (Article.ARTICLE_TYPE_C_DISCUSSION == article.optInt(Article.ARTICLE_TYPE)) {
comment.put(Comment.COMMENT_CONTENT, "....");
}
String content = comment.optString(Comment.COMMENT_CONTENT);
content = Emotions.clear(content);
content = Jsoup.clean(content, Whitelist.none());
if (StringUtils.isBlank(content)) {
comment.put(Comment.COMMENT_CONTENT, "....");
} else {
comment.put(Comment.COMMENT_CONTENT, content);
}
final String commenterEmail = comment.optString(Comment.COMMENT_AUTHOR_EMAIL);
final String avatarURL = avatarQueryService.getAvatarURL(commenterEmail);
commenter.put(UserExt.USER_AVATAR_URL, avatarURL);
comment.put(Comment.COMMENT_T_COMMENTER, commenter);
}
return ret;
} catch (final RepositoryException e) {
LOGGER.log(Level.ERROR, "Gets user comments failed", e);
throw new ServiceException(e);
}
}
/**
* Strips any potential XSS threats out of the value
*
* @param value
* @return
*/
public static String stripXSS(String value) {
LOG.debug("Value before stripping: " + value);
if (value != null) {
// Use the ESAPI library to avoid encoded attacks.
value = ESAPI.encoder().canonicalize(value);
// Avoid null characters
value = value.replaceAll("\0", "");
// Clean out HTML
value = Jsoup.clean(value, Whitelist.none());
}
LOG.debug("Value after stripping: " + value);
return value;
}
@Restrict(Mupi.USER_ROLE)
public static Result comment(String body, Long id) {
final User u = Mupi.getLocalUser(session());
final models.Profile p = u.profile;
final models.Publication pub = models.Publication.find.byId(id);
String safeBody =
Jsoup.clean(
textWithLinks(body.replaceAll("(\r\n|\n)", " <br/> ")),
Whitelist.none().addTags("br", "a").addAttributes("a", "href", "target"));
if (pub != null) PubComment.create(pub, p, safeBody);
List<UserEmail> l_ue = models.Profile.emailsFromPublication(pub);
for (UserEmail ue : l_ue) {
if (u.getEmail().equalsIgnoreCase(ue.getEmail()))
System.out.println("Commenter: " + ue.getEmail());
else System.out.println(ue.getEmail());
}
return selectFeed(getLocalInterest(), getLocalLocation());
}
/**
* Gets article preview content.
*
* <p>Renders the response with a json object, for example,
*
* <pre>
* {
* "html": ""
* }
* </pre>
*
* @param request the specified http servlet request
* @param response the specified http servlet response
* @param context the specified http request context
* @param articleId the specified article id
* @throws Exception exception
*/
@RequestProcessing(value = "/article/{articleId}/preview", method = HTTPRequestMethod.GET)
@Before(adviceClass = StopwatchStartAdvice.class)
@After(adviceClass = StopwatchEndAdvice.class)
public void getArticlePreviewContent(
final HttpServletRequest request,
final HttpServletResponse response,
final HTTPRequestContext context,
final String articleId)
throws Exception {
final JSONRenderer renderer = new JSONRenderer();
context.setRenderer(renderer);
final JSONObject result = Results.trueResult();
renderer.setJSONObject(result);
result.put("html", "");
final JSONObject article = articleQueryService.getArticle(articleId);
if (null == article) {
result.put(Keys.STATUS_CODE, false);
return;
}
final int length = Integer.valueOf("150");
String content = article.optString(Article.ARTICLE_CONTENT);
final String authorId = article.optString(Article.ARTICLE_AUTHOR_ID);
final JSONObject author = userQueryService.getUser(authorId);
if (null != author && UserExt.USER_STATUS_C_INVALID == author.optInt(UserExt.USER_STATUS)
|| Article.ARTICLE_STATUS_C_INVALID == article.optInt(Article.ARTICLE_STATUS)) {
result.put("html", langPropsService.get("articleContentBlockLabel"));
return;
}
final Set<String> userNames = userQueryService.getUserNames(content);
final JSONObject currentUser = userQueryService.getCurrentUser(request);
final String currentUserName = null == currentUser ? "" : currentUser.optString(User.USER_NAME);
final String authorName = author.optString(User.USER_NAME);
if (Article.ARTICLE_TYPE_C_DISCUSSION == article.optInt(Article.ARTICLE_TYPE)
&& !authorName.equals(currentUserName)) {
boolean invited = false;
for (final String userName : userNames) {
if (userName.equals(currentUserName)) {
invited = true;
break;
}
}
if (!invited) {
String blockContent = langPropsService.get("articleDiscussionLabel");
blockContent =
blockContent.replace(
"{user}",
"<a href='"
+ Latkes.getServePath()
+ "/member/"
+ authorName
+ "'>"
+ authorName
+ "</a>");
result.put("html", blockContent);
return;
}
}
content = Emotions.convert(content);
content = Markdowns.toHTML(content);
content = Jsoup.clean(content, Whitelist.none());
if (content.length() >= length) {
content = StringUtils.substring(content, 0, length) + " ....";
}
result.put("html", content);
}
/**
* Strip all HTML tags.
*
* @param content the HTML content to strip the tags from
* @return the string
*/
public static String htmlToText(String content) {
return StringEscapeUtils.unescapeHtml(Jsoup.clean(content, Whitelist.none()));
}
public static String cleanHtml(String str) {
Document.OutputSettings settings = new Document.OutputSettings();
settings.escapeMode(Entities.EscapeMode.xhtml);
return Jsoup.clean(str, "", Whitelist.none(), settings);
}
