[geeklog-cvs] geeklog-1.3/public_html comment.php,1.49,1.50

dhaun at geeklog.net dhaun at geeklog.net
Sun Jan 18 09:46:19 EST 2004 

Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv23963

Modified Files:
	comment.php 
Log Message:
Don't let user browse comments when s/he doesn't have access to the story.


Index: comment.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.49
retrieving revision 1.50
diff -C2 -d -r1.49 -r1.50
*** comment.php	22 Dec 2003 20:34:34 -0000	1.49
--- comment.php	18 Jan 2004 14:46:17 -0000	1.50
***************
*** 405,415 ****
          $commentmode = $_CONF['comment_mode'];
      }
!     $display .= COM_siteHeader()
!         . COM_userComments (COM_applyFilter ($HTTP_GET_VARS['sid']),
!                 strip_tags ($HTTP_GET_VARS['title']),
!                 COM_applyFilter ($HTTP_GET_VARS['type']),
!                 COM_applyFilter ($HTTP_GET_VARS['order']), $commentmode,
!                 COM_applyFilter ($HTTP_GET_VARS['pid'], true))
!         . COM_siteFooter();
      break;
  default:
--- 405,437 ----
          $commentmode = $_CONF['comment_mode'];
      }
!     $sid = COM_applyFilter ($HTTP_GET_VARS['sid']);
!     $type = COM_applyFilter ($HTTP_GET_VARS['type']);
!     if (!empty ($sid) && !empty ($type)) {
!         $allowed = 1;
!         if ($type == 'article') {
!             $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND'));
!             $A = DB_fetchArray ($result);
!             $allowed = $A['count'];
!         } else if ($type == 'poll') {
!             $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['pollquestions']} WHERE (qid = '$sid')" . COM_getPermSQL ('AND'));
!             $A = DB_fetchArray ($result);
!             $allowed = $A['count'];
!         }
!         $display .= COM_siteHeader();
!         if ($allowed == 1) {
!             $display .= COM_userComments ($sid,
!                     strip_tags ($HTTP_GET_VARS['title']), $type,
!                     COM_applyFilter ($HTTP_GET_VARS['order']), $commentmode,
!                     COM_applyFilter ($HTTP_GET_VARS['pid'], true));
!         } else {
!             $display .= COM_startBlock ($LANG_ACCESS['accessdenied'], '',
!                                 COM_getBlockTemplate ('_msg_block', 'header'))
!                      . $LANG_ACCESS['storydenialmsg']
!                      . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
!         }
!         $display .= COM_siteFooter();
!     } else {
!         $display .= COM_refresh($_CONF['site_url'] . '/index.php');
!     }
      break;
  default:

More information about the geeklog-cvs mailing list