[geeklog-cvs] geeklog-1.3/public_html comment.php,1.49,1.50
dhaun at geeklog.net
dhaun at geeklog.net
Sun Jan 18 09:46:19 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv23963
Modified Files:
comment.php
Log Message:
Don't let user browse comments when s/he doesn't have access to the story.
Index: comment.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.49
retrieving revision 1.50
diff -C2 -d -r1.49 -r1.50
*** comment.php 22 Dec 2003 20:34:34 -0000 1.49
--- comment.php 18 Jan 2004 14:46:17 -0000 1.50
***************
*** 405,415 ****
$commentmode = $_CONF['comment_mode'];
}
! $display .= COM_siteHeader()
! . COM_userComments (COM_applyFilter ($HTTP_GET_VARS['sid']),
! strip_tags ($HTTP_GET_VARS['title']),
! COM_applyFilter ($HTTP_GET_VARS['type']),
! COM_applyFilter ($HTTP_GET_VARS['order']), $commentmode,
! COM_applyFilter ($HTTP_GET_VARS['pid'], true))
! . COM_siteFooter();
break;
default:
--- 405,437 ----
$commentmode = $_CONF['comment_mode'];
}
! $sid = COM_applyFilter ($HTTP_GET_VARS['sid']);
! $type = COM_applyFilter ($HTTP_GET_VARS['type']);
! if (!empty ($sid) && !empty ($type)) {
! $allowed = 1;
! if ($type == 'article') {
! $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND'));
! $A = DB_fetchArray ($result);
! $allowed = $A['count'];
! } else if ($type == 'poll') {
! $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['pollquestions']} WHERE (qid = '$sid')" . COM_getPermSQL ('AND'));
! $A = DB_fetchArray ($result);
! $allowed = $A['count'];
! }
! $display .= COM_siteHeader();
! if ($allowed == 1) {
! $display .= COM_userComments ($sid,
! strip_tags ($HTTP_GET_VARS['title']), $type,
! COM_applyFilter ($HTTP_GET_VARS['order']), $commentmode,
! COM_applyFilter ($HTTP_GET_VARS['pid'], true));
! } else {
! $display .= COM_startBlock ($LANG_ACCESS['accessdenied'], '',
! COM_getBlockTemplate ('_msg_block', 'header'))
! . $LANG_ACCESS['storydenialmsg']
! . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
! }
! $display .= COM_siteFooter();
! } else {
! $display .= COM_refresh($_CONF['site_url'] . '/index.php');
! }
break;
default:
More information about the geeklog-cvs
mailing list