[geeklog-cvs] geeklog-1.3/public_html comment.php,1.68,1.69 lib-common.php,1.345,1.346
vinny at iowaoutdoors.org
vinny at iowaoutdoors.org
Tue Jul 27 14:37:21 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv17686/public_html
Modified Files:
comment.php lib-common.php
Log Message:
Major update to the commentbar having some far-reaching effects (including
requiring a minor theme change: a deletion of a line from commentbar.thtml).
Correct small bug (nonexploitable) in comment.php which allowed comment id not
to match the associated story id.
Index: comment.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.68
retrieving revision 1.69
diff -C2 -d -r1.68 -r1.69
*** comment.php 30 Jun 2004 00:04:37 -0000 1.68
--- comment.php 27 Jul 2004 18:37:16 -0000 1.69
***************
*** 656,660 ****
// MAIN
! switch ($mode) {
case $LANG03[14]: // Preview
$display .= COM_siteHeader()
--- 656,664 ----
// MAIN
! if ( isset($_REQUEST['reply']) ) {
! $_REQUEST['mode'] = '';
! }
!
! switch ( $_REQUEST['mode'] ) {
case $LANG03[14]: // Preview
$display .= COM_siteHeader()
***************
*** 684,688 ****
case 'view':
! $cid = COM_applyFilter ($HTTP_GET_VARS['cid'], true);
if ($cid > 0) {
$sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = $cid";
--- 688,692 ----
case 'view':
! $cid = COM_applyFilter ($_REQUEST['cid'], true);
if ($cid > 0) {
$sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = $cid";
***************
*** 703,713 ****
$display .= COM_siteHeader();
if ($allowed == 1) {
! $format = COM_applyFilter ($HTTP_GET_VARS['format']);
! if ( $format != 'threaded' && $format != 'nested' && $format != 'flat' ) { //FIXME
! $format = 'threaded';
}
$display .= COM_userComments ($sid, $title, $type,
! COM_applyFilter ($HTTP_GET_VARS['order']), $format, $cid,
! COM_applyFilter ($HTTP_GET_VARS['page']), true);
} else {
$display .= COM_startBlock ($LANG_ACCESS['accessdenied'], '',
--- 707,723 ----
$display .= COM_siteHeader();
if ($allowed == 1) {
! $format = COM_applyFilter ($_REQUEST['format']);
! if ( $format != 'threaded' && $format != 'nested' && $format != 'flat' ) {
! if ( $_USER['uid'] > 1 ) {
! $format = DB_getItem( $_TABLES['usercomment'], 'commentmode',
! "uid = {$_USER['uid']}" );
! }
! if ( empty($format) || $_USER['uid'] <= 1 ) {
! $format = $_CONF['comment_mode'];
! }
}
$display .= COM_userComments ($sid, $title, $type,
! COM_applyFilter ($_REQUEST['order']), $format, $cid,
! COM_applyFilter ($_REQUEST['page'], true), true);
} else {
$display .= COM_startBlock ($LANG_ACCESS['accessdenied'], '',
***************
*** 723,729 ****
case 'display':
! $sid = COM_applyFilter ($HTTP_GET_VARS['sid']);
! $type = COM_applyFilter ($HTTP_GET_VARS['type']);
! if (!empty ($sid) && !empty ($type)) {
$allowed = 1;
if ($type == 'article') {
--- 733,743 ----
case 'display':
! $pid = COM_applyFilter ($_REQUEST['pid'], true);
! if ($pid > 0) {
! $sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = $pid";
! $A = DB_fetchArray( DB_query($sql) );
! $sid = $A['sid'];
! $title = $A['title'];
! $type = $A['type'];
$allowed = 1;
if ($type == 'article') {
***************
*** 738,746 ****
$display .= COM_siteHeader();
if ($allowed == 1) {
! $display .= COM_userComments ($sid,
! strip_tags ($HTTP_GET_VARS['title']), $type,
! COM_applyFilter ($HTTP_GET_VARS['order']), 'threaded',
! COM_applyFilter ($HTTP_GET_VARS['pid'], true),
! COM_applyFilter ($HTTP_GET_VARS['page'], true));
} else {
$display .= COM_startBlock ($LANG_ACCESS['accessdenied'], '',
--- 752,762 ----
$display .= COM_siteHeader();
if ($allowed == 1) {
! $format = COM_applyFilter ($_REQUEST['format']);
! if ( $format != 'threaded' && $format != 'nested' && $format != 'flat' ) {
! $format = 'threaded';
! }
! $display .= COM_userComments ($sid, $title, $type,
! COM_applyFilter ($_REQUEST['order']), $format, $pid,
! COM_applyFilter ($_REQUEST['page'], true));
} else {
$display .= COM_startBlock ($LANG_ACCESS['accessdenied'], '',
Index: lib-common.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.345
retrieving revision 1.346
diff -C2 -d -r1.345 -r1.346
*** lib-common.php 26 Jul 2004 15:30:54 -0000 1.345
--- lib-common.php 27 Jul 2004 18:37:16 -0000 1.346
***************
*** 2696,2701 ****
function COM_commentBar( $sid, $title, $type, $order, $mode )
{
! global $_TABLES, $LANG01, $_USER, $_CONF, $HTTP_GET_VARS;
$nrows = DB_count( $_TABLES['comments'], 'sid', $sid );
--- 2696,2702 ----
function COM_commentBar( $sid, $title, $type, $order, $mode )
{
! global $_TABLES, $LANG01, $_USER, $_CONF, $_REQUEST, $HTTP_SERVER_VARS;
+ $page = array_pop(explode('/', $HTTP_SERVER_VARS['PHP_SELF']));
$nrows = DB_count( $_TABLES['comments'], 'sid', $sid );
***************
*** 2747,2756 ****
}
! if( $type == "poll" )
{
! $commentbar->set_var( 'parent_url', $_CONF['site_url']
! . '/pollbooth.php?qid=' . $sid . '&aid=-1' );
$commentbar->set_var( 'hidden_field',
! '<input type="hidden" name="scale" value="400">' );
}
else
--- 2748,2774 ----
}
! if ( $page == 'comment.php' )
{
! $commentbar->set_var( 'parent_url',
! $_CONF['site_url'] . '/comment.php' );
! $hidden = '';
! if ( $_REQUEST['mode'] == 'view' ) {
! $hidden .= '<input type="hidden" name="cid" value="' . $_REQUEST['cid'] . '">';
! $hidden .= '<input type="hidden" name="pid" value="' . $_REQUEST['cid'] . '">';
! }
! else if ( $_REQUEST['mode'] == 'display' ) {
! $hidden .= '<input type="hidden" name="pid" value="' . $_REQUEST['pid'] . '">';
! }
! $commentbar->set_var( 'hidden_field', $hidden .
! '<input type="hidden" name="mode" value="' . $_REQUEST['mode'] . '">' );
! }
! else if( $type == "poll" )
! {
! $commentbar->set_var( 'parent_url',
! $_CONF['site_url'] . '/pollbooth.php' );
$commentbar->set_var( 'hidden_field',
! '<input type="hidden" name="scale" value="400">' .
! '<input type="hidden" name="qid" value="' . $sid . '">' .
! '<input type="hidden" name="aid" value="-1">' );
}
else
***************
*** 2769,2775 ****
// Mode
! $selector = '<select name="mode">' . LB
! . COM_optionList( $_TABLES['commentmodes'], 'mode,name', $mode )
! . LB . '</select>';
$commentbar->set_var( 'mode_selector', $selector);
--- 2787,2801 ----
// Mode
! if ( $page == 'comment.php' )
! {
! $selector = '<select name="format">';
! }
! else
! {
! $selector = '<select name="mode">';
! }
! $selector .= LB
! . COM_optionList( $_TABLES['commentmodes'], 'mode,name', $mode )
! . LB . '</select>';
$commentbar->set_var( 'mode_selector', $selector);
More information about the geeklog-cvs
mailing list