[geeklog-cvs] geeklog-1.3/public_html comment.php,1.54,1.54.2.1
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Mon May 31 06:47:53 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv13549
Modified Files:
Tag: geeklog_1_3_9_1
comment.php
Log Message:
Fix for the anonymous comment spamming even if comments for anonymous users were switched off. Also added an additional check for the comment speed limit.
Index: comment.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.54
retrieving revision 1.54.2.1
diff -C2 -d -r1.54 -r1.54.2.1
*** comment.php 2 Mar 2004 08:20:07 -0000 1.54
--- comment.php 31 May 2004 10:47:51 -0000 1.54.2.1
***************
*** 242,254 ****
$retval = '';
if (empty ($sid) || empty ($title) || empty ($comment) || empty ($type) ||
! ($uid < 1) || (($uid != $_USER['uid']) &&
! !empty ($_USER['username'])) || (empty ($_USER['username'])
! && (($_CONF['loginrequired'] == 1) ||
! ($_CONF['commentsloginrequired'] == 1)))) {
$retval .= COM_refresh ($_CONF['site_url'] . '/index.php');
return $retval;
}
// Clean 'em up a bit!
if ($postmode == 'html') {
--- 242,271 ----
$retval = '';
+ // ignore $uid as it may be manipulated anyway
+ if (empty ($_USER['uid'])) {
+ $uid = 1;
+ } else {
+ $uid = $_USER['uid'];
+ }
+
if (empty ($sid) || empty ($title) || empty ($comment) || empty ($type) ||
! (($uid == 1) && (($_CONF['loginrequired'] == 1) ||
! ($_CONF['commentsloginrequired'] == 1)))) {
$retval .= COM_refresh ($_CONF['site_url'] . '/index.php');
return $retval;
}
+ // Check for people breaking the speed limit
+ COM_clearSpeedlimit ($_CONF['commentspeedlimit'], 'comment');
+ $last = COM_checkSpeedlimit ('comment');
+ if ($last > 0) {
+ $retval .= COM_startBlock ($LANG12[26], '', COM_getBlockTemplate ('_msg_block', 'header'))
+ . $LANG03[7]
+ . $last
+ . $LANG03[8]
+ . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
+ return $retval;
+ }
+
// Clean 'em up a bit!
if ($postmode == 'html') {
More information about the geeklog-cvs
mailing list