[geeklog-cvs] geeklog-1.3/public_html comment.php,1.64,1.65
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Mon May 31 08:53:35 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv18427/public_html
Modified Files:
comment.php
Log Message:
Fix for the anonymous comment spamming even if comments for anonymous users were switched off.
Index: comment.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.64
retrieving revision 1.65
diff -C2 -d -r1.64 -r1.65
*** comment.php 31 May 2004 08:45:08 -0000 1.64
--- comment.php 31 May 2004 12:53:33 -0000 1.65
***************
*** 243,251 ****
$retval = '';
if (empty ($sid) || empty ($title) || empty ($comment) || empty ($type) ||
! ($uid < 1) || (($uid != $_USER['uid']) &&
! !empty ($_USER['username'])) || (empty ($_USER['username'])
! && (($_CONF['loginrequired'] == 1) ||
! ($_CONF['commentsloginrequired'] == 1)))) {
$retval .= COM_refresh ($_CONF['site_url'] . '/index.php');
return $retval;
--- 243,256 ----
$retval = '';
+ // ignore $uid as it may be manipulated anyway
+ if (empty ($_USER['uid'])) {
+ $uid = 1;
+ } else {
+ $uid = $_USER['uid'];
+ }
+
if (empty ($sid) || empty ($title) || empty ($comment) || empty ($type) ||
! (($uid == 1) && (($_CONF['loginrequired'] == 1) ||
! ($_CONF['commentsloginrequired'] == 1)))) {
$retval .= COM_refresh ($_CONF['site_url'] . '/index.php');
return $retval;
More information about the geeklog-cvs
mailing list