[geeklog-cvs] Geeklog-1.x/public_html comment.php,1.115,1.116
Michael Jervis
mjervis at qs1489.pair.com
Tue Aug 12 15:15:42 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv50880/public_html
Modified Files:
comment.php
Log Message:
Fixed issue where you can post a comment to an unpublished story (bug
#0000705)
Index: comment.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/comment.php,v
retrieving revision 1.115
retrieving revision 1.116
diff -C2 -d -r1.115 -r1.116
*** comment.php 23 May 2008 10:50:51 -0000 1.115
--- comment.php 12 Aug 2008 19:15:36 -0000 1.116
***************
*** 79,83 ****
case 'article':
$commentcode = DB_getItem ($_TABLES['stories'], 'commentcode',
! "sid = '$sid'" . COM_getPermSQL('AND') . COM_getTopicSQL('AND'));
if (!isset($commentcode) || ($commentcode != 0)) {
return COM_refresh($_CONF['site_url'] . '/index.php');
--- 79,85 ----
case 'article':
$commentcode = DB_getItem ($_TABLES['stories'], 'commentcode',
! "sid = '$sid'" . COM_getPermSQL('AND')
! . " AND (draft_flag = 0) AND (date <= NOW()) "
! . COM_getTopicSQL('AND'));
if (!isset($commentcode) || ($commentcode != 0)) {
return COM_refresh($_CONF['site_url'] . '/index.php');
***************
*** 312,315 ****
--- 314,318 ----
default: // New Comment
+ $abort = false;
$sid = COM_applyFilter ($_REQUEST['sid']);
$type = COM_applyFilter ($_REQUEST['type']);
***************
*** 323,347 ****
}
! if (!empty ($sid) && !empty ($type)) {
! if (empty ($title)) {
! if ($type == 'article') {
! $title = DB_getItem($_TABLES['stories'], 'title',
! "sid = '{$sid}'" . COM_getPermSQL('AND')
! . COM_getTopicSQL('AND'));
}
! $title = str_replace ('$', '$', $title);
! // CMT_commentForm expects non-htmlspecial chars for title...
! $title = str_replace ( '&', '&', $title );
! $title = str_replace ( '"', '"', $title );
! $title = str_replace ( '<', '<', $title );
! $title = str_replace ( '>', '>', $title );
}
- $display .= COM_siteHeader('menu', $LANG03[1])
- . CMT_commentForm ($title, '', $sid,
- COM_applyFilter ($_REQUEST['pid'], true), $type, $mode,
- $postmode)
- . COM_siteFooter();
- } else {
- $display .= COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
--- 326,361 ----
}
! if ($type == 'article') {
! $dbTitle = DB_getItem($_TABLES['stories'], 'title',
! "sid = '{$sid}'" . COM_getPermSQL('AND')
! . " AND (draft_flag = 0) AND (date <= NOW()) "
! . COM_getTopicSQL('AND'));
! if ($dbTitle === null) {
! // no permissions, or no story of that title
! $display = COM_refresh($_CONF['site_url'] . '/index.php');
! $abort = true;
! }
! }
! if (!$abort) {
! if (!empty ($sid) && !empty ($type)) {
! if (empty ($title)) {
! if ($type == 'article') {
! $title = $dbTitle;
! }
! $title = str_replace ('$', '$', $title);
! // CMT_commentForm expects non-htmlspecial chars for title...
! $title = str_replace ( '&', '&', $title );
! $title = str_replace ( '"', '"', $title );
! $title = str_replace ( '<', '<', $title );
! $title = str_replace ( '>', '>', $title );
}
! $display .= COM_siteHeader('menu', $LANG03[1])
! . CMT_commentForm ($title, '', $sid,
! COM_applyFilter ($_REQUEST['pid'], true), $type, $mode,
! $postmode)
! . COM_siteFooter();
! } else {
! $display .= COM_refresh($_CONF['site_url'] . '/index.php');
}
}
break;
More information about the geeklog-cvs
mailing list