[geeklog-cvs] Geeklog-1.x/public_html comment.php,1.114,1.115
Dirk Haun
dhaun at qs1489.pair.com
Fri May 23 06:50:53 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv25132/public_html
Modified Files:
comment.php
Log Message:
More CSRF protection
Index: comment.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/comment.php,v
retrieving revision 1.114
retrieving revision 1.115
diff -C2 -d -r1.114 -r1.115
*** comment.php 28 Oct 2007 16:48:42 -0000 1.114
--- comment.php 23 May 2008 10:50:51 -0000 1.115
***************
*** 9,13 ****
// | Let user comment on a story or plugin. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2007 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
--- 9,13 ----
// | Let user comment on a story or plugin. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2008 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
***************
*** 41,45 ****
*
* @author Jason Whittenburg
! * @author Tony Bibbs <tony at tonybibbs.com>
* @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net>
*
--- 41,45 ----
*
* @author Jason Whittenburg
! * @author Tony Bibbs <tonyAT tonybibbs DOT com>
* @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net>
*
***************
*** 49,58 ****
* Geeklog common function library
*/
! require_once('lib-common.php');
/**
* Geeklog comment function library
*/
! require_once( $_CONF['path_system'] . 'lib-comment.php' );
// Uncomment the line below if you need to debug the HTTP variables being passed
--- 49,58 ----
* Geeklog common function library
*/
! require_once 'lib-common.php';
/**
* Geeklog comment function library
*/
! require_once $_CONF['path_system'] . 'lib-comment.php';
// Uncomment the line below if you need to debug the HTTP variables being passed
***************
*** 115,119 ****
/**
! * Hanldes a comment submission
*
* @copyright Vincent Furia 2005
--- 115,119 ----
/**
! * Handles a comment submission
*
* @copyright Vincent Furia 2005
***************
*** 125,157 ****
global $_CONF, $_TABLES;
! $type = COM_applyFilter ($_REQUEST['type']);
! $sid = COM_applyFilter ($_REQUEST['sid']);
! switch ( $type ) {
! case 'article':
! $has_editPermissions = SEC_hasRights ('story.edit');
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '$sid'");
! $A = DB_fetchArray ($result);
! if ($has_editPermissions && SEC_hasAccess ($A['owner_id'],
! $A['group_id'], $A['perm_owner'], $A['perm_group'],
! $A['perm_members'], $A['perm_anon']) == 3) {
! CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid, 'article');
! $comments = DB_count ($_TABLES['comments'], 'sid', $sid);
! DB_change ($_TABLES['stories'], 'comments', $comments,
! 'sid', $sid);
! $display .= COM_refresh (COM_buildUrl ($_CONF['site_url']
! . "/article.php?story=$sid") . '#comments');
! } else {
! COM_errorLog ("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) "
! . "tried to illegally delete comment $cid from $type $sid");
! $display .= COM_refresh ($_CONF['site_url'] . '/index.php');
! }
! break;
! default: //assume plugin
! if ( !($display = PLG_commentDelete($type,
! COM_applyFilter($_REQUEST['cid'], true), $sid)) ) {
! $display = COM_refresh ($_CONF['site_url'] . '/index.php');
! }
! break;
}
--- 125,161 ----
global $_CONF, $_TABLES;
! $display = '';
! $type = COM_applyFilter($_REQUEST['type']);
! $sid = COM_applyFilter($_REQUEST['sid']);
!
! switch ($type) {
! case 'article':
! $has_editPermissions = SEC_hasRights('story.edit');
! $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '$sid'");
! $A = DB_fetchArray($result);
!
! if ($has_editPermissions && SEC_hasAccess($A['owner_id'],
! $A['group_id'], $A['perm_owner'], $A['perm_group'],
! $A['perm_members'], $A['perm_anon']) == 3) {
! CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid,
! 'article');
! $comments = DB_count($_TABLES['comments'], 'sid', $sid);
! DB_change($_TABLES['stories'], 'comments', $comments,
! 'sid', $sid);
! $display .= COM_refresh(COM_buildUrl ($_CONF['site_url']
! . "/article.php?story=$sid") . '#comments');
! } else {
! COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment $cid from $type $sid");
! $display .= COM_refresh($_CONF['site_url'] . '/index.php');
! }
! break;
!
! default: // assume plugin
! if (!($display = PLG_commentDelete($type,
! COM_applyFilter($_REQUEST['cid'], true), $sid))) {
! $display = COM_refresh($_CONF['site_url'] . '/index.php');
! }
! break;
}
***************
*** 276,280 ****
case 'delete':
! $display .= handleDelete(); // moved to function for readibility
break;
--- 280,288 ----
case 'delete':
! if (SEC_checkToken()) {
! $display .= handleDelete(); // moved to function for readibility
! } else {
! $display .= COM_refresh($_CONF['site_url'] . '/index.php');
! }
break;
***************
*** 288,300 ****
case 'report':
! $display .= COM_siteHeader ('menu', $LANG03[27])
! . CMT_reportAbusiveComment (COM_applyFilter ($_GET['cid'], true),
! COM_applyFilter ($_GET['type']))
! . COM_siteFooter ();
break;
case 'sendreport':
! $display .= CMT_sendReport (COM_applyFilter ($_POST['cid'], true),
! COM_applyFilter ($_POST['type']));
break;
--- 296,312 ----
case 'report':
! $display .= COM_siteHeader('menu', $LANG03[27])
! . CMT_reportAbusiveComment(COM_applyFilter($_GET['cid'], true),
! COM_applyFilter($_GET['type']))
! . COM_siteFooter();
break;
case 'sendreport':
! if (SEC_checkToken()) {
! $display .= CMT_sendReport(COM_applyFilter($_POST['cid'], true),
! COM_applyFilter($_POST['type']));
! } else {
! $display .= COM_refresh($_CONF['site_url'] . '/index.php');
! }
break;
***************
*** 314,319 ****
if (empty ($title)) {
if ($type == 'article') {
! $title = DB_getItem ($_TABLES['stories'], 'title',
! "sid = '{$sid}'" . COM_getPermSQL('AND') . COM_getTopicSQL('AND'));
}
$title = str_replace ('$', '$', $title);
--- 326,332 ----
if (empty ($title)) {
if ($type == 'article') {
! $title = DB_getItem($_TABLES['stories'], 'title',
! "sid = '{$sid}'" . COM_getPermSQL('AND')
! . COM_getTopicSQL('AND'));
}
$title = str_replace ('$', '$', $title);
More information about the geeklog-cvs
mailing list