[geeklog-hg] geeklog: If title of comment item is blank it is now assumed the...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Mon May 14 13:31:10 EDT 2012
changeset 8701:c837179aa2aa
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/c837179aa2aa
user: Tom <websitemaster at cogeco.net>
date: Mon May 14 13:30:35 2012 -0400
description:
If title of comment item is blank it is now assumed the item does not exist or the user has no access and the user will be redirected to the homepage (cf. bug (#0001445)
E_ALL fix.
diffstat:
system/lib-comment.php | 23 +++++++++++++++++------
1 files changed, 17 insertions(+), 6 deletions(-)
diffs (57 lines):
diff -r 77954f880796 -r c837179aa2aa system/lib-comment.php
--- a/system/lib-comment.php Mon May 14 12:55:22 2012 -0400
+++ b/system/lib-comment.php Mon May 14 13:30:35 2012 -0400
@@ -157,7 +157,10 @@
$commentbar->set_var( 'editor_url', $comment_url . '#commenteditform' );
$hidden = '';
$commentmode = COM_applyFilter($_REQUEST[CMT_MODE]);
- $cid = COM_applyFilter($_REQUEST[CMT_CID], true);
+ $cid = 0;
+ if (isset($_REQUEST[CMT_CID])) {
+ $cid = COM_applyFilter($_REQUEST[CMT_CID], true);
+ }
$pid = 0;
if (isset($_REQUEST[CMT_PID])) {
$pid = COM_applyFilter($_REQUEST[CMT_PID], true);
@@ -2187,7 +2190,7 @@
*/
function CMT_handleComment($mode='', $type='', $title='', $sid='', $format='')
{
- global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN;
+ global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN, $topic, $_PLUGINS;
$commentmode = '';
if (!empty($_REQUEST[CMT_MODE])) {
@@ -2409,11 +2412,16 @@
default: // New Comment or Reply Comment
$abort = false;
- if (($type == 'article') && !empty($sid)) {
+ // Check to make sure comment type exists
+ if ($type != 'article' && !in_array($type, $_PLUGINS)) {
+ $abort = true;
+ }
+
+ // Check article permissions
+ if (!$abort && ($type == 'article') && !empty($sid)) {
$dbTitle = DB_getItem($_TABLES['stories'], 'title',
"(sid = '$sid') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)"
. COM_getPermSQL('AND'));
- global $topic;
// if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid) < 2) { // Make sure have at least read access to topics to post comment
if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid, $topic) < 2) { // Make sure have at least read access to current topic of article to post comment
@@ -2430,8 +2438,11 @@
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
- if (is_array($title)) {
- $title = '';
+
+ // Check title, if for some reason blank assume no access allowed to plugin item (therefore cannot add comment) so return to homepage
+ if (is_array($title) || empty($title) || ($title == false)) {
+ echo COM_refresh($_CONF['site_url'] . '/index.php');
+ exit;
}
$title = str_replace ( '$', '$', $title );
// CMT_commentForm expects non-htmlspecial chars for title...
More information about the geeklog-cvs
mailing list