diff options
| author | rvelices <rv-github@modusoptimus.com> | 2006-11-30 23:46:12 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2006-11-30 23:46:12 +0000 |
| commit | 37c05655eeb5bb660dd57978e44b859f5ade56e2 (patch) | |
| tree | 21352efeb16a0f021d9e8b231cef51bffdc30075 | |
| parent | 650c3ce50a2b9246a95d52a3521c25094d7603d5 (diff) | |
bug 596: Comments can be entered on non commentable images
git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1621 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | include/picture_comment.inc.php | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index ad2878fcb..106a6d211 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -30,8 +30,26 @@ * */ +// the picture is commentable if it belongs at least to one category which +// is commentable +$page['show_comments'] = false; +foreach ($related_categories as $category) +{ + if ($category['commentable'] == 'true') + { + $page['show_comments'] = true; + } +} + if ( isset( $_POST['content'] ) and !empty($_POST['content']) ) { + if (!$page['show_comments']) + { + header('HTTP/1.1 403 Forbidden'); + header('Status: 403 Forbidden'); + die('Hacking attempt!'); + } + $register_comment = true; $author = !empty($_POST['author'])?$_POST['author']:$lang['guest']; // if a guest try to use the name of an already existing user, he must be @@ -108,17 +126,6 @@ if ( isset( $_POST['content'] ) and !empty($_POST['content']) ) } } -// the picture is commentable if it belongs at least to one category which -// is commentable -$page['show_comments'] = false; -foreach ($related_categories as $category) -{ - if ($category['commentable'] == 'true') - { - $page['show_comments'] = true; - } -} - if ($page['show_comments']) { // number of comment for this picture |