aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2007-10-29 23:39:41 +0000
committerrvelices <rv-github@modusoptimus.com>2007-10-29 23:39:41 +0000
commit831694b4d1a1e93b5ed6a8e1e4a0c80d21df95cd (patch)
tree9a31419b292aad362bacbb83773c90d8060545e7
parentf33617a5b85fd9c842e4e415aebe9dd213595783 (diff)
- send status code 403 when attempt to enter a user comment, but comments are disabled
- don't increase hit count when a comment is posted - remove the check of user ip agains spamhaus.org when a comment is entered (my conclusion is that is useless) git-svn-id: http://piwigo.org/svn/trunk@2155 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--include/config_default.inc.php4
-rw-r--r--include/functions_comment.inc.php23
-rw-r--r--include/functions_url.inc.php4
-rw-r--r--include/picture_comment.inc.php6
-rw-r--r--picture.php2
5 files changed, 14 insertions, 25 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 3a178ea7a..d8334e6c0 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -94,10 +94,6 @@ $conf['comment_spam_reject'] = true;
// maximum number of links in a comment before it is qualified spam
$conf['comment_spam_max_links'] = 3;
-// if the ip address of a comenteer is in spamhaus.org block list, the
-// comment is qualified spam
-$conf['comment_spam_check_ip'] = false;
-
// calendar_datefield : date field of table "images" used for calendar
// catgory
$conf['calendar_datefield'] = 'date_creation';
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 3a8139a9c..aaadb2fc9 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -30,7 +30,7 @@
function get_comment_post_key($image_id)
{
global $conf;
-
+
$time = time();
return sprintf(
@@ -68,21 +68,10 @@ function user_comment_check($action, $comment)
{
$link_count++;
}
-
+
if ( $link_count>$conf['comment_spam_max_links'] )
return $my_action;
- if ( isset($comment['ip']) and $conf['comment_spam_check_ip']
- and $_SERVER["SERVER_ADDR"] != $comment['ip']
- )
- {
- $rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
- $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
- $res = gethostbyname( $lookup );
- if ( $lookup != $res )
- return $my_action;
- }
-
return $action;
}
@@ -100,8 +89,8 @@ add_event_handler('user_comment_check', 'user_comment_check',
function insert_user_comment( &$comm, $key, &$infos )
{
global $conf, $user;
-
- $comm = array_merge( $comm,
+
+ $comm = array_merge( $comm,
array(
'ip' => $_SERVER['REMOTE_ADDR'],
'agent' => $_SERVER['HTTP_USER_AGENT']
@@ -161,7 +150,7 @@ SELECT COUNT(*) AS user_exists
{
$comment_action='reject';
}
-
+
if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
{ // anti-flood system
$reference_date = time() - $conf['anti-flood_time'];
@@ -192,7 +181,7 @@ INSERT INTO '.COMMENTS_TABLE.'
NOW(),
"'.($comment_action=='validate' ? 'true':'false').'",
'.($comment_action=='validate' ? 'NOW()':'NULL').',
- '.$comm['image_id'].'
+ '.$comm['image_id'].'
)
';
diff --git a/include/functions_url.inc.php b/include/functions_url.inc.php
index 2d0a39f6d..6180dae3e 100644
--- a/include/functions_url.inc.php
+++ b/include/functions_url.inc.php
@@ -252,7 +252,7 @@ function make_picture_url($params)
}
if ( !isset($params['category'] ) )
{// make urls shorter ...
- unset( $params['flat'] );
+ unset( $params['flat'] );
}
$url .= make_section_in_url($params);
$url = add_well_known_params_in_url($url, $params);
@@ -622,7 +622,7 @@ function parse_section_url( $tokens, &$next_token)
* the reverse of add_well_known_params_in_url
* parses start, flat and chronology from url tokens
*/
-function parse_well_known_params_url($tokens, $i)
+function parse_well_known_params_url($tokens, &$i)
{
$page = array();
while (isset($tokens[$i]))
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 971336fba..1c6968e17 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -87,7 +87,11 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
array_merge($comm, array('action'=>$comment_action) )
);
}
-
+elseif ( isset($_POST['content']) )
+{
+ set_status_header(403);
+ die('ugly spammer');
+}
if ($page['show_comments'])
{
diff --git a/picture.php b/picture.php
index de2c7b8dd..89fbe04ab 100644
--- a/picture.php
+++ b/picture.php
@@ -244,7 +244,7 @@ DELETE FROM '.COMMENTS_TABLE.'
}
// incrementation of the number of hits, we do this only if no action
-if (trigger_event('allow_increment_element_hit_count', true) )
+if (trigger_event('allow_increment_element_hit_count', !isset($_POST['content']) ) )
{
$query = '
UPDATE