- send status code 403 when attempt to enter a user comment, but comments are disabled

- don't increase hit count when a comment is posted
- remove the check of user ip agains spamhaus.org when a comment is entered (my conclusion is that is useless)

git-svn-id: http://piwigo.org/svn/trunk@2155 68402e56-0260-453c-a942-63ccdbb3a9ee

4 files changed, 13 insertions, 24 deletions

diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 3a178ea7a..d8334e6c0 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -94,10 +94,6 @@ $conf['comment_spam_reject'] = true;
 // maximum number of links in a comment before it is qualified spam
 $conf['comment_spam_max_links'] = 3;
 
-// if the ip address of a comenteer is in spamhaus.org block list, the
-// comment is qualified spam
-$conf['comment_spam_check_ip'] = false;
-
 // calendar_datefield : date field of table "images" used for calendar
 // catgory
 $conf['calendar_datefield'] = 'date_creation';
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 3a8139a9c..aaadb2fc9 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -30,7 +30,7 @@
 function get_comment_post_key($image_id)
 {
   global $conf;
-  
+
   $time = time();
 
   return sprintf(
@@ -68,21 +68,10 @@ function user_comment_check($action, $comment)
   {
     $link_count++;
   }
-  
+
   if ( $link_count>$conf['comment_spam_max_links'] )
     return $my_action;
 
-  if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] 
-      and $_SERVER["SERVER_ADDR"] != $comment['ip']  
-    )
-  {
-    $rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
-    $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
-    $res = gethostbyname( $lookup );
-    if ( $lookup != $res )
-      return $my_action;
-  }
-
   return $action;
 }
 
@@ -100,8 +89,8 @@ add_event_handler('user_comment_check', 'user_comment_check',
 function insert_user_comment( &$comm, $key, &$infos )
 {
   global $conf, $user;
-  
-  $comm = array_merge( $comm, 
+
+  $comm = array_merge( $comm,
     array(
       'ip' => $_SERVER['REMOTE_ADDR'],
       'agent' => $_SERVER['HTTP_USER_AGENT']
@@ -161,7 +150,7 @@ SELECT COUNT(*) AS user_exists
   {
     $comment_action='reject';
   }
-  
+
   if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
   { // anti-flood system
     $reference_date = time() - $conf['anti-flood_time'];
@@ -192,7 +181,7 @@ INSERT INTO '.COMMENTS_TABLE.'
     NOW(),
     "'.($comment_action=='validate' ? 'true':'false').'",
     '.($comment_action=='validate' ? 'NOW()':'NULL').',
-    '.$comm['image_id'].'      
+    '.$comm['image_id'].'
   )
 ';
 
diff --git a/include/functions_url.inc.php b/include/functions_url.inc.php
index 2d0a39f6d..6180dae3e 100644
--- a/include/functions_url.inc.php
+++ b/include/functions_url.inc.php
@@ -252,7 +252,7 @@ function make_picture_url($params)
   }
   if ( !isset($params['category'] ) )
   {// make urls shorter ...
-    unset( $params['flat'] ); 
+    unset( $params['flat'] );
   }
   $url .= make_section_in_url($params);
   $url = add_well_known_params_in_url($url, $params);
@@ -622,7 +622,7 @@ function parse_section_url( $tokens, &$next_token)
  * the reverse of add_well_known_params_in_url
  * parses start, flat and chronology from url tokens
 */
-function parse_well_known_params_url($tokens, $i)
+function parse_well_known_params_url($tokens, &$i)
 {
   $page = array();
   while (isset($tokens[$i]))
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 971336fba..1c6968e17 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -87,7 +87,11 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
       array_merge($comm, array('action'=>$comment_action) )
     );
 }
-
+elseif ( isset($_POST['content']) )
+{
+  set_status_header(403);
+  die('ugly spammer');
+}
 
 if ($page['show_comments'])
 {