aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_comment.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/functions_comment.inc.php')
-rw-r--r--include/functions_comment.inc.php17
1 files changed, 2 insertions, 15 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 7f2fd9257..d5b403b8e 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -119,14 +119,7 @@ SELECT COUNT(*) AS user_exists
$comment_action='reject';
}
- $key = explode( ':', @$key );
- if ( count($key)!=2
- or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
- or $key[0]<time()-3600 // 60 minutes expiration
- or hash_hmac(
- 'md5', $key[0].':'.$comm['image_id'], $conf['secret_key']
- ) != $key[1]
- )
+ if ( !verify_ephemeral_key(@$key, $comm['image_id']) )
{
$comment_action='reject';
}
@@ -248,13 +241,7 @@ function update_user_comment($comment, $post_key)
$comment_action = 'validate';
- $key = explode( ':', $post_key );
- if ( count($key)!=2
- or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
- or $key[0]<time()-3600 // 60 minutes expiration
- or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key']
- ) != $key[1]
- )
+ if ( !verify_ephemeral_key($post_key, $comment['image_id']) )
{
$comment_action='reject';
}