From 37c05655eeb5bb660dd57978e44b859f5ade56e2 Mon Sep 17 00:00:00 2001 From: rvelices Date: Thu, 30 Nov 2006 23:46:12 +0000 Subject: bug 596: Comments can be entered on non commentable images git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1621 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/picture_comment.inc.php | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index ad2878fcb..106a6d211 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -30,8 +30,26 @@ * */ +// the picture is commentable if it belongs at least to one category which +// is commentable +$page['show_comments'] = false; +foreach ($related_categories as $category) +{ + if ($category['commentable'] == 'true') + { + $page['show_comments'] = true; + } +} + if ( isset( $_POST['content'] ) and !empty($_POST['content']) ) { + if (!$page['show_comments']) + { + header('HTTP/1.1 403 Forbidden'); + header('Status: 403 Forbidden'); + die('Hacking attempt!'); + } + $register_comment = true; $author = !empty($_POST['author'])?$_POST['author']:$lang['guest']; // if a guest try to use the name of an already existing user, he must be @@ -108,17 +126,6 @@ if ( isset( $_POST['content'] ) and !empty($_POST['content']) ) } } -// the picture is commentable if it belongs at least to one category which -// is commentable -$page['show_comments'] = false; -foreach ($related_categories as $category) -{ - if ($category['commentable'] == 'true') - { - $page['show_comments'] = true; - } -} - if ($page['show_comments']) { // number of comment for this picture -- cgit v1.2.3