From 6cb53bb91bb2f5fef56b52d2e3013dd8ea4db952 Mon Sep 17 00:00:00 2001 From: mistic100 Date: Tue, 1 Jul 2014 09:56:02 +0000 Subject: feature 3095 : block comment if website_url is not empty when field is disabled git-svn-id: http://piwigo.org/svn/trunk@28893 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions_comment.inc.php | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 3cb0f79c7..9bd0b9f25 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -146,15 +146,23 @@ SELECT COUNT(*) AS user_exists // website if (!empty($comm['website_url'])) { - $comm['website_url'] = strip_tags($comm['website_url']); - if (!preg_match('/^https?/i', $comm['website_url'])) - { - $comm['website_url'] = 'http://'.$comm['website_url']; + if (!$conf['comments_enable_website']) + { // honeypot: if the field is disabled, it should be empty ! + $comment_action='reject'; + $_POST['cr'][] = 'website_url'; } - if (!url_check_format($comm['website_url'])) + else { - $infos[] = l10n('Your website URL is invalid'); - $comment_action='reject'; + $comm['website_url'] = strip_tags($comm['website_url']); + if (!preg_match('/^https?/i', $comm['website_url'])) + { + $comm['website_url'] = 'http://'.$comm['website_url']; + } + if (!url_check_format($comm['website_url'])) + { + $infos[] = l10n('Your website URL is invalid'); + $comment_action='reject'; + } } } @@ -206,6 +214,7 @@ SELECT count(1) FROM '.COMMENTS_TABLE.' { $infos[] = l10n('Anti-flood system : please wait for a moment before trying to post another comment'); $comment_action='reject'; + $_POST['cr'][] = 'flood_time'; } } -- cgit v1.2.3