Changeset 2235

Timestamp:

07/24/08 00:55:28 (4 months ago)

Author:

ringmaster

Message:

Fix for #229. Rather than displaying a 403 when a session expires while entering a comment, the plugin sets a moderated status on the comment. The 403 still remains if the comment code doesn't match the one sent with the form, but this should only occur when forms aren't built correctly or the user tampers with the form.

Files:

• makaanga/0.x/htdocs/system/plugins/spamchecker/spamchecker.plugin.php (modified) (3 diffs)

makaanga/0.x/htdocs/system/plugins/spamchecker/spamchecker.plugin.php

@@ -131 +131 @@
         }
 
+        // Any commenter that takes longer than the session timeout is automatically moderated
+        if(!isset($_SESSION['comments_allowed']) || ! in_array(Controller::get_var('ccode'), $_SESSION['comments_allowed'])) {
+            $comment->status = Comment::STATUS_UNAPPROVED;
+            $spamcheck[] = _t("The commenter's session timed out.");
+        }
+
         if( isset($comment->info->spamcheck) && is_array($comment->info->spamcheck)) {
             $comment->info->spamcheck = array_unique(array_merge($comment->info->spamcheck, $spamcheck));
@@ -194 +200 @@
      * @param float $spam_rating The spamminess of the comment as detected by other plugins
      * @param Comment $comment The submitted comment object
-     * @param array $handlervars And array of handlervars passed in via the comment submission URL
+     * @param array $handlervars An array of handlervars passed in via the comment submission URL
      * @return float The original spam rating
      */
@@ -209 +215 @@
             die('<h1>' . _t('The selected action is forbidden.') . '</h1>');
         }
-        if(!isset($_SESSION['comments_allowed']) || ! in_array($handlervars['ccode'], $_SESSION['comments_allowed'])) {
-            ob_end_clean();
-            header('HTTP/1.1 403 Forbidden');
-            die('<h1>' . _t('The selected action is forbidden.') . '</h1>');
-        }
 
         return $spam_rating;