Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

small fix in comments that basically prevents the formkey from being

checked if submitting the first comment of a discussion. If they are
trying to flood, the speed limit for _discussion_ create will catch
them.
  • Loading branch information...
commit a2ed0df86037185b33d94c8e31bcf431f211292b 1 parent db809a4
@CaptTofu CaptTofu authored
View
20 Slash/DB/MySQL/MySQL.pm
@@ -2409,17 +2409,23 @@ sub updateFormkeyVal {
# use this in case the function you call fails prior to updateFormkey
# but after updateFormkeyVal
sub resetFormkey {
- my($self, $formkey) = @_;
+ my($self, $formkey, $formname) = @_;
my $constants = getCurrentStatic();
# reset the formkey to 0, and reset the ts
- my $updated = $self->sqlUpdate("formkeys", {
- -value => 0,
- -idcount => '(idcount -1)',
- ts => time(),
- submit_ts => '0',
- }, "formkey=" . $self->sqlQuote($formkey));
+
+ my $update_ref = {
+ -value => 0,
+ -idcount => '(idcount -1)',
+ ts => time(),
+ submit_ts => '0',
+ };
+ $update_ref->{formname} = $formname if $formname;
+
+ my $updated = $self->sqlUpdate("formkeys",
+ $update_ref,
+ "formkey=" . $self->sqlQuote($formkey));
print STDERR "RESET formkey $updated\n" if $constants->{DEBUG};
return($updated);
View
4 themes/slashcode/htdocs/comments.pl
@@ -114,15 +114,13 @@ sub main {
seclev => 0,
post => 1,
formname => $form->{new_discussion} ? 'discussions' : 'comments',
- checks =>
+ checks => $form->{new_discussion} ? [] :
[ qw ( response_check update_formkeyid max_post_check valid_check interval_check
formkey_check ) ],
},
};
$ops->{default} = $ops->{display} ;
- # This is here to save a function call, even though the
- # function can handle the situation itself
my ($discussion, $section);
if ($form->{sid}) {
View
2  themes/slashcode/htdocs/index.pl
@@ -16,7 +16,7 @@ sub main {
my $form = getCurrentForm();
- my($stories, $Feature, $Stories, $storystruct, $section);
+ my($stories, $Stories, $section);
if ($form->{op} eq 'userlogin' && !$user->{is_anon}) {
my $refer = $form->{returnto} || $ENV{SCRIPT_NAME};
redirect($refer);
Please sign in to comment.
Something went wrong with that request. Please try again.