Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

small fix in comments that basically prevents the formkey from being

checked if submitting the first comment of a discussion. If they are
trying to flood, the speed limit for _discussion_ create will catch
them.
  • Loading branch information...
commit a2ed0df86037185b33d94c8e31bcf431f211292b 1 parent db809a4
@CaptTofu CaptTofu authored
View
20 Slash/DB/MySQL/MySQL.pm
@@ -2409,17 +2409,23 @@ sub updateFormkeyVal {
# use this in case the function you call fails prior to updateFormkey
# but after updateFormkeyVal
sub resetFormkey {
- my($self, $formkey) = @_;
+ my($self, $formkey, $formname) = @_;
my $constants = getCurrentStatic();
# reset the formkey to 0, and reset the ts
- my $updated = $self->sqlUpdate("formkeys", {
- -value => 0,
- -idcount => '(idcount -1)',
- ts => time(),
- submit_ts => '0',
- }, "formkey=" . $self->sqlQuote($formkey));
+
+ my $update_ref = {
+ -value => 0,
+ -idcount => '(idcount -1)',
+ ts => time(),
+ submit_ts => '0',
+ };
+ $update_ref->{formname} = $formname if $formname;
+
+ my $updated = $self->sqlUpdate("formkeys",
+ $update_ref,
+ "formkey=" . $self->sqlQuote($formkey));
print STDERR "RESET formkey $updated\n" if $constants->{DEBUG};
return($updated);
View
4 themes/slashcode/htdocs/comments.pl
@@ -114,15 +114,13 @@ sub main {
seclev => 0,
post => 1,
formname => $form->{new_discussion} ? 'discussions' : 'comments',
- checks =>
+ checks => $form->{new_discussion} ? [] :
[ qw ( response_check update_formkeyid max_post_check valid_check interval_check
formkey_check ) ],
},
};
$ops->{default} = $ops->{display} ;
- # This is here to save a function call, even though the
- # function can handle the situation itself
my ($discussion, $section);
if ($form->{sid}) {
View
2  themes/slashcode/htdocs/index.pl
@@ -16,7 +16,7 @@ sub main {
my $form = getCurrentForm();
- my($stories, $Feature, $Stories, $storystruct, $section);
+ my($stories, $Stories, $section);
if ($form->{op} eq 'userlogin' && !$user->{is_anon}) {
my $refer = $form->{returnto} || $ENV{SCRIPT_NAME};
redirect($refer);
Please sign in to comment.
Something went wrong with that request. Please try again.