diff -r 880c4b7eb658 -r 9d5c04c1414f includes/comment.php --- a/includes/comment.php Sat Jan 17 15:16:36 2009 -0500 +++ b/includes/comment.php Sun Jan 25 21:18:05 2009 -0500 @@ -123,7 +123,7 @@ $count_total++; ( $row['approved'] == 1 ) ? $count_appr++ : $count_unappr++; - if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] == 0 ) + if ( !$this->perms->get_permissions('mod_comments') && $row['approved'] != COMMENT_APPROVED ) continue; // Localize the rank @@ -142,7 +142,7 @@
-Post from foe hidden. Display post
+' . $lang->get('comment_msg_foe_comment_hidden') . ' ' . $lang->get('comment_btn_display_foe_comment') . '
'; $row['comment_data'] = $wrapper; } @@ -193,7 +193,7 @@ break; case 'edit': $cid = (string)$data['id']; - if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 ) + if ( !ctype_digit($cid) || intval($cid) < 1 ) { echo '{"mode":"error","error":"HACKING ATTEMPT"}'; return false; @@ -228,7 +228,7 @@ break; case 'delete': $cid = (string)$data['id']; - if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 ) + if ( !ctype_digit($cid) || intval($cid) < 1 ) { echo '{"mode":"error","error":"HACKING ATTEMPT"}'; return false; @@ -266,17 +266,28 @@ // Guest authorization if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in ) - $errors[] = 'You need to log in before posting comments.'; + $errors[] = $lang->get('comment_err_need_login'); // CAPTCHA code if ( getConfig('comments_need_login') == '1' && !$session->user_logged_in ) { $real_code = $session->get_captcha($data['captcha_id']); - if ( strtolower($real_code) != strtolower($data['captcha_code']) ) - $errors[] = 'The confirmation code you entered was incorrect.'; + if ( strtolower($real_code) !== strtolower($data['captcha_code']) ) + $errors[] = $lang->get('comment_err_captcha_wrong'); $session->kill_captcha(); } + // Spam check + $spam_policy = getConfig('comment_spam_policy', 'moderate'); + $sc_name = ( $session->user_logged_in ) ? $session->username : $data['name']; + $sc_mail = ( $session->user_logged_in ) ? $session->email : false; + $sc_url = ( $session->user_logged_in ) ? $session->user_extra['user_homepage'] : false; + $spamcheck = $spam_policy === 'accept' ? true : spamalyze($data['text'], $sc_name, $sc_mail, $sc_url); + if ( !$spamcheck && $spam_policy === 'reject' ) + { + $errors[] = $lang->get('comment_err_spamcheck_failed_rejected'); + } + if ( count($errors) > 0 ) { $ret = Array( @@ -295,7 +306,9 @@ $src = $text; $sql_text = $db->escape($text); $text = RenderMan::render($text); - $appr = ( getConfig('approve_comments') == '1' ) ? '0' : '1'; + $appr = ( getConfig('approve_comments') == '1' ) ? COMMENT_UNAPPROVED : COMMENT_APPROVED; + if ( $appr === COMMENT_APPROVED && $spam_policy === 'moderate' && !$spamcheck ) + $appr = COMMENT_SPAM; $time = time(); $date = enano_date('F d, Y h:i a', $time); $ip = $_SERVER['REMOTE_ADDR']; @@ -358,7 +371,7 @@ } $cid = (string)$data['id']; - if ( !preg_match('#^([0-9]+)$#i', $cid) || intval($cid) < 1 ) + if ( !ctype_digit($cid) || intval($cid) < 1 ) { echo '{"mode":"error","error":"HACKING ATTEMPT"}'; return false;