max_com_lines is not used AND problem with comment length during tempate change max_com_lines is not used AND problem with comment length during tempate change
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

max_com_lines is not used AND problem with comment length during tempate change

Started by Makc666, July 30, 2009, 03:03:19 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Makc666

lang/english.php
has such value as:
array('Max number of lines in a comment', 'max_com_lines', 0, 'f=index.htm&as=admin_image_comment_lines&ae=admin_image_comment_lines_end'), //cpg1.4

I am not able to fund where this one is used in Coppermine?!

Why I am with this one here.

Today there was a question on Russian forum how to make "Add your comment" be like textarea?!

The answer is

1. Open the file
include/themes.inc.php

2. Take the code from this block:
// HTML template for the form to add comments                                                                                                                                                                  
if (!isset($template_add_your_comment)) { //{THEMES}                                                                                                                                                          
$template_add_your_comment = <<<EOT


3. Copy that code:

$template_add_your_comment = <<<EOT
        <form method="post" name="post" action="db_input.php">
                <table align="center" width="{WIDTH}" cellspacing="1" cellpadding="0" class="maintable">
                        <tr>
                                        <td width="100%" class="tableh2_compact"><b>{ADD_YOUR_COMMENT}</b></td>
                        </tr>
                        <tr>
                <td colspan="1">
                        <table width="100%" cellpadding="0" cellspacing="0">

<!-- BEGIN user_name_input -->
                                                        <tr>
                                                                <td class="tableb_compact">
                                        {NAME}
                                </td>
                                <td class="tableb_compact">
                                        <input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value="{USER_NAME}" />
                                </td>
<!-- END user_name_input -->
<!-- BEGIN input_box_smilies -->
                                <td class="tableb_compact">
                                {COMMENT}
                                                                </td>
                                <td width="100%" class="tableb_compact">
                                <input type="text" class="textinput" id="message" name="msg_body" onselect="storeCaret_post(this);" onclick="storeCaret_post(this);" onkeyup="storeCaret_post(this);" maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />
                                                                </td>
<!-- END input_box_smilies -->
<!-- BEGIN input_box_no_smilies -->
                                <td class="tableb_compact">
                                {COMMENT}
                                                                </td>
                                <td width="100%" class="tableb_compact">
                                <input type="text" class="textinput" id="message" name="msg_body"  maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />
                                </td>
<!-- END input_box_no_smilies -->
                                <td class="tableb_compact">
                                <input type="hidden" name="event" value="comment" />
                                <input type="hidden" name="pid" value="{PIC_ID}" />
                                <input type="submit" class="comment_button" name="submit" value="{OK}" />
                                </td>
                                                        </tr>
                        </table>
                </td>
        </tr>
<!-- BEGIN smilies -->
        <tr>
                <td width="100%" class="tableb_compact">
                        {SMILIES}
                </td>
        </tr>
<!-- END smilies -->
                </table>
        </form>
EOT;


4. Paste it to our theme file
themes/classic/theme.php

5. Find the line:
<input type="text" class="textinput" id="message" name="msg_body" onselect="storeCaret_post(this);" onclick="storeCaret_post(this);" onkeyup="storeCaret_post(this);" maxlength="{MAX_COM_LENGTH}" style="width: 100%;" />

6. Replace with the line:
<textarea rows="5" class="textinput" id="message" name="msg_body" onselect="storeCaret_post(this);" onclick="storeCaret_post(this);" onkeyup="storeCaret_post(this);" style="width: 100%;" /></textarea>

-------------

But here comes the problem...

As you can see maxlength="{MAX_COM_LENGTH}" was used to check the length.

themes.inc.php
'{MAX_COM_LENGTH}' => $CONFIG['max_com_size'],

lang/english.php
array('Maximum length of a comment', 'max_com_size', 0, 'f=index.htm&amp;as=admin_image_comment_length&amp;ae=admin_image_comment_length_end'), //cpg1.4

-------------

If we change to <textarea> </textarea> we are not able to check the length.

Now we have to look at file db_input.php

And its code:

function check_comment(&$str)
{
   global $CONFIG, $lang_bad_words, $queries;

   if ($CONFIG['filter_bad_words']) {
       $ercp = array();
       foreach($lang_bad_words as $word) {
           $ercp[] = '/' . ($word[0] == '*' ? '': '\b') . str_replace('*', '', $word) . ($word[(strlen($word)-1)] == '*' ? '': '\b') . '/i';
       }
       $str = preg_replace($ercp, '(...)', $str);
   }

   $com_words=explode(' ',strip_tags(bb_decode($str)));
   $replacements=array();
   foreach($com_words as $key => $word) {
      if (utf_strlen($word) > $CONFIG['max_com_wlength'] ) {
         $replacements[] = $word;
      }
   }
   $str=str_replace($replacements,'(...)',$str);
}


It is used in:

  • case 'comment_update':
  • case 'comment':

In lines:
check_comment($_POST['msg_body']);
check_comment($_POST['msg_author']);


-------------

What I am asking - don't we have to check the comment length in function check_comment(&$str) ?

This will be logically correct as people can change templates.
And if they change them for the way I described they will have problem with comment length.

Thanks

Joachim Müller

Wrong assumption: changing include/themes.inc.php is never right and always wrong. I'm not willing to look into the rest of this posting - I have stopped reading after
Quote from: Makc666 on July 30, 2009, 03:03:19 PMThe answer is "to change" include/themes.inc.php

Makc666

Quote from: Joachim Müller on July 30, 2009, 07:51:27 PM
Wrong assumption: changing include/themes.inc.php is never right and always wrong. I'm not willing to look into the rest of this posting - I have stopped reading after
Joachim, that is why I add quotes around "to change" because I know that we have to copy the necessary code.

You can re-read it for now. It is changed.