Re: [phpslash-users] comment section
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
Re: [phpslash-users] comment section
|
From: Ajay S. <ss...@od...> - 2001-03-11 20:27:06
|
tobozo <to...@io...>, let me have access to his site which had the same problem and I fixed it. Checkout the latest CVS for the fix (and several other important fixes. The problem is that the template variable COMMENT_ID was getting carried over from the parent comment to the form. Even though we are assign COMMENT_ID the value in $ary[comment_id] (which is undefined in a new comment), it seems that PHP 3.0.16 doesn't update COMMENT_ID. Thus, when you hit Submit on the new comment form, PHPSlash see's the parent_id in the COMMENT_ID fild and performs an update. This is also a security problem because anyone can overwrite a comment by screwing with the form and then sending it back to the code. This has been fixed also with a check for $seclev. later, ajay On Sun, 11 Mar 2001, Tigran wrote: > Some update on this problem. > I was running rc4 had the same problem then deleted everything and reloaded > 0.6 still have the problem. > Running on phplib 7.2c > Yes it does happen on all articles > I run the commands you gave in MySQL and got the same number returned for both. > > > Something interesting I did not see before. A comment on the article will > render a new comment. However a reply to a comment erases the original > comment. it seems to write over the same comment id. And it displays this > message. > > found the comment_id, '61', so now we update. > Updated comment 61, on reply on forth by tigo, <> > > so it just updates the existing comment id. > > any thoughts > > thank you so very much for helping me with this. > > The site is www.usanogh.com and the article with all the test I have is > "Many Thanks" > http://www.usanogh.com/articles/html/article.php3?story_id=26 > > > At 09:18 PM 3/8/01 -0500, you wrote: > >Hmmmm.. I assume phplib is 7.2c? I really don't know what wrong.. and > >without the ability to turn on debuging and watch the queries get passed I > >couldn't even make a guess. I assume this happens for every article? Did > >you check the db_sequence table? This is where we store the most recently > >used id, perhaps it's out of synch with the site (ie: maybe there's a way to > >force a id into phpslash from the GET params and dodge a key lookup.. This > >could cause serious havoc. > > > >Try doing something like this in MySQL: > >select nextid from db_sequence where seq_name='psl_comment_seq'; > >select comment_id from psl_comment order by comment_id desc limit 1; > > > >The two resulting values should be the same. > > > > > > > >Each query should produce two numbers, they should be the same. If they > >aren't you have a problem inthe db, if they are you problem lies in the core > >and / or templates... Did you change / omit any of the {} placeholders in > >the templates? Perhaps something in a form is getting crossed? > > > >-n > > _________________________________________________ > "Science is like sex: sometimes something useful comes out, > but that is not the reason we are doing it" -- Richard Feynman > > > _______________________________________________ > phpslash-users mailing list > php...@li... > http://lists.sourceforge.net/lists/listinfo/phpslash-users > -- ---------------------------------------------------------------- Satyajot (Ajay) Sharma ss...@od... Digital Odyssey System Administrator Voting for the lesser of two evils is still voting for evil. ---------------------------------------------------------------- |