diff options
author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-08-22 10:01:06 +0000 |
---|---|---|
committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-08-22 10:01:06 +0000 |
commit | c72614b01e595eb52e60905fafa74e05ddbe5f9d (patch) | |
tree | fed20b356055d80188759ae2eb4fef809424ad32 | |
parent | ff836870d80f5e1703990e8823bac1e506d96ce1 (diff) | |
download | brdo-c72614b01e595eb52e60905fafa74e05ddbe5f9d.tar.gz brdo-c72614b01e595eb52e60905fafa74e05ddbe5f9d.tar.bz2 |
#845774 by aaronbauman, sun: Fixed Regression: Anonymous users can post comments in the name of registered users.
-rw-r--r-- | modules/comment/comment.module | 62 | ||||
-rw-r--r-- | modules/comment/comment.test | 10 |
2 files changed, 33 insertions, 39 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index ce976d139..794ef83c1 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -1880,6 +1880,7 @@ function comment_form($form, &$form_state, $comment) { '#type' => 'textfield', '#title' => t('Your name'), '#default_value' => $author, + '#required' => (!$user->uid && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT), '#maxlength' => 60, '#size' => 30, ); @@ -1890,6 +1891,7 @@ function comment_form($form, &$form_state, $comment) { '#type' => 'textfield', '#title' => t('E-mail'), '#default_value' => $comment->mail, + '#required' => (!$user->uid && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT), '#maxlength' => 64, '#size' => 30, '#description' => t('The content of this field is kept private and will not be shown publicly.'), @@ -1903,11 +1905,6 @@ function comment_form($form, &$form_state, $comment) { '#size' => 30, '#access' => $is_admin || (!$user->uid && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT), ); - // Conditionally mark fields as required for anonymous users, if configured. - if (!$user->uid && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT) { - $form['author']['name']['#required'] = TRUE; - $form['author']['mail']['#required'] = TRUE; - } // Add administrative comment publishing options. $form['author']['date'] = array( @@ -2055,42 +2052,29 @@ function comment_form_validate($form, &$form_state) { } } - // Check validity of name, mail and homepage (if given). - if (!$user->uid || $form_state['values']['is_anonymous']) { - $node = node_load($form_state['values']['nid']); - if (variable_get('comment_anonymous_' . $node->type, COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) { - if ($form_state['values']['name']) { - $query = db_select('users', 'u'); - $query->addField('u', 'uid', 'uid'); - $taken = $query - ->condition('name', db_like($form_state['values']['name']), 'LIKE') - ->countQuery() - ->execute() - ->fetchField(); - if ($taken != 0) { - form_set_error('name', t('The name you used belongs to a registered user.')); - } - } - elseif (variable_get('comment_anonymous_' . $node->type, COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) { - form_set_error('name', t('You have to leave your name.')); - } - - if ($form_state['values']['mail']) { - if (!valid_email_address($form_state['values']['mail'])) { - form_set_error('mail', t('The e-mail address you specified is not valid.')); - } - } - elseif (variable_get('comment_anonymous_' . $node->type, COMMENT_ANONYMOUS_MAYNOT_CONTACT) == COMMENT_ANONYMOUS_MUST_CONTACT) { - form_set_error('mail', t('You have to leave an e-mail address.')); - } - - if ($form_state['values']['homepage']) { - if (!valid_url($form_state['values']['homepage'], TRUE)) { - form_set_error('homepage', t('The URL of your homepage is not valid. Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.')); - } + // Validate anonymous comment author fields (if given). + if ($form_state['values']['is_anonymous']) { + // If the (original) author of this comment was an anonymous user, verify + // that no registered user with this name exists. + if ($form_state['values']['name']) { + $query = db_select('users', 'u'); + $query->addField('u', 'uid', 'uid'); + $taken = $query + ->condition('name', db_like($form_state['values']['name']), 'LIKE') + ->countQuery() + ->execute() + ->fetchField(); + if ($taken) { + form_set_error('name', t('The name you used belongs to a registered user.')); } } } + if ($form_state['values']['mail'] && !valid_email_address($form_state['values']['mail'])) { + form_set_error('mail', t('The e-mail address you specified is not valid.')); + } + if ($form_state['values']['homepage'] && !valid_url($form_state['values']['homepage'], TRUE)) { + form_set_error('homepage', t('The URL of your homepage is not valid. Remember that it must be fully qualified, i.e. of the form <code>http://example.com/directory</code>.')); + } } /** @@ -2110,7 +2094,7 @@ function comment_submit($comment) { $comment->created = strtotime($comment->date); $comment->changed = REQUEST_TIME; - if (!empty($comment->name) && ($account = user_load_by_name($comment->name))) { + if (!$comment->is_anonymous && !empty($comment->name) && ($account = user_load_by_name($comment->name))) { $comment->uid = $account->uid; } diff --git a/modules/comment/comment.test b/modules/comment/comment.test index 54a39bf01..ba28b6ac2 100644 --- a/modules/comment/comment.test +++ b/modules/comment/comment.test @@ -521,6 +521,16 @@ class CommentAnonymous extends CommentHelperCase { $anonymous_comment2 = $this->postComment($this->node, $this->randomName(), $this->randomName()); $this->assertTrue($this->commentExists($anonymous_comment2), t('Anonymous comment with contact info (optional) found.')); + // Ensure anonymous users cannot post in the name of registered users. + $edit = array( + 'name' => $this->admin_user->name, + 'mail' => $this->randomName() . '@example.com', + 'subject' => $this->randomName(), + 'comment_body[' . LANGUAGE_NONE . '][0][value]' => $this->randomName(), + ); + $this->drupalPost('comment/reply/' . $this->node->nid, $edit, t('Save')); + $this->assertText(t('The name you used belongs to a registered user.')); + // Require contact info. $this->drupalLogin($this->admin_user); $this->setCommentAnonymous('2'); |