diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-04-04 07:07:45 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-04-04 07:07:45 +0000 |
| commit | 4c3fe45fe93ade54513c8fdebde64e27b459e6b0 (patch) | |
| tree | adf06f8ed1dc4ecd075711339c2a653c020e965b /modules | |
| parent | 4a1059524861e96b24ff09211f62bf9d9257ccb1 (diff) | |
| download | brdo-4c3fe45fe93ade54513c8fdebde64e27b459e6b0.tar.gz brdo-4c3fe45fe93ade54513c8fdebde64e27b459e6b0.tar.bz2 | |
#56942: Comment cids should belong to the associated nid
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/comment.module | 5 | ||||
| -rw-r--r-- | modules/comment/comment.module | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/modules/comment.module b/modules/comment.module index 4c566c923..494492bb9 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -493,6 +493,11 @@ function comment_reply($nid, $pid = NULL) { // else, we'll just show the user the node they're commenting on. if ($pid) { if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED))) { + if ($comment->nid != $nid) { + // Attempting to reply to a comment not belonging to the current nid. + drupal_set_message(t('The comment you are replying to does not exist.'), 'error'); + drupal_goto("node/$nid"); + } $comment = drupal_unpack($comment); $comment->name = $comment->uid ? $comment->registered_name : $comment->name; $output .= theme('comment_view', $comment); diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 4c566c923..494492bb9 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -493,6 +493,11 @@ function comment_reply($nid, $pid = NULL) { // else, we'll just show the user the node they're commenting on. if ($pid) { if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED))) { + if ($comment->nid != $nid) { + // Attempting to reply to a comment not belonging to the current nid. + drupal_set_message(t('The comment you are replying to does not exist.'), 'error'); + drupal_goto("node/$nid"); + } $comment = drupal_unpack($comment); $comment->name = $comment->uid ? $comment->registered_name : $comment->name; $output .= theme('comment_view', $comment); |