Skip to content

Commit

Permalink
feat: throw an error on forum/comment double posts (#1559)
Browse files Browse the repository at this point in the history
  • Loading branch information
@wescopeland
wescopeland committed May 10, 2023
1 parent 4b7d43e commit 4878e8b
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 0 deletions.
27 changes: 27 additions & 0 deletions app_legacy/Helpers/database/forum.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,28 @@ function editTopicComment(int $commentID, string $newPayload): bool
return false;
}

function getIsForumDoublePost(
int $authorID,
int $topicID,
string $commentPayload,
): bool {
$query = "SELECT ftc.Payload, ftc.ForumTopicID
FROM ForumTopicComment AS ftc
WHERE AuthorID = :authorId
ORDER BY ftc.DateCreated DESC
LIMIT 1";

$dbResult = legacyDbFetch($query, ['authorId' => $authorID]);

$retrievedPayload = $dbResult['Payload'];
$retrievedTopicID = $dbResult['ForumTopicID'];

return
$retrievedPayload === $commentPayload
&& $retrievedTopicID === $topicID
;
}

function submitTopicComment(
string $user,
int $topicID,
Expand All @@ -278,6 +300,11 @@ function submitTopicComment(
sanitize_sql_inputs($user);
$userID = getUserIDFromUser($user);

if (getIsForumDoublePost($userID, $topicID, $commentPayload)) {
// Fail silently.
return true;
}

// Replace inverted commas, Remove HTML
$commentPayload = str_replace("'", "''", $commentPayload);
$commentPayload = str_replace("<", "&lt;", $commentPayload);
Expand Down
24 changes: 24 additions & 0 deletions app_legacy/Helpers/database/user-activity.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,25 @@ function RemoveComment(int $commentID, int $userID, int $permissions): bool
return mysqli_affected_rows($db) > 0;
}

function getIsCommentDoublePost(int $userID, array|int $articleID, string $commentPayload): bool
{
$query = "SELECT Comment.Payload, Comment.ArticleID
FROM Comment
WHERE UserID = :userId
ORDER BY Comment.Submitted DESC
LIMIT 1";

$dbResult = legacyDbFetch($query, ['userId' => $userID]);

$retrievedPayload = $dbResult['Payload'];
$retrievedArticleID = $dbResult['ArticleID'];

return
$retrievedPayload === $commentPayload
&& $retrievedArticleID === $articleID
;
}

function addArticleComment(
string $user,
int $articleType,
Expand All @@ -320,6 +339,11 @@ function addArticleComment(
return false;
}

if ($user !== "Server" && getIsCommentDoublePost($userID, $articleID, $commentPayload)) {
// Fail silently.
return true;
}

// Replace all single quotes with double quotes (to work with MYSQL DB)
// $commentPayload = str_replace( "'", "''", $commentPayload );

Expand Down

0 comments on commit 4878e8b

Please sign in to comment.