From dcb693ba54ce7ba3e9472662ff3d51af27088bdb Mon Sep 17 00:00:00 2001 From: mariohommel Date: Fri, 30 Mar 2018 11:04:21 +0200 Subject: [PATCH] Generating token for comment moderation in a global function now. --- include/functions_comments.inc.php | 34 +++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php index 700a790f..9413e89f 100644 --- a/include/functions_comments.inc.php +++ b/include/functions_comments.inc.php @@ -1141,16 +1141,9 @@ function serendipity_sendComment($comment_id, $to, $fromName, $fromEmail, $fromU // Check for using Tokens if ($serendipity['useCommentTokens']) { - $token = md5(uniqid(rand(),1)); + $token = serendipity_generateCToken($comment_id); $path = $path . "_token_" . $token; - //Delete any comment tokens older than 1 week. - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options - WHERE okey LIKE 'comment_%' AND name < " . (time() - 604800) ); - - // Issue new comment moderation hash - serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) - VALUES ('" . time() . "', '" . $token . "', 'comment_" . $comment_id ."')"); } $deleteURI = serendipity_rewriteURL(PATH_DELETE . '/'. $path .'/' . $comment_id . '/' . $id . '-' . serendipity_makeFilename($title) . '.html', 'baseURL'); @@ -1221,3 +1214,28 @@ function serendipity_sendComment($comment_id, $to, $fromName, $fromEmail, $fromU return serendipity_sendMail($to, $subject, $text, $fromEmail, null, $fromName); } + +/** + * Generates a token for E-Mail moderation of comments + * and stores it in the database + * + * @access public + * @param int ID of the comment to generate the token for + * @return string The generated token + */ +function serendipity_generateCToken($cid) { + + global $serendipity; + + $ctoken = md5(uniqid(rand(),1)); + + //Delete any comment tokens older than 1 week. + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options + WHERE okey LIKE 'comment_%' AND name < " . (time() - 604800) ); + + // Issue new comment moderation hash + serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) + VALUES ('" . time() . "', '" . $ctoken . "', 'comment_" . $cid ."')"); + return $ctoken; + +} \ No newline at end of file