Bugfix: the number of successful passes for an anti-spam "hash" was often incorrectly incremented

This commit is contained in:
Michael Save 2012-05-07 23:51:15 +10:00
parent 46f7ec1a94
commit ad220b725d
2 changed files with 19 additions and 10 deletions

View File

@ -243,22 +243,24 @@ function checkSpam(array $extra_salt = array()) {
if ($hash != $_hash)
return true;
$query = prepare('UPDATE `antispam` SET `passed` = `passed` + 1 WHERE `hash` = :hash');
$query = prepare('SELECT `passed` FROM `antispam` WHERE `hash` = :hash');
$query->bindValue(':hash', $hash);
$query->execute() or error(db_error($query));
if ($query->rowCount() == 0) {
if (($passed = $query->fetchColumn(0)) === false) {
// there was no database entry for this hash. most likely expired.
return true;
}
$query = prepare('SELECT `passed` FROM `antispam` WHERE `hash` = :hash');
$query->bindValue(':hash', $hash);
$query->execute() or error(db_error($query));
$passed = $query->fetchColumn(0);
if ($passed > $config['spam']['hidden_inputs_max_pass'])
return true;
return false;
return $hash;
}
function incrementSpamHash($hash) {
$query = prepare('UPDATE `antispam` SET `passed` = `passed` + 1 WHERE `hash` = :hash');
$query->bindValue(':hash', $hash);
$query->execute() or error(db_error($query));
}

View File

@ -212,8 +212,11 @@ if (isset($_POST['delete'])) {
error($config['error']['noaccess']);
}
if (!$post['mod'] && checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null)))
if (!$post['mod']) {
$post['antispam_hash'] = checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null));
if ($post['antispam_hash'] === true)
error($config['error']['spam']);
}
if ($config['robot_enable'] && $config['robot_mute']) {
checkMute();
@ -526,6 +529,10 @@ if (isset($_POST['delete'])) {
$id = post($post);
if (isset($post['antispam_hash'])) {
incrementSpamHash($post['antispam_hash']);
}
if (isset($post['tracked_cites'])) {
foreach ($post['tracked_cites'] as $cite) {
$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');