Changeset 1744 for trunk/include/picture_comment.inc.php
- Timestamp:
- Jan 23, 2007, 2:22:52 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/picture_comment.inc.php
r1737 r1744 31 31 */ 32 32 33 if (!function_exists('hash_hmac'))34 {35 function hash_hmac($algo, $data, $key, $raw_output=false)36 {37 /* md5 and sha1 only */38 $algo=strtolower($algo);39 $p=array('md5'=>'H32','sha1'=>'H40');40 if ( !isset($p[$algo]) or !function_exists($algo) )41 {42 $algo = 'md5';43 }44 if(strlen($key)>64) $key=pack($p[$algo],$algo($key));45 if(strlen($key)<64) $key=str_pad($key,64,chr(0));46 47 $ipad=substr($key,0,64) ^ str_repeat(chr(0x36),64);48 $opad=substr($key,0,64) ^ str_repeat(chr(0x5C),64);49 50 $ret = $algo($opad.pack($p[$algo],$algo($ipad.$data)));51 if ($raw_output)52 {53 $ret = pack('H*', $ret);54 }55 return $ret;56 }57 }58 59 33 //returns string action to perform on a new comment: validate, moderate, reject 60 34 function user_comment_check($action, $comment, $picture) … … 167 141 $key = explode(':', @$_POST['key']); 168 142 if ( count($key)!=2 169 or $key[0]>time() or $key[0]<time()-1800 // 30 minutes expiration 143 or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago 144 or $key[0]<time()-3600 // 60 minutes expiration 170 145 or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1] 171 146 ) … … 258 233 else 259 234 { 235 set_status_header(403); 260 236 $template->assign_block_vars('information', 261 237 array('INFORMATION'=>l10n('comment_not_added') ) … … 355 331 $key = time(); 356 332 $key .= ':'.hash_hmac('md5', $key, $conf['secret_key']); 333 $content = ''; 334 if ('reject'===@$comment_action) 335 { 336 $content = htmlspecialchars($comm['content']); 337 } 357 338 $template->assign_block_vars('comments.add_comment', 358 339 array( 359 'key' => $key 340 'KEY' => $key, 341 'CONTENT' => $content 360 342 )); 361 343 // display author field if the user is not logged in
Note: See TracChangeset
for help on using the changeset viewer.