Closed Bug 291297 Opened 21 years ago Closed 21 years ago

Improve Report Comments

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect)

Product:
addons.mozilla.org Graveyard
Component:
Public Pages
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: cso, Assigned: cso)

References

(
URL
)

Details

Attachments

(1 file, 2 obsolete files)

Patch v3
7.79 KB, patch
morgamic
: first-review+
Details | Diff | Splinter Review
Currently, report comments keeps getting spammed presumably due to spidering. The following patch removes the JavaScript prompt, and makes a user confirm they want to report the comment on a seperate page - this should hopefully cut down on the spamming of reporting comments.
Attached patch Patch v1 (obsolete) — Splinter Review
Patch as described.
Attachment #181412 - Flags: first-review?(mike.morgan)
Attached patch Patch v2 (obsolete) — Splinter Review
As before, but with spaces instead of tabs.
Attachment #181412 - Attachment is obsolete: true
Attachment #181413 - Flags: first-review?(mike.morgan)
Attachment #181412 - Flags: first-review?(mike.morgan)
Comment on attachment 181413 [details] [diff] [review] Patch v2 Not all inputs are properly escaped: + $sql = "UPDATE `feedback` SET `flag`='YES' WHERE `CommentID`='".$commentid."' LIMIT 1"; It would be cleaner to assign commentid and id just once, and when you do it, escape both since they will be used in the queries. Everything else looked fine. Just double check that all vars are escaped and post an updated patch. Thanks, Colin. :)
Attachment #181413 - Flags: first-review?(mike.morgan) → first-review-
(In reply to comment #3) > (From update of attachment 181413 [details] [diff] [review] [edit]) > Not all inputs are properly escaped: > > + $sql = "UPDATE `feedback` SET `flag`='YES' WHERE > `CommentID`='".$commentid."' LIMIT 1"; Fixed, will post a new patch when I get a chance. > It would be cleaner to assign commentid and id just once, and when you do it, > escape both since they will be used in the queries. > > Everything else looked fine. Just double check that all vars are escaped and > post an updated patch. Thanks, Colin. :) If you mean the fact its assigned twice from $_GET and $_POST depending, then I prefer this method to using $_REQUEST, incase a server is misconfigured.
Summary: Improve Report Comments → Improve Report Comments
Attached patch Patch v3Splinter Review
v3
Attachment #181413 - Attachment is obsolete: true
Attachment #181455 - Flags: first-review?(mike.morgan)
Comment on attachment 181455 [details] [diff] [review] Patch v3 Looks good - Thanks Colin.
Attachment #181455 - Flags: first-review?(mike.morgan) → first-review+
Pushed - will be live after next update.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: