Changeset 2393 for branches/release-38/lib/MT/App/Comments.pm

Timestamp:

05/19/08 19:10:48 (19 months ago)

Author:

bchoate

Message:

Better handling for case where blog cookie and app session are out of sync. BugId:79508

Files:

• branches/release-38/lib/MT/App/Comments.pm (modified) (5 diffs)

branches/release-38/lib/MT/App/Comments.pm

@@ -114 +114 @@
     my $session_key;
 
-    if (my $blog_id = $q->param('blog_id')) {
-        if (my $blog = MT::Blog->load($blog_id)) {
-            my $auths = $blog->commenter_authenticators || '';
-            if ( $auths =~ /MovableType/ ) {
-                # First, check for a real MT user login. If one exists,
-                # return that as the commenter identity
-                my ($user, $first_time) = $app->SUPER::login();
-                if ( $user ) {
-                    my $sess = $app->session;
-                    return ( $sess->id, $user );
-                }
+    my $blog = $app->blog;
+    if ($blog) {
+        my $auths = $blog->commenter_authenticators || '';
+        if ( $auths =~ /MovableType/ ) {
+            # First, check for a real MT user login. If one exists,
+            # return that as the commenter identity
+            my ($user, $first_time) = $app->SUPER::login();
+            if ( $user ) {
+                my $sess = $app->session;
+                return ( $sess->id, $user );
             }
         }
@@ -149 +148 @@
       )
     {
-        $app->log("session is invalid; sess_obj = $sess_obj; key = $session_key; user_id = $user_id; user = $user");
         $app->_invalidate_commenter_session( \%cookies );
         return ( undef, undef );
@@ -858 +856 @@
         return $app->handle_error(
             $app->translate("Comment text is required.") );
+    }
+
+    # validate session parameter
+    if ( my $sid = $q->param('sid') ) {
+        my ( $session, $commenter ) = $app->_get_commenter_session();
+        if ( $session && $commenter && ( $session eq $sid ) ) {
+            # well, everything is okay
+        } else {
+            return $app->handle_error(
+                $app->translate("Your session has expired. Please sign in again to comment.")
+            );
+        }
     }
 
@@ -1446 +1456 @@
     if ( $blog_id && $blog ) {
         my ( $session, $commenter ) = $app->_get_commenter_session();
-use Data::Dumper;
         if ( $session && $commenter ) {
             my $blog_perms = $commenter->blog_perm($blog_id);
@@ -1467 +1476 @@
             my $can_post = ($blog_perms && $blog_perms->can_create_post) ? "1" : "0";
             $c = {
+                sid => $sessobj->id,
                 name => $commenter->nickname,
                 url => $commenter->url,