[geeklog-devel] SpamX documentation

Vincent Furia vfuria at gmail.com
Wed Jan 26 14:37:15 EST 2005


On Wed, 26 Jan 2005 20:23:02 +0100, Dirk Haun <dirk at haun-online.de> wrote:
> 
> And, to answer that question from lib-comment.php:
> 
>     // FIXME: is 'plugin=spamx' needed here?
>     echo COM_refresh($_CONF['site_url'] . '/index.php?
> msg='.$result.'&plugin=spamx');
> 
> Yes, Vinny, that parameter is needed ;-) That's something Blaine
> introduced in 1.3.10 (I think) so that plugins can display their own messages.

But what happens if another plugin uses the PLG_checkforSpam API to
remove a post?  With spamx hardcoded in the refresh link, the error
message may be problematic...  Perhaps having the plugin API return a
HTML string (i.e. a redirect) instead of having Geeklog decide where
to refresh to would be a better solution?

Actually there is another problem with the entire block of code:

    // Let plugins have a chance to check for SPAM
    $result = PLG_checkforSpam($comment, $_CONF['spamx']);    // <-- SPAMX
    // Now check the result and redirect to index.php if spam action was taken
    if ($result > 0) {
        // notice no return value here to prevent spam based denail of
service attack
        // FIXME: is 'plugin=spamx' needed here?
        echo COM_refresh($_CONF['site_url'] .
'/index.php?msg='.$result.'&plugin=spamx');  // <-- SPAMX
        exit;
    }

Notice the two references to spamx (the refresh and $_CONF['spamx']),
another plugin would have a lot of trouble using this.  I think we
should generalize this so other plugin could (conceivably) use it.

-Vinny



More information about the geeklog-devel mailing list