| 2.7.6 - Tread Rating Enables Javascript for Non-Moderators. [message #35642] |
Fri, 26 January 2007 21:33  |
Bubba
Messages: 5
Registered: December 2006
Karma:
|
Junior Member |
|
|
I'm using FUDForum 2.7.6 w/ ratings displayed at top of template msg and tree. When non-moderator users rate a thread, ratethread.php enables javascript to moderate ratings. While this is harmless as opened window results in "Invalid URL" error, when "OK" is clicked, secondary window reloads forum resulting in bad user experience.
Here's the offending code and possible solution.
File: src/ratethread.php.t
ISSUE:
if ($is_a) {
$MOD = 1;
} else {
$MOD = q_singleval('SELECT m.id FROM {SQL_TABLE_PREFIX}thread t INNER JOIN {SQL_TABLE_PREFIX}mod m ON m.forum_id=t.forum_id WHERE t.id='.$th);
}
$MOD is 1 for Admins or row id of thread moderator.
When {TEMPLATE: thread_rating} is evaluated, JS is enabled.
{MAIN_SECTION: thread_rating}
({IF: $MOD}<a href="javascript://" onClick="javascript: window_open(\'{FULL_ROOT}{ROOT}?t=ratingtrack&{DEF: _rsid}&th={VAR: frm->id}\', \'th_rating_track\', 300, 400);">{ENDIFI}<img src="{THEME_IMAGE_ROOT}/{VAR: frm->rating}stars.gif" title="{MSG: topic_rating}" />{IF: $MOD}</a>{ENDIFI}) {MSG: vote}
{MAIN_SECTION: END}
Possible Fix:
if ($is_a) {
$MOD = 1;
} else {
$mod_id = q_singleval('SELECT m.user_id FROM {SQL_TABLE_PREFIX}thread t INNER JOIN {SQL_TABLE_PREFIX}mod m ON m.forum_id=t.forum_id WHERE t.id='.$th);
$MOD = ($mod_id === _uid);
}
Hope this helps.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]