]> git.mjollnir.org Git - s9y.git/commitdiff
projects / s9y.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 64c0d53)
Only use 255/200 characters of HTTP user agent/referer strings, more don't fit into...
authorgarvinhicking <garvinhicking>
Wed, 25 Apr 2007 10:00:36 +0000 (10:00 +0000)
committergarvinhicking <garvinhicking>
Wed, 25 Apr 2007 10:00:36 +0000 (10:00 +0000)
include/functions_comments.inc.php patch | blob | history
plugins/serendipity_event_karma/serendipity_event_karma.php patch | blob | history
plugins/serendipity_event_spamblock/serendipity_event_spamblock.php patch | blob | history
plugins/serendipity_event_statistics/serendipity_event_statistics.php patch | blob | history

diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php
index 0d0a982ba25a2adb6e1470d7034d680abc3c0734..e220566b50d4d37081d5493ee7e7e64ff58559aa 100644 (file)
--- a/include/functions_comments.inc.php
+++ b/include/functions_comments.inc.php
@@ -556,7 +556,7 @@ function serendipity_saveComment($id, $commentInfo, $type = 'NORMAL', $source =
         $parentid      = (isset($commentInfo['parent_id']) && is_numeric($commentInfo['parent_id'])) ? $commentInfo['parent_id'] : 0;
         $status        = serendipity_db_escape_string(isset($commentInfo['status']) ? $commentInfo['status'] : (serendipity_db_bool($ca['moderate_comments']) ? 'pending' : 'approved'));
         $t             = serendipity_db_escape_string(isset($commentInfo['time']) ? $commentInfo['time'] : time());
-        $referer       = (isset($_SESSION['HTTP_REFERER']) ? serendipity_db_escape_string($_SESSION['HTTP_REFERER']) : '');
+        $referer       = substr((isset($_SESSION['HTTP_REFERER']) ? serendipity_db_escape_string($_SESSION['HTTP_REFERER']) : ''), 0, 200);
 
         $query = "SELECT a.email, e.title, a.mail_comments, a.mail_trackbacks
                  FROM {$serendipity['dbPrefix']}entries e, {$serendipity['dbPrefix']}authors a
diff --git a/plugins/serendipity_event_karma/serendipity_event_karma.php b/plugins/serendipity_event_karma/serendipity_event_karma.php
index 75071ab6dbb1c8cdf8ac882a96729cb7efc59442..9685f515c38904bd348142f2346c5cf79cca87ba 100644 (file)
--- a/plugins/serendipity_event_karma/serendipity_event_karma.php
+++ b/plugins/serendipity_event_karma/serendipity_event_karma.php
@@ -339,7 +339,7 @@ class serendipity_event_karma extends serendipity_event
                           $this->karmaId,
                           $this->karmaVoting,
                           serendipity_db_escape_string($_SERVER['REMOTE_ADDR']),
-                          serendipity_db_escape_string($_SERVER['HTTP_USER_AGENT']),
+                          substr(serendipity_db_escape_string($_SERVER['HTTP_USER_AGENT']), 0, 255),
                           $now
                         );
                         $sql = serendipity_db_query($q);
diff --git a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
index 48068faea418651130370a82a334e39740c2901f..7be21e6f449deb2b51fa75ee7334890647d859e0 100644 (file)
--- a/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
+++ b/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php
@@ -1356,9 +1356,9 @@ var $filter_defaults;
                            serendipity_db_escape_string($comment['name']),
                            serendipity_db_escape_string($comment['email']),
                            serendipity_db_escape_string($comment['url']),
-                           serendipity_db_escape_string($_SERVER['HTTP_USER_AGENT']),
+                           substr(serendipity_db_escape_string($_SERVER['HTTP_USER_AGENT']), 0, 255),
                            serendipity_db_escape_string($_SERVER['REMOTE_ADDR']),
-                           serendipity_db_escape_string(isset($_SESSION['HTTP_REFERER']) ? $_SESSION['HTTP_REFERER'] : $_SERVER['HTTP_REFERER']),
+                           substr(serendipity_db_escape_string(isset($_SESSION['HTTP_REFERER']) ? $_SESSION['HTTP_REFERER'] : $_SERVER['HTTP_REFERER']), 0, 255),
                            serendipity_db_escape_string($comment['comment'])
                 );
 
diff --git a/plugins/serendipity_event_statistics/serendipity_event_statistics.php b/plugins/serendipity_event_statistics/serendipity_event_statistics.php
index bcebeac3b27182b6540e27737c8ce933b284e68d..d5969e583483cf9975fb17cb4d80907b4af42076 100644 (file)
--- a/plugins/serendipity_event_statistics/serendipity_event_statistics.php
+++ b/plugins/serendipity_event_statistics/serendipity_event_statistics.php
@@ -131,10 +131,10 @@ class serendipity_event_statistics extends serendipity_event
                             $remoteaddr = $_SERVER['REMOTE_ADDR'];
                         }
                         if ($_SERVER['HTTP_USER_AGENT']) {
-                            $useragent = $_SERVER['HTTP_USER_AGENT'];
+                            $useragent = substr($_SERVER['HTTP_USER_AGENT'], 0, 255);
                         }
                         if ($_SERVER['HTTP_REFERER']) {
-                            $referer = $_SERVER['HTTP_REFERER'];
+                            $referer = substr($_SERVER['HTTP_REFERER'], 0, 255);
                         }
                             
                         $found = 0;
import of upstream's svn repo, along with my own branches