fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2010-10-17 02:40 am
  • Add Memory
  • Share This Entry

[dw-free] Cannot approve posts in moderated communities for users on dversion 9

[commit: http://hg.dwscoalition.org/dw-free/rev/8fc08dcd6273]

http://bugs.dwscoalition.org/show_bug.cgi?id=3147

Let the system props through the second time around; we did a proper check
on them the first time (they were checked then frozen before coming into the
moderation queue)

Patch by [personal profile] exor674.

Files modified:
  • cgi-bin/ljprotocol.pl
  • htdocs/community/moderate.bml
--------------------------------------------------------------------------------
diff -r b5317034bbfe -r 8fc08dcd6273 cgi-bin/ljprotocol.pl
--- a/cgi-bin/ljprotocol.pl	Sat Oct 16 22:25:11 2010 +0800
+++ b/cgi-bin/ljprotocol.pl	Sun Oct 17 10:40:19 2010 +0800
@@ -1029,6 +1029,8 @@ sub common_event_validation
 
     ## handle meta-data (properties)
     LJ::load_props("log");
+
+    my $allow_system = $flags->{allow_system} || {};
     foreach my $pname (keys %{$req->{'props'}})
     {
         my $p = LJ::get_prop("log", $pname);
@@ -1041,7 +1043,7 @@ sub common_event_validation
 
         # This is a system logprop
         # fail with unknown metadata here?
-        if ( $p->{ownership} eq 'system' ) {
+        if ( $p->{ownership} eq 'system' && !( $allow_system == 1 || $allow_system->{$pname} ) ) {
             $pname =~ s/[^\w]//g;
             return fail($err,205,$pname);
         }
diff -r b5317034bbfe -r 8fc08dcd6273 htdocs/community/moderate.bml
--- a/htdocs/community/moderate.bml	Sat Oct 16 22:25:11 2010 +0800
+++ b/htdocs/community/moderate.bml	Sun Oct 17 10:40:19 2010 +0800
@@ -90,7 +90,13 @@ body<=
         $req->{user} = $poster->user;
         $req->{username} = $poster->user;
         if ($mode eq 'approve_do') {
-            my $res = LJ::Protocol::do_request('postevent', $req, \$prot_err, {'nomod'=>1, 'noauth'=>1});
+            # allow all system logprops
+            # we've already made sure that the original user didn't provide any system ones
+            my $res = LJ::Protocol::do_request('postevent', $req, \$prot_err, {
+                    nomod => 1,
+                    noauth => 1,
+                    allow_system => 1,
+                });
             if ($res) { # succeeded
                 $success = 1;
                 $ret .= "<?h1 $ML{'.posted.header'} h1?><?p $ML{'.posted.text'} p?>";
--------------------------------------------------------------------------------
  • Add Memory
  • Share This Entry
(0 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.