stephanbrunker
commented
4 years ago I have reproduced the issue with a copy of the current master, have to run my debugger to find the cause.
Closed ddeimeke closed 4 years ago
stephanbrunker
commented
4 years ago I have reproduced the issue with a copy of the current master, have to run my debugger to find the cause.
stephanbrunker
commented
4 years ago The cause is simple: the routing checks $serendipity['authedUser'] and that didn't change … like forever. So, you need an active, logged in session in your browser for the link to work. It would be possible to change the link that it includes a token which allows to approve without logging in, if that is considered acceptable from the security point of view.
th-h
commented
4 years ago The cause is simple: the routing checks $serendipity['authedUser'] and that didn't change … like forever. So, you need an active, logged in session in your browser for the link to work. It would be possible to change the link that it includes a token which allows to approve without logging in, if that is considered acceptable from the security point of view.
We already have that, and I thought that's what @ddeimeke referred to. That's controlled by the "Use Tokens for Comment Moderation?" setting in Config > General Settings. ("Schnelle Kommentar-Moderation verwenden?" in German.) If that is set to true, tokens should be generated, and clicking on those tokenized links should work without being logged in.
In current stable (i.e. 2.3.5), it does work that way; I use that regularly.
Perhaps you could check wether those tokenized links still work in current master? If that's the case, I think this unreproducible.
stephanbrunker
commented
4 years ago Check complete. It does work as intended, I just didn't remember the option and overlooked the line serendipity_checkCommentTokenModeration($uri) in the index.php . On the other hand, I don't know if the notification for the successful approving is working as intended. It displays just a blank page and the line
Kommentar #482 wurde erfolgreich bewilligt.
That should be solved nicer, but I cannot rule out the possibility that this is the consequence of my fiddling in the routing for the subscription. It should display the entries.tpl where a variable shows the notification.
PS: It looks that this one is in disarray, because the checkCommentTokenModeration() function doesn't return to the index.php for display the serendipity framework. It sends a plain/text header, echoes the message and exits. So, I am going to unify all the notifications.
My system runs the current development version of Serendipity. All comments in the blog are forwarded to my mail address, due to antispam measures, some of them get an "Aprroval necessary" (Bewilligung notwendig). In this is email I find a link wich allows me to approve it (Kommentar bewilligen) and it used to work fine. But it does not work anymore. Any ideas?