Introducing Diskuto - an embeddable comment system
cym13 via Digitalmars-d-announce
digitalmars-d-announce at puremagic.com
Fri Mar 17 08:42:39 PDT 2017
On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:
> Am 14.03.2017 um 21:56 schrieb Daniel Kozak via
> Digitalmars-d-announce:
>> Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce
>> napsal(a):
>>>
>>> Did you delete the comments yourself? The time limit for
>>> deletion/editing currently isn't enforced on the server
>>> (ticket
>>> already open), so anyone can delete their own tickets
>>> currently at any
>>> time.
>>>
>>> I've noted the other issues and will tackle those tomorrow.
>> I have deleted not only my comments, I can delete enyone
>> comment
>
> Okay, that was supposed to be implemented before 1.0.0, but
> then I forgot about it:
> https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107
You'll also want a CSRF token for that, checking that the user is
the author isn't enough.
More information about the Digitalmars-d-announce
mailing list