php · derickr · Aug 1, 2024 · Jul 20, 2024 · Jul 20, 2024 · Jul 20, 2024
diff --git a/www/bug.php b/www/bug.php
@@ -210,11 +210,10 @@
     // Check if session answer is set, then compare it with the post captcha value.
     // If it's not the same, then it's an incorrect password.
     if (!$logged_in) {
-        if (!isset($_SESSION['answer'])) {
-            $errors[] = 'Please enable cookies so the Captcha system can work';
-        } elseif ($_POST['captcha'] != $_SESSION['answer']) {
-            $errors[] = 'Incorrect Captcha';
-        }
+        response_header('Developers only');
+        display_bug_error('Only developers are allowed to comment; if you are the original reporter use the Edit tab');
+        response_footer();
+        exit;
     }
 
     $ncomment = trim($_POST['ncomment']);
@@ -719,7 +718,6 @@
 if ($bug_id !== 'PREVIEW') {
     echo '<div class="controls">', "\n",
         control(0, 'View'),
-        ($bug['private'] == 'N' ? control(3, 'Add Comment') : ''),
         control(1, 'Developer'),
         (!$email || $bug['email'] == $email? control(2, 'Edit') : ''),
         '</div>', "\n";
@@ -804,9 +802,7 @@
         <?php if (!isset($_POST['in'])) { ?>
             Welcome back! If you're the original bug submitter, here's
             where you can edit the bug or add additional notes.<br>
-            If this is not your bug, you can
-            <a href="bug.php?id=<?php echo $bug_id; ?>&amp;edit=3">add a comment by following this link</a>.<br>
-            If this is your bug, but you forgot your password, <a href="bug-pwd-finder.php?id=<?php echo $bug_id; ?>">you can retrieve your password here</a>.<br>
+            If you forgot your password, <a href="bug-pwd-finder.php?id=<?php echo $bug_id; ?>">you can retrieve your password here</a>.<br>
         <?php } ?>
 
             <table>
@@ -831,8 +827,7 @@
 ?>
         <div class="explain">
             Welcome! If you don't have a Git account, you can't do anything here.<br>
-            You can <a href="bug.php?id=<?php echo $bug_id; ?>&amp;edit=3">add a comment by following this link</a>
-            or if you reported this bug, you can <a href="bug.php?id=<?php echo $bug_id; ?>&amp;edit=2">edit this bug over here</a>.
+            If you reported this bug, you can <a href="bug.php?id=<?php echo $bug_id; ?>&amp;edit=2">edit this bug over here</a>.
             <div class="details">
                 <label for="svnuser">php.net Username:</label>
                 <input type="text" id="svnuser" name="user" value="<?php echo htmlspecialchars($user); ?>" size="10" maxlength="20">
@@ -1109,7 +1104,9 @@
 <br>
 OUTPUT;
     }
-    echo "<p><a href='patch-add.php?bug_id={$bug_id}'>Add a Patch</a></p>";
+    if ($logged_in) {
+        echo "<p><a href='patch-add.php?bug_id={$bug_id}'>Add a Patch</a></p>";
+    }
 
     $pullRequestRepository = $container->get(PullRequestRepository::class);
     $pulls = $pullRequestRepository->findAllByBugId($bug_id);
@@ -1291,5 +1288,5 @@ function control($num, $desc)
 
 function canvote($thanks, $status)
 {
-    return ($thanks != 4 && $thanks != 6 && $status != 'Closed' && $status != 'Not a bug' && $status != 'Duplicate');
+    return false;
 }
diff --git a/www/fix.php b/www/fix.php
@@ -73,8 +73,7 @@
 <?php } else { ?>
     <div class="explain">
         Welcome! If you don't have a Git account, you can't do anything here.<br>
-        You can <a href="bug.php?id=<?php echo $bug_id; ?>&amp;edit=3">add a comment by following this link</a>
-        or if you reported this bug, you can <a href="bug.php?id=<?php echo $bug_id; ?>&amp;edit=2">edit this bug over here</a>.
+        If you reported this bug, you can <a href="bug.php?id=<?php echo $bug_id; ?>&amp;edit=2">edit this bug over here</a>.
         <div class="details">
             <label for="svnuser">php.net Username:</label>
             <input type="text" id="svnuser" name="user" value="<?php echo htmlspecialchars($user) ?>" size="10" maxlength="20">

diff --git a/www/patch-add.php b/www/patch-add.php
@@ -16,6 +16,13 @@
 // Authenticate
 bugs_authenticate($user, $pw, $logged_in, $user_flags);
 
+if (!$logged_in) {
+    response_header('Developers only');
+    display_bug_error('Only developers are allowed to add patches');
+    response_footer();
+    exit;
+}
+
 $canpatch = true;
 
 /// Input vars

diff --git a/www/vote.php b/www/vote.php
@@ -3,6 +3,8 @@
 use App\Repository\BugRepository;
 use App\Repository\VoteRepository;
 
+die('Voting on tickets is disabled');
+
 // Obtain common includes
 require_once '../include/prepend.php';