1.7.1 – comment force check issue

I have been testing comments in 1.7.1 this evening and found an issue with the changes to gm-comments.cgi where you can specify that comments are forced through a preview and then a random string is generated to ask the user to enter it before the post is made to avoid some of the comment spam. This code is shown between lines 155 and 172:


if ( ($IN{‘gmpostpreview’} ne “”) || ($IN{‘gmpostpreview.x’} ne “”) ) {
} else {
if( $commentforcepreview eq Gm_Constants::YES && !exists( $IN{‘postit’} ) ){
## if force preview, check if var ‘postit’ only found on preview page
}if( $commentverify eq ‘static’ || $commentverify eq ‘random’ ){
## if force preview, check if var ‘postit’ only found on preview page


The logic is that a user can press preview or submit, either way now if force preview is set the user previews the comment. The forceverify function is supposed to then display a random number for the user to enter and if this is successful then the comment is posted.

The issue is that the hidden value “postit” is never set. To fix this add the following line:


<INPUT TYPE=HIDDEN NAME=”postit” VALUE=”postit” />

to the “Confirmation Form Template” at the end just above the:



line. My tests showed this to work.

That is weird, because if you look at the function that prints the page with the random string, I use a hidden field in the form for postit, at around line 768 of gm-comments:


$userMessage .= ‘<INPUT TYPE=HIDDEN NAME=”postit” VALUE=”postit”>’.”\n”;

I thought I had tested this case, but will investigate when I get a chance.

Sorry I missed out a vital bit of information in my last post.

The issue before I made the fix was that I posted a comment, pressed preview and it displayed the comment nicely. I was presented with the post it button on the preview page and I pressed it. This simply dispayed the preview page again with the same button and i never got the string to enter screen generated by gm_forceverify.

The code line you mention is in the gm_forceverify function. This function is never called though as if you see the code section i pasted in this thread, you get to the gm_previewcomment function and it displays the preview and then asks you to post the comment. This function (gm_previewcomment) doesnt set the hidden name “postit” with the value “postit” so you end up back in gm_previewcomment again – in a loop..

My fix was to set the hidden name “postit” in the preview template so that it gets set the first time you preview so that next time through the code you end up in gm_forceverify.

I think I got whats causing this confusion.

I started with the 1.3.1 templates, and for the “Confirmation Form Template” they use this code for the submit button:


<input type=”submit” name=”postit” value=”Post It” />

I am guessing your button did not? Your solution works as well as making sure the ‘name’ attribute from above is “postit”.

Thanks for tour feedback on this one. I started with 1.3.0 and my template didnt have the name=”postit” set for the button. I guess we ought to update the documentation to advise people to update this template or do it automatically but that could be problematic!

Yeah, I wasn’t sure how to do it automatically, I was just hopeing that everyone had postit in the template (oh silly me).

I was thinking that I could make a note in the config blurb to tell people about this, otherwise, not sure where the documentation for this would go?