In my website comments get paginated after more than 90 comments are posted. If the user try to go to the second comments page the page loads but there is no comments. If the user tries to go back using 'previous' link he gets the list of emails for the new comments (security hole).

To reproduce:

1. This a website with Indic characters. Don't panic. You just need to click the pagination pages.

2. Go to this page: http://www.sachalayatan.com/sondesh/37081. At the time of this writing there were 94 comments. So the second page should have four comments.

3. Scroll down. At the bottom of the page, you will see ১ for page 1, ২ for page 2 and 'পরবর্তী ›' for 'Next >' and 'সর্বশেষ »' for 'Last »'. Click the link for next or 2. The link is 'http://www.sachalayatan.com/sondesh/37081?page=1'

4. The node reloads but there is no comment. (BUG 1)

5. Now scroll down. You will see '« সর্বপ্রথম' is for '« First', '‹ পূর্ববর্তী' is for '< Previous' and ১ for page 1, ২ for page 2. Click 1 or the previous link. It points to http://www.sachalayatan.com/ajax_comments/js_load_thread/37081.

6. The page now shows the email addresses of remaining four comments. (BUG 2). This is a serious problem considering the fact that the email addresses are actually hidden from the guest users.

Comments

udvranto’s picture

udvranto commented

Is there any fix? Can I turn off the ajax comments pagination?

udvranto’s picture

udvranto commented

This is happens only for the middle pages. The page 1 and page N (last page) works fine. The page 2 to N-1 causes the problem.

qzmenko’s picture

qzmenko
Primary language Russian
Location Novosibirsk
commented
Issue summary: View changes
Status: Active » Closed (outdated)

Issue is closed because 6.x version is unsupported. Feel free to open new issue for 7.x or 8.x versions of module.