Index: trunk/CHANGELOG
===================================================================
--- trunk/CHANGELOG	(revision 593)
+++ trunk/CHANGELOG	(revision 594)
@@ -11,6 +11,9 @@
 ! = Update/Change
 
 ------------------------------------- 2.7.0 -------------------------------------
+25-Jan-2008 Thomas Hornik
+#	module news: it was possible to post comments to postings with commenting disabled
+	or to inactive postings. Fixed
 24-Jan-2008 Thomas Hornik
 !	Generate filename in pages/ from page_title instead of menu_title.
 24-Jan-2008 Christian Sommer
Index: trunk/wb/modules/news/comment.php
===================================================================
--- trunk/wb/modules/news/comment.php	(revision 593)
+++ trunk/wb/modules/news/comment.php	(revision 594)
@@ -62,6 +62,20 @@
 	define('SECTION_ID', $section_id);
 	define('POST_ID', $post_id);
 	define('POST_TITLE', $post_title);
+	
+	// don't allow commenting if its disabled, or if post or group is inactive
+	$table_posts = TABLE_PREFIX."mod_news_posts";
+	$table_groups = TABLE_PREFIX."mod_news_groups";
+	$query = $database->query("
+		SELECT p.post_id
+		FROM $table_posts AS p LEFT OUTER JOIN $table_groups AS g ON p.group_id = g.group_id
+		WHERE p.post_id='$post_id' AND p.commenting != 'none' AND p.active = '1' AND ( g.active IS NULL OR g.active = '1' )
+	");
+	if($query->numRows() == 0) {
+		header("Location: ".WB_URL.PAGES_DIRECTORY."");
+		exit(0);
+	}
+
 	// Get page details
 	$query_page = $database->query("SELECT parent,page_title,menu_title,keywords,description,visibility FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");
 	if($query_page->numRows() == 0) {
@@ -77,4 +91,4 @@
 }
 
 
-?>
\ No newline at end of file
+?>