Hotfix 80060

Rating and comment scoring not protected against spamming.

Version
This hotfix concerns SDL Tridion 2011 SP1HR1.
Problem description
UGC currently does not have a default protection against multiple rates or comment scores from the same person. A customization on the UGC Validator will be created to fix this issue.
Hotfix description
We now ship with a number of content validators that you can switch on in the UGC configuration file to validate submitted comments and ratings. You can also create your own custom validation behavior and add it to the UGC configuration.
Distributed files
  • cd_core.jar (version 6.1.0.1043)
  • ugc_storage.jar (version 6.1.0.1043)
  • ugc_taglib.jar (version 6.1.0.1043)
  • ugc_webservice.jar (version 6.1.0.1043)
  • resources\configuration\samples\cd_ugc_conf_sample.xml
  • resources\configuration\schemas\cd_ugc_conf.xsd
  • resources\samples\ugc\DoubleCommentingValidator.java
  • resources\samples\ugc\DoubleCommentVotingValidator.java
  • resources\samples\ugc\DoubleRatingValidator.java
Installation procedure
  1. Access the Java or .Net Web application you have set up for UGC.
  2. Stop your Web application.
  3. Copy the distributed JAR files into your Web application \lib directory.
  4. Open the distributed cd_ugc_conf_sample.xml in a text editor.
  5. Copy the <ContentValidators> section into your existing cd_ugc_conf.xml file.
  6. Uncomment the relevant <ContentValidators> section and that contains UGC and the Content Delivery Web service, uncomment this content validator <Timeout> value.
    <Timeout> ValueDescription
    -1never allow multiple rating by same user on same item
    0allow unlimited rating
    greater than 0visitor is able to post next comment after timeout passes (specified in milliseconds, for example 60000=1 minute)
    <ContentValidators>
    
     	<!--control double commenting-->
        	<ContentValidator Implementation="com.tridion.ugc.validation.DoubleCommentingValidator">
        		<Timeout>60000</Timeout>
        	</ContentValidator>
    
     	<!--control double rating-->
        	<ContentValidator Implementation="com.tridion.ugc.validation.DoubleRatingValidator">
        		<Timeout>60000</Timeout>
        	</ContentValidator>
        	-->
    
     	<!--prohibit double voting on comments.-->
        	<ContentValidator Implementation="com.tridion.ugc.taglib.validation.DoubleCommentVotingValidator"/>
    
    </ContentValidators>
  7. Save and close cd_ugc_conf.xml.
  8. Start your Web application server or Web application.
Fixes included
None
Dependencies
None
See also
UGC validators