an exploit has been demonstrated by somebody on my (and another server) by a "proof of concept" attack
here is the patch you need to prevent people from posting in any section they want:
diff commentary.php ../../core/lib/commentar
84,91c84
< else {
< //here we have the request to add a comment with content... check if the section is right, else somebody tries to inject somewhere else
< if (rawurldecode(httpget('section'))!=$section) {
< output("`\$Please post in the section you should!");
< } else {
< injectcommentary($section, $talkline, $comment, $schema);
< }
< }
---
> else injectcommentary($section, $talkline, $comment, $schema);
556c549
< $req = comscroll_sanitize($REQUEST_URI)."&comment=1§ion=".rawurlencode($section);
---
> $req = comscroll_sanitize($REQUEST_URI)."&comment=1";
