diff options
| author | nikrou <nikrou@piwigo.org> | 2009-06-23 21:18:16 +0000 |
|---|---|---|
| committer | nikrou <nikrou@piwigo.org> | 2009-06-23 21:18:16 +0000 |
| commit | 64c872a83e726ec4d298be479b57dae13fb2c0c6 (patch) | |
| tree | 6478da0a8067f078905038c312767690b440487c /comments.php | |
| parent | 1ce50505e4b9a6b533146e70902a7e426fd872a7 (diff) | |
Feature 1026 step 2 :
add author_id column so that guest cannot modify old users comments
git-svn-id: http://piwigo.org/svn/trunk@3450 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'comments.php')
| -rw-r--r-- | comments.php | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/comments.php b/comments.php index 048e8d692..f5147e1b4 100644 --- a/comments.php +++ b/comments.php @@ -100,7 +100,9 @@ if (isset($_GET['cat']) and 0 != $_GET['cat']) // search a particular author if (isset($_GET['author']) and !empty($_GET['author'])) { - $page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\''; + $page['where_clauses'][] = + 'u.username = \''.addslashes($_GET['author']).'\' + OR author = \''.addslashes($_GET['author']).'\''; } // search a substring among comments content @@ -261,10 +263,12 @@ else } $query = ' -SELECT COUNT(DISTINCT(id)) +SELECT COUNT(DISTINCT(com.id)) FROM '.IMAGE_CATEGORY_TABLE.' AS ic INNER JOIN '.COMMENTS_TABLE.' AS com ON ic.image_id = com.image_id + LEFT JOIN '.USERS_TABLE.' As u + ON u.id = com.author_id WHERE '.implode(' AND ', $page['where_clauses']).' ;'; @@ -295,12 +299,16 @@ SELECT com.id AS comment_id , com.image_id , ic.category_id , com.author + , com.author_id + , username , com.date , com.content , com.validated FROM '.IMAGE_CATEGORY_TABLE.' AS ic - INNER JOIN '.COMMENTS_TABLE.' AS com + INNER JOIN '.COMMENTS_TABLE.' AS com ON ic.image_id = com.image_id + LEFT JOIN '.USERS_TABLE.' AS u + ON u.id = com.author_id WHERE '.implode(' AND ', $page['where_clauses']).' GROUP BY comment_id @@ -366,10 +374,17 @@ SELECT id, name, permalink, uppercats ) ); - $author = $comment['author']; - if (empty($comment['author'])) + if (!empty($comment['author'])) + { + $author = $comment['author']; + if ($author == 'guest') + { + $author = l10n('guest'); + } + } + else { - $author = l10n('guest'); + $author = $comment['username']; } $tpl_comment = @@ -382,7 +397,7 @@ SELECT id, name, permalink, uppercats 'CONTENT'=>trigger_event('render_comment_content',$comment['content']), ); - if (can_manage_comment('delete', $comment['author'])) + if (can_manage_comment('delete', $comment['author_id'])) { $url = get_root_url().'comments.php' .get_query_string_diff(array('delete','validate','edit')); @@ -391,7 +406,7 @@ SELECT id, name, permalink, uppercats array('delete'=>$comment['comment_id']) ); } - if (can_manage_comment('edit', $comment['author'])) + if (can_manage_comment('edit', $comment['author_id'])) { $url = get_root_url().'comments.php' .get_query_string_diff(array('edit', 'delete','validate')); |