diff options
| author | Eric <eric@piwigo.org> | 2009-11-18 20:07:20 +0000 |
|---|---|---|
| committer | Eric <eric@piwigo.org> | 2009-11-18 20:07:20 +0000 |
| commit | 1235bab5276f8c56ed6ba9cff46563c143c3e240 (patch) | |
| tree | 653723f35e14bcee66eeb6bad049c3b106444040 /include/picture_comment.inc.php | |
| parent | 8a299654501db00316a56efda76448a6bb3975e1 (diff) | |
Escape all login and username characters in database
Display correctly usernames
(I hope not to have made mistakes)
git-svn-id: http://piwigo.org/svn/trunk@4304 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/picture_comment.inc.php')
| -rw-r--r-- | include/picture_comment.inc.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index a0aed7a70..599f2229d 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) } $comm = array( - 'author' => trim(@$_POST['author']), - 'content' => trim($_POST['content']), + 'author' => trim( stripslashes(@$_POST['author']) ), + 'content' => trim( stripslashes($_POST['content']) ), 'image_id' => $page['image_id'], ); @@ -152,7 +152,7 @@ $validated_clause.' } else { - $author = $row['username']; + $author = stripslashes($row['username']); } $tpl_comment = |