aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/functions_session.inc.php2
-rw-r--r--include/picture_comment.inc.php7
-rw-r--r--picture.php17
3 files changed, 14 insertions, 12 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 411b374bf..b4ee2d183 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -141,7 +141,7 @@ function pwg_session_write($session_id, $data)
$query = '
REPLACE INTO '.SESSIONS_TABLE.'
(id,data,expiration)
- VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
+ VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.str_replace("'", "\'", $data).'\',now())
;';
pwg_query($query);
return true;
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 0273e7b71..70e2c7e95 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -228,16 +228,11 @@ SELECT
if ($show_add_comment_form)
{
$key = get_ephemeral_key(3, $page['image_id']);
- $content = '';
- if ('reject'===@$comment_action)
- {
- $content = htmlspecialchars( stripslashes($comm['content']) );
- }
$template->assign('comment_add',
array(
'F_ACTION' => $url_self,
'KEY' => $key,
- 'CONTENT' => $content,
+ 'CONTENT' => null,
'SHOW_AUTHOR' => !is_classic_user()
));
}
diff --git a/picture.php b/picture.php
index bcc1a2939..015c65de5 100644
--- a/picture.php
+++ b/picture.php
@@ -320,6 +320,7 @@ UPDATE '.USER_CACHE_CATEGORIES_TABLE.'
include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
$author_id = get_comment_author_id($_GET['comment_to_edit']);
+
if (can_manage_comment('edit', $author_id))
{
if (!empty($_POST['content']))
@@ -333,21 +334,27 @@ UPDATE '.USER_CACHE_CATEGORIES_TABLE.'
$_POST['key']
);
+ $perform_redirect = false;
switch ($comment_action)
{
case 'moderate':
- array_push($page['infos'], l10n('An administrator must authorize your comment before it is visible.'));
+ $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
case 'validate':
- array_push($page['infos'], l10n('Your comment has been registered'));
+ $_SESSION['page_infos'][] = l10n('Your comment has been registered');
+ $perform_redirect = true;
break;
case 'reject':
- set_status_header(403);
- array_push($page['errors'], l10n('Your comment has NOT been registered because it did not pass the validation rules'));
+ $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
+ $perform_redirect = true;
break;
default:
trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
}
-
+
+ if ($perform_redirect)
+ {
+ redirect($url_self);
+ }
unset($_POST['content']);
break;
}