From 0005a6eec12f544ea2e22a896b0343fa4aa7c86b Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Sat, 29 May 2010 11:32:01 +0000
Subject: Bug 1705 fixed : double quotes were not escaped

git-svn-id: http://piwigo.org/svn/trunk@6423 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_comment.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/functions_comment.inc.php')

diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index feec4d25c..454895832 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -158,7 +158,7 @@ INSERT INTO '.COMMENTS_TABLE.'
   VALUES (
     "'.$comm['author'].'",
     '.$comm['author_id'].',
-    "'.$comm['content'].'",
+    "'.pwg_db_real_escape_string($comm['content']).'",
     NOW(),
     "'.($comment_action=='validate' ? 'true':'false').'",
     '.($comment_action=='validate' ? 'NOW()':'NULL').',
-- 
cgit v1.2.3