merge r6437 from trunk to branch 2.1

- do not remove slashes before calling insert_user_comment (homogeneity with update_user_comment and general use of slashes in piwigo) - when using a modifier on a non array variable use @| instead of | (generated code is simpler and faster) git-svn-id: http://piwigo.org/svn/branches/2.1@6438 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-06-01 19:56:07 +00:00 · 2010-06-01 19:56:07 +00:00 · 663c13f39a
commit 663c13f39a
parent cf32601902
5 changed files with 8 additions and 23 deletions
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@ -257,21 +257,6 @@ function update_user_comment($comment, $post_key)
    $comment_action='reject';
  }
 /* ? this is a MySql Error - author_id is not defined
  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
  { // anti-flood system
    $reference_date = time() - $conf['anti-flood_time'];
    $query = '
 SELECT id FROM '.COMMENTS_TABLE.'
  WHERE date > FROM_UNIXTIME('.$reference_date.')
    AND author_id = '.$comm['author_id'];
    if ( pwg_db_num_rows( pwg_query( $query ) ) > 0 )
    {
      //?? array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
      $comment_action='reject';
    }
  }
 */
  // perform more spam check
  $comment_action =
    trigger_event('user_comment_check',
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
  }
  $comm = array(
-    'author' => trim( stripslashes(@$_POST['author']) ),
+    'author' => trim( @$_POST['author'] ),
-    'content' => trim( stripslashes($_POST['content']) ),
+    'content' => trim( $_POST['content'] ),
    'image_id' => $page['image_id'],
   );
@ -237,7 +237,7 @@ SELECT
    $content = '';
    if ('reject'===@$comment_action)
    {
-      $content = htmlspecialchars($comm['content']);
+      $content = htmlspecialchars( stripslashes($comm['content']) );
    }
    $template->assign('comment_add',
        array(
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@ -548,8 +548,8 @@ SELECT DISTINCT image_id
  }
  $comm = array(
-    'author' => trim( stripslashes($params['author']) ),
+    'author' => trim( $params['author'] ),
-    'content' => trim( stripslashes($params['content']) ),
+    'content' => trim( $params['content'] ),
    'image_id' => $params['image_id'],
   );
@ -1356,7 +1356,7 @@ function ws_session_getStatus($params, &$service)
  global $user;
  $res = array();
  $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']);
-  foreach ( array('status', 'template', 'theme', 'language') as $k )
+  foreach ( array('status', 'theme', 'language') as $k )
  {
    $res[$k] = $user[$k];
  }
--- a/themes/default/template/identification.tpl
+++ b/themes/default/template/identification.tpl
@ -48,7 +48,7 @@
  </fieldset>
  <p>
-    <input type="hidden" name="redirect" value="{$U_REDIRECT|urlencode}">
+    <input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}">
    <input class="submit" tabindex="4" type="submit" name="login" value="{'Submit'|@translate}">
  </p>
--- a/themes/default/template/menubar_identification.tpl
+++ b/themes/default/template/menubar_identification.tpl
@ -28,7 +28,7 @@
 	{if isset($U_LOGIN)}
 	<form method="post" action="{$U_LOGIN}" id="quickconnect">
-        <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|urlencode}">
+        <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|@urlencode}">
 	<fieldset>
 	<legend>{'Quick connect'|@translate}</legend>
 	<div>