Fix two problem with Feature 1026 :

use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id
escape comment content before editing it.

git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee

admin/comments.php

@@ -134,12 +134,13 @@ $template->assign(
 $list = array();
 
 $query = '
-SELECT c.id, c.image_id, c.date, c.author, u.username, c.content, i.path, i.tn_ext
+SELECT c.id, c.image_id, c.date, c.author, '.
+$conf['user_fields']['username'].' AS username, c.content, i.path, i.tn_ext
   FROM '.COMMENTS_TABLE.' AS c
     INNER JOIN '.IMAGES_TABLE.' AS i
       ON i.id = c.image_id
     LEFT JOIN '.USERS_TABLE.' AS u
-      ON u.id = c.author_id
+      ON u.'.$conf['user_fields']['id'].' = c.author_id
   WHERE validated = \'false\'
   ORDER BY c.date DESC
 ;';

comments.php

@@ -101,7 +101,7 @@ if (isset($_GET['cat']) and 0 != $_GET['cat'])
 if (isset($_GET['author']) and !empty($_GET['author']))
 {
   $page['where_clauses'][] = 
-    'u.username = \''.addslashes($_GET['author']).'\'
+    'u.'.$conf['user_fields']['username'].' = \''.addslashes($_GET['author']).'\'
      OR author = \''.addslashes($_GET['author']).'\'';    
 }
 
@@ -268,7 +268,7 @@ SELECT COUNT(DISTINCT(com.id))
     INNER JOIN '.COMMENTS_TABLE.' AS com
     ON ic.image_id = com.image_id
     LEFT JOIN '.USERS_TABLE.' As u
-    ON u.id = com.author_id
+    ON u.'.$conf['user_fields']['id'].' = com.author_id
   WHERE '.implode('
     AND ', $page['where_clauses']).'
 ;';
@@ -300,7 +300,7 @@ SELECT com.id AS comment_id
      , ic.category_id
      , com.author
      , com.author_id
-     , username
+     , '.$conf['user_fields']['username'].' AS username
      , com.date
      , com.content
      , com.validated
@@ -308,7 +308,7 @@ SELECT com.id AS comment_id
     INNER JOIN '.COMMENTS_TABLE.' AS com    
     ON ic.image_id = com.image_id
     LEFT JOIN '.USERS_TABLE.' AS u
-    ON u.id = com.author_id
+    ON u.'.$conf['user_fields']['id'].' = com.author_id
   WHERE '.implode('
     AND ', $page['where_clauses']).'
   GROUP BY comment_id

include/picture_comment.inc.php

@@ -128,10 +128,11 @@ SELECT COUNT(*) AS nb_comments
     }
 
     $query = '
-SELECT com.id,author,author_id,username,date,image_id,content,validated
+SELECT com.id,author,author_id,'.$conf['user_fields']['username'].' AS username,
+  date,image_id,content,validated
   FROM '.COMMENTS_TABLE.' AS com
   LEFT JOIN '.USERS_TABLE.' AS u
-    ON u.id = author_id
+    ON u.'.$conf['user_fields']['id'].' = author_id
   WHERE image_id = '.$page['image_id'].
 $validated_clause.'
   ORDER BY date ASC

template/yoga/comment_list.tpl

@@ -42,7 +42,7 @@
       <form  method="post" action="{$comment.U_EDIT}" class="filter" id="editComment">
 	<fieldset>
 	  <legend>{'Edit a comment'|@translate}</legend>
-	  <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT}</textarea></label>
+	  <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT|escape}</textarea></label>
 	  <input type="hidden" name="key" value="{$comment.KEY}">
 	  <input type="hidden" name="image_id" value="{$comment.IMAGE_ID|default:$current.id}">
 	  <input class="submit" type="submit" value="{'Submit'|@translate}">