archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
piwigo/install/db/53-database.php
rvelices cea58b64ee - user comments are not saved in the database with htmlspecialchars anymore 
- web service: added the possibility to enter a user comment using the service...
- new comment functions from picture_comment.inc.php

git-svn-id: http://piwigo.org/svn/trunk@1849 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-22 01:12:32 +00:00

60 lines
2.3 KiB
PHP
Raw Permalink Blame History

<?php
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | file : $Id$
// | last update : $Date$
// | last modifier : $Author$
// | revision : $Revision$
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
$upgrade_description = '#comments.content is not html escaped anymore';
include_once(PHPWG_ROOT_PATH.'include/constants.php');
$replacements = array(
array('&#039;', '\''),
array('&quot;', '"'),
array('&lt;', '<'),
array('&gt;', '>'),
array('&amp;', '&') // <- this must be the last one
);
foreach ($replacements as $replacement)
{
$query = '
UPDATE '.COMMENTS_TABLE.'
SET content = REPLACE(content, "'.addslashes($replacement[0]).'", "'.addslashes($replacement[1]).'")
;';
pwg_query($query);
}
echo
"\n"
.'"'.$upgrade_description.'"'.', ended'
."\n"
;
?>
Reference in a new issue View git blame Copy permalink