aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2009-06-24 19:00:40 +0000
committernikrou <nikrou@piwigo.org>2009-06-24 19:00:40 +0000
commited7f7a574eeb9b921d4b85c6e8607faac4971a47 (patch)
tree2da0b667a74771d3f5859b6c1b4c7b590a7421b2
parent64c872a83e726ec4d298be479b57dae13fb2c0c6 (diff)
Fix two problem with Feature 1026 :
use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id escape comment content before editing it. git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/comments.php5
-rw-r--r--comments.php8
-rw-r--r--include/picture_comment.inc.php5
-rw-r--r--template/yoga/comment_list.tpl2
4 files changed, 11 insertions, 9 deletions
diff --git a/admin/comments.php b/admin/comments.php
index d62b4aca3..cadc3dc67 100644
--- a/admin/comments.php
+++ b/admin/comments.php
@@ -134,12 +134,13 @@ $template->assign(
$list = array();
$query = '
-SELECT c.id, c.image_id, c.date, c.author, u.username, c.content, i.path, i.tn_ext
+SELECT c.id, c.image_id, c.date, c.author, '.
+$conf['user_fields']['username'].' AS username, c.content, i.path, i.tn_ext
FROM '.COMMENTS_TABLE.' AS c
INNER JOIN '.IMAGES_TABLE.' AS i
ON i.id = c.image_id
LEFT JOIN '.USERS_TABLE.' AS u
- ON u.id = c.author_id
+ ON u.'.$conf['user_fields']['id'].' = c.author_id
WHERE validated = \'false\'
ORDER BY c.date DESC
;';
diff --git a/comments.php b/comments.php
index f5147e1b4..4fb15642e 100644
--- a/comments.php
+++ b/comments.php
@@ -101,7 +101,7 @@ if (isset($_GET['cat']) and 0 != $_GET['cat'])
if (isset($_GET['author']) and !empty($_GET['author']))
{
$page['where_clauses'][] =
- 'u.username = \''.addslashes($_GET['author']).'\'
+ 'u.'.$conf['user_fields']['username'].' = \''.addslashes($_GET['author']).'\'
OR author = \''.addslashes($_GET['author']).'\'';
}
@@ -268,7 +268,7 @@ SELECT COUNT(DISTINCT(com.id))
INNER JOIN '.COMMENTS_TABLE.' AS com
ON ic.image_id = com.image_id
LEFT JOIN '.USERS_TABLE.' As u
- ON u.id = com.author_id
+ ON u.'.$conf['user_fields']['id'].' = com.author_id
WHERE '.implode('
AND ', $page['where_clauses']).'
;';
@@ -300,7 +300,7 @@ SELECT com.id AS comment_id
, ic.category_id
, com.author
, com.author_id
- , username
+ , '.$conf['user_fields']['username'].' AS username
, com.date
, com.content
, com.validated
@@ -308,7 +308,7 @@ SELECT com.id AS comment_id
INNER JOIN '.COMMENTS_TABLE.' AS com
ON ic.image_id = com.image_id
LEFT JOIN '.USERS_TABLE.' AS u
- ON u.id = com.author_id
+ ON u.'.$conf['user_fields']['id'].' = com.author_id
WHERE '.implode('
AND ', $page['where_clauses']).'
GROUP BY comment_id
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index 8845ee47a..e957424f5 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -128,10 +128,11 @@ SELECT COUNT(*) AS nb_comments
}
$query = '
-SELECT com.id,author,author_id,username,date,image_id,content,validated
+SELECT com.id,author,author_id,'.$conf['user_fields']['username'].' AS username,
+ date,image_id,content,validated
FROM '.COMMENTS_TABLE.' AS com
LEFT JOIN '.USERS_TABLE.' AS u
- ON u.id = author_id
+ ON u.'.$conf['user_fields']['id'].' = author_id
WHERE image_id = '.$page['image_id'].
$validated_clause.'
ORDER BY date ASC
diff --git a/template/yoga/comment_list.tpl b/template/yoga/comment_list.tpl
index ece0c652b..3a5c1e16f 100644
--- a/template/yoga/comment_list.tpl
+++ b/template/yoga/comment_list.tpl
@@ -42,7 +42,7 @@
<form method="post" action="{$comment.U_EDIT}" class="filter" id="editComment">
<fieldset>
<legend>{'Edit a comment'|@translate}</legend>
- <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT}</textarea></label>
+ <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT|escape}</textarea></label>
<input type="hidden" name="key" value="{$comment.KEY}">
<input type="hidden" name="image_id" value="{$comment.IMAGE_ID|default:$current.id}">
<input class="submit" type="submit" value="{'Submit'|@translate}">