diff options
author | nikrou <nikrou@piwigo.org> | 2009-06-24 19:00:40 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2009-06-24 19:00:40 +0000 |
commit | ed7f7a574eeb9b921d4b85c6e8607faac4971a47 (patch) | |
tree | 2da0b667a74771d3f5859b6c1b4c7b590a7421b2 /admin/comments.php | |
parent | 64c872a83e726ec4d298be479b57dae13fb2c0c6 (diff) |
Fix two problem with Feature 1026 :
use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id
escape comment content before editing it.
git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/comments.php')
-rw-r--r-- | admin/comments.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/admin/comments.php b/admin/comments.php index d62b4aca3..cadc3dc67 100644 --- a/admin/comments.php +++ b/admin/comments.php @@ -134,12 +134,13 @@ $template->assign( $list = array(); $query = ' -SELECT c.id, c.image_id, c.date, c.author, u.username, c.content, i.path, i.tn_ext +SELECT c.id, c.image_id, c.date, c.author, '. +$conf['user_fields']['username'].' AS username, c.content, i.path, i.tn_ext FROM '.COMMENTS_TABLE.' AS c INNER JOIN '.IMAGES_TABLE.' AS i ON i.id = c.image_id LEFT JOIN '.USERS_TABLE.' AS u - ON u.id = c.author_id + ON u.'.$conf['user_fields']['id'].' = c.author_id WHERE validated = \'false\' ORDER BY c.date DESC ;'; |