diff options
author | nikrou <nikrou@piwigo.org> | 2009-06-24 19:00:40 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2009-06-24 19:00:40 +0000 |
commit | ed7f7a574eeb9b921d4b85c6e8607faac4971a47 (patch) | |
tree | 2da0b667a74771d3f5859b6c1b4c7b590a7421b2 /comments.php | |
parent | 64c872a83e726ec4d298be479b57dae13fb2c0c6 (diff) |
Fix two problem with Feature 1026 :
use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id
escape comment content before editing it.
git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'comments.php')
-rw-r--r-- | comments.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/comments.php b/comments.php index f5147e1b4..4fb15642e 100644 --- a/comments.php +++ b/comments.php @@ -101,7 +101,7 @@ if (isset($_GET['cat']) and 0 != $_GET['cat']) if (isset($_GET['author']) and !empty($_GET['author'])) { $page['where_clauses'][] = - 'u.username = \''.addslashes($_GET['author']).'\' + 'u.'.$conf['user_fields']['username'].' = \''.addslashes($_GET['author']).'\' OR author = \''.addslashes($_GET['author']).'\''; } @@ -268,7 +268,7 @@ SELECT COUNT(DISTINCT(com.id)) INNER JOIN '.COMMENTS_TABLE.' AS com ON ic.image_id = com.image_id LEFT JOIN '.USERS_TABLE.' As u - ON u.id = com.author_id + ON u.'.$conf['user_fields']['id'].' = com.author_id WHERE '.implode(' AND ', $page['where_clauses']).' ;'; @@ -300,7 +300,7 @@ SELECT com.id AS comment_id , ic.category_id , com.author , com.author_id - , username + , '.$conf['user_fields']['username'].' AS username , com.date , com.content , com.validated @@ -308,7 +308,7 @@ SELECT com.id AS comment_id INNER JOIN '.COMMENTS_TABLE.' AS com ON ic.image_id = com.image_id LEFT JOIN '.USERS_TABLE.' AS u - ON u.id = com.author_id + ON u.'.$conf['user_fields']['id'].' = com.author_id WHERE '.implode(' AND ', $page['where_clauses']).' GROUP BY comment_id |