diff options
author | nikrou <nikrou@piwigo.org> | 2009-06-24 19:00:40 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2009-06-24 19:00:40 +0000 |
commit | ed7f7a574eeb9b921d4b85c6e8607faac4971a47 (patch) | |
tree | 2da0b667a74771d3f5859b6c1b4c7b590a7421b2 /include/picture_comment.inc.php | |
parent | 64c872a83e726ec4d298be479b57dae13fb2c0c6 (diff) |
Fix two problem with Feature 1026 :
use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id
escape comment content before editing it.
git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/picture_comment.inc.php')
-rw-r--r-- | include/picture_comment.inc.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index 8845ee47a..e957424f5 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -128,10 +128,11 @@ SELECT COUNT(*) AS nb_comments } $query = ' -SELECT com.id,author,author_id,username,date,image_id,content,validated +SELECT com.id,author,author_id,'.$conf['user_fields']['username'].' AS username, + date,image_id,content,validated FROM '.COMMENTS_TABLE.' AS com LEFT JOIN '.USERS_TABLE.' AS u - ON u.id = author_id + ON u.'.$conf['user_fields']['id'].' = author_id WHERE image_id = '.$page['image_id']. $validated_clause.' ORDER BY date ASC |