aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2009-07-01 20:56:41 +0000
committerrvelices <rv-github@modusoptimus.com>2009-07-01 20:56:41 +0000
commit4fa8d36ed5beaf7125083ec65b355f09a92621c2 (patch)
tree0b4c9a4e9f606aa037c77db02fee1f228cffe498 /include
parentae6ab9966b171f34cdc902acf938e49a412fc006 (diff)
- remove warn on unset variable
- insert_user_comment expects now the comment content to be sql safe (works now exactly as update_user_comment) git-svn-id: http://piwigo.org/svn/trunk@3488 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/functions_comment.inc.php48
-rw-r--r--include/picture_comment.inc.php12
-rw-r--r--include/ws_functions.inc.php20
3 files changed, 41 insertions, 39 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 9b1d323a1..4d004589b 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -99,7 +99,7 @@ function insert_user_comment( &$comm, $key, &$infos )
$query = '
SELECT COUNT(*) AS user_exists
FROM '.USERS_TABLE.'
- WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
+ WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'";
$row = mysql_fetch_assoc( pwg_query( $query ) );
if ( $row['user_exists'] == 1 )
{
@@ -156,9 +156,9 @@ SELECT id FROM '.COMMENTS_TABLE.'
INSERT INTO '.COMMENTS_TABLE.'
(author, author_id, content, date, validated, validation_date, image_id)
VALUES (
- "'.addslashes($comm['author']).'",
+ "'.$comm['author'].'",
'.$comm['author_id'].',
- "'.addslashes($comm['content']).'",
+ "'.$comm['content'].'",
NOW(),
"'.($comment_action=='validate' ? 'true':'false').'",
'.($comment_action=='validate' ? 'NOW()':'NULL').',
@@ -171,25 +171,25 @@ INSERT INTO '.COMMENTS_TABLE.'
$comm['id'] = mysql_insert_id();
if (($comment_action=='validate' and $conf['email_admin_on_comment']) or
- ($comment_action!='validate'
+ ($comment_action!='validate'
and $conf['email_admin_on_comment_validation']))
{
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
$del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
- if (empty($comm['author']))
+ if (empty($comm['author']))
{
- $author_name = $user['username'];
+ $author_name = $user['username'];
}
else
{
- $author_name = $comm['author'];
+ $author_name = stripslashes($comm['author']);
}
$keyargs_content = array
(
get_l10n_args('Author: %s', $author_name),
- get_l10n_args('Comment: %s', $comm['content']),
+ get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
get_l10n_args('', ''),
get_l10n_args('Delete: %s', $del_url)
);
@@ -216,10 +216,10 @@ INSERT INTO '.COMMENTS_TABLE.'
/**
* Tries to delete a user comment in the database
* only admin can delete all comments
- * other users can delete their own comments
+ * other users can delete their own comments
* so to avoid a new sql request we add author in where clause
*
- * @param comment_id
+ * @param comment_id
*/
function delete_user_comment($comment_id) {
@@ -245,12 +245,13 @@ $user_where_clause.'
* users can edit their own comments if admin allow them
* so to avoid a new sql request we add author in where clause
*
- * @param comment_id
+ * @param comment_id
* @param post_key
* @param content
*/
-function update_user_comment($comment, $post_key) {
+function update_user_comment($comment, $post_key)
+{
global $conf;
$comment_action = 'validate';
@@ -275,16 +276,16 @@ SELECT id FROM '.COMMENTS_TABLE.'
AND author_id = '.$comm['author_id'];
if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
{
- array_push( $infos, l10n('comment_anti-flood') );
+ //?? array_push( $infos, l10n('comment_anti-flood') );
$comment_action='reject';
}
}
// perform more spam check
- $comment_action =
+ $comment_action =
trigger_event('user_comment_check',
- $comment_action,
- array_merge($comment,
+ $comment_action,
+ array_merge($comment,
array('author' => $GLOBALS['user']['username'])
)
);
@@ -307,12 +308,13 @@ $user_where_clause.'
$result = pwg_query($query);
if ($result) {
email_admin('edit', array('author' => $GLOBALS['user']['username'],
- 'content' => $comment['content']));
+ 'content' => stripslashes($comment['content'])) );
}
}
}
-function email_admin($action, $comment) {
+function email_admin($action, $comment)
+{
global $conf;
if (!in_array($action, array('edit', 'delete'))
@@ -323,12 +325,12 @@ function email_admin($action, $comment) {
}
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
-
+
$keyargs_content = array();
$keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
- if ($action=='delete')
+ if ($action=='delete')
{
- $keyargs_content[] = get_l10n_args('This author remove comment with id %d',
+ $keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
$comment['comment_id']
);
}
@@ -337,8 +339,8 @@ function email_admin($action, $comment) {
$keyargs_content[] = get_l10n_args('This author modified following comment:', '');
$keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
}
-
- pwg_mail_notification_admins(get_l10n_args('Comment by %s',
+
+ pwg_mail_notification_admins(get_l10n_args('Comment by %s',
$comment['author']),
$keyargs_content
);
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index e957424f5..5ebf08fc9 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
}
$comm = array(
- 'author' => trim( stripslashes(@$_POST['author']) ),
- 'content' => trim( stripslashes($_POST['content']) ),
+ 'author' => trim(@$_POST['author']),
+ 'content' => trim($_POST['content']),
'image_id' => $page['image_id'],
);
@@ -121,8 +121,8 @@ SELECT COUNT(*) AS nb_comments
if ( !is_admin() )
{
$validated_clause = ' AND validated = \'true\'';
- }
- else
+ }
+ else
{
$validated_clause = '';
}
@@ -142,7 +142,7 @@ $validated_clause.'
while ($row = mysql_fetch_array($result))
{
- if (!empty($row['author']))
+ if (!empty($row['author']))
{
$author = $row['author'];
if ($author == 'guest')
@@ -195,7 +195,7 @@ $validated_clause.'
{
if ($row['validated'] != 'true')
{
- $tpl_comment['U_VALIDATE'] =
+ $tpl_comment['U_VALIDATE'] =
add_url_params($url_self,
array('action' => 'validate_comment',
'comment_to_validate' => $row['id']
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 979e855ef..ad73161b3 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -523,8 +523,8 @@ SELECT DISTINCT image_id
}
$comm = array(
- 'author' => trim( stripslashes($params['author']) ),
- 'content' => trim( stripslashes($params['content']) ),
+ 'author' => trim($params['author']),
+ 'content' => trim($params['content']),
'image_id' => $params['image_id'],
);
@@ -885,7 +885,7 @@ function ws_images_add_chunk($params, &$service)
// original_sum
// type {thumb, file, high}
// position
-
+
if (!is_admin() || is_adviser() )
{
return new PwgError(401, 'Access denied');
@@ -945,7 +945,7 @@ function merge_chunks($output_filepath, $original_sum, $type)
$upload_dir = PHPWG_ROOT_PATH.'upload/buffer';
$pattern = '/'.$original_sum.'-'.$type.'/';
$chunks = array();
-
+
if ($handle = opendir($upload_dir))
{
while (false !== ($file = readdir($handle)))
@@ -962,18 +962,18 @@ function merge_chunks($output_filepath, $original_sum, $type)
sort($chunks);
ws_logfile('[merge_chunks] memory_get_usage before loading chunks: '.memory_get_usage());
-
+
foreach ($chunks as $chunk)
{
$string = file_get_contents($chunk);
-
+
ws_logfile('[merge_chunks] memory_get_usage on chunk '.++$i.': '.memory_get_usage());
-
+
if (!file_put_contents($output_filepath, $string, FILE_APPEND))
{
return new PwgError(500, 'error while writting chunks for '.$output_filepath);
}
-
+
unlink($chunk);
}
@@ -1783,13 +1783,13 @@ function ws_categories_setInfo($params, &$service)
array($update)
);
}
-
+
}
function ws_logfile($string)
{
return true;
-
+
file_put_contents(
'/tmp/piwigo_ws.log',
'['.date('c').'] '.$string."\n",