aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/functions_comment.inc.php17
-rw-r--r--include/picture_comment.inc.php6
-rw-r--r--include/ws_functions.inc.php6
-rw-r--r--themes/default/template/identification.tpl2
-rw-r--r--themes/default/template/menubar_identification.tpl2
5 files changed, 9 insertions, 24 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 454895832..9b7736219 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -158,7 +158,7 @@ INSERT INTO '.COMMENTS_TABLE.'
VALUES (
"'.$comm['author'].'",
'.$comm['author_id'].',
- "'.pwg_db_real_escape_string($comm['content']).'",
+ "'.$comm['content'].'",
NOW(),
"'.($comment_action=='validate' ? 'true':'false').'",
'.($comment_action=='validate' ? 'NOW()':'NULL').',
@@ -257,21 +257,6 @@ function update_user_comment($comment, $post_key)
$comment_action='reject';
}
-/* ? this is a MySql Error - author_id is not defined
- if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
- { // anti-flood system
- $reference_date = time() - $conf['anti-flood_time'];
- $query = '
-SELECT id FROM '.COMMENTS_TABLE.'
- WHERE date > FROM_UNIXTIME('.$reference_date.')
- AND author_id = '.$comm['author_id'];
- if ( pwg_db_num_rows( pwg_query( $query ) ) > 0 )
- {
- //?? array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
- $comment_action='reject';
- }
- }
-*/
// perform more spam check
$comment_action =
trigger_event('user_comment_check',
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index ac0cd9356..cc4970a34 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
}
$comm = array(
- 'author' => trim( stripslashes(@$_POST['author']) ),
- 'content' => trim( stripslashes($_POST['content']) ),
+ 'author' => trim( @$_POST['author'] ),
+ 'content' => trim( $_POST['content'] ),
'image_id' => $page['image_id'],
);
@@ -237,7 +237,7 @@ SELECT
$content = '';
if ('reject'===@$comment_action)
{
- $content = htmlspecialchars($comm['content']);
+ $content = htmlspecialchars( stripslashes($comm['content']) );
}
$template->assign('comment_add',
array(
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 32967fb5d..eee2c3f14 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -548,8 +548,8 @@ SELECT DISTINCT image_id
}
$comm = array(
- 'author' => trim( stripslashes($params['author']) ),
- 'content' => trim( stripslashes($params['content']) ),
+ 'author' => trim( $params['author'] ),
+ 'content' => trim( $params['content'] ),
'image_id' => $params['image_id'],
);
@@ -1356,7 +1356,7 @@ function ws_session_getStatus($params, &$service)
global $user;
$res = array();
$res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']);
- foreach ( array('status', 'template', 'theme', 'language') as $k )
+ foreach ( array('status', 'theme', 'language') as $k )
{
$res[$k] = $user[$k];
}
diff --git a/themes/default/template/identification.tpl b/themes/default/template/identification.tpl
index 1d7e6d873..ca9bd04f7 100644
--- a/themes/default/template/identification.tpl
+++ b/themes/default/template/identification.tpl
@@ -48,7 +48,7 @@
</fieldset>
<p>
- <input type="hidden" name="redirect" value="{$U_REDIRECT|urlencode}">
+ <input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}">
<input class="submit" tabindex="4" type="submit" name="login" value="{'Submit'|@translate}">
</p>
diff --git a/themes/default/template/menubar_identification.tpl b/themes/default/template/menubar_identification.tpl
index b686b9601..bf932141e 100644
--- a/themes/default/template/menubar_identification.tpl
+++ b/themes/default/template/menubar_identification.tpl
@@ -28,7 +28,7 @@
{if isset($U_LOGIN)}
<form method="post" action="{$U_LOGIN}" id="quickconnect">
- <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|urlencode}">
+ <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|@urlencode}">
<fieldset>
<legend>{'Quick connect'|@translate}</legend>
<div>