diff options
-rw-r--r-- | include/functions_comment.inc.php | 17 | ||||
-rw-r--r-- | include/picture_comment.inc.php | 6 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 6 | ||||
-rw-r--r-- | themes/default/template/identification.tpl | 2 | ||||
-rw-r--r-- | themes/default/template/menubar_identification.tpl | 2 |
5 files changed, 9 insertions, 24 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 454895832..9b7736219 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -158,7 +158,7 @@ INSERT INTO '.COMMENTS_TABLE.' VALUES ( "'.$comm['author'].'", '.$comm['author_id'].', - "'.pwg_db_real_escape_string($comm['content']).'", + "'.$comm['content'].'", NOW(), "'.($comment_action=='validate' ? 'true':'false').'", '.($comment_action=='validate' ? 'NOW()':'NULL').', @@ -257,21 +257,6 @@ function update_user_comment($comment, $post_key) $comment_action='reject'; } -/* ? this is a MySql Error - author_id is not defined - if ($comment_action!='reject' and $conf['anti-flood_time']>0 ) - { // anti-flood system - $reference_date = time() - $conf['anti-flood_time']; - $query = ' -SELECT id FROM '.COMMENTS_TABLE.' - WHERE date > FROM_UNIXTIME('.$reference_date.') - AND author_id = '.$comm['author_id']; - if ( pwg_db_num_rows( pwg_query( $query ) ) > 0 ) - { - //?? array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') ); - $comment_action='reject'; - } - } -*/ // perform more spam check $comment_action = trigger_event('user_comment_check', diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index ac0cd9356..cc4970a34 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) } $comm = array( - 'author' => trim( stripslashes(@$_POST['author']) ), - 'content' => trim( stripslashes($_POST['content']) ), + 'author' => trim( @$_POST['author'] ), + 'content' => trim( $_POST['content'] ), 'image_id' => $page['image_id'], ); @@ -237,7 +237,7 @@ SELECT $content = ''; if ('reject'===@$comment_action) { - $content = htmlspecialchars($comm['content']); + $content = htmlspecialchars( stripslashes($comm['content']) ); } $template->assign('comment_add', array( diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 32967fb5d..eee2c3f14 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -548,8 +548,8 @@ SELECT DISTINCT image_id } $comm = array( - 'author' => trim( stripslashes($params['author']) ), - 'content' => trim( stripslashes($params['content']) ), + 'author' => trim( $params['author'] ), + 'content' => trim( $params['content'] ), 'image_id' => $params['image_id'], ); @@ -1356,7 +1356,7 @@ function ws_session_getStatus($params, &$service) global $user; $res = array(); $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']); - foreach ( array('status', 'template', 'theme', 'language') as $k ) + foreach ( array('status', 'theme', 'language') as $k ) { $res[$k] = $user[$k]; } diff --git a/themes/default/template/identification.tpl b/themes/default/template/identification.tpl index 1d7e6d873..ca9bd04f7 100644 --- a/themes/default/template/identification.tpl +++ b/themes/default/template/identification.tpl @@ -48,7 +48,7 @@ </fieldset> <p> - <input type="hidden" name="redirect" value="{$U_REDIRECT|urlencode}"> + <input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}"> <input class="submit" tabindex="4" type="submit" name="login" value="{'Submit'|@translate}"> </p> diff --git a/themes/default/template/menubar_identification.tpl b/themes/default/template/menubar_identification.tpl index b686b9601..bf932141e 100644 --- a/themes/default/template/menubar_identification.tpl +++ b/themes/default/template/menubar_identification.tpl @@ -28,7 +28,7 @@ {if isset($U_LOGIN)} <form method="post" action="{$U_LOGIN}" id="quickconnect"> - <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|urlencode}"> + <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|@urlencode}"> <fieldset> <legend>{'Quick connect'|@translate}</legend> <div> |