diff options
-rw-r--r-- | include/functions_comment.inc.php | 48 | ||||
-rw-r--r-- | include/picture_comment.inc.php | 12 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 20 |
3 files changed, 41 insertions, 39 deletions
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 9b1d323a1..4d004589b 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -99,7 +99,7 @@ function insert_user_comment( &$comm, $key, &$infos ) $query = ' SELECT COUNT(*) AS user_exists FROM '.USERS_TABLE.' - WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'"; + WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'"; $row = mysql_fetch_assoc( pwg_query( $query ) ); if ( $row['user_exists'] == 1 ) { @@ -156,9 +156,9 @@ SELECT id FROM '.COMMENTS_TABLE.' INSERT INTO '.COMMENTS_TABLE.' (author, author_id, content, date, validated, validation_date, image_id) VALUES ( - "'.addslashes($comm['author']).'", + "'.$comm['author'].'", '.$comm['author_id'].', - "'.addslashes($comm['content']).'", + "'.$comm['content'].'", NOW(), "'.($comment_action=='validate' ? 'true':'false').'", '.($comment_action=='validate' ? 'NOW()':'NULL').', @@ -171,25 +171,25 @@ INSERT INTO '.COMMENTS_TABLE.' $comm['id'] = mysql_insert_id(); if (($comment_action=='validate' and $conf['email_admin_on_comment']) or - ($comment_action!='validate' + ($comment_action!='validate' and $conf['email_admin_on_comment_validation'])) { include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id']; - if (empty($comm['author'])) + if (empty($comm['author'])) { - $author_name = $user['username']; + $author_name = $user['username']; } else { - $author_name = $comm['author']; + $author_name = stripslashes($comm['author']); } $keyargs_content = array ( get_l10n_args('Author: %s', $author_name), - get_l10n_args('Comment: %s', $comm['content']), + get_l10n_args('Comment: %s', stripslashes($comm['content']) ), get_l10n_args('', ''), get_l10n_args('Delete: %s', $del_url) ); @@ -216,10 +216,10 @@ INSERT INTO '.COMMENTS_TABLE.' /** * Tries to delete a user comment in the database * only admin can delete all comments - * other users can delete their own comments + * other users can delete their own comments * so to avoid a new sql request we add author in where clause * - * @param comment_id + * @param comment_id */ function delete_user_comment($comment_id) { @@ -245,12 +245,13 @@ $user_where_clause.' * users can edit their own comments if admin allow them * so to avoid a new sql request we add author in where clause * - * @param comment_id + * @param comment_id * @param post_key * @param content */ -function update_user_comment($comment, $post_key) { +function update_user_comment($comment, $post_key) +{ global $conf; $comment_action = 'validate'; @@ -275,16 +276,16 @@ SELECT id FROM '.COMMENTS_TABLE.' AND author_id = '.$comm['author_id']; if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) { - array_push( $infos, l10n('comment_anti-flood') ); + //?? array_push( $infos, l10n('comment_anti-flood') ); $comment_action='reject'; } } // perform more spam check - $comment_action = + $comment_action = trigger_event('user_comment_check', - $comment_action, - array_merge($comment, + $comment_action, + array_merge($comment, array('author' => $GLOBALS['user']['username']) ) ); @@ -307,12 +308,13 @@ $user_where_clause.' $result = pwg_query($query); if ($result) { email_admin('edit', array('author' => $GLOBALS['user']['username'], - 'content' => $comment['content'])); + 'content' => stripslashes($comment['content'])) ); } } } -function email_admin($action, $comment) { +function email_admin($action, $comment) +{ global $conf; if (!in_array($action, array('edit', 'delete')) @@ -323,12 +325,12 @@ function email_admin($action, $comment) { } include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); - + $keyargs_content = array(); $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']); - if ($action=='delete') + if ($action=='delete') { - $keyargs_content[] = get_l10n_args('This author remove comment with id %d', + $keyargs_content[] = get_l10n_args('This author removed the comment with id %d', $comment['comment_id'] ); } @@ -337,8 +339,8 @@ function email_admin($action, $comment) { $keyargs_content[] = get_l10n_args('This author modified following comment:', ''); $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']); } - - pwg_mail_notification_admins(get_l10n_args('Comment by %s', + + pwg_mail_notification_admins(get_l10n_args('Comment by %s', $comment['author']), $keyargs_content ); diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index e957424f5..5ebf08fc9 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) } $comm = array( - 'author' => trim( stripslashes(@$_POST['author']) ), - 'content' => trim( stripslashes($_POST['content']) ), + 'author' => trim(@$_POST['author']), + 'content' => trim($_POST['content']), 'image_id' => $page['image_id'], ); @@ -121,8 +121,8 @@ SELECT COUNT(*) AS nb_comments if ( !is_admin() ) { $validated_clause = ' AND validated = \'true\''; - } - else + } + else { $validated_clause = ''; } @@ -142,7 +142,7 @@ $validated_clause.' while ($row = mysql_fetch_array($result)) { - if (!empty($row['author'])) + if (!empty($row['author'])) { $author = $row['author']; if ($author == 'guest') @@ -195,7 +195,7 @@ $validated_clause.' { if ($row['validated'] != 'true') { - $tpl_comment['U_VALIDATE'] = + $tpl_comment['U_VALIDATE'] = add_url_params($url_self, array('action' => 'validate_comment', 'comment_to_validate' => $row['id'] diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 979e855ef..ad73161b3 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -523,8 +523,8 @@ SELECT DISTINCT image_id } $comm = array( - 'author' => trim( stripslashes($params['author']) ), - 'content' => trim( stripslashes($params['content']) ), + 'author' => trim($params['author']), + 'content' => trim($params['content']), 'image_id' => $params['image_id'], ); @@ -885,7 +885,7 @@ function ws_images_add_chunk($params, &$service) // original_sum // type {thumb, file, high} // position - + if (!is_admin() || is_adviser() ) { return new PwgError(401, 'Access denied'); @@ -945,7 +945,7 @@ function merge_chunks($output_filepath, $original_sum, $type) $upload_dir = PHPWG_ROOT_PATH.'upload/buffer'; $pattern = '/'.$original_sum.'-'.$type.'/'; $chunks = array(); - + if ($handle = opendir($upload_dir)) { while (false !== ($file = readdir($handle))) @@ -962,18 +962,18 @@ function merge_chunks($output_filepath, $original_sum, $type) sort($chunks); ws_logfile('[merge_chunks] memory_get_usage before loading chunks: '.memory_get_usage()); - + foreach ($chunks as $chunk) { $string = file_get_contents($chunk); - + ws_logfile('[merge_chunks] memory_get_usage on chunk '.++$i.': '.memory_get_usage()); - + if (!file_put_contents($output_filepath, $string, FILE_APPEND)) { return new PwgError(500, 'error while writting chunks for '.$output_filepath); } - + unlink($chunk); } @@ -1783,13 +1783,13 @@ function ws_categories_setInfo($params, &$service) array($update) ); } - + } function ws_logfile($string) { return true; - + file_put_contents( '/tmp/piwigo_ws.log', '['.date('c').'] '.$string."\n", |