aboutsummaryrefslogtreecommitdiffstats
path: root/comments.php (unfollow)
Commit message (Collapse)AuthorFilesLines
2010-10-29bug 1973 fixed: aboid SQL syntax error if the category id given in the URL isplegall1-1/+7
unknown. git-svn-id: http://piwigo.org/svn/branches/2.1@7487 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-09-13bug 1850 fixed: strong check of $_GET['cat']plegall1-0/+2
git-svn-id: http://piwigo.org/svn/branches/2.1@6909 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-06-24Bug 1735 fixed : merge from trunknikrou1-15/+31
Comment page is not PostgreSQL compatible Fixed by adding all fields except category_id in group by clause category_id is retrieved later in an another query (with permissions filter) Fixed also problem of FROM_UNIXTIME function not POstgreSQL compatible git-svn-id: http://piwigo.org/svn/branches/2.1@6602 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-03-20fix bug (a comment could be displayed several times in the comments liat)rvelices1-15/+14
git-svn-id: http://piwigo.org/svn/trunk@5199 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-03-19increase copyright year to 2010plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@5196 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-03-19bug 1328: backport the pwg_token on trunkplegall1-62/+134
bug 1329: backport the check_input_parameter on trunk feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring on this feature to make the code simpler and easier to maintain (I hope). git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-29Feature_1255 :nikrou1-1/+2
- single quotes in queries - start using $conf['dblayer'] git-svn-id: http://piwigo.org/svn/trunk@4385 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-25Feature 1255: modification in sql queriesnikrou1-4/+4
- manage random function - manage regex syntax - manage quote (single instead of double) - manage interval git-svn-id: http://piwigo.org/svn/trunk@4367 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-21Feature 1255 : limit params in sql queries were in wrong order (LIMIT count ↵nikrou1-1/+1
OFFSET offset) git-svn-id: http://piwigo.org/svn/trunk@4334 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-21Feature 1255 : improve sqlnikrou1-1/+1
Replace in queries LIMIT N,M by LIMIT N OFFSET M git-svn-id: http://piwigo.org/svn/trunk@4331 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-20Feature 1244 resolvednikrou1-3/+3
Replace all mysql functions in core code by ones independant of database engine Fix small php code synxtax : hash must be accessed with [ ] and not { }. git-svn-id: http://piwigo.org/svn/trunk@4325 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-11-04bug 1220 : fix regression in display when search by author or by keyword ↵nikrou1-2/+2
contains quote. git-svn-id: http://piwigo.org/svn/trunk@4182 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-10-28bug 1220 : fix XSS vulnerability.nikrou1-6/+17
filter on since parameter (is_numeric) use only htmlspecialchars to filter vars to display revert rev:3600 add left join on users table Todo : use only left join on users table when a search by author is made git-svn-id: http://piwigo.org/svn/trunk@4139 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-07-16- fix php warning from comment_list.tplrvelices1-20/+2
- author name is saved always in #comments (even for registered users) so that - sql queries are simpler on the comments page (one less table in a big join) - when a user is deleted, we can keep the username in the #comments (there might be still a bug that author_id is not updated when a user is deleted) git-svn-id: http://piwigo.org/svn/trunk@3600 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-07-04merge r3519 from branch 2.0 to trunkvdigital1-0/+4
Minor: prevent for non numeric values (except all) git-svn-id: http://piwigo.org/svn/trunk@3520 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-07-01- remove unnecessary addslashes in comments.cpprvelices1-14/+14
- in template use modifier |@default instead of |default (generated code is faster because we indicate that the input is scalar and not an array) git-svn-id: http://piwigo.org/svn/trunk@3487 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-06-24Fix two problem with Feature 1026 :nikrou1-4/+4
use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id escape comment content before editing it. git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-06-23Feature 1026 step 2 :nikrou1-8/+23
add author_id column so that guest cannot modify old users comments git-svn-id: http://piwigo.org/svn/trunk@3450 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-06-23Feature 1026 : Modify / delete comments for usersnikrou1-17/+52
+ update config table content + minor modification of Sylvia theme + need refactoring git-svn-id: http://piwigo.org/svn/trunk@3445 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-06-10remove duplicate retrieved fieldnikrou1-1/+0
git-svn-id: http://piwigo.org/svn/trunk@3405 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-03-05Create navigation_bar.tpl file.patdenice1-1/+1
Move create_navigation_bar function from functions_html.inc.php to functions.inc.php. git-svn-id: http://piwigo.org/svn/trunk@3172 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-02-04- removed second parameter $type from function format_datervelices1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@3122 68402e56-0260-453c-a942-63ccdbb3a9ee
2009-01-04Administration: happy new year 2009, all PHP headers updated. plegall1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-10-16merge 2755 and 2756 from branch 2.0 to trunkrvelices1-2/+2
- 2755 fix vulnerability http://www.milw0rm.com/exploits/6755 - 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others) git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-05Bug fixed: as rvelices notified me by email, my header replacement script wasplegall1-24/+0
bugged (r2297 was repeating new and old header). By the way, I've also removed the replacement keywords. We were using them because it was a common usage with CVS but it is advised not to use them with Subversion. Personnaly, it is a problem when I search differences between 2 Piwigo installations outside Subversion. git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-04-04Modification: new header on PHP files, PhpWebGallery renamed Piwigo.plegall1-0/+21
git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-03-08- security fix (profile)rvelices1-1/+1
- les langues a la hache - fix some copy/paste errors git-svn-id: http://piwigo.org/svn/trunk@2268 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-02-28- migrate many templates to smartyrvelices1-81/+32
git-svn-id: http://piwigo.org/svn/trunk@2223 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-10-11- changed htmlentities to htmlspecialchars in comments.php (utf-8 issue)rvelices1-2/+2
- web service explorer in utf-8 - removed warning in function load_language - feature: show_queries also shows number of selected rows or number of affected rows git-svn-id: http://piwigo.org/svn/trunk@2134 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-09-27- admin, comments and tags pages include page_header later in the code (as ↵rvelices1-4/+2
in picture and index) allowing plugins to change the header until the very end - fix in admin.php : picture_modify requires cache invalidation - fix in site_update.php : some echo func calls changed to $template->output .= ... - upgraded prototype.js to latest version 1.5.1.1 git-svn-id: http://piwigo.org/svn/trunk@2107 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-06-07Resolved issue 0000702: Code Injection with picture commentrub1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@2030 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-05-15keyword search was not working comments.phprvelices1-1/+1
git-svn-id: http://piwigo.org/svn/trunk@2012 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-28feature 657: permalinks for categoriesrvelices1-7/+2
git-svn-id: http://piwigo.org/svn/trunk@1866 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-27- refactoring page['category'] before 1.7 releaservelices1-3/+2
page['category'] is not an id anymore, but an associative array of category info all of page['cat_xxx'] or page['uppercats'] merged into one simplifies calls to make_index_url give plugins a clean start for page variables for version 1.7 git-svn-id: http://piwigo.org/svn/trunk@1861 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-22- user comments are not saved in the database with htmlspecialchars anymorervelices1-4/+0
- web service: added the possibility to enter a user comment using the service... - new comment functions from picture_comment.inc.php git-svn-id: http://piwigo.org/svn/trunk@1849 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-02-14- thumbnails creation for all local sites (not only site id 1)rvelices1-1/+1
- urls for images in notification (rss & mail) is now correct - removed "Recent pictures" from title in when the flat view is in effect - removed unnecessary class="" from comments.tpl - english language correction - removed unused web service files - set rating star button left & right margin to 0 (javascript) - admin menu - put site manager and synchronize together git-svn-id: http://piwigo.org/svn/trunk@1814 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-01-11plugins improvements: allow plugins to fail the installation/activationrvelices1-63/+31
comments.php improvements: - no more double sql escaping on author & keyword (once in common.inc.php and once in comments.php) - now can search comment content on all special char ( ', ", <, >, & ) - author & keyword are correctly redisplayed in browser when they are MySql escaped git-svn-id: http://piwigo.org/svn/trunk@1716 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-01-03Fixed: HTML vulnerability (Cross Site Scripting)rub1-2/+2
git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-12-21Feature Issue ID 0000601: Filter all public pages with only recent elementsrub1-21/+32
It's a finalized version. Obsolete code of draft are removed. You can filter categories and images with recent date period on your screen selection. In the future, filter could be easy done on other type data (plugin?) You can flat categories and sub-categories with a recent date period of your choice. Next, perhaps, a panel to choice recent date for the 2 features. On draft, there have problem with MySql 5, be careful! Css problem not resolved: - Menu "Categories" is bad centered - Icon on dark too on the top git-svn-id: http://piwigo.org/svn/trunk@1677 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-12-10Undo 597: Unvalidated commentsvdigital1-9/+0
git-svn-id: http://piwigo.org/svn/trunk@1647 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-12-090000597: Unvalidated comments are displayed on public sidevdigital1-0/+9
Just add a comment filter to avoid showing unvalidated comment to non admin people. git-svn-id: http://piwigo.org/svn/trunk@1646 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-11-22feature 440: send mail to admin when comment is enteredrvelices1-13/+15
git-svn-id: http://piwigo.org/svn/trunk@1617 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-11-08- comments.php improvements:rvelices1-56/+69
- unvalidated comments are shown only for administrators - added delete/validate icons for admins - removed some unused code - display of comment content performed through an event - replace some get_thumbnail_src with get_thumbnail_url git-svn-id: http://piwigo.org/svn/trunk@1598 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-10-17comments.php: cleanup url (t=1 in the url for an unknown reason) and image rvelices1-3/+4
urls work now with all url styles git-svn-id: http://piwigo.org/svn/trunk@1563 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-08-14fix bug 518: anyone can delete or validate a commentnikrou1-2/+5
comment_id must be int: use of intval function to use it in the query. svn merge -r1534:1535 from branch 1.6 into trunk git-svn-id: http://piwigo.org/svn/trunk@1536 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-22URL rewriting: capable of fully working with urls without ?rvelices1-5/+2
URL rewriting: works with image file instead of image id (change make_picture_url to generate urls with file name instead of image id) URL rewriting: completely works with category/best_rated and picture/best_rated/534 (change 'category.php?' to 'category' in make_index_url and 'picture.php?' to 'picture' in make_picture_url to see it) fix: picture category display in upper bar fix: function rate_picture variables and use of the new user type fix: caddie icon appears now on category page fix: admin element_set sql query was using storage_category_id column (column has moved to #image_categories) fix: replaced some old $_GET[xxx] with $page[xxx] fix: pictures have metadata url (use ? parameter - might change later) git-svn-id: http://piwigo.org/svn/trunk@1092 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-21URL rewriting: fix some old links, calendar simplification and prepare code rvelices1-7/+15
for urls without ? (added functions get_root_url and add_url_param) git-svn-id: http://piwigo.org/svn/trunk@1090 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-15new: cleaner URL. Instead of category.php?cat=search&search=123&start=42,plegall1-1/+1
you now have category.php?/search/123/start-42. Functions make_index_url and make_picture_url build these new URLs. Functions duplicate_picture_url and duplicate_index_url provide shortcuts to URL creation. The current main page page is still category.php but this can be modified easily in make_index_url function. In this first version, no backward compatibility. Calendar definition in URL must be discussed with rvelices. improvement: picture.php redesigned. First actions like "set as representative" or "delete a comment" which all lead to a redirection. Then the page (the big mess) and includes of new sub pages to manage specific parts of the page (metadata, user comments, rates). new: with the cleaner URL comes a new terminology. $page['cat'] doesn't exist anymore. $page['section'] is among 'categories', 'tags' (TODO), 'list', 'most_seen'... And sub parameters are set : $page['category'] if $page['section'] is "categories". See URL analyse in include/section_init.inc.php for details. git-svn-id: http://piwigo.org/svn/trunk@1082 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-03-09Step 2 improvement issue 0000301:rub1-0/+5
o Add and use Functions Check of status o Restricted Access for user generic git-svn-id: http://piwigo.org/svn/trunk@1072 68402e56-0260-453c-a942-63ccdbb3a9ee
2006-01-15Improve security of sessions: nikrou1-3/+3
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee