aboutsummaryrefslogtreecommitdiffstats
path: root/comments.php (follow)
Commit message (Collapse)AuthorAgeFilesLines
* increase copyright year to 2010plegall2010-03-191-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@5196 68402e56-0260-453c-a942-63ccdbb3a9ee
* bug 1328: backport the pwg_token on trunkplegall2010-03-191-62/+134
| | | | | | | | | bug 1329: backport the check_input_parameter on trunk feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring on this feature to make the code simpler and easier to maintain (I hope). git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature_1255 :nikrou2009-11-291-1/+2
| | | | | | | - single quotes in queries - start using $conf['dblayer'] git-svn-id: http://piwigo.org/svn/trunk@4385 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1255: modification in sql queriesnikrou2009-11-251-4/+4
| | | | | | | | | - manage random function - manage regex syntax - manage quote (single instead of double) - manage interval git-svn-id: http://piwigo.org/svn/trunk@4367 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1255 : limit params in sql queries were in wrong order (LIMIT count ↵nikrou2009-11-211-1/+1
| | | | | | OFFSET offset) git-svn-id: http://piwigo.org/svn/trunk@4334 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1255 : improve sqlnikrou2009-11-211-1/+1
| | | | | | Replace in queries LIMIT N,M by LIMIT N OFFSET M git-svn-id: http://piwigo.org/svn/trunk@4331 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1244 resolvednikrou2009-11-201-3/+3
| | | | | | | | Replace all mysql functions in core code by ones independant of database engine Fix small php code synxtax : hash must be accessed with [ ] and not { }. git-svn-id: http://piwigo.org/svn/trunk@4325 68402e56-0260-453c-a942-63ccdbb3a9ee
* bug 1220 : fix regression in display when search by author or by keyword ↵nikrou2009-11-041-2/+2
| | | | | | contains quote. git-svn-id: http://piwigo.org/svn/trunk@4182 68402e56-0260-453c-a942-63ccdbb3a9ee
* bug 1220 : fix XSS vulnerability.nikrou2009-10-281-6/+17
| | | | | | | | | | filter on since parameter (is_numeric) use only htmlspecialchars to filter vars to display revert rev:3600 add left join on users table Todo : use only left join on users table when a search by author is made git-svn-id: http://piwigo.org/svn/trunk@4139 68402e56-0260-453c-a942-63ccdbb3a9ee
* - fix php warning from comment_list.tplrvelices2009-07-161-20/+2
| | | | | | | | - author name is saved always in #comments (even for registered users) so that - sql queries are simpler on the comments page (one less table in a big join) - when a user is deleted, we can keep the username in the #comments (there might be still a bug that author_id is not updated when a user is deleted) git-svn-id: http://piwigo.org/svn/trunk@3600 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge r3519 from branch 2.0 to trunkvdigital2009-07-041-0/+4
| | | | | | | | | Minor: prevent for non numeric values (except all) git-svn-id: http://piwigo.org/svn/trunk@3520 68402e56-0260-453c-a942-63ccdbb3a9ee
* - remove unnecessary addslashes in comments.cpprvelices2009-07-011-14/+14
| | | | | | - in template use modifier |@default instead of |default (generated code is faster because we indicate that the input is scalar and not an array) git-svn-id: http://piwigo.org/svn/trunk@3487 68402e56-0260-453c-a942-63ccdbb3a9ee
* Fix two problem with Feature 1026 :nikrou2009-06-241-4/+4
| | | | | | | use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id escape comment content before editing it. git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1026 step 2 :nikrou2009-06-231-8/+23
| | | | | | add author_id column so that guest cannot modify old users comments git-svn-id: http://piwigo.org/svn/trunk@3450 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1026 : Modify / delete comments for usersnikrou2009-06-231-17/+52
| | | | | | | | + update config table content + minor modification of Sylvia theme + need refactoring git-svn-id: http://piwigo.org/svn/trunk@3445 68402e56-0260-453c-a942-63ccdbb3a9ee
* remove duplicate retrieved fieldnikrou2009-06-101-1/+0
| | | | git-svn-id: http://piwigo.org/svn/trunk@3405 68402e56-0260-453c-a942-63ccdbb3a9ee
* Create navigation_bar.tpl file.patdenice2009-03-051-1/+1
| | | | | | Move create_navigation_bar function from functions_html.inc.php to functions.inc.php. git-svn-id: http://piwigo.org/svn/trunk@3172 68402e56-0260-453c-a942-63ccdbb3a9ee
* - removed second parameter $type from function format_datervelices2009-02-041-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@3122 68402e56-0260-453c-a942-63ccdbb3a9ee
* Administration: happy new year 2009, all PHP headers updated. plegall2009-01-041-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge 2755 and 2756 from branch 2.0 to trunkrvelices2008-10-161-2/+2
| | | | | | | | - 2755 fix vulnerability http://www.milw0rm.com/exploits/6755 - 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others) git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
* Bug fixed: as rvelices notified me by email, my header replacement script wasplegall2008-04-051-24/+0
| | | | | | | | | | | | bugged (r2297 was repeating new and old header). By the way, I've also removed the replacement keywords. We were using them because it was a common usage with CVS but it is advised not to use them with Subversion. Personnaly, it is a problem when I search differences between 2 Piwigo installations outside Subversion. git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
* Modification: new header on PHP files, PhpWebGallery renamed Piwigo.plegall2008-04-041-0/+21
| | | | git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
* - security fix (profile)rvelices2008-03-081-1/+1
| | | | | | | - les langues a la hache - fix some copy/paste errors git-svn-id: http://piwigo.org/svn/trunk@2268 68402e56-0260-453c-a942-63ccdbb3a9ee
* - migrate many templates to smartyrvelices2008-02-281-81/+32
| | | | git-svn-id: http://piwigo.org/svn/trunk@2223 68402e56-0260-453c-a942-63ccdbb3a9ee
* - changed htmlentities to htmlspecialchars in comments.php (utf-8 issue)rvelices2007-10-111-2/+2
| | | | | | | | - web service explorer in utf-8 - removed warning in function load_language - feature: show_queries also shows number of selected rows or number of affected rows git-svn-id: http://piwigo.org/svn/trunk@2134 68402e56-0260-453c-a942-63ccdbb3a9ee
* - admin, comments and tags pages include page_header later in the code (as ↵rvelices2007-09-271-4/+2
| | | | | | | | | | in picture and index) allowing plugins to change the header until the very end - fix in admin.php : picture_modify requires cache invalidation - fix in site_update.php : some echo func calls changed to $template->output .= ... - upgraded prototype.js to latest version 1.5.1.1 git-svn-id: http://piwigo.org/svn/trunk@2107 68402e56-0260-453c-a942-63ccdbb3a9ee
* Resolved issue 0000702: Code Injection with picture commentrub2007-06-071-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@2030 68402e56-0260-453c-a942-63ccdbb3a9ee
* keyword search was not working comments.phprvelices2007-05-151-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@2012 68402e56-0260-453c-a942-63ccdbb3a9ee
* feature 657: permalinks for categoriesrvelices2007-02-281-7/+2
| | | | git-svn-id: http://piwigo.org/svn/trunk@1866 68402e56-0260-453c-a942-63ccdbb3a9ee
* - refactoring page['category'] before 1.7 releaservelices2007-02-271-3/+2
| | | | | | | | | page['category'] is not an id anymore, but an associative array of category info all of page['cat_xxx'] or page['uppercats'] merged into one simplifies calls to make_index_url give plugins a clean start for page variables for version 1.7 git-svn-id: http://piwigo.org/svn/trunk@1861 68402e56-0260-453c-a942-63ccdbb3a9ee
* - user comments are not saved in the database with htmlspecialchars anymorervelices2007-02-221-4/+0
| | | | | | | - web service: added the possibility to enter a user comment using the service... - new comment functions from picture_comment.inc.php git-svn-id: http://piwigo.org/svn/trunk@1849 68402e56-0260-453c-a942-63ccdbb3a9ee
* - thumbnails creation for all local sites (not only site id 1)rvelices2007-02-141-1/+1
| | | | | | | | | | | | - urls for images in notification (rss & mail) is now correct - removed "Recent pictures" from title in when the flat view is in effect - removed unnecessary class="" from comments.tpl - english language correction - removed unused web service files - set rating star button left & right margin to 0 (javascript) - admin menu - put site manager and synchronize together git-svn-id: http://piwigo.org/svn/trunk@1814 68402e56-0260-453c-a942-63ccdbb3a9ee
* plugins improvements: allow plugins to fail the installation/activationrvelices2007-01-111-63/+31
| | | | | | | | | | | | comments.php improvements: - no more double sql escaping on author & keyword (once in common.inc.php and once in comments.php) - now can search comment content on all special char ( ', ", <, >, & ) - author & keyword are correctly redisplayed in browser when they are MySql escaped git-svn-id: http://piwigo.org/svn/trunk@1716 68402e56-0260-453c-a942-63ccdbb3a9ee
* Fixed: HTML vulnerability (Cross Site Scripting)rub2007-01-031-2/+2
| | | | git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature Issue ID 0000601: Filter all public pages with only recent elementsrub2006-12-211-21/+32
| | | | | | | | | | | | | | | | | | | | | It's a finalized version. Obsolete code of draft are removed. You can filter categories and images with recent date period on your screen selection. In the future, filter could be easy done on other type data (plugin?) You can flat categories and sub-categories with a recent date period of your choice. Next, perhaps, a panel to choice recent date for the 2 features. On draft, there have problem with MySql 5, be careful! Css problem not resolved: - Menu "Categories" is bad centered - Icon on dark too on the top git-svn-id: http://piwigo.org/svn/trunk@1677 68402e56-0260-453c-a942-63ccdbb3a9ee
* Undo 597: Unvalidated commentsvdigital2006-12-101-9/+0
| | | | git-svn-id: http://piwigo.org/svn/trunk@1647 68402e56-0260-453c-a942-63ccdbb3a9ee
* 0000597: Unvalidated comments are displayed on public sidevdigital2006-12-091-0/+9
| | | | | | Just add a comment filter to avoid showing unvalidated comment to non admin people. git-svn-id: http://piwigo.org/svn/trunk@1646 68402e56-0260-453c-a942-63ccdbb3a9ee
* feature 440: send mail to admin when comment is enteredrvelices2006-11-221-13/+15
| | | | git-svn-id: http://piwigo.org/svn/trunk@1617 68402e56-0260-453c-a942-63ccdbb3a9ee
* - comments.php improvements:rvelices2006-11-081-56/+69
| | | | | | | | | | - unvalidated comments are shown only for administrators - added delete/validate icons for admins - removed some unused code - display of comment content performed through an event - replace some get_thumbnail_src with get_thumbnail_url git-svn-id: http://piwigo.org/svn/trunk@1598 68402e56-0260-453c-a942-63ccdbb3a9ee
* comments.php: cleanup url (t=1 in the url for an unknown reason) and image rvelices2006-10-171-3/+4
| | | | | | urls work now with all url styles git-svn-id: http://piwigo.org/svn/trunk@1563 68402e56-0260-453c-a942-63ccdbb3a9ee
* fix bug 518: anyone can delete or validate a commentnikrou2006-08-141-2/+5
| | | | | | | | | comment_id must be int: use of intval function to use it in the query. svn merge -r1534:1535 from branch 1.6 into trunk git-svn-id: http://piwigo.org/svn/trunk@1536 68402e56-0260-453c-a942-63ccdbb3a9ee
* URL rewriting: capable of fully working with urls without ?rvelices2006-03-221-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | URL rewriting: works with image file instead of image id (change make_picture_url to generate urls with file name instead of image id) URL rewriting: completely works with category/best_rated and picture/best_rated/534 (change 'category.php?' to 'category' in make_index_url and 'picture.php?' to 'picture' in make_picture_url to see it) fix: picture category display in upper bar fix: function rate_picture variables and use of the new user type fix: caddie icon appears now on category page fix: admin element_set sql query was using storage_category_id column (column has moved to #image_categories) fix: replaced some old $_GET[xxx] with $page[xxx] fix: pictures have metadata url (use ? parameter - might change later) git-svn-id: http://piwigo.org/svn/trunk@1092 68402e56-0260-453c-a942-63ccdbb3a9ee
* URL rewriting: fix some old links, calendar simplification and prepare code rvelices2006-03-211-7/+15
| | | | | | for urls without ? (added functions get_root_url and add_url_param) git-svn-id: http://piwigo.org/svn/trunk@1090 68402e56-0260-453c-a942-63ccdbb3a9ee
* new: cleaner URL. Instead of category.php?cat=search&search=123&start=42,plegall2006-03-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | you now have category.php?/search/123/start-42. Functions make_index_url and make_picture_url build these new URLs. Functions duplicate_picture_url and duplicate_index_url provide shortcuts to URL creation. The current main page page is still category.php but this can be modified easily in make_index_url function. In this first version, no backward compatibility. Calendar definition in URL must be discussed with rvelices. improvement: picture.php redesigned. First actions like "set as representative" or "delete a comment" which all lead to a redirection. Then the page (the big mess) and includes of new sub pages to manage specific parts of the page (metadata, user comments, rates). new: with the cleaner URL comes a new terminology. $page['cat'] doesn't exist anymore. $page['section'] is among 'categories', 'tags' (TODO), 'list', 'most_seen'... And sub parameters are set : $page['category'] if $page['section'] is "categories". See URL analyse in include/section_init.inc.php for details. git-svn-id: http://piwigo.org/svn/trunk@1082 68402e56-0260-453c-a942-63ccdbb3a9ee
* Step 2 improvement issue 0000301:rub2006-03-091-0/+5
| | | | | | | o Add and use Functions Check of status o Restricted Access for user generic git-svn-id: http://piwigo.org/svn/trunk@1072 68402e56-0260-453c-a942-63ccdbb3a9ee
* Improve security of sessions: nikrou2006-01-151-3/+3
| | | | | | | - use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
* - modification: localized labels in Administration>Pictures>Caddieplegall2005-10-151-1/+1
| | | | | | | | | - translation: bug fixed on special categories title in French - translation: all help pages were translated in french git-svn-id: http://piwigo.org/svn/trunk@889 68402e56-0260-453c-a942-63ccdbb3a9ee
* - new : HTML BODY identifier to let CSS stylesheets manage specificplegall2005-08-251-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | behaviour. - deletion : admin/search useless - improvement : in admin/user_list, special behaviour for true/false fields (expand, show_comments) - new : gallery_title and gallery_description are displayed at the top of each page. - improvement : simplification in HTML for categories menu. - improvement : standardization of presentation in all public pages (identification, registration, search, profile, notification, comments, etc.) (not in ChangeLog, below this line) - add forgotten notification.php (should have been added in a previous commit) - [template cclear] deletion of useless class .bouton - [template cclear] for test purpose, new presentation of register page (using FORM.filter) - [template cclear] adaptation of admin/group_list from template default - [template cclear] deletion of obsolete admin/infos_images - [template cclear] deletion of obsolete admin/search_username - [template cclear] new icon register.png git-svn-id: http://piwigo.org/svn/trunk@850 68402e56-0260-453c-a942-63ccdbb3a9ee
* - modification : adaptation of template variables and blocks in commentsplegall2005-08-211-4/+6
| | | | | | | | | | | | | | | | | | | page to display comment by comment instead of picture by picture. - [template cclear] comments.tpl copied and adapted from template default. Return to home new icon. As asked by chrisaga, special id #commentsPage in comments.tpl to set the #content margin-left to 0 (since no #menubar to display). - [template cclear] FORM.filter rules taken from template default (these rules have been written some time ago by yoDan. - [template cclear] bug fixed on #theImage : display:block must be used only on IMG and not on the P>A (yes, in BSF you can have HTML in picture and categories descriptions) git-svn-id: http://piwigo.org/svn/trunk@848 68402e56-0260-453c-a942-63ccdbb3a9ee
* - new feature : RSS notification feed. Feed generator is an external toolplegall2005-07-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (FeedCreator class v1.7.2). New file feed.php - new database field : comments.validation_date (datetime). This field is required for notification feed. - new database field : users.feed_id (varchar(50)). users.feed_id is an alias of users.id but is much more complicated to find (50 characters, figures or letters, case sensitive) : the purpose is to keep it secret (as far as possible). - new database field : users.last_feed_check (datetime) - new database field : users.registration_date (datetime) - bug fixed : no need to add the (unavailable) session id to install.php in the installation form. - modified database field : images.date_available become more precise (date to datetime). This precision is needed for notification feed. - new index : comments_i1 (validation_date). Might be useful for feed queries. - new index : comments_i2 (image_id). Useful each time you want to have informations about an element and its associated comments. - version 9.11 of mysqldump outputs database field names and table names with backquote "`" (didn't find how to take them off) git-svn-id: http://piwigo.org/svn/trunk@801 68402e56-0260-453c-a942-63ccdbb3a9ee