aboutsummaryrefslogtreecommitdiffstats
path: root/comments.php (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* bug 1220 : fix XSS vulnerability.nikrou2009-10-281-6/+17
| | | | | | | | | | filter on since parameter (is_numeric) use only htmlspecialchars to filter vars to display revert rev:3600 add left join on users table Todo : use only left join on users table when a search by author is made git-svn-id: http://piwigo.org/svn/trunk@4139 68402e56-0260-453c-a942-63ccdbb3a9ee
* - fix php warning from comment_list.tplrvelices2009-07-161-20/+2
| | | | | | | | - author name is saved always in #comments (even for registered users) so that - sql queries are simpler on the comments page (one less table in a big join) - when a user is deleted, we can keep the username in the #comments (there might be still a bug that author_id is not updated when a user is deleted) git-svn-id: http://piwigo.org/svn/trunk@3600 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge r3519 from branch 2.0 to trunkvdigital2009-07-041-0/+4
| | | | | | | | | Minor: prevent for non numeric values (except all) git-svn-id: http://piwigo.org/svn/trunk@3520 68402e56-0260-453c-a942-63ccdbb3a9ee
* - remove unnecessary addslashes in comments.cpprvelices2009-07-011-14/+14
| | | | | | - in template use modifier |@default instead of |default (generated code is faster because we indicate that the input is scalar and not an array) git-svn-id: http://piwigo.org/svn/trunk@3487 68402e56-0260-453c-a942-63ccdbb3a9ee
* Fix two problem with Feature 1026 :nikrou2009-06-241-4/+4
| | | | | | | use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id escape comment content before editing it. git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1026 step 2 :nikrou2009-06-231-8/+23
| | | | | | add author_id column so that guest cannot modify old users comments git-svn-id: http://piwigo.org/svn/trunk@3450 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature 1026 : Modify / delete comments for usersnikrou2009-06-231-17/+52
| | | | | | | | + update config table content + minor modification of Sylvia theme + need refactoring git-svn-id: http://piwigo.org/svn/trunk@3445 68402e56-0260-453c-a942-63ccdbb3a9ee
* remove duplicate retrieved fieldnikrou2009-06-101-1/+0
| | | | git-svn-id: http://piwigo.org/svn/trunk@3405 68402e56-0260-453c-a942-63ccdbb3a9ee
* Create navigation_bar.tpl file.patdenice2009-03-051-1/+1
| | | | | | Move create_navigation_bar function from functions_html.inc.php to functions.inc.php. git-svn-id: http://piwigo.org/svn/trunk@3172 68402e56-0260-453c-a942-63ccdbb3a9ee
* - removed second parameter $type from function format_datervelices2009-02-041-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@3122 68402e56-0260-453c-a942-63ccdbb3a9ee
* Administration: happy new year 2009, all PHP headers updated. plegall2009-01-041-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
* merge 2755 and 2756 from branch 2.0 to trunkrvelices2008-10-161-2/+2
| | | | | | | | - 2755 fix vulnerability http://www.milw0rm.com/exploits/6755 - 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others) git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
* Bug fixed: as rvelices notified me by email, my header replacement script wasplegall2008-04-051-24/+0
| | | | | | | | | | | | bugged (r2297 was repeating new and old header). By the way, I've also removed the replacement keywords. We were using them because it was a common usage with CVS but it is advised not to use them with Subversion. Personnaly, it is a problem when I search differences between 2 Piwigo installations outside Subversion. git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
* Modification: new header on PHP files, PhpWebGallery renamed Piwigo.plegall2008-04-041-0/+21
| | | | git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
* - security fix (profile)rvelices2008-03-081-1/+1
| | | | | | | - les langues a la hache - fix some copy/paste errors git-svn-id: http://piwigo.org/svn/trunk@2268 68402e56-0260-453c-a942-63ccdbb3a9ee
* - migrate many templates to smartyrvelices2008-02-281-81/+32
| | | | git-svn-id: http://piwigo.org/svn/trunk@2223 68402e56-0260-453c-a942-63ccdbb3a9ee
* - changed htmlentities to htmlspecialchars in comments.php (utf-8 issue)rvelices2007-10-111-2/+2
| | | | | | | | - web service explorer in utf-8 - removed warning in function load_language - feature: show_queries also shows number of selected rows or number of affected rows git-svn-id: http://piwigo.org/svn/trunk@2134 68402e56-0260-453c-a942-63ccdbb3a9ee
* - admin, comments and tags pages include page_header later in the code (as ↵rvelices2007-09-271-4/+2
| | | | | | | | | | in picture and index) allowing plugins to change the header until the very end - fix in admin.php : picture_modify requires cache invalidation - fix in site_update.php : some echo func calls changed to $template->output .= ... - upgraded prototype.js to latest version 1.5.1.1 git-svn-id: http://piwigo.org/svn/trunk@2107 68402e56-0260-453c-a942-63ccdbb3a9ee
* Resolved issue 0000702: Code Injection with picture commentrub2007-06-071-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@2030 68402e56-0260-453c-a942-63ccdbb3a9ee
* keyword search was not working comments.phprvelices2007-05-151-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@2012 68402e56-0260-453c-a942-63ccdbb3a9ee
* feature 657: permalinks for categoriesrvelices2007-02-281-7/+2
| | | | git-svn-id: http://piwigo.org/svn/trunk@1866 68402e56-0260-453c-a942-63ccdbb3a9ee
* - refactoring page['category'] before 1.7 releaservelices2007-02-271-3/+2
| | | | | | | | | page['category'] is not an id anymore, but an associative array of category info all of page['cat_xxx'] or page['uppercats'] merged into one simplifies calls to make_index_url give plugins a clean start for page variables for version 1.7 git-svn-id: http://piwigo.org/svn/trunk@1861 68402e56-0260-453c-a942-63ccdbb3a9ee
* - user comments are not saved in the database with htmlspecialchars anymorervelices2007-02-221-4/+0
| | | | | | | - web service: added the possibility to enter a user comment using the service... - new comment functions from picture_comment.inc.php git-svn-id: http://piwigo.org/svn/trunk@1849 68402e56-0260-453c-a942-63ccdbb3a9ee
* - thumbnails creation for all local sites (not only site id 1)rvelices2007-02-141-1/+1
| | | | | | | | | | | | - urls for images in notification (rss & mail) is now correct - removed "Recent pictures" from title in when the flat view is in effect - removed unnecessary class="" from comments.tpl - english language correction - removed unused web service files - set rating star button left & right margin to 0 (javascript) - admin menu - put site manager and synchronize together git-svn-id: http://piwigo.org/svn/trunk@1814 68402e56-0260-453c-a942-63ccdbb3a9ee
* plugins improvements: allow plugins to fail the installation/activationrvelices2007-01-111-63/+31
| | | | | | | | | | | | comments.php improvements: - no more double sql escaping on author & keyword (once in common.inc.php and once in comments.php) - now can search comment content on all special char ( ', ", <, >, & ) - author & keyword are correctly redisplayed in browser when they are MySql escaped git-svn-id: http://piwigo.org/svn/trunk@1716 68402e56-0260-453c-a942-63ccdbb3a9ee
* Fixed: HTML vulnerability (Cross Site Scripting)rub2007-01-031-2/+2
| | | | git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
* Feature Issue ID 0000601: Filter all public pages with only recent elementsrub2006-12-211-21/+32
| | | | | | | | | | | | | | | | | | | | | It's a finalized version. Obsolete code of draft are removed. You can filter categories and images with recent date period on your screen selection. In the future, filter could be easy done on other type data (plugin?) You can flat categories and sub-categories with a recent date period of your choice. Next, perhaps, a panel to choice recent date for the 2 features. On draft, there have problem with MySql 5, be careful! Css problem not resolved: - Menu "Categories" is bad centered - Icon on dark too on the top git-svn-id: http://piwigo.org/svn/trunk@1677 68402e56-0260-453c-a942-63ccdbb3a9ee
* Undo 597: Unvalidated commentsvdigital2006-12-101-9/+0
| | | | git-svn-id: http://piwigo.org/svn/trunk@1647 68402e56-0260-453c-a942-63ccdbb3a9ee
* 0000597: Unvalidated comments are displayed on public sidevdigital2006-12-091-0/+9
| | | | | | Just add a comment filter to avoid showing unvalidated comment to non admin people. git-svn-id: http://piwigo.org/svn/trunk@1646 68402e56-0260-453c-a942-63ccdbb3a9ee
* feature 440: send mail to admin when comment is enteredrvelices2006-11-221-13/+15
| | | | git-svn-id: http://piwigo.org/svn/trunk@1617 68402e56-0260-453c-a942-63ccdbb3a9ee
* - comments.php improvements:rvelices2006-11-081-56/+69
| | | | | | | | | | - unvalidated comments are shown only for administrators - added delete/validate icons for admins - removed some unused code - display of comment content performed through an event - replace some get_thumbnail_src with get_thumbnail_url git-svn-id: http://piwigo.org/svn/trunk@1598 68402e56-0260-453c-a942-63ccdbb3a9ee
* comments.php: cleanup url (t=1 in the url for an unknown reason) and image rvelices2006-10-171-3/+4
| | | | | | urls work now with all url styles git-svn-id: http://piwigo.org/svn/trunk@1563 68402e56-0260-453c-a942-63ccdbb3a9ee
* fix bug 518: anyone can delete or validate a commentnikrou2006-08-141-2/+5
| | | | | | | | | comment_id must be int: use of intval function to use it in the query. svn merge -r1534:1535 from branch 1.6 into trunk git-svn-id: http://piwigo.org/svn/trunk@1536 68402e56-0260-453c-a942-63ccdbb3a9ee
* URL rewriting: capable of fully working with urls without ?rvelices2006-03-221-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | URL rewriting: works with image file instead of image id (change make_picture_url to generate urls with file name instead of image id) URL rewriting: completely works with category/best_rated and picture/best_rated/534 (change 'category.php?' to 'category' in make_index_url and 'picture.php?' to 'picture' in make_picture_url to see it) fix: picture category display in upper bar fix: function rate_picture variables and use of the new user type fix: caddie icon appears now on category page fix: admin element_set sql query was using storage_category_id column (column has moved to #image_categories) fix: replaced some old $_GET[xxx] with $page[xxx] fix: pictures have metadata url (use ? parameter - might change later) git-svn-id: http://piwigo.org/svn/trunk@1092 68402e56-0260-453c-a942-63ccdbb3a9ee
* URL rewriting: fix some old links, calendar simplification and prepare code rvelices2006-03-211-7/+15
| | | | | | for urls without ? (added functions get_root_url and add_url_param) git-svn-id: http://piwigo.org/svn/trunk@1090 68402e56-0260-453c-a942-63ccdbb3a9ee
* new: cleaner URL. Instead of category.php?cat=search&search=123&start=42,plegall2006-03-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | you now have category.php?/search/123/start-42. Functions make_index_url and make_picture_url build these new URLs. Functions duplicate_picture_url and duplicate_index_url provide shortcuts to URL creation. The current main page page is still category.php but this can be modified easily in make_index_url function. In this first version, no backward compatibility. Calendar definition in URL must be discussed with rvelices. improvement: picture.php redesigned. First actions like "set as representative" or "delete a comment" which all lead to a redirection. Then the page (the big mess) and includes of new sub pages to manage specific parts of the page (metadata, user comments, rates). new: with the cleaner URL comes a new terminology. $page['cat'] doesn't exist anymore. $page['section'] is among 'categories', 'tags' (TODO), 'list', 'most_seen'... And sub parameters are set : $page['category'] if $page['section'] is "categories". See URL analyse in include/section_init.inc.php for details. git-svn-id: http://piwigo.org/svn/trunk@1082 68402e56-0260-453c-a942-63ccdbb3a9ee
* Step 2 improvement issue 0000301:rub2006-03-091-0/+5
| | | | | | | o Add and use Functions Check of status o Restricted Access for user generic git-svn-id: http://piwigo.org/svn/trunk@1072 68402e56-0260-453c-a942-63ccdbb3a9ee
* Improve security of sessions: nikrou2006-01-151-3/+3
| | | | | | | - use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
* - modification: localized labels in Administration>Pictures>Caddieplegall2005-10-151-1/+1
| | | | | | | | | - translation: bug fixed on special categories title in French - translation: all help pages were translated in french git-svn-id: http://piwigo.org/svn/trunk@889 68402e56-0260-453c-a942-63ccdbb3a9ee
* - new : HTML BODY identifier to let CSS stylesheets manage specificplegall2005-08-251-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | behaviour. - deletion : admin/search useless - improvement : in admin/user_list, special behaviour for true/false fields (expand, show_comments) - new : gallery_title and gallery_description are displayed at the top of each page. - improvement : simplification in HTML for categories menu. - improvement : standardization of presentation in all public pages (identification, registration, search, profile, notification, comments, etc.) (not in ChangeLog, below this line) - add forgotten notification.php (should have been added in a previous commit) - [template cclear] deletion of useless class .bouton - [template cclear] for test purpose, new presentation of register page (using FORM.filter) - [template cclear] adaptation of admin/group_list from template default - [template cclear] deletion of obsolete admin/infos_images - [template cclear] deletion of obsolete admin/search_username - [template cclear] new icon register.png git-svn-id: http://piwigo.org/svn/trunk@850 68402e56-0260-453c-a942-63ccdbb3a9ee
* - modification : adaptation of template variables and blocks in commentsplegall2005-08-211-4/+6
| | | | | | | | | | | | | | | | | | | page to display comment by comment instead of picture by picture. - [template cclear] comments.tpl copied and adapted from template default. Return to home new icon. As asked by chrisaga, special id #commentsPage in comments.tpl to set the #content margin-left to 0 (since no #menubar to display). - [template cclear] FORM.filter rules taken from template default (these rules have been written some time ago by yoDan. - [template cclear] bug fixed on #theImage : display:block must be used only on IMG and not on the P>A (yes, in BSF you can have HTML in picture and categories descriptions) git-svn-id: http://piwigo.org/svn/trunk@848 68402e56-0260-453c-a942-63ccdbb3a9ee
* - new feature : RSS notification feed. Feed generator is an external toolplegall2005-07-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (FeedCreator class v1.7.2). New file feed.php - new database field : comments.validation_date (datetime). This field is required for notification feed. - new database field : users.feed_id (varchar(50)). users.feed_id is an alias of users.id but is much more complicated to find (50 characters, figures or letters, case sensitive) : the purpose is to keep it secret (as far as possible). - new database field : users.last_feed_check (datetime) - new database field : users.registration_date (datetime) - bug fixed : no need to add the (unavailable) session id to install.php in the installation form. - modified database field : images.date_available become more precise (date to datetime). This precision is needed for notification feed. - new index : comments_i1 (validation_date). Might be useful for feed queries. - new index : comments_i2 (image_id). Useful each time you want to have informations about an element and its associated comments. - version 9.11 of mysqldump outputs database field names and table names with backquote "`" (didn't find how to take them off) git-svn-id: http://piwigo.org/svn/trunk@801 68402e56-0260-453c-a942-63ccdbb3a9ee
* - comments page rewritten : comments are displayed one by one, with filtersplegall2005-06-211-106/+319
| | | | | | | and display options available. The list of comments is paginated. git-svn-id: http://piwigo.org/svn/trunk@796 68402e56-0260-453c-a942-63ccdbb3a9ee
* - bug fixed : same comments displayed as many times as element categoriesplegall2005-01-231-10/+7
| | | | git-svn-id: http://piwigo.org/svn/trunk@721 68402e56-0260-453c-a942-63ccdbb3a9ee
* - use template->parse instead of pparse. (exceptions for install.php andplegall2005-01-131-1/+1
| | | | | | | | | upgrade.php) - bug fixed : queries time and count were not displayed on a redirection git-svn-id: http://piwigo.org/svn/trunk@688 68402e56-0260-453c-a942-63ccdbb3a9ee
* all headers adapted to new year 2005, happy new yearplegall2005-01-071-1/+1
| | | | git-svn-id: http://piwigo.org/svn/trunk@675 68402e56-0260-453c-a942-63ccdbb3a9ee
* - in admin menu, status option for categories is not "permissions" butplegall2004-12-121-1/+1
| | | | | | | | | | | | | | | | | | "private or public" choice = different language item - get_cat_display_name changed : use $conf['level_separator'] to unify presentation - default values for category properties commentable, uploadable, status and visible (set in include/config.inc.php) used for category creation (admin/update, admin/remote_site, admin/cat_list) - use mass_inserts in admin/update for inserting new categories - only one query for counting the number of sub categories in admin/cat_list git-svn-id: http://piwigo.org/svn/trunk@642 68402e56-0260-453c-a942-63ccdbb3a9ee
* Unification of "Return to main page" entry in the language files.gweltas2004-11-181-1/+2
| | | | git-svn-id: http://piwigo.org/svn/trunk@607 68402e56-0260-453c-a942-63ccdbb3a9ee
* - images.path column added to reduce database accessplegall2004-11-161-4/+2
| | | | | | | | | | - function mass_inserts moved from admin/remote_sites.php to admin/include/function.php - function mass_inserts used in admin/update.php git-svn-id: http://piwigo.org/svn/trunk@606 68402e56-0260-453c-a942-63ccdbb3a9ee
* update headers to comply with GPLz0rglub2004-11-061-4/+4
| | | | git-svn-id: http://piwigo.org/svn/trunk@593 68402e56-0260-453c-a942-63ccdbb3a9ee
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 08:57:03 +0000