From ed7f7a574eeb9b921d4b85c6e8607faac4971a47 Mon Sep 17 00:00:00 2001 From: nikrou Date: Wed, 24 Jun 2009 19:00:40 +0000 Subject: Fix two problem with Feature 1026 : use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id escape comment content before editing it. git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/comments.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'admin') diff --git a/admin/comments.php b/admin/comments.php index d62b4aca3..cadc3dc67 100644 --- a/admin/comments.php +++ b/admin/comments.php @@ -134,12 +134,13 @@ $template->assign( $list = array(); $query = ' -SELECT c.id, c.image_id, c.date, c.author, u.username, c.content, i.path, i.tn_ext +SELECT c.id, c.image_id, c.date, c.author, '. +$conf['user_fields']['username'].' AS username, c.content, i.path, i.tn_ext FROM '.COMMENTS_TABLE.' AS c INNER JOIN '.IMAGES_TABLE.' AS i ON i.id = c.image_id LEFT JOIN '.USERS_TABLE.' AS u - ON u.id = c.author_id + ON u.'.$conf['user_fields']['id'].' = c.author_id WHERE validated = \'false\' ORDER BY c.date DESC ;'; -- cgit v1.2.3