Changeset 1716 for trunk/comments.php
- Timestamp:
- Jan 12, 2007, 12:15:26 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/comments.php
r1696 r1716 3 3 // | PhpWebGallery - a PHP based picture gallery | 4 4 // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | 5 // | Copyright (C) 2003-200 5PhpWebGallery Team - http://phpwebgallery.net |5 // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | 6 6 // +-----------------------------------------------------------------------+ 7 7 // | branch : BSF (Best So Far) … … 64 64 ); 65 65 66 $page['since'] = isset($_GET['since']) ? $_GET['since'] : 3;66 $page['since'] = isset($_GET['since']) ? $_GET['since'] : 4; 67 67 68 68 // on which field sorting … … 92 92 } 93 93 94 $page['where_clauses'] = array(); 95 94 96 // which category to filter on ? 95 $page['cat_clause'] = '1=1';96 97 if (isset($_GET['cat']) and 0 != $_GET['cat']) 97 98 { 98 $page[' cat_clause'] =99 $page['where_clauses'][] = 99 100 'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')'; 100 101 } 101 102 102 103 // search a particular author 103 $page['author_clause'] = '1=1';104 104 if (isset($_GET['author']) and !empty($_GET['author'])) 105 105 { 106 if (function_exists('mysql_real_escape_string')) 107 { 108 $author = mysql_real_escape_string($_GET['author']); 109 } 110 else 111 { 112 $author = mysql_escape_string($_GET['author']); 113 } 114 115 $page['author_clause'] = 'author = \''.$author.'\''; 106 $page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\''; 116 107 } 117 108 118 109 // search a substring among comments content 119 $page['keyword_clause'] = '1=1';120 110 if (isset($_GET['keyword']) and !empty($_GET['keyword'])) 121 111 { 122 if (function_exists('mysql_real_escape_string')) 123 { 124 $keyword = mysql_real_escape_string($_GET['keyword']); 125 } 126 else 127 { 128 $keyword = mysql_escape_string($_GET['keyword']); 129 } 130 $page['keyword_clause'] = 112 // fors some odd reason comment content is htmlspecialchars in the database 113 $keyword = addslashes( 114 htmlspecialchars( stripslashes($_GET['keyword']), ENT_QUOTES) 115 ); 116 $page['where_clauses'][] = 131 117 '('. 132 118 implode(' AND ', … … 142 128 } 143 129 130 $page['where_clauses'][] = $since_options[$page['since']]['clause']; 131 144 132 // which status to filter on ? 145 if ( is_admin() ) 146 { 147 $page['status_clause'] = '1=1'; 148 } 149 else 150 { 151 $page['status_clause'] = 'validated="true"'; 152 } 153 133 if ( !is_admin() ) 134 { 135 $page['where_clauses'][] = 'validated="true"'; 136 } 137 138 $page['where_clauses'][] = get_sql_condition_FandF 139 ( 140 array 141 ( 142 'forbidden_categories' => 'category_id', 143 'visible_categories' => 'category_id', 144 'visible_images' => 'ic.image_id' 145 ), 146 '', true 147 ); 154 148 155 149 // +-----------------------------------------------------------------------+ … … 194 188 195 189 'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php', 196 'F_KEYWORD'=>@htmlentities( $_GET['keyword']),197 'F_AUTHOR'=>@htmlentities( $_GET['author']),190 'F_KEYWORD'=>@htmlentities(stripslashes($_GET['keyword'])), 191 'F_AUTHOR'=>@htmlentities(stripslashes($_GET['author'])), 198 192 199 193 'U_HOME' => make_index_url(), … … 308 302 INNER JOIN '.COMMENTS_TABLE.' AS com 309 303 ON ic.image_id = com.image_id 310 WHERE '.$since_options[$page['since']]['clause'].' 311 AND '.$page['cat_clause'].' 312 AND '.$page['author_clause'].' 313 AND '.$page['keyword_clause'].' 314 AND '.$page['status_clause'].' 315 '.get_sql_condition_FandF 316 ( 317 array 318 ( 319 'forbidden_categories' => 'category_id', 320 'visible_categories' => 'category_id', 321 'visible_images' => 'ic.image_id' 322 ), 323 'AND' 324 ).' 304 WHERE '.implode(' 305 AND ', $page['where_clauses']).' 325 306 ;'; 326 307 list($counter) = mysql_fetch_row(pwg_query($query)); … … 358 339 INNER JOIN '.COMMENTS_TABLE.' AS com 359 340 ON ic.image_id = com.image_id 360 WHERE '.$since_options[$page['since']]['clause'].' 361 AND '.$page['cat_clause'].' 362 AND '.$page['author_clause'].' 363 AND '.$page['keyword_clause'].' 364 AND '.$page['status_clause'].' 365 '.get_sql_condition_FandF 366 ( 367 array 368 ( 369 'forbidden_categories' => 'category_id', 370 'visible_categories' => 'category_id', 371 'visible_images' => 'ic.image_id' 372 ), 373 'AND' 374 ).' 341 WHERE '.implode(' 342 AND ', $page['where_clauses']).' 375 343 GROUP BY comment_id 376 344 ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
Note: See TracChangeset
for help on using the changeset viewer.