Changeset 3450 for trunk/comments.php


Ignore:
Timestamp:
Jun 23, 2009, 11:18:16 PM (15 years ago)
Author:
nikrou
Message:

Feature 1026 step 2 :
add author_id column so that guest cannot modify old users comments

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/comments.php

    r3445 r3450  
    101101if (isset($_GET['author']) and !empty($_GET['author']))
    102102{
    103   $page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\'';
     103  $page['where_clauses'][] =
     104    'u.username = \''.addslashes($_GET['author']).'\'
     105     OR author = \''.addslashes($_GET['author']).'\'';   
    104106}
    105107
     
    262264
    263265$query = '
    264 SELECT COUNT(DISTINCT(id))
     266SELECT COUNT(DISTINCT(com.id))
    265267  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
    266268    INNER JOIN '.COMMENTS_TABLE.' AS com
    267269    ON ic.image_id = com.image_id
     270    LEFT JOIN '.USERS_TABLE.' As u
     271    ON u.id = com.author_id
    268272  WHERE '.implode('
    269273    AND ', $page['where_clauses']).'
     
    296300     , ic.category_id
    297301     , com.author
     302     , com.author_id
     303     , username
    298304     , com.date
    299305     , com.content
    300306     , com.validated
    301307  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
    302     INNER JOIN '.COMMENTS_TABLE.' AS com
     308    INNER JOIN '.COMMENTS_TABLE.' AS com   
    303309    ON ic.image_id = com.image_id
     310    LEFT JOIN '.USERS_TABLE.' AS u
     311    ON u.id = com.author_id
    304312  WHERE '.implode('
    305313    AND ', $page['where_clauses']).'
     
    367375          );
    368376
    369     $author = $comment['author'];
    370     if (empty($comment['author']))
    371     {
    372       $author = l10n('guest');
     377    if (!empty($comment['author']))
     378    {
     379      $author = $comment['author'];
     380      if ($author == 'guest')
     381      {
     382        $author = l10n('guest');
     383      }
     384    }
     385    else
     386    {
     387      $author = $comment['username'];
    373388    }
    374389
     
    383398        );
    384399
    385     if (can_manage_comment('delete', $comment['author']))
     400    if (can_manage_comment('delete', $comment['author_id']))
    386401    {
    387402      $url = get_root_url().'comments.php'
     
    392407                       );
    393408    }
    394     if (can_manage_comment('edit', $comment['author']))
     409    if (can_manage_comment('edit', $comment['author_id']))
    395410    {
    396411      $url = get_root_url().'comments.php'
Note: See TracChangeset for help on using the changeset viewer.