Changeset 3452


Ignore:
Timestamp:
06/24/09 21:00:40 (11 years ago)
Author:
nikrou
Message:

Fix two problem with Feature 1026 :
use of $confuser_fieldsusername and $confuser_fieldsid instead of username and id
escape comment content before editing it.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/comments.php

    r3450 r3452  
    135135 
    136136$query = ' 
    137 SELECT c.id, c.image_id, c.date, c.author, u.username, c.content, i.path, i.tn_ext 
     137SELECT c.id, c.image_id, c.date, c.author, '. 
     138$conf['user_fields']['username'].' AS username, c.content, i.path, i.tn_ext 
    138139  FROM '.COMMENTS_TABLE.' AS c 
    139140    INNER JOIN '.IMAGES_TABLE.' AS i 
    140141      ON i.id = c.image_id 
    141142    LEFT JOIN '.USERS_TABLE.' AS u 
    142       ON u.id = c.author_id 
     143      ON u.'.$conf['user_fields']['id'].' = c.author_id 
    143144  WHERE validated = \'false\' 
    144145  ORDER BY c.date DESC 
  • trunk/comments.php

    r3450 r3452  
    102102{ 
    103103  $page['where_clauses'][] =  
    104     'u.username = \''.addslashes($_GET['author']).'\' 
     104    'u.'.$conf['user_fields']['username'].' = \''.addslashes($_GET['author']).'\' 
    105105     OR author = \''.addslashes($_GET['author']).'\'';     
    106106} 
     
    269269    ON ic.image_id = com.image_id 
    270270    LEFT JOIN '.USERS_TABLE.' As u 
    271     ON u.id = com.author_id 
     271    ON u.'.$conf['user_fields']['id'].' = com.author_id 
    272272  WHERE '.implode(' 
    273273    AND ', $page['where_clauses']).' 
     
    301301     , com.author 
    302302     , com.author_id 
    303      , username 
     303     , '.$conf['user_fields']['username'].' AS username 
    304304     , com.date 
    305305     , com.content 
     
    309309    ON ic.image_id = com.image_id 
    310310    LEFT JOIN '.USERS_TABLE.' AS u 
    311     ON u.id = com.author_id 
     311    ON u.'.$conf['user_fields']['id'].' = com.author_id 
    312312  WHERE '.implode(' 
    313313    AND ', $page['where_clauses']).' 
  • trunk/include/picture_comment.inc.php

    r3450 r3452  
    129129 
    130130    $query = ' 
    131 SELECT com.id,author,author_id,username,date,image_id,content,validated 
     131SELECT com.id,author,author_id,'.$conf['user_fields']['username'].' AS username, 
     132  date,image_id,content,validated 
    132133  FROM '.COMMENTS_TABLE.' AS com 
    133134  LEFT JOIN '.USERS_TABLE.' AS u 
    134     ON u.id = author_id 
     135    ON u.'.$conf['user_fields']['id'].' = author_id 
    135136  WHERE image_id = '.$page['image_id']. 
    136137$validated_clause.' 
  • trunk/template/yoga/comment_list.tpl

    r3446 r3452  
    4343        <fieldset> 
    4444          <legend>{'Edit a comment'|@translate}</legend> 
    45           <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT}</textarea></label> 
     45          <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT|escape}</textarea></label> 
    4646          <input type="hidden" name="key" value="{$comment.KEY}"> 
    4747          <input type="hidden" name="image_id" value="{$comment.IMAGE_ID|default:$current.id}"> 
Note: See TracChangeset for help on using the changeset viewer.