Changeset 3452 for trunk/comments.php


Ignore:
Timestamp:
Jun 24, 2009, 9:00:40 PM (15 years ago)
Author:
nikrou
Message:

Fix two problem with Feature 1026 :
use of $confuser_fieldsusername and $confuser_fieldsid instead of username and id
escape comment content before editing it.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/comments.php

    r3450 r3452  
    102102{
    103103  $page['where_clauses'][] =
    104     'u.username = \''.addslashes($_GET['author']).'\'
     104    'u.'.$conf['user_fields']['username'].' = \''.addslashes($_GET['author']).'\'
    105105     OR author = \''.addslashes($_GET['author']).'\'';   
    106106}
     
    269269    ON ic.image_id = com.image_id
    270270    LEFT JOIN '.USERS_TABLE.' As u
    271     ON u.id = com.author_id
     271    ON u.'.$conf['user_fields']['id'].' = com.author_id
    272272  WHERE '.implode('
    273273    AND ', $page['where_clauses']).'
     
    301301     , com.author
    302302     , com.author_id
    303      , username
     303     , '.$conf['user_fields']['username'].' AS username
    304304     , com.date
    305305     , com.content
     
    309309    ON ic.image_id = com.image_id
    310310    LEFT JOIN '.USERS_TABLE.' AS u
    311     ON u.id = com.author_id
     311    ON u.'.$conf['user_fields']['id'].' = com.author_id
    312312  WHERE '.implode('
    313313    AND ', $page['where_clauses']).'
Note: See TracChangeset for help on using the changeset viewer.