Changeset 3488


Ignore:
Timestamp:
07/01/09 22:56:41 (11 years ago)
Author:
rvelices
Message:
  • remove warn on unset variable
  • insert_user_comment expects now the comment content to be sql safe (works now exactly as update_user_comment)
Location:
trunk/include
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_comment.inc.php

    r3450 r3488  
    100100SELECT COUNT(*) AS user_exists 
    101101  FROM '.USERS_TABLE.' 
    102   WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'"; 
     102  WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'"; 
    103103      $row = mysql_fetch_assoc( pwg_query( $query ) ); 
    104104      if ( $row['user_exists'] == 1 ) 
     
    157157  (author, author_id, content, date, validated, validation_date, image_id) 
    158158  VALUES ( 
    159     "'.addslashes($comm['author']).'", 
     159    "'.$comm['author'].'", 
    160160    '.$comm['author_id'].', 
    161     "'.addslashes($comm['content']).'", 
     161    "'.$comm['content'].'", 
    162162    NOW(), 
    163163    "'.($comment_action=='validate' ? 'true':'false').'", 
     
    172172 
    173173    if (($comment_action=='validate' and $conf['email_admin_on_comment']) or 
    174         ($comment_action!='validate'  
     174        ($comment_action!='validate' 
    175175         and $conf['email_admin_on_comment_validation'])) 
    176176    { 
     
    179179      $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id']; 
    180180 
    181       if (empty($comm['author']))  
     181      if (empty($comm['author'])) 
    182182      { 
    183         $author_name = $user['username']; 
     183        $author_name = $user['username']; 
    184184      } 
    185185      else 
    186186      { 
    187         $author_name = $comm['author']; 
     187        $author_name = stripslashes($comm['author']); 
    188188      } 
    189189      $keyargs_content = array 
    190190      ( 
    191191        get_l10n_args('Author: %s', $author_name), 
    192         get_l10n_args('Comment: %s', $comm['content']), 
     192        get_l10n_args('Comment: %s', stripslashes($comm['content']) ), 
    193193        get_l10n_args('', ''), 
    194194        get_l10n_args('Delete: %s', $del_url) 
     
    217217 * Tries to delete a user comment in the database 
    218218 * only admin can delete all comments 
    219  * other users can delete their own comments  
     219 * other users can delete their own comments 
    220220 * so to avoid a new sql request we add author in where clause 
    221221 * 
    222  * @param comment_id  
     222 * @param comment_id 
    223223 */ 
    224224 
     
    246246 * so to avoid a new sql request we add author in where clause 
    247247 * 
    248  * @param comment_id  
     248 * @param comment_id 
    249249 * @param post_key 
    250250 * @param content 
    251251 */ 
    252252 
    253 function update_user_comment($comment, $post_key) { 
     253function update_user_comment($comment, $post_key) 
     254{ 
    254255  global $conf; 
    255256 
     
    276277    if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) 
    277278    { 
    278       array_push( $infos, l10n('comment_anti-flood') ); 
     279      //?? array_push( $infos, l10n('comment_anti-flood') ); 
    279280      $comment_action='reject'; 
    280281    } 
     
    282283 
    283284  // perform more spam check 
    284   $comment_action =  
     285  $comment_action = 
    285286    trigger_event('user_comment_check', 
    286                   $comment_action,  
    287                   array_merge($comment,  
     287                  $comment_action, 
     288                  array_merge($comment, 
    288289                              array('author' => $GLOBALS['user']['username']) 
    289290                              ) 
     
    308309    if ($result) { 
    309310      email_admin('edit', array('author' => $GLOBALS['user']['username'], 
    310                                 'content' => $comment['content'])); 
    311     } 
    312   } 
    313 } 
    314  
    315 function email_admin($action, $comment) { 
     311                                'content' => stripslashes($comment['content'])) ); 
     312    } 
     313  } 
     314} 
     315 
     316function email_admin($action, $comment) 
     317{ 
    316318  global $conf; 
    317319 
     
    324326 
    325327  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 
    326    
     328 
    327329  $keyargs_content = array(); 
    328330  $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']); 
    329   if ($action=='delete')  
    330   { 
    331     $keyargs_content[] = get_l10n_args('This author remove comment with id %d', 
     331  if ($action=='delete') 
     332  { 
     333    $keyargs_content[] = get_l10n_args('This author removed the comment with id %d', 
    332334                                       $comment['comment_id'] 
    333335                                       ); 
     
    338340    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']); 
    339341  } 
    340    
    341   pwg_mail_notification_admins(get_l10n_args('Comment by %s',  
     342 
     343  pwg_mail_notification_admins(get_l10n_args('Comment by %s', 
    342344                                             $comment['author']), 
    343345                               $keyargs_content 
  • trunk/include/picture_comment.inc.php

    r3452 r3488  
    4747 
    4848  $comm = array( 
    49     'author' => trim( stripslashes(@$_POST['author']) ), 
    50     'content' => trim( stripslashes($_POST['content']) ), 
     49    'author' => trim(@$_POST['author']), 
     50    'content' => trim($_POST['content']), 
    5151    'image_id' => $page['image_id'], 
    5252   ); 
     
    122122    { 
    123123      $validated_clause = '  AND validated = \'true\''; 
    124     }  
    125     else  
     124    } 
     125    else 
    126126    { 
    127127      $validated_clause = ''; 
     
    143143    while ($row = mysql_fetch_array($result)) 
    144144    { 
    145       if (!empty($row['author']))  
     145      if (!empty($row['author'])) 
    146146      { 
    147147        $author = $row['author']; 
     
    196196        if ($row['validated'] != 'true') 
    197197        { 
    198           $tpl_comment['U_VALIDATE'] =  
     198          $tpl_comment['U_VALIDATE'] = 
    199199            add_url_params($url_self, 
    200200                           array('action' => 'validate_comment', 
  • trunk/include/ws_functions.inc.php

    r3454 r3488  
    524524 
    525525  $comm = array( 
    526     'author' => trim( stripslashes($params['author']) ), 
    527     'content' => trim( stripslashes($params['content']) ), 
     526    'author' => trim($params['author']), 
     527    'content' => trim($params['content']), 
    528528    'image_id' => $params['image_id'], 
    529529   ); 
     
    886886  // type {thumb, file, high} 
    887887  // position 
    888    
     888 
    889889  if (!is_admin() || is_adviser() ) 
    890890  { 
     
    946946  $pattern = '/'.$original_sum.'-'.$type.'/'; 
    947947  $chunks = array(); 
    948    
     948 
    949949  if ($handle = opendir($upload_dir)) 
    950950  { 
     
    963963 
    964964  ws_logfile('[merge_chunks] memory_get_usage before loading chunks: '.memory_get_usage()); 
    965    
     965 
    966966  foreach ($chunks as $chunk) 
    967967  { 
    968968    $string = file_get_contents($chunk); 
    969      
     969 
    970970    ws_logfile('[merge_chunks] memory_get_usage on chunk '.++$i.': '.memory_get_usage()); 
    971      
     971 
    972972    if (!file_put_contents($output_filepath, $string, FILE_APPEND)) 
    973973    { 
    974974      return new PwgError(500, 'error while writting chunks for '.$output_filepath); 
    975975    } 
    976      
     976 
    977977    unlink($chunk); 
    978978  } 
     
    17841784      ); 
    17851785  } 
    1786    
     1786 
    17871787} 
    17881788 
     
    17901790{ 
    17911791  return true; 
    1792    
     1792 
    17931793  file_put_contents( 
    17941794    '/tmp/piwigo_ws.log', 
Note: See TracChangeset for help on using the changeset viewer.