Changeset 3488 for trunk/include


Ignore:
Timestamp:
Jul 1, 2009, 10:56:41 PM (15 years ago)
Author:
rvelices
Message:
  • remove warn on unset variable
  • insert_user_comment expects now the comment content to be sql safe (works now exactly as update_user_comment)
Location:
trunk/include
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_comment.inc.php

    r3450 r3488  
    100100SELECT COUNT(*) AS user_exists
    101101  FROM '.USERS_TABLE.'
    102   WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
     102  WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'";
    103103      $row = mysql_fetch_assoc( pwg_query( $query ) );
    104104      if ( $row['user_exists'] == 1 )
     
    157157  (author, author_id, content, date, validated, validation_date, image_id)
    158158  VALUES (
    159     "'.addslashes($comm['author']).'",
     159    "'.$comm['author'].'",
    160160    '.$comm['author_id'].',
    161     "'.addslashes($comm['content']).'",
     161    "'.$comm['content'].'",
    162162    NOW(),
    163163    "'.($comment_action=='validate' ? 'true':'false').'",
     
    172172
    173173    if (($comment_action=='validate' and $conf['email_admin_on_comment']) or
    174         ($comment_action!='validate' 
     174        ($comment_action!='validate'
    175175         and $conf['email_admin_on_comment_validation']))
    176176    {
     
    179179      $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
    180180
    181       if (empty($comm['author'])) 
     181      if (empty($comm['author']))
    182182      {
    183         $author_name = $user['username'];
     183        $author_name = $user['username'];
    184184      }
    185185      else
    186186      {
    187         $author_name = $comm['author'];
     187        $author_name = stripslashes($comm['author']);
    188188      }
    189189      $keyargs_content = array
    190190      (
    191191        get_l10n_args('Author: %s', $author_name),
    192         get_l10n_args('Comment: %s', $comm['content']),
     192        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
    193193        get_l10n_args('', ''),
    194194        get_l10n_args('Delete: %s', $del_url)
     
    217217 * Tries to delete a user comment in the database
    218218 * only admin can delete all comments
    219  * other users can delete their own comments 
     219 * other users can delete their own comments
    220220 * so to avoid a new sql request we add author in where clause
    221221 *
    222  * @param comment_id 
     222 * @param comment_id
    223223 */
    224224
     
    246246 * so to avoid a new sql request we add author in where clause
    247247 *
    248  * @param comment_id 
     248 * @param comment_id
    249249 * @param post_key
    250250 * @param content
    251251 */
    252252
    253 function update_user_comment($comment, $post_key) {
     253function update_user_comment($comment, $post_key)
     254{
    254255  global $conf;
    255256
     
    276277    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
    277278    {
    278       array_push( $infos, l10n('comment_anti-flood') );
     279      //?? array_push( $infos, l10n('comment_anti-flood') );
    279280      $comment_action='reject';
    280281    }
     
    282283
    283284  // perform more spam check
    284   $comment_action = 
     285  $comment_action =
    285286    trigger_event('user_comment_check',
    286                   $comment_action, 
    287                   array_merge($comment, 
     287                  $comment_action,
     288                  array_merge($comment,
    288289                              array('author' => $GLOBALS['user']['username'])
    289290                              )
     
    308309    if ($result) {
    309310      email_admin('edit', array('author' => $GLOBALS['user']['username'],
    310                                 'content' => $comment['content']));
    311     }
    312   }
    313 }
    314 
    315 function email_admin($action, $comment) {
     311                                'content' => stripslashes($comment['content'])) );
     312    }
     313  }
     314}
     315
     316function email_admin($action, $comment)
     317{
    316318  global $conf;
    317319
     
    324326
    325327  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
    326  
     328
    327329  $keyargs_content = array();
    328330  $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
    329   if ($action=='delete') 
    330   {
    331     $keyargs_content[] = get_l10n_args('This author remove comment with id %d',
     331  if ($action=='delete')
     332  {
     333    $keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
    332334                                       $comment['comment_id']
    333335                                       );
     
    338340    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
    339341  }
    340  
    341   pwg_mail_notification_admins(get_l10n_args('Comment by %s', 
     342
     343  pwg_mail_notification_admins(get_l10n_args('Comment by %s',
    342344                                             $comment['author']),
    343345                               $keyargs_content
  • trunk/include/picture_comment.inc.php

    r3452 r3488  
    4747
    4848  $comm = array(
    49     'author' => trim( stripslashes(@$_POST['author']) ),
    50     'content' => trim( stripslashes($_POST['content']) ),
     49    'author' => trim(@$_POST['author']),
     50    'content' => trim($_POST['content']),
    5151    'image_id' => $page['image_id'],
    5252   );
     
    122122    {
    123123      $validated_clause = '  AND validated = \'true\'';
    124     } 
    125     else 
     124    }
     125    else
    126126    {
    127127      $validated_clause = '';
     
    143143    while ($row = mysql_fetch_array($result))
    144144    {
    145       if (!empty($row['author'])) 
     145      if (!empty($row['author']))
    146146      {
    147147        $author = $row['author'];
     
    196196        if ($row['validated'] != 'true')
    197197        {
    198           $tpl_comment['U_VALIDATE'] = 
     198          $tpl_comment['U_VALIDATE'] =
    199199            add_url_params($url_self,
    200200                           array('action' => 'validate_comment',
  • trunk/include/ws_functions.inc.php

    r3454 r3488  
    524524
    525525  $comm = array(
    526     'author' => trim( stripslashes($params['author']) ),
    527     'content' => trim( stripslashes($params['content']) ),
     526    'author' => trim($params['author']),
     527    'content' => trim($params['content']),
    528528    'image_id' => $params['image_id'],
    529529   );
     
    886886  // type {thumb, file, high}
    887887  // position
    888  
     888
    889889  if (!is_admin() || is_adviser() )
    890890  {
     
    946946  $pattern = '/'.$original_sum.'-'.$type.'/';
    947947  $chunks = array();
    948  
     948
    949949  if ($handle = opendir($upload_dir))
    950950  {
     
    963963
    964964  ws_logfile('[merge_chunks] memory_get_usage before loading chunks: '.memory_get_usage());
    965  
     965
    966966  foreach ($chunks as $chunk)
    967967  {
    968968    $string = file_get_contents($chunk);
    969    
     969
    970970    ws_logfile('[merge_chunks] memory_get_usage on chunk '.++$i.': '.memory_get_usage());
    971    
     971
    972972    if (!file_put_contents($output_filepath, $string, FILE_APPEND))
    973973    {
    974974      return new PwgError(500, 'error while writting chunks for '.$output_filepath);
    975975    }
    976    
     976
    977977    unlink($chunk);
    978978  }
     
    17841784      );
    17851785  }
    1786  
     1786
    17871787}
    17881788
     
    17901790{
    17911791  return true;
    1792  
     1792
    17931793  file_put_contents(
    17941794    '/tmp/piwigo_ws.log',
Note: See TracChangeset for help on using the changeset viewer.