Changeset 3488 for trunk/include
- Timestamp:
- Jul 1, 2009, 10:56:41 PM (15 years ago)
- Location:
- trunk/include
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/functions_comment.inc.php
r3450 r3488 100 100 SELECT COUNT(*) AS user_exists 101 101 FROM '.USERS_TABLE.' 102 WHERE '.$conf['user_fields']['username']." = '". addslashes($comm['author'])."'";102 WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'"; 103 103 $row = mysql_fetch_assoc( pwg_query( $query ) ); 104 104 if ( $row['user_exists'] == 1 ) … … 157 157 (author, author_id, content, date, validated, validation_date, image_id) 158 158 VALUES ( 159 "'. addslashes($comm['author']).'",159 "'.$comm['author'].'", 160 160 '.$comm['author_id'].', 161 "'. addslashes($comm['content']).'",161 "'.$comm['content'].'", 162 162 NOW(), 163 163 "'.($comment_action=='validate' ? 'true':'false').'", … … 172 172 173 173 if (($comment_action=='validate' and $conf['email_admin_on_comment']) or 174 ($comment_action!='validate' 174 ($comment_action!='validate' 175 175 and $conf['email_admin_on_comment_validation'])) 176 176 { … … 179 179 $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id']; 180 180 181 if (empty($comm['author'])) 181 if (empty($comm['author'])) 182 182 { 183 183 $author_name = $user['username']; 184 184 } 185 185 else 186 186 { 187 $author_name = $comm['author'];187 $author_name = stripslashes($comm['author']); 188 188 } 189 189 $keyargs_content = array 190 190 ( 191 191 get_l10n_args('Author: %s', $author_name), 192 get_l10n_args('Comment: %s', $comm['content']),192 get_l10n_args('Comment: %s', stripslashes($comm['content']) ), 193 193 get_l10n_args('', ''), 194 194 get_l10n_args('Delete: %s', $del_url) … … 217 217 * Tries to delete a user comment in the database 218 218 * only admin can delete all comments 219 * other users can delete their own comments 219 * other users can delete their own comments 220 220 * so to avoid a new sql request we add author in where clause 221 221 * 222 * @param comment_id 222 * @param comment_id 223 223 */ 224 224 … … 246 246 * so to avoid a new sql request we add author in where clause 247 247 * 248 * @param comment_id 248 * @param comment_id 249 249 * @param post_key 250 250 * @param content 251 251 */ 252 252 253 function update_user_comment($comment, $post_key) { 253 function update_user_comment($comment, $post_key) 254 { 254 255 global $conf; 255 256 … … 276 277 if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) 277 278 { 278 array_push( $infos, l10n('comment_anti-flood') );279 //?? array_push( $infos, l10n('comment_anti-flood') ); 279 280 $comment_action='reject'; 280 281 } … … 282 283 283 284 // perform more spam check 284 $comment_action = 285 $comment_action = 285 286 trigger_event('user_comment_check', 286 $comment_action, 287 array_merge($comment, 287 $comment_action, 288 array_merge($comment, 288 289 array('author' => $GLOBALS['user']['username']) 289 290 ) … … 308 309 if ($result) { 309 310 email_admin('edit', array('author' => $GLOBALS['user']['username'], 310 'content' => $comment['content'])); 311 } 312 } 313 } 314 315 function email_admin($action, $comment) { 311 'content' => stripslashes($comment['content'])) ); 312 } 313 } 314 } 315 316 function email_admin($action, $comment) 317 { 316 318 global $conf; 317 319 … … 324 326 325 327 include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 326 328 327 329 $keyargs_content = array(); 328 330 $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']); 329 if ($action=='delete') 330 { 331 $keyargs_content[] = get_l10n_args('This author remove comment with id %d',331 if ($action=='delete') 332 { 333 $keyargs_content[] = get_l10n_args('This author removed the comment with id %d', 332 334 $comment['comment_id'] 333 335 ); … … 338 340 $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']); 339 341 } 340 341 pwg_mail_notification_admins(get_l10n_args('Comment by %s', 342 343 pwg_mail_notification_admins(get_l10n_args('Comment by %s', 342 344 $comment['author']), 343 345 $keyargs_content -
trunk/include/picture_comment.inc.php
r3452 r3488 47 47 48 48 $comm = array( 49 'author' => trim( stripslashes(@$_POST['author'])),50 'content' => trim( stripslashes($_POST['content'])),49 'author' => trim(@$_POST['author']), 50 'content' => trim($_POST['content']), 51 51 'image_id' => $page['image_id'], 52 52 ); … … 122 122 { 123 123 $validated_clause = ' AND validated = \'true\''; 124 } 125 else 124 } 125 else 126 126 { 127 127 $validated_clause = ''; … … 143 143 while ($row = mysql_fetch_array($result)) 144 144 { 145 if (!empty($row['author'])) 145 if (!empty($row['author'])) 146 146 { 147 147 $author = $row['author']; … … 196 196 if ($row['validated'] != 'true') 197 197 { 198 $tpl_comment['U_VALIDATE'] = 198 $tpl_comment['U_VALIDATE'] = 199 199 add_url_params($url_self, 200 200 array('action' => 'validate_comment', -
trunk/include/ws_functions.inc.php
r3454 r3488 524 524 525 525 $comm = array( 526 'author' => trim( stripslashes($params['author'])),527 'content' => trim( stripslashes($params['content'])),526 'author' => trim($params['author']), 527 'content' => trim($params['content']), 528 528 'image_id' => $params['image_id'], 529 529 ); … … 886 886 // type {thumb, file, high} 887 887 // position 888 888 889 889 if (!is_admin() || is_adviser() ) 890 890 { … … 946 946 $pattern = '/'.$original_sum.'-'.$type.'/'; 947 947 $chunks = array(); 948 948 949 949 if ($handle = opendir($upload_dir)) 950 950 { … … 963 963 964 964 ws_logfile('[merge_chunks] memory_get_usage before loading chunks: '.memory_get_usage()); 965 965 966 966 foreach ($chunks as $chunk) 967 967 { 968 968 $string = file_get_contents($chunk); 969 969 970 970 ws_logfile('[merge_chunks] memory_get_usage on chunk '.++$i.': '.memory_get_usage()); 971 971 972 972 if (!file_put_contents($output_filepath, $string, FILE_APPEND)) 973 973 { 974 974 return new PwgError(500, 'error while writting chunks for '.$output_filepath); 975 975 } 976 976 977 977 unlink($chunk); 978 978 } … … 1784 1784 ); 1785 1785 } 1786 1786 1787 1787 } 1788 1788 … … 1790 1790 { 1791 1791 return true; 1792 1792 1793 1793 file_put_contents( 1794 1794 '/tmp/piwigo_ws.log',
Note: See TracChangeset
for help on using the changeset viewer.