Changeset 3488 for trunk/include/functions_comment.inc.php
- Timestamp:
- Jul 1, 2009, 10:56:41 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/functions_comment.inc.php
r3450 r3488 100 100 SELECT COUNT(*) AS user_exists 101 101 FROM '.USERS_TABLE.' 102 WHERE '.$conf['user_fields']['username']." = '". addslashes($comm['author'])."'";102 WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'"; 103 103 $row = mysql_fetch_assoc( pwg_query( $query ) ); 104 104 if ( $row['user_exists'] == 1 ) … … 157 157 (author, author_id, content, date, validated, validation_date, image_id) 158 158 VALUES ( 159 "'. addslashes($comm['author']).'",159 "'.$comm['author'].'", 160 160 '.$comm['author_id'].', 161 "'. addslashes($comm['content']).'",161 "'.$comm['content'].'", 162 162 NOW(), 163 163 "'.($comment_action=='validate' ? 'true':'false').'", … … 172 172 173 173 if (($comment_action=='validate' and $conf['email_admin_on_comment']) or 174 ($comment_action!='validate' 174 ($comment_action!='validate' 175 175 and $conf['email_admin_on_comment_validation'])) 176 176 { … … 179 179 $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id']; 180 180 181 if (empty($comm['author'])) 181 if (empty($comm['author'])) 182 182 { 183 183 $author_name = $user['username']; 184 184 } 185 185 else 186 186 { 187 $author_name = $comm['author'];187 $author_name = stripslashes($comm['author']); 188 188 } 189 189 $keyargs_content = array 190 190 ( 191 191 get_l10n_args('Author: %s', $author_name), 192 get_l10n_args('Comment: %s', $comm['content']),192 get_l10n_args('Comment: %s', stripslashes($comm['content']) ), 193 193 get_l10n_args('', ''), 194 194 get_l10n_args('Delete: %s', $del_url) … … 217 217 * Tries to delete a user comment in the database 218 218 * only admin can delete all comments 219 * other users can delete their own comments 219 * other users can delete their own comments 220 220 * so to avoid a new sql request we add author in where clause 221 221 * 222 * @param comment_id 222 * @param comment_id 223 223 */ 224 224 … … 246 246 * so to avoid a new sql request we add author in where clause 247 247 * 248 * @param comment_id 248 * @param comment_id 249 249 * @param post_key 250 250 * @param content 251 251 */ 252 252 253 function update_user_comment($comment, $post_key) { 253 function update_user_comment($comment, $post_key) 254 { 254 255 global $conf; 255 256 … … 276 277 if ( mysql_num_rows( pwg_query( $query ) ) > 0 ) 277 278 { 278 array_push( $infos, l10n('comment_anti-flood') );279 //?? array_push( $infos, l10n('comment_anti-flood') ); 279 280 $comment_action='reject'; 280 281 } … … 282 283 283 284 // perform more spam check 284 $comment_action = 285 $comment_action = 285 286 trigger_event('user_comment_check', 286 $comment_action, 287 array_merge($comment, 287 $comment_action, 288 array_merge($comment, 288 289 array('author' => $GLOBALS['user']['username']) 289 290 ) … … 308 309 if ($result) { 309 310 email_admin('edit', array('author' => $GLOBALS['user']['username'], 310 'content' => $comment['content'])); 311 } 312 } 313 } 314 315 function email_admin($action, $comment) { 311 'content' => stripslashes($comment['content'])) ); 312 } 313 } 314 } 315 316 function email_admin($action, $comment) 317 { 316 318 global $conf; 317 319 … … 324 326 325 327 include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 326 328 327 329 $keyargs_content = array(); 328 330 $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']); 329 if ($action=='delete') 330 { 331 $keyargs_content[] = get_l10n_args('This author remove comment with id %d',331 if ($action=='delete') 332 { 333 $keyargs_content[] = get_l10n_args('This author removed the comment with id %d', 332 334 $comment['comment_id'] 333 335 ); … … 338 340 $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']); 339 341 } 340 341 pwg_mail_notification_admins(get_l10n_args('Comment by %s', 342 343 pwg_mail_notification_admins(get_l10n_args('Comment by %s', 342 344 $comment['author']), 343 345 $keyargs_content
Note: See TracChangeset
for help on using the changeset viewer.