Ignore:
Timestamp:
Jul 1, 2009, 10:56:41 PM (15 years ago)
Author:
rvelices
Message:
  • remove warn on unset variable
  • insert_user_comment expects now the comment content to be sql safe (works now exactly as update_user_comment)
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/functions_comment.inc.php

    r3450 r3488  
    100100SELECT COUNT(*) AS user_exists
    101101  FROM '.USERS_TABLE.'
    102   WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
     102  WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'";
    103103      $row = mysql_fetch_assoc( pwg_query( $query ) );
    104104      if ( $row['user_exists'] == 1 )
     
    157157  (author, author_id, content, date, validated, validation_date, image_id)
    158158  VALUES (
    159     "'.addslashes($comm['author']).'",
     159    "'.$comm['author'].'",
    160160    '.$comm['author_id'].',
    161     "'.addslashes($comm['content']).'",
     161    "'.$comm['content'].'",
    162162    NOW(),
    163163    "'.($comment_action=='validate' ? 'true':'false').'",
     
    172172
    173173    if (($comment_action=='validate' and $conf['email_admin_on_comment']) or
    174         ($comment_action!='validate' 
     174        ($comment_action!='validate'
    175175         and $conf['email_admin_on_comment_validation']))
    176176    {
     
    179179      $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
    180180
    181       if (empty($comm['author'])) 
     181      if (empty($comm['author']))
    182182      {
    183         $author_name = $user['username'];
     183        $author_name = $user['username'];
    184184      }
    185185      else
    186186      {
    187         $author_name = $comm['author'];
     187        $author_name = stripslashes($comm['author']);
    188188      }
    189189      $keyargs_content = array
    190190      (
    191191        get_l10n_args('Author: %s', $author_name),
    192         get_l10n_args('Comment: %s', $comm['content']),
     192        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
    193193        get_l10n_args('', ''),
    194194        get_l10n_args('Delete: %s', $del_url)
     
    217217 * Tries to delete a user comment in the database
    218218 * only admin can delete all comments
    219  * other users can delete their own comments 
     219 * other users can delete their own comments
    220220 * so to avoid a new sql request we add author in where clause
    221221 *
    222  * @param comment_id 
     222 * @param comment_id
    223223 */
    224224
     
    246246 * so to avoid a new sql request we add author in where clause
    247247 *
    248  * @param comment_id 
     248 * @param comment_id
    249249 * @param post_key
    250250 * @param content
    251251 */
    252252
    253 function update_user_comment($comment, $post_key) {
     253function update_user_comment($comment, $post_key)
     254{
    254255  global $conf;
    255256
     
    276277    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
    277278    {
    278       array_push( $infos, l10n('comment_anti-flood') );
     279      //?? array_push( $infos, l10n('comment_anti-flood') );
    279280      $comment_action='reject';
    280281    }
     
    282283
    283284  // perform more spam check
    284   $comment_action = 
     285  $comment_action =
    285286    trigger_event('user_comment_check',
    286                   $comment_action, 
    287                   array_merge($comment, 
     287                  $comment_action,
     288                  array_merge($comment,
    288289                              array('author' => $GLOBALS['user']['username'])
    289290                              )
     
    308309    if ($result) {
    309310      email_admin('edit', array('author' => $GLOBALS['user']['username'],
    310                                 'content' => $comment['content']));
    311     }
    312   }
    313 }
    314 
    315 function email_admin($action, $comment) {
     311                                'content' => stripslashes($comment['content'])) );
     312    }
     313  }
     314}
     315
     316function email_admin($action, $comment)
     317{
    316318  global $conf;
    317319
     
    324326
    325327  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
    326  
     328
    327329  $keyargs_content = array();
    328330  $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
    329   if ($action=='delete') 
    330   {
    331     $keyargs_content[] = get_l10n_args('This author remove comment with id %d',
     331  if ($action=='delete')
     332  {
     333    $keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
    332334                                       $comment['comment_id']
    333335                                       );
     
    338340    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
    339341  }
    340  
    341   pwg_mail_notification_admins(get_l10n_args('Comment by %s', 
     342
     343  pwg_mail_notification_admins(get_l10n_args('Comment by %s',
    342344                                             $comment['author']),
    343345                               $keyargs_content
Note: See TracChangeset for help on using the changeset viewer.