Changeset 6437


Ignore:
Timestamp:
06/01/10 21:52:44 (10 years ago)
Author:
rvelices
Message:
  • do not remove slashes before calling insert_user_comment (homogeneity with update_user_comment and general use of slashes in piwigo)
  • when using a modifier on a non array variable use @| instead of | (generated code is simpler and faster)
Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_comment.inc.php

    r6423 r6437  
    159159    "'.$comm['author'].'", 
    160160    '.$comm['author_id'].', 
    161     "'.pwg_db_real_escape_string($comm['content']).'", 
     161    "'.$comm['content'].'", 
    162162    NOW(), 
    163163    "'.($comment_action=='validate' ? 'true':'false').'", 
     
    258258  } 
    259259 
    260 /* ? this is a MySql Error - author_id is not defined 
    261   if ($comment_action!='reject' and $conf['anti-flood_time']>0 ) 
    262   { // anti-flood system 
    263     $reference_date = time() - $conf['anti-flood_time']; 
    264     $query = ' 
    265 SELECT id FROM '.COMMENTS_TABLE.' 
    266   WHERE date > FROM_UNIXTIME('.$reference_date.') 
    267     AND author_id = '.$comm['author_id']; 
    268     if ( pwg_db_num_rows( pwg_query( $query ) ) > 0 ) 
    269     { 
    270       //?? array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') ); 
    271       $comment_action='reject'; 
    272     } 
    273   } 
    274 */ 
    275260  // perform more spam check 
    276261  $comment_action = 
  • trunk/include/picture_comment.inc.php

    r6363 r6437  
    4747 
    4848  $comm = array( 
    49     'author' => trim( stripslashes(@$_POST['author']) ), 
    50     'content' => trim( stripslashes($_POST['content']) ), 
     49    'author' => trim( @$_POST['author'] ), 
     50    'content' => trim( $_POST['content'] ), 
    5151    'image_id' => $page['image_id'], 
    5252   ); 
     
    238238    if ('reject'===@$comment_action) 
    239239    { 
    240       $content = htmlspecialchars($comm['content']); 
     240      $content = htmlspecialchars( stripslashes($comm['content']) ); 
    241241    } 
    242242    $template->assign('comment_add', 
  • trunk/include/ws_functions.inc.php

    r6363 r6437  
    549549 
    550550  $comm = array( 
    551     'author' => trim( stripslashes($params['author']) ), 
    552     'content' => trim( stripslashes($params['content']) ), 
     551    'author' => trim( $params['author'] ), 
     552    'content' => trim( $params['content'] ), 
    553553    'image_id' => $params['image_id'], 
    554554   ); 
     
    13571357  $res = array(); 
    13581358  $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']); 
    1359   foreach ( array('status', 'template', 'theme', 'language') as $k ) 
     1359  foreach ( array('status', 'theme', 'language') as $k ) 
    13601360  { 
    13611361    $res[$k] = $user[$k]; 
  • trunk/themes/default/template/identification.tpl

    r6429 r6437  
    4949 
    5050  <p> 
    51     <input type="hidden" name="redirect" value="{$U_REDIRECT|urlencode}"> 
     51    <input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}"> 
    5252    <input class="submit" tabindex="4" type="submit" name="login" value="{'Submit'|@translate}"> 
    5353  </p> 
  • trunk/themes/default/template/menubar_identification.tpl

    r5990 r6437  
    2929        {if isset($U_LOGIN)} 
    3030        <form method="post" action="{$U_LOGIN}" id="quickconnect"> 
    31         <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|urlencode}"> 
     31        <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|@urlencode}"> 
    3232        <fieldset> 
    3333        <legend>{'Quick connect'|@translate}</legend> 
Note: See TracChangeset for help on using the changeset viewer.