Fix two problem with Feature 1026 :

use of $conf['user_fields']['username'] and $conf['user_fields']['id'] instead of username and id escape comment content before editing it. git-svn-id: http://piwigo.org/svn/trunk@3452 68402e56-0260-453c-a942-63ccdbb3a9ee
Piwigo · Jun 24, 2009 · ed7f7a5 · ed7f7a5
1 parent 64c872a
commit ed7f7a5
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 9 deletions.
diff --git a/admin/comments.php b/admin/comments.php
@@ -134,12 +134,13 @@
 $list = array();
 
 $query = '
-SELECT c.id, c.image_id, c.date, c.author, u.username, c.content, i.path, i.tn_ext
+SELECT c.id, c.image_id, c.date, c.author, '.
+$conf['user_fields']['username'].' AS username, c.content, i.path, i.tn_ext
   FROM '.COMMENTS_TABLE.' AS c
     INNER JOIN '.IMAGES_TABLE.' AS i
       ON i.id = c.image_id
     LEFT JOIN '.USERS_TABLE.' AS u
-      ON u.id = c.author_id
+      ON u.'.$conf['user_fields']['id'].' = c.author_id
   WHERE validated = \'false\'
   ORDER BY c.date DESC
 ;';

diff --git a/comments.php b/comments.php
@@ -101,7 +101,7 @@
 if (isset($_GET['author']) and !empty($_GET['author']))
 {
   $page['where_clauses'][] = 
-    'u.username = \''.addslashes($_GET['author']).'\'
+    'u.'.$conf['user_fields']['username'].' = \''.addslashes($_GET['author']).'\'
      OR author = \''.addslashes($_GET['author']).'\'';    
 }
 
@@ -268,7 +268,7 @@
     INNER JOIN '.COMMENTS_TABLE.' AS com
     ON ic.image_id = com.image_id
     LEFT JOIN '.USERS_TABLE.' As u
-    ON u.id = com.author_id
+    ON u.'.$conf['user_fields']['id'].' = com.author_id
   WHERE '.implode('
     AND ', $page['where_clauses']).'
 ;';
@@ -300,15 +300,15 @@
      , ic.category_id
      , com.author
      , com.author_id
-     , username
+     , '.$conf['user_fields']['username'].' AS username
      , com.date
      , com.content
      , com.validated
   FROM '.IMAGE_CATEGORY_TABLE.' AS ic
     INNER JOIN '.COMMENTS_TABLE.' AS com    
     ON ic.image_id = com.image_id
     LEFT JOIN '.USERS_TABLE.' AS u
-    ON u.id = com.author_id
+    ON u.'.$conf['user_fields']['id'].' = com.author_id
   WHERE '.implode('
     AND ', $page['where_clauses']).'
   GROUP BY comment_id

diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
@@ -128,10 +128,11 @@
     }
 
     $query = '
-SELECT com.id,author,author_id,username,date,image_id,content,validated
+SELECT com.id,author,author_id,'.$conf['user_fields']['username'].' AS username,
+  date,image_id,content,validated
   FROM '.COMMENTS_TABLE.' AS com
   LEFT JOIN '.USERS_TABLE.' AS u
-    ON u.id = author_id
+    ON u.'.$conf['user_fields']['id'].' = author_id
   WHERE image_id = '.$page['image_id'].
 $validated_clause.'
   ORDER BY date ASC

diff --git a/template/yoga/comment_list.tpl b/template/yoga/comment_list.tpl
@@ -42,7 +42,7 @@
       <form  method="post" action="{$comment.U_EDIT}" class="filter" id="editComment">
 	<fieldset>
 	  <legend>{'Edit a comment'|@translate}</legend>
-	  <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT}</textarea></label>
+	  <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT|escape}</textarea></label>
 	  <input type="hidden" name="key" value="{$comment.KEY}">
 	  <input type="hidden" name="image_id" value="{$comment.IMAGE_ID|default:$current.id}">
 	  <input class="submit" type="submit" value="{'Submit'|@translate}">