Changeset 3452


Ignore:
Timestamp:
Jun 24, 2009, 9:00:40 PM (15 years ago)
Author:
nikrou
Message:

Fix two problem with Feature 1026 :
use of $confuser_fieldsusername and $confuser_fieldsid instead of username and id
escape comment content before editing it.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/admin/comments.php

    r3450 r3452  
    135135
    136136$query = '
    137 SELECT c.id, c.image_id, c.date, c.author, u.username, c.content, i.path, i.tn_ext
     137SELECT c.id, c.image_id, c.date, c.author, '.
     138$conf['user_fields']['username'].' AS username, c.content, i.path, i.tn_ext
    138139  FROM '.COMMENTS_TABLE.' AS c
    139140    INNER JOIN '.IMAGES_TABLE.' AS i
    140141      ON i.id = c.image_id
    141142    LEFT JOIN '.USERS_TABLE.' AS u
    142       ON u.id = c.author_id
     143      ON u.'.$conf['user_fields']['id'].' = c.author_id
    143144  WHERE validated = \'false\'
    144145  ORDER BY c.date DESC

  • trunk/comments.php

    r3450 r3452  
    102102{
    103103  $page['where_clauses'][] =
    104     'u.username = \''.addslashes($_GET['author']).'\'
     104    'u.'.$conf['user_fields']['username'].' = \''.addslashes($_GET['author']).'\'
    105105     OR author = \''.addslashes($_GET['author']).'\'';   
    106106}
     
    269269    ON ic.image_id = com.image_id
    270270    LEFT JOIN '.USERS_TABLE.' As u
    271     ON u.id = com.author_id
     271    ON u.'.$conf['user_fields']['id'].' = com.author_id
    272272  WHERE '.implode('
    273273    AND ', $page['where_clauses']).'
     
    301301     , com.author
    302302     , com.author_id
    303      , username
     303     , '.$conf['user_fields']['username'].' AS username
    304304     , com.date
    305305     , com.content
     
    309309    ON ic.image_id = com.image_id
    310310    LEFT JOIN '.USERS_TABLE.' AS u
    311     ON u.id = com.author_id
     311    ON u.'.$conf['user_fields']['id'].' = com.author_id
    312312  WHERE '.implode('
    313313    AND ', $page['where_clauses']).'

  • trunk/include/picture_comment.inc.php

    r3450 r3452  
    129129
    130130    $query = '
    131 SELECT com.id,author,author_id,username,date,image_id,content,validated
     131SELECT com.id,author,author_id,'.$conf['user_fields']['username'].' AS username,
     132  date,image_id,content,validated
    132133  FROM '.COMMENTS_TABLE.' AS com
    133134  LEFT JOIN '.USERS_TABLE.' AS u
    134     ON u.id = author_id
     135    ON u.'.$conf['user_fields']['id'].' = author_id
    135136  WHERE image_id = '.$page['image_id'].
    136137$validated_clause.'

  • trunk/template/yoga/comment_list.tpl

    r3446 r3452  
    4343        <fieldset>
    4444          <legend>{'Edit a comment'|@translate}</legend>
    45           <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT}</textarea></label>
     45          <label>{'comment'|@translate}<textarea name="content" id="contenteditid" rows="5" cols="80">{$comment.CONTENT|escape}</textarea></label>
    4646          <input type="hidden" name="key" value="{$comment.KEY}">
    4747          <input type="hidden" name="image_id" value="{$comment.IMAGE_ID|default:$current.id}">
Note: See TracChangeset for help on using the changeset viewer.