Changeset 4304 for trunk/include/picture_comment.inc.php

Timestamp:

Nov 18, 2009, 9:07:20 PM (14 years ago)

Author:

Eric

Message:

Escape all login and username characters in database
Display correctly usernames

(I hope not to have made mistakes)

File:

• trunk/include/picture_comment.inc.php (modified) (2 diffs)

trunk/include/picture_comment.inc.php

@@ -47 +47 @@
 
   $comm = array(
-    'author' => trim(@$_POST['author']),
-    'content' => trim($_POST['content']),
+    'author' => trim( stripslashes(@$_POST['author']) ),
+    'content' => trim( stripslashes($_POST['content']) ),
     'image_id' => $page['image_id'],
    );
@@ -153 +153 @@
       else
       {
-        $author = $row['username'];
+        $author = stripslashes($row['username']);
       }