mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-05 09:22:21 +02:00
fixed #1756 php8 warning with trim() and escape input values
This commit is contained in:
@@ -214,10 +214,10 @@ SELECT count(1) FROM '.COMMENTS_TABLE.'
|
|||||||
INSERT INTO '.COMMENTS_TABLE.'
|
INSERT INTO '.COMMENTS_TABLE.'
|
||||||
(author, author_id, anonymous_id, content, date, validated, validation_date, image_id, website_url, email)
|
(author, author_id, anonymous_id, content, date, validated, validation_date, image_id, website_url, email)
|
||||||
VALUES (
|
VALUES (
|
||||||
\''.$comm['author'].'\',
|
\''.pwg_db_real_escape_string($comm['author']).'\',
|
||||||
'.$comm['author_id'].',
|
'.$comm['author_id'].',
|
||||||
\''.$comm['ip'].'\',
|
\''.$comm['ip'].'\',
|
||||||
\''.$comm['content'].'\',
|
\''.pwg_db_real_escape_string($comm['content']).'\',
|
||||||
NOW(),
|
NOW(),
|
||||||
\''.($comment_action=='validate' ? 'true':'false').'\',
|
\''.($comment_action=='validate' ? 'true':'false').'\',
|
||||||
'.($comment_action=='validate' ? 'NOW()':'NULL').',
|
'.($comment_action=='validate' ? 'NOW()':'NULL').',
|
||||||
|
|||||||
@@ -31,10 +31,10 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
|
|||||||
}
|
}
|
||||||
|
|
||||||
$comm = array(
|
$comm = array(
|
||||||
'author' => trim( @$_POST['author'] ),
|
'author' => empty(@$_POST['author']) ? '' : trim( @$_POST['author'] ),
|
||||||
'content' => trim( $_POST['content'] ),
|
'content' => empty(@$_POST['content']) ? '' : trim( $_POST['content'] ),
|
||||||
'website_url' => trim( @$_POST['website_url'] ),
|
'website_url' => empty(@$_POST['website_url']) ? '' : trim( @$_POST['website_url'] ),
|
||||||
'email' => trim( @$_POST['email'] ),
|
'email' => empty(@$_POST['email']) ? '' : trim( @$_POST['email'] ),
|
||||||
'image_id' => $page['image_id'],
|
'image_id' => $page['image_id'],
|
||||||
);
|
);
|
||||||
|
|
||||||
@@ -254,7 +254,7 @@ SELECT
|
|||||||
{
|
{
|
||||||
foreach( array('content', 'author', 'website_url', 'email') as $k)
|
foreach( array('content', 'author', 'website_url', 'email') as $k)
|
||||||
{
|
{
|
||||||
$tpl_var[strtoupper($k)] = htmlspecialchars( stripslashes(@$_POST[$k]) );
|
$tpl_var[strtoupper($k)] = isset($_POST[$k]) ? htmlspecialchars(stripslashes(@$_POST[$k])) : '';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$template->assign('comment_add', $tpl_var);
|
$template->assign('comment_add', $tpl_var);
|
||||||
|
|||||||
Reference in New Issue
Block a user