feature:2538 transmits messages after comment edition trough SESSION (no more ugly url displayed, avoid some minor bugs)

git-svn-id: http://piwigo.org/svn/trunk@12767 68402e56-0260-453c-a942-63ccdbb3a9ee

include/functions_session.inc.php

@@ -141,7 +141,7 @@ function pwg_session_write($session_id, $data)
   $query = '
 REPLACE INTO '.SESSIONS_TABLE.'
   (id,data,expiration)
-  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
+  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.str_replace("'", "\'", $data).'\',now())
 ;';
   pwg_query($query);
   return true;

include/picture_comment.inc.php

@@ -228,16 +228,11 @@ SELECT
   if ($show_add_comment_form)
   {
     $key = get_ephemeral_key(3, $page['image_id']);
-    $content = '';
-    if ('reject'===@$comment_action)
-    {
-      $content = htmlspecialchars( stripslashes($comm['content']) );
-    }
     $template->assign('comment_add',
         array(
           'F_ACTION' => $url_self,
           'KEY' => $key,
-          'CONTENT' => $content,
+          'CONTENT' => null,
           'SHOW_AUTHOR' => !is_classic_user()
         ));
   }

picture.php

@@ -320,6 +320,7 @@ UPDATE '.USER_CACHE_CATEGORIES_TABLE.'
       include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
       check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
       $author_id = get_comment_author_id($_GET['comment_to_edit']);
+      
       if (can_manage_comment('edit', $author_id))
       {
         if (!empty($_POST['content']))
@@ -333,21 +334,27 @@ UPDATE '.USER_CACHE_CATEGORIES_TABLE.'
             $_POST['key']
             );
 
+          $perform_redirect = false;
           switch ($comment_action)
           {
             case 'moderate':
-              array_push($page['infos'], l10n('An administrator must authorize your comment before it is visible.'));
+              $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
             case 'validate':
-              array_push($page['infos'], l10n('Your comment has been registered'));
+              $_SESSION['page_infos'][] = l10n('Your comment has been registered');
+              $perform_redirect = true;
               break;
             case 'reject':
-              set_status_header(403);
-              array_push($page['errors'], l10n('Your comment has NOT been registered because it did not pass the validation rules'));
+              $_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
+              $perform_redirect = true;
               break;
             default:
               trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
           }
-            
+          
+          if ($perform_redirect)
+          {
+            redirect($url_self);
+          }
           unset($_POST['content']);
           break;
         }