adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix bug 518: anyone can delete or validate a comment

Browse Source 
comment_id must be int: use of intval function to use it in the query.

svn merge -r1534:1535 from branch 1.6 into trunk


git-svn-id: http://piwigo.org/svn/trunk@1536 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
nikrou
2006-08-14 20:57:50 +00:00
parent fdf392c07d
commit bc1f5319b1
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
comments.php
+5 -2
View File
@@ -148,8 +148,9 @@ if (isset($_GET['keyword']) and !empty($_GET['keyword']))
// | comments management |
// +-----------------------------------------------------------------------+
// comments deletion
if (isset($_POST['delete']) and count($_POST['comment_id']) > 0)
if (isset($_POST['delete']) and count($_POST['comment_id']) > 0 and is_admin())
{
$_POST['comment_id'] = array_map('intval', $_POST['comment_id']);
$query = '
DELETE FROM '.COMMENTS_TABLE.'
WHERE id IN ('.implode(',', $_POST['comment_id']).')
@@ -157,8 +158,10 @@ DELETE FROM '.COMMENTS_TABLE.'
pwg_query($query);
}
// comments validation
if (isset($_POST['validate']) and count($_POST['comment_id']) > 0)
if (isset($_POST['validate']) and count($_POST['comment_id']) > 0
and is_admin())
{
$_POST['comment_id'] = array_map('intval', $_POST['comment_id']);
$query = '
UPDATE '.COMMENTS_TABLE.'
SET validated = \'true\'