fixed #1756 php8 warning with trim() and escape input values

include/functions_comment.inc.php

@@ -214,10 +214,10 @@ SELECT count(1) FROM '.COMMENTS_TABLE.'
 INSERT INTO '.COMMENTS_TABLE.'
   (author, author_id, anonymous_id, content, date, validated, validation_date, image_id, website_url, email)
   VALUES (
-    \''.$comm['author'].'\',
+    \''.pwg_db_real_escape_string($comm['author']).'\',
     '.$comm['author_id'].',
     \''.$comm['ip'].'\',
-    \''.$comm['content'].'\',
+    \''.pwg_db_real_escape_string($comm['content']).'\',
     NOW(),
     \''.($comment_action=='validate' ? 'true':'false').'\',
     '.($comment_action=='validate' ? 'NOW()':'NULL').',

include/picture_comment.inc.php

@@ -31,10 +31,10 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
   }
 
   $comm = array(
-    'author' => trim( @$_POST['author'] ),
-    'content' => trim( $_POST['content'] ),
-    'website_url' => trim( @$_POST['website_url'] ),
-    'email' => trim( @$_POST['email'] ),
+    'author' => empty(@$_POST['author']) ? '' : trim( @$_POST['author'] ),
+    'content' => empty(@$_POST['content']) ? '' : trim( $_POST['content'] ),
+    'website_url' => empty(@$_POST['website_url']) ? '' : trim( @$_POST['website_url'] ),
+    'email' => empty(@$_POST['email']) ? '' : trim( @$_POST['email'] ),
     'image_id' => $page['image_id'],
    );
 
@@ -254,7 +254,7 @@ SELECT
     {
       foreach( array('content', 'author', 'website_url', 'email') as $k)
       {
-        $tpl_var[strtoupper($k)] = htmlspecialchars( stripslashes(@$_POST[$k]) );
+        $tpl_var[strtoupper($k)] = isset($_POST[$k]) ? htmlspecialchars(stripslashes(@$_POST[$k])) : '';
       }
     }
     $template->assign('comment_add', $tpl_var);