- remove warn on unset variable

- insert_user_comment expects now the comment content to be sql safe (works now exactly as update_user_comment) git-svn-id: http://piwigo.org/svn/trunk@3488 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-03-28 17:42:57 +01:00 · 2009-07-01 20:56:41 +00:00
parent ae6ab9966b
commit 4fa8d36ed5
3 changed files with 41 additions and 39 deletions
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -99,7 +99,7 @@ function insert_user_comment( &$comm, $key, &$infos )
      $query = '
 SELECT COUNT(*) AS user_exists
  FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
+  WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'";
      $row = mysql_fetch_assoc( pwg_query( $query ) );
      if ( $row['user_exists'] == 1 )
      {
@@ -156,9 +156,9 @@ SELECT id FROM '.COMMENTS_TABLE.'
 INSERT INTO '.COMMENTS_TABLE.'
  (author, author_id, content, date, validated, validation_date, image_id)
  VALUES (
-    "'.addslashes($comm['author']).'",
+    "'.$comm['author'].'",
    '.$comm['author_id'].',
-    "'.addslashes($comm['content']).'",
+    "'.$comm['content'].'",
    NOW(),
    "'.($comment_action=='validate' ? 'true':'false').'",
    '.($comment_action=='validate' ? 'NOW()':'NULL').',
@@ -171,25 +171,25 @@ INSERT INTO '.COMMENTS_TABLE.'
    $comm['id'] = mysql_insert_id();

    if (($comment_action=='validate' and $conf['email_admin_on_comment']) or
-	($comment_action!='validate' 
+	($comment_action!='validate'
 	 and $conf['email_admin_on_comment_validation']))
    {
      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');

      $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];

-      if (empty($comm['author'])) 
+      if (empty($comm['author']))
      {
-	$author_name = $user['username'];
+        $author_name = $user['username'];
      }
      else
      {
-	$author_name = $comm['author'];
+        $author_name = stripslashes($comm['author']);
      }
      $keyargs_content = array
      (
        get_l10n_args('Author: %s', $author_name),
-        get_l10n_args('Comment: %s', $comm['content']),
+        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
        get_l10n_args('', ''),
        get_l10n_args('Delete: %s', $del_url)
      );
@@ -216,10 +216,10 @@ INSERT INTO '.COMMENTS_TABLE.'
 /**
 * Tries to delete a user comment in the database
 * only admin can delete all comments
- * other users can delete their own comments 
+ * other users can delete their own comments
 * so to avoid a new sql request we add author in where clause
 *
- * @param comment_id 
+ * @param comment_id
 */

 function delete_user_comment($comment_id) {
@@ -245,12 +245,13 @@ $user_where_clause.'
 * users can edit their own comments if admin allow them
 * so to avoid a new sql request we add author in where clause
 *
- * @param comment_id 
+ * @param comment_id
 * @param post_key
 * @param content
 */

-function update_user_comment($comment, $post_key) {
+function update_user_comment($comment, $post_key)
+{
  global $conf;

  $comment_action = 'validate';
@@ -275,16 +276,16 @@ SELECT id FROM '.COMMENTS_TABLE.'
    AND author_id = '.$comm['author_id'];
    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
    {
-      array_push( $infos, l10n('comment_anti-flood') );
+      //?? array_push( $infos, l10n('comment_anti-flood') );
      $comment_action='reject';
    }
  }

  // perform more spam check
-  $comment_action = 
+  $comment_action =
    trigger_event('user_comment_check',
-		  $comment_action, 
-		  array_merge($comment, 
+		  $comment_action,
+		  array_merge($comment,
 			      array('author' => $GLOBALS['user']['username'])
 			      )
 		  );
@@ -307,12 +308,13 @@ $user_where_clause.'
    $result = pwg_query($query);
    if ($result) {
      email_admin('edit', array('author' => $GLOBALS['user']['username'],
-				'content' => $comment['content']));
+				'content' => stripslashes($comment['content'])) );
    }
  }
 }

-function email_admin($action, $comment) {
+function email_admin($action, $comment)
+{
  global $conf;

  if (!in_array($action, array('edit', 'delete'))
@@ -323,12 +325,12 @@ function email_admin($action, $comment) {
  }

  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
-  
+
  $keyargs_content = array();
  $keyargs_content[] = get_l10n_args('Author: %s', $comment['author']);
-  if ($action=='delete') 
+  if ($action=='delete')
  {
-    $keyargs_content[] = get_l10n_args('This author remove comment with id %d',
+    $keyargs_content[] = get_l10n_args('This author removed the comment with id %d',
 				       $comment['comment_id']
 				       );
  }
@@ -337,8 +339,8 @@ function email_admin($action, $comment) {
    $keyargs_content[] = get_l10n_args('This author modified following comment:', '');
    $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']);
  }
-  
-  pwg_mail_notification_admins(get_l10n_args('Comment by %s', 
+
+  pwg_mail_notification_admins(get_l10n_args('Comment by %s',
 					     $comment['author']),
 			       $keyargs_content
 			       );
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
  }

  $comm = array(
-    'author' => trim( stripslashes(@$_POST['author']) ),
-    'content' => trim( stripslashes($_POST['content']) ),
+    'author' => trim(@$_POST['author']),
+    'content' => trim($_POST['content']),
    'image_id' => $page['image_id'],
   );

@@ -121,8 +121,8 @@ SELECT COUNT(*) AS nb_comments
    if ( !is_admin() )
    {
      $validated_clause = '  AND validated = \'true\'';
-    } 
-    else 
+    }
+    else
    {
      $validated_clause = '';
    }
@@ -142,7 +142,7 @@ $validated_clause.'

    while ($row = mysql_fetch_array($result))
    {
-      if (!empty($row['author'])) 
+      if (!empty($row['author']))
      {
 	$author = $row['author'];
 	if ($author == 'guest')
@@ -195,7 +195,7 @@ $validated_clause.'
      {
 	if ($row['validated'] != 'true')
 	{
-	  $tpl_comment['U_VALIDATE'] = 
+	  $tpl_comment['U_VALIDATE'] =
 	    add_url_params($url_self,
 			   array('action' => 'validate_comment',
 				 'comment_to_validate' => $row['id']
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -523,8 +523,8 @@ SELECT DISTINCT image_id
  }

  $comm = array(
-    'author' => trim( stripslashes($params['author']) ),
-    'content' => trim( stripslashes($params['content']) ),
+    'author' => trim($params['author']),
+    'content' => trim($params['content']),
    'image_id' => $params['image_id'],
   );

@@ -885,7 +885,7 @@ function ws_images_add_chunk($params, &$service)
  // original_sum
  // type {thumb, file, high}
  // position
-  
+
  if (!is_admin() || is_adviser() )
  {
    return new PwgError(401, 'Access denied');
@@ -945,7 +945,7 @@ function merge_chunks($output_filepath, $original_sum, $type)
  $upload_dir = PHPWG_ROOT_PATH.'upload/buffer';
  $pattern = '/'.$original_sum.'-'.$type.'/';
  $chunks = array();
-  
+
  if ($handle = opendir($upload_dir))
  {
    while (false !== ($file = readdir($handle)))
@@ -962,18 +962,18 @@ function merge_chunks($output_filepath, $original_sum, $type)
  sort($chunks);

  ws_logfile('[merge_chunks] memory_get_usage before loading chunks: '.memory_get_usage());
-  
+
  foreach ($chunks as $chunk)
  {
    $string = file_get_contents($chunk);
-    
+
    ws_logfile('[merge_chunks] memory_get_usage on chunk '.++$i.': '.memory_get_usage());
-    
+
    if (!file_put_contents($output_filepath, $string, FILE_APPEND))
    {
      return new PwgError(500, 'error while writting chunks for '.$output_filepath);
    }
-    
+
    unlink($chunk);
  }

@@ -1783,13 +1783,13 @@ function ws_categories_setInfo($params, &$service)
      array($update)
      );
  }
-  
+
 }

 function ws_logfile($string)
 {
  return true;
-  
+
  file_put_contents(
    '/tmp/piwigo_ws.log',
    '['.date('c').'] '.$string."\n",