[geeklog-cvs] geeklog: Missing addslashes
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Fri Apr 10 16:18:00 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/a88a3b7c7064
changeset: 6910:a88a3b7c7064
user: Dirk Haun <dirk at haun-online.de>
date: Fri Apr 10 21:31:57 2009 +0200
description:
Missing addslashes
diffstat:
1 file changed, 21 insertions(+), 15 deletions(-)
system/lib-comment.php | 36 +++++++++++++++++++++---------------
diffs (75 lines):
diff -r b5b303bd0f52 -r a88a3b7c7064 system/lib-comment.php
--- a/system/lib-comment.php Fri Apr 10 21:11:06 2009 +0200
+++ b/system/lib-comment.php Fri Apr 10 21:31:57 2009 +0200
@@ -1640,50 +1640,56 @@
* @param int cid comment id
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
+ * @param string $cid comment id
* @return string of story id
*/
function CMT_approveModeration($cid)
{
global $_TABLES;
- $result = DB_query ("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress"
- . " FROM {$_TABLES['commentsubmissions']} WHERE cid = '$cid'");
- $A = DB_fetchArray ($result);
+ $result = DB_query("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress FROM {$_TABLES['commentsubmissions']} WHERE cid = '$cid'");
+ $A = DB_fetchArray($result);
if ($A['pid'] > 0) {
- //get indent+1 of parent
- $indent = DB_getItem ( $_TABLES['comments'],'indent+1', "cid = '{$A['pid']}'");
+ // get indent+1 of parent
+ $indent = DB_getItem($_TABLES['comments'], 'indent+1',
+ "cid = '{$A['pid']}'");
} else {
$indent = 0;
}
+
+ $A['title'] = addslashes($A['title']);
+ $A['comment'] = addslashes($A['comment']);
+
if (isset($A['name'])) {
- //insert data
- DB_save ($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent',
+ // insert data
+ $A['name'] = addslashes($A['name']);
+ DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent',
"'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}',".
"'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',$indent");
} else {
- //insert data, null automatically goes into name column
- DB_save ($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent',
+ // insert data, null automatically goes into name column
+ DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent',
"'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}',".
"'{$A['pid']}','{$A['ipaddress']}',$indent");
}
$newcid = DB_insertId();
- DB_delete($_TABLES['commentsubmissions'],'cid',$cid);
+ DB_delete($_TABLES['commentsubmissions'], 'cid', $cid);
- DB_query("UPDATE {$_TABLES['commentnotifications']} SET cid = $newcid WHERE mid = $cid");
+ DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid);
- //notify of new published comment
+ // notify of new published comment
if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 1) {
- $result = DB_query ("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE "
- . "cid = {$A['pid']}");
+ $result = DB_query("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = {$A['pid']}");
$B = DB_fetchArray($result);
if ($B <> false) {
CMT_sendReplyNotification($B);
}
}
-
+
return $A['sid'];
}
+
/**
* Sends a notification of new comment reply
*
More information about the geeklog-cvs
mailing list