[geeklog-cvs] geeklog: Missing single quote around $sid (and some some source ...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Feb 7 11:04:07 EST 2010
changeset 7714:fc2d0f963891
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fc2d0f963891
user: Dirk Haun <dirk at haun-online.de>
date: Sun Feb 07 16:05:26 2010 +0100
description:
Missing single quote around $sid (and some some source code formatting)
diffstat:
system/lib-comment.php | 13 ++++++-------
1 files changed, 6 insertions(+), 7 deletions(-)
diffs (30 lines):
diff -r 2d8045d0f615 -r fc2d0f963891 system/lib-comment.php
--- a/system/lib-comment.php Sun Feb 07 16:00:19 2010 +0100
+++ b/system/lib-comment.php Sun Feb 07 16:05:26 2010 +0100
@@ -1110,20 +1110,19 @@
COM_errorLog("CMT_saveComment: $uid from {$_SERVER['REMOTE_ADDR']} tried "
. 'to submit a comment with invalid $title and/or $comment.');
$ret = 5;
- } elseif ( $_CONF['commentsubmission'] == 1 && !SEC_hasRights('comment.submit') ) {
- //comment into comment submission table enabled
+ } elseif (($_CONF['commentsubmission'] == 1) &&
+ !SEC_hasRights('comment.submit')) {
+ // comment into comment submission table enabled
if (isset($name)) {
- DB_query ( "INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,name,comment,date,title,pid,ipaddress) VALUES
- ($sid',$uid,'$name','$comment',now(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')");
+ DB_query("INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,name,comment,date,title,pid,ipaddress) VALUES ('$sid',$uid,'$name','$comment',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')");
} else {
- DB_query ( "INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,comment,date,title,pid,ipaddress) VALUES
- ($sid',$uid,$comment',now(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')");
+ DB_query("INSERT INTO {$_TABLES['commentsubmissions']} (sid,uid,comment,date,title,pid,ipaddress) VALUES ('$sid',$uid,$comment',NOW(),'$title',$pid,'{$_SERVER['REMOTE_ADDR']}')");
}
$ret = -1; // comment queued
} elseif ($pid > 0) {
DB_lockTable ($_TABLES['comments']);
-
+
$result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = $pid "
. "AND sid = '$sid'");
list($rht, $indent) = DB_fetchArray($result);
More information about the geeklog-cvs
mailing list