patch from Romain Tartiere

git-svn-id: https://forgesvn1.novell.com/svn/original/trunk@13 4fa712ea-3c06-0410-9261-c11b4c06c003

4 files changed, 5 insertions, 38 deletions

diff --git a/www/inc/comment.inc.php b/www/inc/comment.inc.php
deleted file mode 100644
index 627a747..0000000
--- a/www/inc/comment.inc.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php 
-/* 
- * The HTML contained in this file is valid XHTML 1.0 Strict 
- */
-
-echo "<div id=\"comment_block\">\n";
-
-?>
-	<?php echo"<div id=\"showhideform\"><strong> " . __('Post a Comment') . "</strong>:"; ?>
-	<span class="comment_toggle"> 
-	[&nbsp;
-	<?php echo"<a href=\"javascript:toggle_comment()\"><span id=\"showlink\">" . __('Show Form') . "</span><span id=\"hidelink\" style=\"display:none;\">" . __('Hide Form') . "</span></a>"; ?>
-	&nbsp;]
-	</span>
-	</div>
-	
-	<div id="comment_form" style="display: none;">
-<?php
-$page->form_start($ThisUrl, "post", NULL);
-$page->input("text", "commentname", $username, __('Name:'), NULL, _('Enter your name.') );
-$page->input("checkbox", "savecommentname", "1", __('Remember Name:'), "yes", 
-             __('Should the browser remember your name?'));
-$magic_number = random_digits(4);
-//temporary. should generate an image instead
-echo "<div class=\"row\"><div class=\"control\">$magic_number</div></div>\n";
-$page->input("hidden", "commentkolacek", md5($magic_number), NULL, NULL, NULL);
-$page->input("text", "commentspamcheck", "", __('Retype PIN Above:'), NULL, __('Enter the number shown above.'));
-$page->input("textarea", "commentdata", "", __('Comment') . " :" , NULL, __('Allowed HTML tags: a,b,i,ul,li,blockquote,br.') );
-$page->input("submit", "", __('Send') , NULL, NULL, NULL);
-$page->form_end();
-?>
-	</div>
-</div>
diff --git a/www/inc/config.inc.php b/www/inc/config.inc.php
index 7f007b3..9bb611f 100644
--- a/www/inc/config.inc.php
+++ b/www/inc/config.inc.php
@@ -100,7 +100,7 @@ $scnamegallery = "Photo Gallery Index";
 
 #Enable this to access extended tracking functionality
 #depends on sqlite
-$have_sqlite = 1;
+$have_sqlite = 0;
 
 # This controls wheather web visitors will be able to post
 # comments to images
diff --git a/www/inc/photo.class.inc.php b/www/inc/photo.class.inc.php
index 10b507d..1b677c1 100644
--- a/www/inc/photo.class.inc.php
+++ b/www/inc/photo.class.inc.php
@@ -50,8 +50,8 @@ class C_photo {
 				//and add number, album, caption and views.
 				$sql = "insert into photo (name, caption, counter, number, album)";
 				$sql .= " values (";
-				$sql .= "\"" . $this->name . "\", ";
-				$sql .= "\"" . $this->caption . "\", ";
+				$sql .= "\"" . sqlite_escape_string($this->name) . "\", ";
+				$sql .= "\"" . sqlite_escape_string(strtr($this->caption,"\"","'")) . "\", ";
 				$sql .= $this->counter . ", ";
 				$sql .= $this->number . ", ";
 				$sql .= "\"" . $this->album . "\"";
@@ -189,7 +189,7 @@ class C_photo {
 		 //fallback to filesystem
 		 if (is_writable("$root/$gallery_dir/$galerie/comments")) { // needs perms
 			 $log = "$root/$gallery_dir/$galerie/comments/log_". $this->number .".txt";
-			 if (!is_writable($log)) {
+			 if (file_exists($log) && !is_writable($log)) {
 				 print "\n\n\n<!-- cannot open $log. Check permissions.";
 				 print "\nAborting counter write -->\n";
 				 return 0;
diff --git a/www/index.php b/www/index.php
index 74dd5a6..ad143ad 100644
--- a/www/index.php
+++ b/www/index.php
@@ -243,7 +243,7 @@ if (!$galerie) {
 				 if ($class) print " class=\"$class\"";
 				 print ">";
          print "<img ";
-         if ($thumbsize) {
+         if (isset($thumbsize)) {
             print "width=\"120\" height=\"80\" ";
          } else {
             // scale portraits to 80 height