diff options
| author | jimmacfx <jimmacfx@4fa712ea-3c06-0410-9261-c11b4c06c003> | 2006-05-25 19:58:00 +0000 |
|---|---|---|
| committer | jimmacfx <jimmacfx@4fa712ea-3c06-0410-9261-c11b4c06c003> | 2006-05-25 19:58:00 +0000 |
| commit | 5feb5b75d992a50de7038b1e000ebf9a357c51cd (patch) | |
| tree | 56f611d8973796788fca31858022c95e404070b4 /www/inc/photo.class.inc.php | |
| parent | cfb9f77ae58ed8a9de6d068140b485d9d65c29b8 (diff) | |
| download | original-5feb5b75d992a50de7038b1e000ebf9a357c51cd.tar.gz original-5feb5b75d992a50de7038b1e000ebf9a357c51cd.tar.bz2 | |
patch from Romain Tartiere
git-svn-id: https://forgesvn1.novell.com/svn/original/trunk@13 4fa712ea-3c06-0410-9261-c11b4c06c003
Diffstat (limited to 'www/inc/photo.class.inc.php')
| -rw-r--r-- | www/inc/photo.class.inc.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/www/inc/photo.class.inc.php b/www/inc/photo.class.inc.php index 10b507d..1b677c1 100644 --- a/www/inc/photo.class.inc.php +++ b/www/inc/photo.class.inc.php @@ -50,8 +50,8 @@ class C_photo { //and add number, album, caption and views. $sql = "insert into photo (name, caption, counter, number, album)"; $sql .= " values ("; - $sql .= "\"" . $this->name . "\", "; - $sql .= "\"" . $this->caption . "\", "; + $sql .= "\"" . sqlite_escape_string($this->name) . "\", "; + $sql .= "\"" . sqlite_escape_string(strtr($this->caption,"\"","'")) . "\", "; $sql .= $this->counter . ", "; $sql .= $this->number . ", "; $sql .= "\"" . $this->album . "\""; @@ -189,7 +189,7 @@ class C_photo { //fallback to filesystem if (is_writable("$root/$gallery_dir/$galerie/comments")) { // needs perms $log = "$root/$gallery_dir/$galerie/comments/log_". $this->number .".txt"; - if (!is_writable($log)) { + if (file_exists($log) && !is_writable($log)) { print "\n\n\n<!-- cannot open $log. Check permissions."; print "\nAborting counter write -->\n"; return 0; |