diff options
author | jimmacfx <jimmacfx@4fa712ea-3c06-0410-9261-c11b4c06c003> | 2006-05-25 19:58:00 +0000 |
---|---|---|
committer | jimmacfx <jimmacfx@4fa712ea-3c06-0410-9261-c11b4c06c003> | 2006-05-25 19:58:00 +0000 |
commit | 5feb5b75d992a50de7038b1e000ebf9a357c51cd (patch) | |
tree | 56f611d8973796788fca31858022c95e404070b4 /www/inc | |
parent | cfb9f77ae58ed8a9de6d068140b485d9d65c29b8 (diff) | |
download | original-5feb5b75d992a50de7038b1e000ebf9a357c51cd.tar.gz original-5feb5b75d992a50de7038b1e000ebf9a357c51cd.tar.bz2 |
patch from Romain Tartiere
git-svn-id: https://forgesvn1.novell.com/svn/original/trunk@13 4fa712ea-3c06-0410-9261-c11b4c06c003
Diffstat (limited to 'www/inc')
-rw-r--r-- | www/inc/comment.inc.php | 33 | ||||
-rw-r--r-- | www/inc/config.inc.php | 2 | ||||
-rw-r--r-- | www/inc/photo.class.inc.php | 6 |
3 files changed, 4 insertions, 37 deletions
diff --git a/www/inc/comment.inc.php b/www/inc/comment.inc.php deleted file mode 100644 index 627a747..0000000 --- a/www/inc/comment.inc.php +++ /dev/null @@ -1,33 +0,0 @@ -<?php -/* - * The HTML contained in this file is valid XHTML 1.0 Strict - */ - -echo "<div id=\"comment_block\">\n"; - -?> - <?php echo"<div id=\"showhideform\"><strong> " . __('Post a Comment') . "</strong>:"; ?> - <span class="comment_toggle"> - [ - <?php echo"<a href=\"javascript:toggle_comment()\"><span id=\"showlink\">" . __('Show Form') . "</span><span id=\"hidelink\" style=\"display:none;\">" . __('Hide Form') . "</span></a>"; ?> - ] - </span> - </div> - - <div id="comment_form" style="display: none;"> -<?php -$page->form_start($ThisUrl, "post", NULL); -$page->input("text", "commentname", $username, __('Name:'), NULL, _('Enter your name.') ); -$page->input("checkbox", "savecommentname", "1", __('Remember Name:'), "yes", - __('Should the browser remember your name?')); -$magic_number = random_digits(4); -//temporary. should generate an image instead -echo "<div class=\"row\"><div class=\"control\">$magic_number</div></div>\n"; -$page->input("hidden", "commentkolacek", md5($magic_number), NULL, NULL, NULL); -$page->input("text", "commentspamcheck", "", __('Retype PIN Above:'), NULL, __('Enter the number shown above.')); -$page->input("textarea", "commentdata", "", __('Comment') . " :" , NULL, __('Allowed HTML tags: a,b,i,ul,li,blockquote,br.') ); -$page->input("submit", "", __('Send') , NULL, NULL, NULL); -$page->form_end(); -?> - </div> -</div> diff --git a/www/inc/config.inc.php b/www/inc/config.inc.php index 7f007b3..9bb611f 100644 --- a/www/inc/config.inc.php +++ b/www/inc/config.inc.php @@ -100,7 +100,7 @@ $scnamegallery = "Photo Gallery Index"; #Enable this to access extended tracking functionality #depends on sqlite -$have_sqlite = 1; +$have_sqlite = 0; # This controls wheather web visitors will be able to post # comments to images diff --git a/www/inc/photo.class.inc.php b/www/inc/photo.class.inc.php index 10b507d..1b677c1 100644 --- a/www/inc/photo.class.inc.php +++ b/www/inc/photo.class.inc.php @@ -50,8 +50,8 @@ class C_photo { //and add number, album, caption and views. $sql = "insert into photo (name, caption, counter, number, album)"; $sql .= " values ("; - $sql .= "\"" . $this->name . "\", "; - $sql .= "\"" . $this->caption . "\", "; + $sql .= "\"" . sqlite_escape_string($this->name) . "\", "; + $sql .= "\"" . sqlite_escape_string(strtr($this->caption,"\"","'")) . "\", "; $sql .= $this->counter . ", "; $sql .= $this->number . ", "; $sql .= "\"" . $this->album . "\""; @@ -189,7 +189,7 @@ class C_photo { //fallback to filesystem if (is_writable("$root/$gallery_dir/$galerie/comments")) { // needs perms $log = "$root/$gallery_dir/$galerie/comments/log_". $this->number .".txt"; - if (!is_writable($log)) { + if (file_exists($log) && !is_writable($log)) { print "\n\n\n<!-- cannot open $log. Check permissions."; print "\nAborting counter write -->\n"; return 0; |