From 5feb5b75d992a50de7038b1e000ebf9a357c51cd Mon Sep 17 00:00:00 2001 From: jimmacfx Date: Thu, 25 May 2006 19:58:00 +0000 Subject: patch from Romain Tartiere git-svn-id: https://forgesvn1.novell.com/svn/original/trunk@13 4fa712ea-3c06-0410-9261-c11b4c06c003 --- www/inc/comment.inc.php | 33 --------------------------------- www/inc/config.inc.php | 2 +- www/inc/photo.class.inc.php | 6 +++--- www/index.php | 2 +- 4 files changed, 5 insertions(+), 38 deletions(-) delete mode 100644 www/inc/comment.inc.php diff --git a/www/inc/comment.inc.php b/www/inc/comment.inc.php deleted file mode 100644 index 627a747..0000000 --- a/www/inc/comment.inc.php +++ /dev/null @@ -1,33 +0,0 @@ -\n"; - -?> - " . __('Post a Comment') . ":"; ?> - - [  - " . __('Show Form') . "" . __('Hide Form') . ""; ?> -  ] - - - - - diff --git a/www/inc/config.inc.php b/www/inc/config.inc.php index 7f007b3..9bb611f 100644 --- a/www/inc/config.inc.php +++ b/www/inc/config.inc.php @@ -100,7 +100,7 @@ $scnamegallery = "Photo Gallery Index"; #Enable this to access extended tracking functionality #depends on sqlite -$have_sqlite = 1; +$have_sqlite = 0; # This controls wheather web visitors will be able to post # comments to images diff --git a/www/inc/photo.class.inc.php b/www/inc/photo.class.inc.php index 10b507d..1b677c1 100644 --- a/www/inc/photo.class.inc.php +++ b/www/inc/photo.class.inc.php @@ -50,8 +50,8 @@ class C_photo { //and add number, album, caption and views. $sql = "insert into photo (name, caption, counter, number, album)"; $sql .= " values ("; - $sql .= "\"" . $this->name . "\", "; - $sql .= "\"" . $this->caption . "\", "; + $sql .= "\"" . sqlite_escape_string($this->name) . "\", "; + $sql .= "\"" . sqlite_escape_string(strtr($this->caption,"\"","'")) . "\", "; $sql .= $this->counter . ", "; $sql .= $this->number . ", "; $sql .= "\"" . $this->album . "\""; @@ -189,7 +189,7 @@ class C_photo { //fallback to filesystem if (is_writable("$root/$gallery_dir/$galerie/comments")) { // needs perms $log = "$root/$gallery_dir/$galerie/comments/log_". $this->number .".txt"; - if (!is_writable($log)) { + if (file_exists($log) && !is_writable($log)) { print "\n\n\n\n"; return 0; diff --git a/www/index.php b/www/index.php index 74dd5a6..ad143ad 100644 --- a/www/index.php +++ b/www/index.php @@ -243,7 +243,7 @@ if (!$galerie) { if ($class) print " class=\"$class\""; print ">"; print "