From 5feb5b75d992a50de7038b1e000ebf9a357c51cd Mon Sep 17 00:00:00 2001
From: jimmacfx <jimmacfx@4fa712ea-3c06-0410-9261-c11b4c06c003>
Date: Thu, 25 May 2006 19:58:00 +0000
Subject: patch from Romain Tartiere

git-svn-id: https://forgesvn1.novell.com/svn/original/trunk@13 4fa712ea-3c06-0410-9261-c11b4c06c003
---
 www/inc/photo.class.inc.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'www/inc/photo.class.inc.php')

diff --git a/www/inc/photo.class.inc.php b/www/inc/photo.class.inc.php
index 10b507d..1b677c1 100644
--- a/www/inc/photo.class.inc.php
+++ b/www/inc/photo.class.inc.php
@@ -50,8 +50,8 @@ class C_photo {
 				//and add number, album, caption and views.
 				$sql = "insert into photo (name, caption, counter, number, album)";
 				$sql .= " values (";
-				$sql .= "\"" . $this->name . "\", ";
-				$sql .= "\"" . $this->caption . "\", ";
+				$sql .= "\"" . sqlite_escape_string($this->name) . "\", ";
+				$sql .= "\"" . sqlite_escape_string(strtr($this->caption,"\"","'")) . "\", ";
 				$sql .= $this->counter . ", ";
 				$sql .= $this->number . ", ";
 				$sql .= "\"" . $this->album . "\"";
@@ -189,7 +189,7 @@ class C_photo {
 		 //fallback to filesystem
 		 if (is_writable("$root/$gallery_dir/$galerie/comments")) { // needs perms
 			 $log = "$root/$gallery_dir/$galerie/comments/log_". $this->number .".txt";
-			 if (!is_writable($log)) {
+			 if (file_exists($log) && !is_writable($log)) {
 				 print "\n\n\n<!-- cannot open $log. Check permissions.";
 				 print "\nAborting counter write -->\n";
 				 return 0;
-- 
cgit v1.2.3