{\r
global $CONF, $member, $manager;\r
\r
- $blogid = getBlogIDFromItemID($this->itemid);\r
- \r
- $settings =& $manager->getBlog($blogid);\r
+ $item =& $manager->getItem($this->itemid, 0, 0);\r
+ $settings =& $manager->getBlog($item['blogid']);\r
$settings->readSettings();\r
\r
// begin if: comments disabled\r
$p = $manager->getPlugin($plugin);\r
$continue = $continue || $p->supportsFeature('handleSpam');\r
}\r
-\r
+ \r
$spamcheck = array(\r
'type' => 'comment',\r
'body' => $comment['body'],\r
$message .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";\r
$message .= NOTIFICATION::get_mail_footer();\r
\r
- $item =& $manager->getItem($this->itemid, 0, 0);\r
$subject = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';\r
\r
$from = $member->getNotifyFromMailAddress($comment['email']);\r
\r
$name = DB::quoteValue($comment['user']);\r
$url = DB::quoteValue($comment['userid']);\r
- $email = DB::quoteValue($comment['email']);\r
+ $email = DB::quoteValue($comment['email']);\r
$body = DB::quoteValue($comment['body']);\r
$host = DB::quoteValue($comment['host']);\r
$ip = DB::quoteValue($comment['ip']);\r
- $memberid = intval($comment['memberid']);\r
- $timestamp = date('Y-m-d H:i:s', $comment['timestamp']);\r
+ $memberid = (integer) $comment['memberid'];\r
+ $timestamp = DB::formatDateTime($comment['timestamp']);\r
$itemid = $this->itemid;\r
\r
$qSql = 'SELECT COUNT(*) AS result '\r
. ' AND cmember = ' . $memberid\r
. ' AND cbody = ' . $body\r
. ' AND citem = ' . $itemid\r
- . ' AND cblog = ' . $blogid;\r
+ . ' AND cblog = ' . $item['blogid'];\r
$result = (integer) DB::getValue($qSql);\r
\r
if ( $result > 0 )\r
return _ERROR_BADACTION;\r
}\r
\r
- $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '\r
- . "VALUES ($name, $url, $email, $memberid, $body, $itemid, '$timestamp', $host, $ip, '$blogid')";\r
+ $query = sprintf('INSERT INTO %s (cuser, cmail, cemail, cmember, cbody, citem, ctime, chost, cip, cblog) '\r
+ . 'VALUES (%s, %s, %s, %d, %s, %d, %s, %s, %s, %d)'\r
+ , sql_table('comment'), $name, $url, $email, $memberid, $body, $itemid, $timestamp, $host, $ip, $item['blogid']);\r
\r
DB::execute($query);\r
\r