summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--.htaccess1
-rw-r--r--lib/image/folder.php2
-rw-r--r--lib/notes/source.php2
-rw-r--r--tpl/account/list.php6
5 files changed, 8 insertions, 4 deletions
diff --git a/.gitignore b/.gitignore
index b792c3e..9b7ca5e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
lib/conf/sql.php
+.htaccess
*.swp
nohup.out
_old
diff --git a/.htaccess b/.htaccess
deleted file mode 100644
index c99f058..0000000
--- a/.htaccess
+++ /dev/null
@@ -1 +0,0 @@
-ErrorDocument 404 /alex.auvolat/index.php
diff --git a/lib/image/folder.php b/lib/image/folder.php
index 56166d8..574531c 100644
--- a/lib/image/folder.php
+++ b/lib/image/folder.php
@@ -14,7 +14,7 @@ $fld = mysql_fetch_assoc(sql(
assert_error($fld && ($fld['public'] != 0 || $fld['owner'] == $user['id']),
"This folder does not exist, or you are not allowed to see it.");
-$can_edit = ($user['priv'] >= $apps['image']['editfld'] && $user['id'] = $fld['owner']);
+$can_edit = ($user['priv'] >= $apps['image']['editfld'] && $user['id'] == $fld['owner']);
$is_owner = ($user['id'] == $fld['owner']);
$filters = array (
diff --git a/lib/notes/source.php b/lib/notes/source.php
index cecf1c8..d032d33 100644
--- a/lib/notes/source.php
+++ b/lib/notes/source.php
@@ -15,7 +15,7 @@ assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']),
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
-<pre><? echo $note['text']; ?></pre>
+<pre><? echo htmlspecialchars($note['text']); ?></pre>
</body>
</html>
<?
diff --git a/tpl/account/list.php b/tpl/account/list.php
index 398ac99..a97606f 100644
--- a/tpl/account/list.php
+++ b/tpl/account/list.php
@@ -8,7 +8,11 @@ echo "<table>";
echo "<tr><th>Username</th><th>Notebook</th><th>Blog</th></tr>";
foreach($users as $u) {
echo '<tr><td>' . $u['name'] . '</td>';
- echo '<td><a href="user-notes-' . $u['id'] . '">' . $u['nbNotes'] . ' notes</a></td>';
+ if ($u['nbNotes'] > 0) {
+ echo '<td><a href="user-notes-' . $u['id'] . '">' . $u['nbNotes'] . ' notes</a></td>';
+ } else {
+ echo '<td>no notes</td>';
+ }
if ($u['nbPosts'] > 0) {
echo '<td><a href="index-blog-author-'.$u['id'].'">' . $u['nbPosts'] . ' posts</a></td>';
} else {