Skip to content
Permalink
Browse files Browse the repository at this point in the history
Hide sensitive commenter details from comments API #650
  • Loading branch information
rjmackay committed Jul 3, 2012
1 parent f67f4ad commit 529f353
Showing 1 changed file with 6 additions and 11 deletions.
17 changes: 6 additions & 11 deletions application/libraries/api/MY_Comments_Api_Object.php
Expand Up @@ -187,7 +187,7 @@ private function _get_comment_list($where, $limit = '')
$json = array();
$json_item = array();

$this->query = "SELECT * FROM comment $where $limit";
$this->query = "SELECT id, incident_id, comment_author, comment_description, comment_date, user_id FROM comment $where $limit";

$items = $this->db->query($this->query);

Expand Down Expand Up @@ -225,14 +225,9 @@ private function _get_comment_list($where, $limit = '')
$xml->writeElement('user_id',$list_item->user_id);
$xml->writeElement('comment_author',
$list_item->comment_author);
$xml->writeElement('comment_email',
$list_item->comment_email);
$xml->writeElement('comment_description',
$list_item->comment_description);
$xml->writeElement('comment_ip',$list_item->comment_ip);
$xml->writeElement('comment_active',
$list_item->comment_active);
$xml->writeElement('comment_date',$list_item->comment_date);
$xml->writeElement('comment_date',$list_item->comment_date);

$xml->endElement(); // comment
}
Expand Down Expand Up @@ -802,8 +797,8 @@ private function _get_comment_by_report_id($id)
$incident_comments = array();
if ($id)
{
$this->query = "SELECT id, incident_id, comment_author, comment_email, ";
$this->query .= "comment_description,comment_date ";
$this->query = "SELECT id, incident_id, comment_author, ";
$this->query .= "comment_description, comment_date ";
$this->query .= "FROM ".$this->table_prefix."`comment`" ;
$this->query .= " WHERE `incident_id` = ".$this->db->escape_str($id)." AND `comment_active` = '1' ";
$this->query .= "AND `comment_spam` = '0' ORDER BY `comment_date` ASC";
Expand Down Expand Up @@ -877,8 +872,8 @@ private function _get_comment_by_checkin_id($id)
$checkin_comments = array();
if ($id)
{
$this->query = "SELECT id, checkin_id, comment_author, comment_email, ";
$this->query .= "comment_description,comment_date ";
$this->query = "SELECT id, checkin_id, comment_author, ";
$this->query .= "comment_description, comment_date ";
$this->query .= "FROM ".$this->table_prefix."`comment`" ;
$this->query .= " WHERE `checkin_id` = ".$this->db->escape_str($id)." AND `comment_active` = '1' ";
$this->query .= "AND `comment_spam` = '0' ORDER BY `comment_date` ASC";
Expand Down

0 comments on commit 529f353

Please sign in to comment.