migration to db_user to prevent sql injections

[iserv-mod-error-reporter.git] / src / detail.php

diff --git a/src/detail.php b/src/detail.php
index 6561b8f..a0af8ac 100644 (file)
--- a/src/detail.php
+++ b/src/detail.php
@@ -30,6 +30,8 @@ require_once("mod_error-reporter/init.inc");
 require_once("sec/secure.inc");
 require_once("js.inc");
 
+db_user("errorreporter");
+
 PageBlue(_c("error-reporter:Change an error report"), "mod_error-reporter");
 
 if(!$cfgErrors->userHasAccess()) {
@@ -65,7 +67,7 @@ $er = $doc->getErrorReportByID($getUid);
 $strOldComment = $er->getComment();
 
 // Probably we have to update an error report
-if($getAction == "update" and $postSubmit == _c("Change"))
+if($getAction == "update" and $postSubmit == _("Change"))
 {
   if($cfgErrors->userIsAdmin()) {
     $postComment = stripslashes(@$_POST["comment"]);
@@ -124,8 +126,8 @@ if($cfgErrors->userIsAdmin()) {
       "Comment written by:"), erGetRealUserName($er->getCommentOwner()));
   }
 }
-echo sprintf("<tr><td /><td><{$GLOBALS["smlbtn"]} value='%s' /></td></tr>\n",
-  _("Change"));
+echo sprintf("<tr><td /><td><{$GLOBALS["smlbtn"]} name='submit' value='%s' ".
+  "/></td></tr>\n", _("Change"));
 echo "</table></form><p />\n";
 _PageBlue();
 ?>