Index: /branches/version-1/html/products/detail_image.php
===================================================================
--- /branches/version-1/html/products/detail_image.php (revision 17)
+++ /branches/version-1/html/products/detail_image.php (revision 17699)
@@ -34,6 +34,9 @@
$image_key = $_GET['image'];
-$objQuery = new SC_Query();
+
$col = "name, $image_key";
+if(!sfColumnExists("dtb_products",$_GET['image'])){
+ sfDispSiteError(PRODUCT_NOT_FOUND);
+}
$arrRet = $objQuery->select($col, "dtb_products", "product_id = ?", array($_GET['product_id']));
Index: /branches/version-1/data/Smarty/templates/admin/products/review.tpl
===================================================================
--- /branches/version-1/data/Smarty/templates/admin/products/review.tpl (revision 17)
+++ /branches/version-1/data/Smarty/templates/admin/products/review.tpl (revision 17699)
@@ -159,8 +159,8 @@
-
+
-
+