- Bug fixed: username or password with accented character are now accepted for upgrade.

- Simplify query in pwg_session_write function. - Retrieve data with cURL method in fetchRemote function now work with forwarded URL. git-svn-id: http://piwigo.org/svn/trunk@2900 68402e56-0260-453c-a942-63ccdbb3a9ee
2008-11-22 23:33:17 +00:00 · 2008-11-22 23:33:17 +00:00 · 61d8bf79c1
commit 61d8bf79c1
parent c612fd5074
3 changed files with 22 additions and 24 deletions
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@ -1948,6 +1948,10 @@ function cat_admin_access($category_id)
 */
 function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
 {
+  // After 3 redirections, return false
+  if ($step > 3) return false;
+
+  // Initialize $dest
  is_resource($dest) or $dest = '';

  // Try curl to read remote file
@ -1955,16 +1959,20 @@ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
  {
    $ch = @curl_init();
    @curl_setopt($ch, CURLOPT_URL, $src);
-    @curl_setopt($ch, CURLOPT_HEADER, 0);
+    @curl_setopt($ch, CURLOPT_HEADER, 1);
    @curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
-    is_resource($dest) ?
-      @curl_setopt($ch, CURLOPT_FILE, $dest):
-      @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+    @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $content = @curl_exec($ch);
+    $header_length = @curl_getinfo($ch, CURLINFO_HEADER_SIZE);
    @curl_close($ch);
    if ($content !== false)
    {
-      is_resource($dest) or $dest = $content;
+      if (preg_match('/Location:\s+?(.+)/', substr($content, 0, $header_length), $m))
+      {
+        return fetchRemote($m[1], $dest, $user_agent, $step+1);
+      }
+      $content = substr($content, $header_length);
+      is_resource($dest) ? @fwrite($dest, $content) : $dest = $content;
      return true;
    }
  }
@ -1981,11 +1989,6 @@ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
  }

  // Try fsockopen to read remote file
-  if ($step > 3)
-  {
-    return false;
-  }
-
  $src = parse_url($src);
  $host = $src['host'];
  $path = isset($src['path']) ? $src['path'] : '/';
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@ -141,7 +141,13 @@ function check_upgrade_access_rights($current_release, $username, $password)
    $username = mysql_real_escape_string($username);
  }

-  if (version_compare($current_release, '1.5.0', '<'))
+  if (version_compare($current_release, '2.0', '<'))
+  {
+    $username = utf8_decode($username);
+    $password = utf8_decode($password);
+  }
+
+  if (version_compare($current_release, '1.5', '<'))
  {
    $query = '
 SELECT password, status
@ -166,7 +172,7 @@ WHERE '.$conf['user_fields']['username'].'="'.$username.'"
    $conf['pass_convert'] = create_function('$s', 'return md5($s);');
  }

-  if ($row['password'] != $conf['pass_convert']($_POST['password']))
+  if ($row['password'] != $conf['pass_convert']($password))
  {
    array_push($page['errors'], l10n('invalid_pwd'));
  }
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@ -131,18 +131,7 @@ SELECT data
 function pwg_session_write($session_id, $data)
 {
  $query = '
-UPDATE '.SESSIONS_TABLE.'
-  SET expiration = now(),
-  data = \''.$data.'\'
-  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
-;';
-  pwg_query($query);
-  if ( mysql_affected_rows()>0 )
-  {
-    return true;
-  }
-  $query = '
-INSERT INTO '.SESSIONS_TABLE.'
+REPLACE INTO '.SESSIONS_TABLE.'
  (id,data,expiration)
  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
 ;';