- Bug fixed: username or password with accented character are now accepted for upgrade.

- Simplify query in  pwg_session_write function.
- Retrieve data with cURL method in fetchRemote function now work with forwarded URL.

git-svn-id: http://piwigo.org/svn/trunk@2900 68402e56-0260-453c-a942-63ccdbb3a9ee

admin/include/functions.php

@@ -1948,6 +1948,10 @@ function cat_admin_access($category_id)
  */
 function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
 {
+  // After 3 redirections, return false
+  if ($step > 3) return false;
+
+  // Initialize $dest
   is_resource($dest) or $dest = '';
 
   // Try curl to read remote file
@@ -1955,16 +1959,20 @@ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
   {
     $ch = @curl_init();
     @curl_setopt($ch, CURLOPT_URL, $src);
-    @curl_setopt($ch, CURLOPT_HEADER, 0);
+    @curl_setopt($ch, CURLOPT_HEADER, 1);
     @curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
-    is_resource($dest) ?
+    @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-      @curl_setopt($ch, CURLOPT_FILE, $dest):
-      @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     $content = @curl_exec($ch);
+    $header_length = @curl_getinfo($ch, CURLINFO_HEADER_SIZE);
     @curl_close($ch);
     if ($content !== false)
     {
-      is_resource($dest) or $dest = $content;
+      if (preg_match('/Location:\s+?(.+)/', substr($content, 0, $header_length), $m))
+      {
+        return fetchRemote($m[1], $dest, $user_agent, $step+1);
+      }
+      $content = substr($content, $header_length);
+      is_resource($dest) ? @fwrite($dest, $content) : $dest = $content;
       return true;
     }
   }
@@ -1981,11 +1989,6 @@ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
   }
 
   // Try fsockopen to read remote file
-  if ($step > 3)
-  {
-    return false;
-  }
-
   $src = parse_url($src);
   $host = $src['host'];
   $path = isset($src['path']) ? $src['path'] : '/';

admin/include/functions_upgrade.php

@@ -141,7 +141,13 @@ function check_upgrade_access_rights($current_release, $username, $password)
     $username = mysql_real_escape_string($username);
   }
 
-  if (version_compare($current_release, '1.5.0', '<'))
+  if (version_compare($current_release, '2.0', '<'))
+  {
+    $username = utf8_decode($username);
+    $password = utf8_decode($password);
+  }
+
+  if (version_compare($current_release, '1.5', '<'))
   {
     $query = '
 SELECT password, status
@@ -166,7 +172,7 @@ WHERE '.$conf['user_fields']['username'].'="'.$username.'"
     $conf['pass_convert'] = create_function('$s', 'return md5($s);');
   }
 
-  if ($row['password'] != $conf['pass_convert']($_POST['password']))
+  if ($row['password'] != $conf['pass_convert']($password))
   {
     array_push($page['errors'], l10n('invalid_pwd'));
   }

include/functions_session.inc.php

@@ -131,18 +131,7 @@ SELECT data
 function pwg_session_write($session_id, $data)
 {
   $query = '
-UPDATE '.SESSIONS_TABLE.'
+REPLACE INTO '.SESSIONS_TABLE.'
-  SET expiration = now(),
-  data = \''.$data.'\'
-  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
-;';
-  pwg_query($query);
-  if ( mysql_affected_rows()>0 )
-  {
-    return true;
-  }
-  $query = '
-INSERT INTO '.SESSIONS_TABLE.'
   (id,data,expiration)
   VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
 ;';