- bug 471: apostrophe lors de l'ajout d'un tag (different behavior depending on

magic_quotes_gpc) - metadata synchronization correction: iptc keywords were MySql escaped 2 times when synchronizing from site manager, but only once when synchronizing one image git-svn-id: http://piwigo.org/svn/trunk@1717 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-01-11 23:56:36 +00:00 · 2007-01-11 23:56:36 +00:00 · c75d7186d7
commit c75d7186d7
parent a512c69225
5 changed files with 26 additions and 90 deletions
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@ -2,10 +2,10 @@
 // +-----------------------------------------------------------------------+
 // | PhpWebGallery - a PHP based picture gallery                           |
 // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
 // | branch        : BSF (Best So Far)
-// | file          : $RCSfile$
+// | file          : $Id$
 // | last update   : $Date$
 // | last modifier : $Author$
 // | revision      : $Revision$
@ -1689,15 +1689,6 @@ function tag_id_from_tag_name($tag_name)
    return $page['tag_id_from_tag_name_cache'][$tag_name];
  }

-  if (function_exists('mysql_real_escape_string'))
-  {
-    $tag_name = mysql_real_escape_string($tag_name);
-  }
-  else
-  {
-    $tag_name = mysql_escape_string($tag_name);
-  }
-
  // does the tag already exists?
  $query = '
 SELECT id
--- a/admin/include/functions_metadata.php
+++ b/admin/include/functions_metadata.php
@ -2,10 +2,10 @@
 // +-----------------------------------------------------------------------+
 // | PhpWebGallery - a PHP based picture gallery                           |
 // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
 // | branch        : BSF (Best So Far)
-// | file          : $RCSfile$
+// | file          : $Id$
 // | last update   : $Date$
 // | last modifier : $Author$
 // | revision      : $Revision$
@ -65,6 +65,11 @@ function get_sync_iptc_data($file)
      );
  }

+  foreach ($iptc as $pwg_key => $value)
+  {
+    $iptc[$pwg_key] = addslashes($iptc[$pwg_key]);
+  }
+
  return $iptc;
 }

@ -83,6 +88,7 @@ function get_sync_exif_data($file)
        $exif[$pwg_key] = $matches[1].'-'.$matches[2].'-'.$matches[3];
      }
    }
+    $exif[$pwg_key] = addslashes($exif[$pwg_key]);
  }

  return $exif;
@ -115,14 +121,6 @@ function update_metadata($files)
    if ($conf['use_exif'])
    {
      $exif = get_sync_exif_data($file);
-
-      if (count($exif) > 0)
-      {
-        foreach (array_keys($exif) as $key)
-        {
-          $data[$key] = addslashes($exif[$key]);
-        }
-      }
    }

    if ($conf['use_iptc'])
@ -147,10 +145,6 @@ function update_metadata($files)
                );
            }
          }
-          else
-          {
-            $data[$key] = addslashes($iptc[$key]);
-          }
        }
      }
    }
--- a/admin/site_reader_local.php
+++ b/admin/site_reader_local.php
@ -2,13 +2,13 @@
 // +-----------------------------------------------------------------------+
 // | PhpWebGallery - a PHP based picture gallery                           |
 // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
 // | branch        : BSF (Best So Far)
-// | file          : $RCSfile$
-// | last update   : $Date: 2005-12-03 17:03:58 -0500 (Sat, 03 Dec 2005) $
-// | last modifier : $Author: plg $
-// | revision      : $Revision: 967 $
+// | file          : $Id$
+// | last update   : $Date$
+// | last modifier : $Author$
+// | revision      : $Revision$
 // +-----------------------------------------------------------------------+
 // | This program is free software; you can redistribute it and/or modify  |
 // | it under the terms of the GNU General Public License as published by  |
@ -201,27 +201,12 @@ function get_element_metadata($file)

  if ($conf['use_exif'])
  {
-    $exif = get_sync_exif_data($file);
-
-    if (count($exif) > 0)
-    {
-      foreach (array_keys($exif) as $key)
-      {
-        $data[$key] = addslashes($exif[$key]);
-      }
-    }
+    $data = array_merge($data, get_sync_exif_data($file) );
  }

  if ($conf['use_iptc'])
  {
-    $iptc = get_sync_iptc_data($file);
-    if (count($iptc) > 0)
-    {
-      foreach (array_keys($iptc) as $key)
-      {
-        $data[$key] = addslashes($iptc[$key]);
-      }
-    }
+    $data = array_merge($data, get_sync_iptc_data($file) );
  }

  return $data;
--- a/admin/tags.php
+++ b/admin/tags.php
@ -2,13 +2,13 @@
 // +-----------------------------------------------------------------------+
 // | PhpWebGallery - a PHP based picture gallery                           |
 // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
 // | branch        : BSF (Best So Far)
-// | file          : $RCSfile$
-// | last update   : $Date: 2006-03-09 23:46:28 +0100 (jeu, 09 mar 2006) $
-// | last modifier : $Author: rub $
-// | revision      : $Revision: 1072 $
+// | file          : $Id$
+// | last update   : $Date$
+// | last modifier : $Author$
+// | revision      : $Revision$
 // +-----------------------------------------------------------------------+
 // | This program is free software; you can redistribute it and/or modify  |
 // | it under the terms of the GNU General Public License as published by  |
@ -155,7 +155,7 @@ if (isset($_POST['add']) and !empty($_POST['add_tag']) and !is_adviser())
  $query = '
 SELECT id
  FROM '.TAGS_TABLE.'
-  WHERE name = \''.pwg_quotemeta($tag_name).'\'
+  WHERE name = \''.$tag_name.'\'
 ;';
  $existing_tags = array_from_query($query, 'id');

@ -166,7 +166,7 @@ SELECT id
      array('name', 'url_name'),
      array(
        array(
-          'name' => pwg_quotemeta($tag_name),
+          'name' => $tag_name,
          'url_name' => str2url($tag_name),
          )
        )
@ -176,7 +176,7 @@ SELECT id
      $page['infos'],
      sprintf(
        l10n('Tag "%s" was added'),
-        pwg_stripslashes($tag_name)
+        stripslashes($tag_name)
        )
      );
  }
@ -186,7 +186,7 @@ SELECT id
      $page['errors'],
      sprintf(
        l10n('Tag "%s" already exists'),
-        pwg_stripslashes($tag_name)
+        stripslashes($tag_name)
        )
      );
  }
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@ -515,40 +515,6 @@ function format_date($date, $type = 'us', $show_time = false)
  return $formated_date;
 }

-function pwg_stripslashes($value)
-{
-  if (get_magic_quotes_gpc())
-  {
-    $value = stripslashes($value);
-  }
-  return $value;
-}
-
-function pwg_addslashes($value)
-{
-  if (!get_magic_quotes_gpc())
-  {
-    $value = addslashes($value);
-  }
-  return $value;
-}
-
-function pwg_quotemeta($value)
-{
-  if (get_magic_quotes_gpc()) {
-    $value = stripslashes($value);
-  }
-  if (function_exists('mysql_real_escape_string'))
-  {
-    $value = mysql_real_escape_string($value);
-  }
-  else
-  {
-    $value = mysql_escape_string($value);
-  }
-  return $value;
-}
-
 function pwg_query($query)
 {
  global $conf,$page,$debug,$t2;