aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2008-09-12 02:17:35 +0000
committerrvelices <rv-github@modusoptimus.com>2008-09-12 02:17:35 +0000
commit4d86bb2234af3939f1e8add3633deaa425fe526e (patch)
treebfc5274c3fa9e427dc7407288173355e585a9080
parent272113c4175992de5dee7fed77fa2ab9fdef2850 (diff)
- images.file categories.permalink old_permalinks.permalink - become binary
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range) - metadata sync from the sync button does not overwrite valid data with empty metadata - other small fixes/enhancements: - added event get_category_image_orders - fix display issue with redirect.tpl (h1/h2 within h1) - fix known_script smarty function registration - query search form not submitted if q is empty - better admin css rules - some other minor changes (ws_core, rest_handler, functions_search...) git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/include/functions_metadata.php33
-rw-r--r--admin/template/yoga/default-layout.css2
-rw-r--r--admin/template/yoga/layout.css3
-rw-r--r--admin/template/yoga/theme/admin/theme.css2
-rw-r--r--include/functions.inc.php9
-rw-r--r--include/functions_category.inc.php9
-rw-r--r--include/functions_search.inc.php8
-rw-r--r--include/functions_session.inc.php13
-rw-r--r--include/page_header.php3
-rw-r--r--include/template.class.php2
-rw-r--r--include/ws_core.inc.php8
-rw-r--r--include/ws_protocols/rest_handler.php4
-rw-r--r--install/db/77-database.php54
-rw-r--r--install/piwigo_structure.sql6
-rw-r--r--picture.php3
-rw-r--r--template/yoga/menubar_menu.tpl4
-rw-r--r--template/yoga/redirect.tpl11
17 files changed, 118 insertions, 56 deletions
diff --git a/admin/include/functions_metadata.php b/admin/include/functions_metadata.php
index e805aeba6..51867b448 100644
--- a/admin/include/functions_metadata.php
+++ b/admin/include/functions_metadata.php
@@ -28,9 +28,9 @@ $page['datefields'] = array('date_creation', 'date_available');
function get_sync_iptc_data($file)
{
global $conf, $page;
-
+
$map = $conf['use_iptc_mapping'];
-
+
$iptc = get_iptc_data($file, $map);
foreach ($iptc as $pwg_key => $value)
@@ -108,7 +108,7 @@ function update_metadata($files)
{
array_push($image_ids, $id);
}
-
+
$query = '
SELECT id
FROM '.IMAGES_TABLE.'
@@ -118,18 +118,14 @@ SELECT id
)
;';
- $result = pwg_query($query);
- while ($row = mysql_fetch_array($result))
- {
- array_push($has_high_images, $row['id']);
- }
+ $has_high_images = array_from_query($query, 'id');
foreach ($files as $id => $file)
{
$data = array();
$data['id'] = $id;
$data['filesize'] = floor(filesize($file)/1024);
-
+
if ($image_size = @getimagesize($file))
{
$data['width'] = $image_size[0];
@@ -142,7 +138,7 @@ SELECT id
$data['high_filesize'] = floor(filesize($high_file)/1024);
}
-
+
if ($conf['use_exif'])
{
$exif = get_sync_exif_data($file);
@@ -161,7 +157,7 @@ SELECT id
{
$tags_of[$id] = array();
}
-
+
foreach (explode(',', $iptc[$key]) as $tag_name)
{
array_push(
@@ -178,7 +174,7 @@ SELECT id
array_push($datas, $data);
}
-
+
if (count($datas) > 0)
{
$update_fields =
@@ -189,7 +185,7 @@ SELECT id
'high_filesize',
'date_metadata_update'
);
-
+
if ($conf['use_exif'])
{
$update_fields =
@@ -198,7 +194,7 @@ SELECT id
array_keys($conf['use_exif_mapping'])
);
}
-
+
if ($conf['use_iptc'])
{
$update_fields =
@@ -217,7 +213,8 @@ SELECT id
'primary' => array('id'),
'update' => array_unique($update_fields)
),
- $datas
+ $datas,
+ MASS_UPDATES_SKIP_EMPTY
);
}
@@ -234,12 +231,12 @@ SELECT id
* @param boolean only newly added files ?
* @return array
*/
-function get_filelist($category_id = '', $site_id=1, $recursive = false,
+function get_filelist($category_id = '', $site_id=1, $recursive = false,
$only_new = false)
{
// filling $cat_ids : all categories required
$cat_ids = array();
-
+
$query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
@@ -292,7 +289,7 @@ SELECT id, path
{
$files[$row['id']] = $row['path'];
}
-
+
return $files;
}
?> \ No newline at end of file
diff --git a/admin/template/yoga/default-layout.css b/admin/template/yoga/default-layout.css
index 9d755d95d..ac2388bdb 100644
--- a/admin/template/yoga/default-layout.css
+++ b/admin/template/yoga/default-layout.css
@@ -290,7 +290,7 @@ INPUT, SELECT {
margin: 0;
font-size: 1em; /* <= some browsers don't set it correctly */
}
-UL, DL { text-align: left;}
+UL, DL, OL { text-align: left;}
TABLE { /* horizontaly centered */
margin-left: auto;
margin-right: auto;
diff --git a/admin/template/yoga/layout.css b/admin/template/yoga/layout.css
index 21b3edf90..5a7d5c4df 100644
--- a/admin/template/yoga/layout.css
+++ b/admin/template/yoga/layout.css
@@ -1,7 +1,6 @@
-/* $Id$ */
/* template css */
-@import "menubar.css";
+/*@import "menubar.css";*/
@import "content.css";
@import "thumbnails.css";
@import "default-layout.css";
diff --git a/admin/template/yoga/theme/admin/theme.css b/admin/template/yoga/theme/admin/theme.css
index b3f4bec62..7d71daed1 100644
--- a/admin/template/yoga/theme/admin/theme.css
+++ b/admin/template/yoga/theme/admin/theme.css
@@ -44,11 +44,9 @@ letter-spacing:0.1em; margin-right:30px; text-align:right; color: #777;
text-transform:none; font-weight:bold; padding-left:20px; }
.content dl, dd { margin:5px; }
.content div.titrePage { height:55px; }
-.content ol li { text-align: left; }
.instructions { text-align: left; padding: 20px 20px 0 20px; }
.throw, td h3 {
background-image: url(images/fillet.png); background-repeat: repeat-x; }
-.browsePath a { color: #eee; }
/* borders */ /* TODO */
INPUT, SELECT, TEXTAREA { border-left: 2px inset #696969;
cursor:text; text-indent:4px; }
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 5a22c475d..3dd62802e 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -747,13 +747,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0)
if (empty($msg))
{
- $redirect_msg = l10n('redirect_msg');
+ $msg = nl2br(l10n('redirect_msg'));
}
- else
- {
- $redirect_msg = $msg;
- }
- $redirect_msg = nl2br($redirect_msg);
$refresh = $refresh_time;
$url_link = $url;
@@ -764,6 +759,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0)
include( PHPWG_ROOT_PATH.'include/page_header.php' );
$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
+ $template->assign('REDIRECT_MSG', $msg);
+
$template->parse('redirect');
include( PHPWG_ROOT_PATH.'include/page_tail.php' );
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index 92e9cf229..77657b8b1 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -258,8 +258,9 @@ SELECT galleries_url
function get_category_preferred_image_orders()
{
global $conf, $page;
-
- return array(
+
+ return trigger_event('get_category_preferred_image_orders',
+ array(
array(l10n('default_sort'), '', true),
array(l10n('Average rate'), 'average_rate DESC', $conf['rate']),
array(l10n('most_visited_cat'), 'hit DESC', true),
@@ -269,9 +270,9 @@ function get_category_preferred_image_orders()
array(
l10n('Rank'),
'rank ASC',
- ('categories' == $page['section'] and !isset($page['flat']))
+ ('categories' == @$page['section'] and !isset($page['flat']))
)
- );
+ ));
}
function display_select_categories($categories,
diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php
index a043f041c..2ec709936 100644
--- a/include/functions_search.inc.php
+++ b/include/functions_search.inc.php
@@ -352,6 +352,10 @@ function get_qsearch_like_clause($q, $field)
}
else
{
+ if ( strcspn($ch, '%_')==0)
+ {// escape LIKE specials %_
+ $ch = '\\'.$ch;
+ }
$crt_token .= $ch;
}
break;
@@ -366,6 +370,10 @@ function get_qsearch_like_clause($q, $field)
$state=0;
break;
default:
+ if ( strcspn($ch, '%_')==0)
+ {// escape LIKE specials %_
+ $ch = '\\'.$ch;
+ }
$crt_token .= $ch;
}
break;
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index f17f2377a..dce1551ea 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -90,6 +90,11 @@ function pwg_session_close()
return true;
}
+function get_remote_addr_session_hash()
+{
+ return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
+}
+
/**
* this function returns
* a string corresponding to the value of the variable save in the session
@@ -102,7 +107,7 @@ function pwg_session_read($session_id)
$query = '
SELECT data
FROM '.SESSIONS_TABLE.'
- WHERE id = \''.$session_id.'\'
+ WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
$result = pwg_query($query);
if ($result)
@@ -128,7 +133,7 @@ function pwg_session_write($session_id, $data)
UPDATE '.SESSIONS_TABLE.'
SET expiration = now(),
data = \''.$data.'\'
- WHERE id = \''.$session_id.'\'
+ WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
pwg_query($query);
if ( mysql_affected_rows()>0 )
@@ -138,7 +143,7 @@ UPDATE '.SESSIONS_TABLE.'
$query = '
INSERT INTO '.SESSIONS_TABLE.'
(id,data,expiration)
- VALUES(\''.$session_id.'\',\''.$data.'\',now())
+ VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
;';
mysql_query($query);
return true;
@@ -154,7 +159,7 @@ function pwg_session_destroy($session_id)
$query = '
DELETE
FROM '.SESSIONS_TABLE.'
- WHERE id = \''.$session_id.'\'
+ WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
pwg_query($query);
return true;
diff --git a/include/page_header.php b/include/page_header.php
index 102e2bdd8..629b45db3 100644
--- a/include/page_header.php
+++ b/include/page_header.php
@@ -69,11 +69,10 @@ if ( !empty($page['meta_robots']) )
// refresh
if ( isset( $refresh ) and intval($refresh) >= 0
- and isset( $url_link ) and isset( $redirect_msg ) )
+ and isset( $url_link ) )
{
$template->assign(
array(
- 'REDIRECT_MSG' => $redirect_msg,
'page_refresh' => array(
'TIME' => $refresh,
'U_REFRESH' => $url_link
diff --git a/include/template.class.php b/include/template.class.php
index 25389b8fa..777d4ddec 100644
--- a/include/template.class.php
+++ b/include/template.class.php
@@ -62,7 +62,7 @@ class Template {
$this->smarty->register_modifier( 'translate', array('Template', 'mod_translate') );
$this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') );
$this->smarty->register_block('html_head', array(&$this, 'block_html_head') );
- $this->smarty->register_function('known_script', array(&$this, 'func_known_script'), false );
+ $this->smarty->register_function('known_script', array(&$this, 'func_known_script') );
$this->smarty->register_prefilter( array('Template', 'prefilter_white_space') );
if ( $conf['compiled_template_cache_language'] )
{
diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php
index 0580d12d7..cc1c1c756 100644
--- a/include/ws_core.inc.php
+++ b/include/ws_core.inc.php
@@ -378,12 +378,10 @@ class PwgServer
{
if ( is_null($this->_responseEncoder) )
{
- set_status_header(500);
+ set_status_header(400);
@header("Content-Type: text/plain");
echo ("Cannot process your request. Unknown response format.
-Request format: ".@$this->_requestFormat." handler:".$this->_requestHandler."
-Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
- ");
+Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseFormat."\n");
var_export($this);
die(0);
}
@@ -391,7 +389,7 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
if ( is_null($this->_requestHandler) )
{
$this->sendResponse(
- new PwgError(500, 'Unknown request format')
+ new PwgError(400, 'Unknown request format')
);
return;
}
diff --git a/include/ws_protocols/rest_handler.php b/include/ws_protocols/rest_handler.php
index c9c8ad9b0..e22d0b9e2 100644
--- a/include/ws_protocols/rest_handler.php
+++ b/include/ws_protocols/rest_handler.php
@@ -30,7 +30,7 @@ class PwgRestRequestHandler
$param_array = $service->isPost() ? $_POST : $_GET;
foreach ($param_array as $name => $value)
{
- if ($name=='format' or $name=='partner')
+ if ($name=='format')
continue; // ignore - special keys
if ($name=='method')
{
@@ -45,7 +45,7 @@ class PwgRestRequestHandler
if ( empty($method) )
{
$service->sendResponse(
- new PwgError(400, 'Missing "method" name')
+ new PwgError(WS_ERR_INVALID_METHOD, 'Missing "method" name')
);
return;
}
diff --git a/install/db/77-database.php b/install/db/77-database.php
new file mode 100644
index 000000000..f89f2dd07
--- /dev/null
+++ b/install/db/77-database.php
@@ -0,0 +1,54 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | Piwigo - a PHP based picture gallery |
+// +-----------------------------------------------------------------------+
+// | Copyright(C) 2008 Piwigo Team http://piwigo.org |
+// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
+// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU General Public License as published by |
+// | the Free Software Foundation |
+// | |
+// | This program is distributed in the hope that it will be useful, but |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
+// | General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA. |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+ die('Hacking attempt!');
+}
+
+$upgrade_description = 'images.file categories.permalink old_permalinks.permalink - become binary';
+
+// +-----------------------------------------------------------------------+
+// | Upgrade content |
+// +-----------------------------------------------------------------------+
+
+$query = 'ALTER TABLE '.CATEGORIES_TABLE.'
+ MODIFY COLUMN permalink varchar(64) binary default NULL';
+pwg_query($query);
+
+$query = 'ALTER TABLE '.OLD_PERMALINKS_TABLE.'
+ MODIFY COLUMN permalink varchar(64) binary NOT NULL default ""';
+pwg_query($query);
+
+$query = 'ALTER TABLE '.IMAGES_TABLE.'
+ MODIFY COLUMN file varchar(255) binary NOT NULL default ""';
+pwg_query($query);
+
+
+echo
+"\n"
+.'"'.$upgrade_description.'"'.' ended'
+."\n"
+;
+
+?>
diff --git a/install/piwigo_structure.sql b/install/piwigo_structure.sql
index 0c7d6b53e..1ba00ca62 100644
--- a/install/piwigo_structure.sql
+++ b/install/piwigo_structure.sql
@@ -36,7 +36,7 @@ CREATE TABLE `piwigo_categories` (
`commentable` enum('true','false') NOT NULL default 'true',
`global_rank` varchar(255) default NULL,
`image_order` varchar(128) default NULL,
- `permalink` varchar(64) default NULL,
+ `permalink` varchar(64) binary default NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `categories_i3` (`permalink`),
KEY `categories_i2` (`id_uppercat`)
@@ -174,7 +174,7 @@ CREATE TABLE `piwigo_image_tag` (
DROP TABLE IF EXISTS `piwigo_images`;
CREATE TABLE `piwigo_images` (
`id` mediumint(8) unsigned NOT NULL auto_increment,
- `file` varchar(255) NOT NULL default '',
+ `file` varchar(255) binary NOT NULL default '',
`date_available` datetime NOT NULL default '0000-00-00 00:00:00',
`date_creation` date default NULL,
`tn_ext` varchar(4) default '',
@@ -208,7 +208,7 @@ CREATE TABLE `piwigo_images` (
DROP TABLE IF EXISTS `piwigo_old_permalinks`;
CREATE TABLE `piwigo_old_permalinks` (
`cat_id` smallint(5) unsigned NOT NULL default '0',
- `permalink` varchar(64) NOT NULL default '',
+ `permalink` varchar(64) binary NOT NULL default '',
`date_deleted` datetime NOT NULL default '0000-00-00 00:00:00',
`last_hit` datetime default NULL,
`hit` int(10) unsigned NOT NULL default '0',
diff --git a/picture.php b/picture.php
index 6f0af4d6c..7448461bb 100644
--- a/picture.php
+++ b/picture.php
@@ -536,14 +536,13 @@ if (isset($_GET['slideshow']))
if (!empty($id_pict_redirect))
{
- // $redirect_msg, $refresh, $url_link and $title are required for creating
+ // $refresh, $url_link and $title are required for creating
// an automated refresh page in header.tpl
$refresh = $slideshow_params['period'];
$url_link = add_url_params(
$picture[$id_pict_redirect]['url'],
$slideshow_url_params
);
- $redirect_msg = nl2br(l10n('redirect_msg'));
}
}
}
diff --git a/template/yoga/menubar_menu.tpl b/template/yoga/menubar_menu.tpl
index b9d26376b..c16fae690 100644
--- a/template/yoga/menubar_menu.tpl
+++ b/template/yoga/menubar_menu.tpl
@@ -1,6 +1,6 @@
-<dt>{$block->get_title()|@translate}</dt>
+<dt>{'title_menu'|@translate}</dt>
<dd>
- <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch">
+ <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch" onsubmit="return this.q.value!='' && this.q.value!=qsearch_prompt;">
<p style="margin:0;padding:0"{*this <p> is for html validation only - does not affect positioning*}>
<input type="text" name="q" id="qsearchInput" onfocus="if (value==qsearch_prompt) value='';" onblur="if (value=='') value=qsearch_prompt;" style="width:90%"/>
</p>
diff --git a/template/yoga/redirect.tpl b/template/yoga/redirect.tpl
index 91edd0979..e571d0bab 100644
--- a/template/yoga/redirect.tpl
+++ b/template/yoga/redirect.tpl
@@ -1,6 +1,13 @@
{* $Id$ *}
-<h2>{$REDIRECT_MSG}</h2>
-<p style="text-align:center; margin: 2em">
+{html_head}
+<style type="text/css">#the_page {ldelim}text-align:center;} </style>
+{/html_head}
+
+<div>
+ {$REDIRECT_MSG}
+</div>
+
+<p style="margin: 2em">
<a href="{$page_refresh.U_REFRESH}">
{'click_to_redirect'|@translate}
</a>