diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-09-12 02:17:35 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-09-12 02:17:35 +0000 |
commit | 4d86bb2234af3939f1e8add3633deaa425fe526e (patch) | |
tree | bfc5274c3fa9e427dc7407288173355e585a9080 | |
parent | 272113c4175992de5dee7fed77fa2ab9fdef2850 (diff) |
- images.file categories.permalink old_permalinks.permalink - become binary
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
- metadata sync from the sync button does not overwrite valid data with empty metadata
- other small fixes/enhancements:
- added event get_category_image_orders
- fix display issue with redirect.tpl (h1/h2 within h1)
- fix known_script smarty function registration
- query search form not submitted if q is empty
- better admin css rules
- some other minor changes (ws_core, rest_handler, functions_search...)
git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | admin/include/functions_metadata.php | 33 | ||||
-rw-r--r-- | admin/template/yoga/default-layout.css | 2 | ||||
-rw-r--r-- | admin/template/yoga/layout.css | 3 | ||||
-rw-r--r-- | admin/template/yoga/theme/admin/theme.css | 2 | ||||
-rw-r--r-- | include/functions.inc.php | 9 | ||||
-rw-r--r-- | include/functions_category.inc.php | 9 | ||||
-rw-r--r-- | include/functions_search.inc.php | 8 | ||||
-rw-r--r-- | include/functions_session.inc.php | 13 | ||||
-rw-r--r-- | include/page_header.php | 3 | ||||
-rw-r--r-- | include/template.class.php | 2 | ||||
-rw-r--r-- | include/ws_core.inc.php | 8 | ||||
-rw-r--r-- | include/ws_protocols/rest_handler.php | 4 | ||||
-rw-r--r-- | install/db/77-database.php | 54 | ||||
-rw-r--r-- | install/piwigo_structure.sql | 6 | ||||
-rw-r--r-- | picture.php | 3 | ||||
-rw-r--r-- | template/yoga/menubar_menu.tpl | 4 | ||||
-rw-r--r-- | template/yoga/redirect.tpl | 11 |
17 files changed, 118 insertions, 56 deletions
diff --git a/admin/include/functions_metadata.php b/admin/include/functions_metadata.php index e805aeba6..51867b448 100644 --- a/admin/include/functions_metadata.php +++ b/admin/include/functions_metadata.php @@ -28,9 +28,9 @@ $page['datefields'] = array('date_creation', 'date_available'); function get_sync_iptc_data($file) { global $conf, $page; - + $map = $conf['use_iptc_mapping']; - + $iptc = get_iptc_data($file, $map); foreach ($iptc as $pwg_key => $value) @@ -108,7 +108,7 @@ function update_metadata($files) { array_push($image_ids, $id); } - + $query = ' SELECT id FROM '.IMAGES_TABLE.' @@ -118,18 +118,14 @@ SELECT id ) ;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - array_push($has_high_images, $row['id']); - } + $has_high_images = array_from_query($query, 'id'); foreach ($files as $id => $file) { $data = array(); $data['id'] = $id; $data['filesize'] = floor(filesize($file)/1024); - + if ($image_size = @getimagesize($file)) { $data['width'] = $image_size[0]; @@ -142,7 +138,7 @@ SELECT id $data['high_filesize'] = floor(filesize($high_file)/1024); } - + if ($conf['use_exif']) { $exif = get_sync_exif_data($file); @@ -161,7 +157,7 @@ SELECT id { $tags_of[$id] = array(); } - + foreach (explode(',', $iptc[$key]) as $tag_name) { array_push( @@ -178,7 +174,7 @@ SELECT id array_push($datas, $data); } - + if (count($datas) > 0) { $update_fields = @@ -189,7 +185,7 @@ SELECT id 'high_filesize', 'date_metadata_update' ); - + if ($conf['use_exif']) { $update_fields = @@ -198,7 +194,7 @@ SELECT id array_keys($conf['use_exif_mapping']) ); } - + if ($conf['use_iptc']) { $update_fields = @@ -217,7 +213,8 @@ SELECT id 'primary' => array('id'), 'update' => array_unique($update_fields) ), - $datas + $datas, + MASS_UPDATES_SKIP_EMPTY ); } @@ -234,12 +231,12 @@ SELECT id * @param boolean only newly added files ? * @return array */ -function get_filelist($category_id = '', $site_id=1, $recursive = false, +function get_filelist($category_id = '', $site_id=1, $recursive = false, $only_new = false) { // filling $cat_ids : all categories required $cat_ids = array(); - + $query = ' SELECT id FROM '.CATEGORIES_TABLE.' @@ -292,7 +289,7 @@ SELECT id, path { $files[$row['id']] = $row['path']; } - + return $files; } ?>
\ No newline at end of file diff --git a/admin/template/yoga/default-layout.css b/admin/template/yoga/default-layout.css index 9d755d95d..ac2388bdb 100644 --- a/admin/template/yoga/default-layout.css +++ b/admin/template/yoga/default-layout.css @@ -290,7 +290,7 @@ INPUT, SELECT { margin: 0; font-size: 1em; /* <= some browsers don't set it correctly */ } -UL, DL { text-align: left;} +UL, DL, OL { text-align: left;} TABLE { /* horizontaly centered */ margin-left: auto; margin-right: auto; diff --git a/admin/template/yoga/layout.css b/admin/template/yoga/layout.css index 21b3edf90..5a7d5c4df 100644 --- a/admin/template/yoga/layout.css +++ b/admin/template/yoga/layout.css @@ -1,7 +1,6 @@ -/* $Id$ */ /* template css */ -@import "menubar.css"; +/*@import "menubar.css";*/ @import "content.css"; @import "thumbnails.css"; @import "default-layout.css"; diff --git a/admin/template/yoga/theme/admin/theme.css b/admin/template/yoga/theme/admin/theme.css index b3f4bec62..7d71daed1 100644 --- a/admin/template/yoga/theme/admin/theme.css +++ b/admin/template/yoga/theme/admin/theme.css @@ -44,11 +44,9 @@ letter-spacing:0.1em; margin-right:30px; text-align:right; color: #777; text-transform:none; font-weight:bold; padding-left:20px; } .content dl, dd { margin:5px; } .content div.titrePage { height:55px; } -.content ol li { text-align: left; } .instructions { text-align: left; padding: 20px 20px 0 20px; } .throw, td h3 { background-image: url(images/fillet.png); background-repeat: repeat-x; } -.browsePath a { color: #eee; } /* borders */ /* TODO */ INPUT, SELECT, TEXTAREA { border-left: 2px inset #696969; cursor:text; text-indent:4px; } diff --git a/include/functions.inc.php b/include/functions.inc.php index 5a22c475d..3dd62802e 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -747,13 +747,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0) if (empty($msg)) { - $redirect_msg = l10n('redirect_msg'); + $msg = nl2br(l10n('redirect_msg')); } - else - { - $redirect_msg = $msg; - } - $redirect_msg = nl2br($redirect_msg); $refresh = $refresh_time; $url_link = $url; @@ -764,6 +759,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0) include( PHPWG_ROOT_PATH.'include/page_header.php' ); $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) ); + $template->assign('REDIRECT_MSG', $msg); + $template->parse('redirect'); include( PHPWG_ROOT_PATH.'include/page_tail.php' ); diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 92e9cf229..77657b8b1 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -258,8 +258,9 @@ SELECT galleries_url function get_category_preferred_image_orders() { global $conf, $page; - - return array( + + return trigger_event('get_category_preferred_image_orders', + array( array(l10n('default_sort'), '', true), array(l10n('Average rate'), 'average_rate DESC', $conf['rate']), array(l10n('most_visited_cat'), 'hit DESC', true), @@ -269,9 +270,9 @@ function get_category_preferred_image_orders() array( l10n('Rank'), 'rank ASC', - ('categories' == $page['section'] and !isset($page['flat'])) + ('categories' == @$page['section'] and !isset($page['flat'])) ) - ); + )); } function display_select_categories($categories, diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php index a043f041c..2ec709936 100644 --- a/include/functions_search.inc.php +++ b/include/functions_search.inc.php @@ -352,6 +352,10 @@ function get_qsearch_like_clause($q, $field) } else { + if ( strcspn($ch, '%_')==0) + {// escape LIKE specials %_ + $ch = '\\'.$ch; + } $crt_token .= $ch; } break; @@ -366,6 +370,10 @@ function get_qsearch_like_clause($q, $field) $state=0; break; default: + if ( strcspn($ch, '%_')==0) + {// escape LIKE specials %_ + $ch = '\\'.$ch; + } $crt_token .= $ch; } break; diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index f17f2377a..dce1551ea 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -90,6 +90,11 @@ function pwg_session_close() return true; } +function get_remote_addr_session_hash() +{ + return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) ); +} + /** * this function returns * a string corresponding to the value of the variable save in the session @@ -102,7 +107,7 @@ function pwg_session_read($session_id) $query = ' SELECT data FROM '.SESSIONS_TABLE.' - WHERE id = \''.$session_id.'\' + WHERE id = \''.get_remote_addr_session_hash().$session_id.'\' ;'; $result = pwg_query($query); if ($result) @@ -128,7 +133,7 @@ function pwg_session_write($session_id, $data) UPDATE '.SESSIONS_TABLE.' SET expiration = now(), data = \''.$data.'\' - WHERE id = \''.$session_id.'\' + WHERE id = \''.get_remote_addr_session_hash().$session_id.'\' ;'; pwg_query($query); if ( mysql_affected_rows()>0 ) @@ -138,7 +143,7 @@ UPDATE '.SESSIONS_TABLE.' $query = ' INSERT INTO '.SESSIONS_TABLE.' (id,data,expiration) - VALUES(\''.$session_id.'\',\''.$data.'\',now()) + VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now()) ;'; mysql_query($query); return true; @@ -154,7 +159,7 @@ function pwg_session_destroy($session_id) $query = ' DELETE FROM '.SESSIONS_TABLE.' - WHERE id = \''.$session_id.'\' + WHERE id = \''.get_remote_addr_session_hash().$session_id.'\' ;'; pwg_query($query); return true; diff --git a/include/page_header.php b/include/page_header.php index 102e2bdd8..629b45db3 100644 --- a/include/page_header.php +++ b/include/page_header.php @@ -69,11 +69,10 @@ if ( !empty($page['meta_robots']) ) // refresh if ( isset( $refresh ) and intval($refresh) >= 0 - and isset( $url_link ) and isset( $redirect_msg ) ) + and isset( $url_link ) ) { $template->assign( array( - 'REDIRECT_MSG' => $redirect_msg, 'page_refresh' => array( 'TIME' => $refresh, 'U_REFRESH' => $url_link diff --git a/include/template.class.php b/include/template.class.php index 25389b8fa..777d4ddec 100644 --- a/include/template.class.php +++ b/include/template.class.php @@ -62,7 +62,7 @@ class Template { $this->smarty->register_modifier( 'translate', array('Template', 'mod_translate') ); $this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') ); $this->smarty->register_block('html_head', array(&$this, 'block_html_head') ); - $this->smarty->register_function('known_script', array(&$this, 'func_known_script'), false ); + $this->smarty->register_function('known_script', array(&$this, 'func_known_script') ); $this->smarty->register_prefilter( array('Template', 'prefilter_white_space') ); if ( $conf['compiled_template_cache_language'] ) { diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php index 0580d12d7..cc1c1c756 100644 --- a/include/ws_core.inc.php +++ b/include/ws_core.inc.php @@ -378,12 +378,10 @@ class PwgServer { if ( is_null($this->_responseEncoder) ) { - set_status_header(500); + set_status_header(400); @header("Content-Type: text/plain"); echo ("Cannot process your request. Unknown response format. -Request format: ".@$this->_requestFormat." handler:".$this->_requestHandler." -Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder." - "); +Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseFormat."\n"); var_export($this); die(0); } @@ -391,7 +389,7 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder." if ( is_null($this->_requestHandler) ) { $this->sendResponse( - new PwgError(500, 'Unknown request format') + new PwgError(400, 'Unknown request format') ); return; } diff --git a/include/ws_protocols/rest_handler.php b/include/ws_protocols/rest_handler.php index c9c8ad9b0..e22d0b9e2 100644 --- a/include/ws_protocols/rest_handler.php +++ b/include/ws_protocols/rest_handler.php @@ -30,7 +30,7 @@ class PwgRestRequestHandler $param_array = $service->isPost() ? $_POST : $_GET; foreach ($param_array as $name => $value) { - if ($name=='format' or $name=='partner') + if ($name=='format') continue; // ignore - special keys if ($name=='method') { @@ -45,7 +45,7 @@ class PwgRestRequestHandler if ( empty($method) ) { $service->sendResponse( - new PwgError(400, 'Missing "method" name') + new PwgError(WS_ERR_INVALID_METHOD, 'Missing "method" name') ); return; } diff --git a/install/db/77-database.php b/install/db/77-database.php new file mode 100644 index 000000000..f89f2dd07 --- /dev/null +++ b/install/db/77-database.php @@ -0,0 +1,54 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based picture gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +if (!defined('PHPWG_ROOT_PATH')) +{ + die('Hacking attempt!'); +} + +$upgrade_description = 'images.file categories.permalink old_permalinks.permalink - become binary'; + +// +-----------------------------------------------------------------------+ +// | Upgrade content | +// +-----------------------------------------------------------------------+ + +$query = 'ALTER TABLE '.CATEGORIES_TABLE.' + MODIFY COLUMN permalink varchar(64) binary default NULL'; +pwg_query($query); + +$query = 'ALTER TABLE '.OLD_PERMALINKS_TABLE.' + MODIFY COLUMN permalink varchar(64) binary NOT NULL default ""'; +pwg_query($query); + +$query = 'ALTER TABLE '.IMAGES_TABLE.' + MODIFY COLUMN file varchar(255) binary NOT NULL default ""'; +pwg_query($query); + + +echo +"\n" +.'"'.$upgrade_description.'"'.' ended' +."\n" +; + +?> diff --git a/install/piwigo_structure.sql b/install/piwigo_structure.sql index 0c7d6b53e..1ba00ca62 100644 --- a/install/piwigo_structure.sql +++ b/install/piwigo_structure.sql @@ -36,7 +36,7 @@ CREATE TABLE `piwigo_categories` ( `commentable` enum('true','false') NOT NULL default 'true', `global_rank` varchar(255) default NULL, `image_order` varchar(128) default NULL, - `permalink` varchar(64) default NULL, + `permalink` varchar(64) binary default NULL, PRIMARY KEY (`id`), UNIQUE KEY `categories_i3` (`permalink`), KEY `categories_i2` (`id_uppercat`) @@ -174,7 +174,7 @@ CREATE TABLE `piwigo_image_tag` ( DROP TABLE IF EXISTS `piwigo_images`; CREATE TABLE `piwigo_images` ( `id` mediumint(8) unsigned NOT NULL auto_increment, - `file` varchar(255) NOT NULL default '', + `file` varchar(255) binary NOT NULL default '', `date_available` datetime NOT NULL default '0000-00-00 00:00:00', `date_creation` date default NULL, `tn_ext` varchar(4) default '', @@ -208,7 +208,7 @@ CREATE TABLE `piwigo_images` ( DROP TABLE IF EXISTS `piwigo_old_permalinks`; CREATE TABLE `piwigo_old_permalinks` ( `cat_id` smallint(5) unsigned NOT NULL default '0', - `permalink` varchar(64) NOT NULL default '', + `permalink` varchar(64) binary NOT NULL default '', `date_deleted` datetime NOT NULL default '0000-00-00 00:00:00', `last_hit` datetime default NULL, `hit` int(10) unsigned NOT NULL default '0', diff --git a/picture.php b/picture.php index 6f0af4d6c..7448461bb 100644 --- a/picture.php +++ b/picture.php @@ -536,14 +536,13 @@ if (isset($_GET['slideshow'])) if (!empty($id_pict_redirect)) { - // $redirect_msg, $refresh, $url_link and $title are required for creating + // $refresh, $url_link and $title are required for creating // an automated refresh page in header.tpl $refresh = $slideshow_params['period']; $url_link = add_url_params( $picture[$id_pict_redirect]['url'], $slideshow_url_params ); - $redirect_msg = nl2br(l10n('redirect_msg')); } } } diff --git a/template/yoga/menubar_menu.tpl b/template/yoga/menubar_menu.tpl index b9d26376b..c16fae690 100644 --- a/template/yoga/menubar_menu.tpl +++ b/template/yoga/menubar_menu.tpl @@ -1,6 +1,6 @@ -<dt>{$block->get_title()|@translate}</dt> +<dt>{'title_menu'|@translate}</dt> <dd> - <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch"> + <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch" onsubmit="return this.q.value!='' && this.q.value!=qsearch_prompt;"> <p style="margin:0;padding:0"{*this <p> is for html validation only - does not affect positioning*}> <input type="text" name="q" id="qsearchInput" onfocus="if (value==qsearch_prompt) value='';" onblur="if (value=='') value=qsearch_prompt;" style="width:90%"/> </p> diff --git a/template/yoga/redirect.tpl b/template/yoga/redirect.tpl index 91edd0979..e571d0bab 100644 --- a/template/yoga/redirect.tpl +++ b/template/yoga/redirect.tpl @@ -1,6 +1,13 @@ {* $Id$ *} -<h2>{$REDIRECT_MSG}</h2> -<p style="text-align:center; margin: 2em"> +{html_head} +<style type="text/css">#the_page {ldelim}text-align:center;} </style> +{/html_head} + +<div> + {$REDIRECT_MSG} +</div> + +<p style="margin: 2em"> <a href="{$page_refresh.U_REFRESH}"> {'click_to_redirect'|@translate} </a> |