aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
authorpatdenice <patdenice@piwigo.org>2008-11-07 13:56:00 +0000
committerpatdenice <patdenice@piwigo.org>2008-11-07 13:56:00 +0000
commit2f586c6791ee2d07e71245d308e2c7f1158b2b7d (patch)
treeb336c1f75085c1055928c20458586ce2a68f190c /admin/include
parent5f1fe1d4f9b67b44b7166444de6034a4e6dadfdf (diff)
merge -c2838 from trunk to branch 2.0
- improve 1.3.1 upgrade (automatic write in mysql.inc.php). - translate 1.3.1 upgrade informations messages. - security fix in upgrade login. git-svn-id: http://piwigo.org/svn/branches/2.0@2839 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/include')
-rw-r--r--admin/include/functions_upgrade.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
index afa6596e8..80086c5c9 100644
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -136,11 +136,16 @@ function check_upgrade_access_rights($current_release, $username, $password)
{
global $conf, $page;
+ if(!get_magic_quotes_gpc())
+ {
+ $username = mysql_real_escape_string($username);
+ }
+
if (version_compare($current_release, '1.5.0', '<'))
{
$query = '
SELECT password, status
-FROM '.PREFIX_TABLE.'users
+FROM '.USERS_TABLE.'
WHERE username = "'.$username.'"
;';
}
@@ -149,8 +154,8 @@ WHERE username = "'.$username.'"
$query = '
SELECT u.password, ui.status
FROM '.$conf['users_table'].' AS u
-INNER JOIN '.PREFIX_TABLE.'user_infos AS ui
-ON u.id = ui.user_id
+INNER JOIN '.USER_INFOS_TABLE.' AS ui
+ON u.'.$conf['user_fields']['id'].'=ui.user_id
WHERE '.$conf['user_fields']['username'].'="'.$username.'"
;';
}