diff options
author | patdenice <patdenice@piwigo.org> | 2008-11-07 13:56:00 +0000 |
---|---|---|
committer | patdenice <patdenice@piwigo.org> | 2008-11-07 13:56:00 +0000 |
commit | 2f586c6791ee2d07e71245d308e2c7f1158b2b7d (patch) | |
tree | b336c1f75085c1055928c20458586ce2a68f190c /admin/include | |
parent | 5f1fe1d4f9b67b44b7166444de6034a4e6dadfdf (diff) |
merge -c2838 from trunk to branch 2.0
- improve 1.3.1 upgrade (automatic write in mysql.inc.php).
- translate 1.3.1 upgrade informations messages.
- security fix in upgrade login.
git-svn-id: http://piwigo.org/svn/branches/2.0@2839 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/include')
-rw-r--r-- | admin/include/functions_upgrade.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php index afa6596e8..80086c5c9 100644 --- a/admin/include/functions_upgrade.php +++ b/admin/include/functions_upgrade.php @@ -136,11 +136,16 @@ function check_upgrade_access_rights($current_release, $username, $password) { global $conf, $page; + if(!get_magic_quotes_gpc()) + { + $username = mysql_real_escape_string($username); + } + if (version_compare($current_release, '1.5.0', '<')) { $query = ' SELECT password, status -FROM '.PREFIX_TABLE.'users +FROM '.USERS_TABLE.' WHERE username = "'.$username.'" ;'; } @@ -149,8 +154,8 @@ WHERE username = "'.$username.'" $query = ' SELECT u.password, ui.status FROM '.$conf['users_table'].' AS u -INNER JOIN '.PREFIX_TABLE.'user_infos AS ui -ON u.id = ui.user_id +INNER JOIN '.USER_INFOS_TABLE.' AS ui +ON u.'.$conf['user_fields']['id'].'=ui.user_id WHERE '.$conf['user_fields']['username'].'="'.$username.'" ;'; } |