aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
authorpatdenice <patdenice@piwigo.org>2008-11-07 13:54:35 +0000
committerpatdenice <patdenice@piwigo.org>2008-11-07 13:54:35 +0000
commit04395a4c359dddc5c9c7fff5eb447b5ee26204db (patch)
treeb8d788f543590c3128629c794d4614a1ba9b98db /admin/include
parente91161f33103f7f415b0cb06045dc5ef1549e27a (diff)
- improve 1.3.1 upgrade (automatic write in mysql.inc.php).
- translate 1.3.1 upgrade informations messages. - security fix in upgrade login. git-svn-id: http://piwigo.org/svn/trunk@2838 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/include')
-rw-r--r--admin/include/functions_upgrade.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
index afa6596e8..80086c5c9 100644
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -136,11 +136,16 @@ function check_upgrade_access_rights($current_release, $username, $password)
{
global $conf, $page;
+ if(!get_magic_quotes_gpc())
+ {
+ $username = mysql_real_escape_string($username);
+ }
+
if (version_compare($current_release, '1.5.0', '<'))
{
$query = '
SELECT password, status
-FROM '.PREFIX_TABLE.'users
+FROM '.USERS_TABLE.'
WHERE username = "'.$username.'"
;';
}
@@ -149,8 +154,8 @@ WHERE username = "'.$username.'"
$query = '
SELECT u.password, ui.status
FROM '.$conf['users_table'].' AS u
-INNER JOIN '.PREFIX_TABLE.'user_infos AS ui
-ON u.id = ui.user_id
+INNER JOIN '.USER_INFOS_TABLE.' AS ui
+ON u.'.$conf['user_fields']['id'].'=ui.user_id
WHERE '.$conf['user_fields']['username'].'="'.$username.'"
;';
}