aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2006-01-15 13:45:42 +0000
committernikrou <nikrou@piwigo.org>2006-01-15 13:45:42 +0000
commitc3397a2c73273ba5414d976ab7f45ae5e71a8a33 (patch)
treee59456bdf40caf57ca5d3586190c3b3f6e8eb463 /admin
parentb223bb495dbfa1611766cdc528c9eb1af56c43e3 (diff)
Improve security of sessions:
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r--admin/cat_list.php21
-rw-r--r--admin/cat_modify.php14
-rw-r--r--admin/cat_move.php2
-rw-r--r--admin/cat_options.php2
-rw-r--r--admin/cat_perm.php5
-rw-r--r--admin/comments.php6
-rw-r--r--admin/configuration.php2
-rw-r--r--admin/element_set_unit.php4
-rw-r--r--admin/group_list.php3
-rw-r--r--admin/group_perm.php2
-rw-r--r--admin/intro.php10
-rw-r--r--admin/maintenance.php10
-rw-r--r--admin/picture_modify.php6
-rw-r--r--admin/remote_site.php12
-rw-r--r--admin/stats.php10
-rw-r--r--admin/thumbnail.php2
-rw-r--r--admin/user_list.php6
-rw-r--r--admin/user_perm.php2
-rw-r--r--admin/waiting.php2
19 files changed, 48 insertions, 73 deletions
diff --git a/admin/cat_list.php b/admin/cat_list.php
index f7652db73..3acbbad5e 100644
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@@ -65,7 +65,7 @@ function save_categories_order($categories)
$categories = array();
$base_url = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
-$navigation = '<a class="" href="'.add_session_id($base_url).'">';
+$navigation = '<a class="" href="'.$base_url.'">';
$navigation.= $lang['home'];
$navigation.= '</a>';
@@ -238,7 +238,7 @@ else
$template->assign_vars(array(
'CATEGORIES_NAV'=>$navigation,
'NEXT_RANK'=>$next_rank,
- 'F_ACTION'=>add_session_id($form_action),
+ 'F_ACTION'=>$form_action,
'L_ADD_VIRTUAL'=>$lang['cat_add'],
'L_SUBMIT'=>$lang['submit'],
@@ -318,14 +318,9 @@ foreach ($categories as $category)
'ID'=>$category['id'],
'RANK'=>$category['rank']*10,
- 'U_JUMPTO'=>
- add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
-
- 'U_CHILDREN'=>
- add_session_id($cat_list_url.'&amp;parent_id='.$category['id']),
-
- 'U_EDIT'=>
- add_session_id($base_url.'cat_modify&amp;cat_id='.$category['id'])
+ 'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
+ 'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],
+ 'U_EDIT'=>$base_url.'cat_modify&amp;cat_id='.$category['id']
)
);
@@ -334,7 +329,7 @@ foreach ($categories as $category)
$template->assign_block_vars(
'category.delete',
array(
- 'URL'=>add_session_id($self_url.'&amp;delete='.$category['id'])
+ 'URL'=>$self_url.'&amp;delete='.$category['id']
)
);
}
@@ -344,7 +339,7 @@ foreach ($categories as $category)
$template->assign_block_vars(
'category.elements',
array(
- 'URL'=>add_session_id($base_url.'element_set&amp;cat='.$category['id'])
+ 'URL'=>$base_url.'element_set&amp;cat='.$category['id']
)
);
}
@@ -354,7 +349,7 @@ foreach ($categories as $category)
$template->assign_block_vars(
'category.permissions',
array(
- 'URL'=>add_session_id($base_url.'cat_perm&amp;cat='.$category['id'])
+ 'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
)
);
}
diff --git a/admin/cat_modify.php b/admin/cat_modify.php
index 0d82c13d4..8291e9030 100644
--- a/admin/cat_modify.php
+++ b/admin/cat_modify.php
@@ -171,13 +171,11 @@ $template->assign_vars(array(
'L_SUBMIT'=>$lang['submit'],
'L_SET_RANDOM_REPRESENTANT'=>$lang['cat_representant'],
- 'U_JUMPTO'=>
- add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
- 'U_CHILDREN'=>
- add_session_id($cat_list_url.'&amp;parent_id='.$category['id']),
+ 'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
+ 'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_modify',
- 'F_ACTION'=>add_session_id($form_action)
+ 'F_ACTION'=>$form_action
));
@@ -186,7 +184,7 @@ if ('private' == $category['status'])
$template->assign_block_vars(
'permissions',
array(
- 'URL'=>add_session_id($base_url.'cat_perm&amp;cat='.$category['id'])
+ 'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
)
);
}
@@ -197,7 +195,7 @@ if ($category['nb_images'] > 0)
$template->assign_block_vars(
'elements',
array(
- 'URL'=>add_session_id($base_url.'element_set&amp;cat='.$category['id'])
+ 'URL'=>$base_url.'element_set&amp;cat='.$category['id']
)
);
}
@@ -267,7 +265,7 @@ else
$template->assign_block_vars(
'delete',
array(
- 'URL'=>add_session_id($self_url.'&amp;delete='.$category['id'])
+ 'URL'=>$self_url.'&amp;delete='.$category['id']
)
);
diff --git a/admin/cat_move.php b/admin/cat_move.php
index 7760b6494..0d030dca0 100644
--- a/admin/cat_move.php
+++ b/admin/cat_move.php
@@ -68,7 +68,7 @@ $template->set_filenames(
$template->assign_vars(
array(
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_move'),
+ 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_move',
)
);
diff --git a/admin/cat_options.php b/admin/cat_options.php
index f8ca7527b..a43a4ec61 100644
--- a/admin/cat_options.php
+++ b/admin/cat_options.php
@@ -153,7 +153,7 @@ $template->assign_vars(
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_options',
- 'F_ACTION'=>add_session_id($base_url.$page['section'])
+ 'F_ACTION'=>$base_url.$page['section']
)
);
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
index f0c961103..95e9edaa9 100644
--- a/admin/cat_perm.php
+++ b/admin/cat_perm.php
@@ -207,10 +207,7 @@ $template->assign_vars(
'admin.php?page=cat_modify&amp;cat_id='
),
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_perm',
- 'F_ACTION' =>
- add_session_id(
- PHPWG_ROOT_PATH.'admin.php?page=cat_perm&amp;cat='.$page['cat']
- )
+ 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_perm&amp;cat='.$page['cat']
)
);
diff --git a/admin/comments.php b/admin/comments.php
index 53d498c84..ef366c783 100644
--- a/admin/comments.php
+++ b/admin/comments.php
@@ -117,7 +117,7 @@ $template->set_filenames(array('comments'=>'admin/comments.tpl'));
$template->assign_vars(
array(
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments')
+ 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments'
)
);
@@ -141,10 +141,8 @@ while ($row = mysql_fetch_array($result))
'comment',
array(
'U_PICTURE' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
- '&amp;image_id='.$row['image_id']
- ),
+ '&amp;image_id='.$row['image_id'],
'ID' => $row['id'],
'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),
'AUTHOR' => $row['author'],
diff --git a/admin/configuration.php b/admin/configuration.php
index bb1c82646..0d0ee4476 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -149,7 +149,7 @@ $template->assign_vars(
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=configuration',
- 'F_ACTION'=>add_session_id($action)
+ 'F_ACTION'=>$action
));
switch ($page['section'])
diff --git a/admin/element_set_unit.php b/admin/element_set_unit.php
index fbffe99dd..f3bf12bbd 100644
--- a/admin/element_set_unit.php
+++ b/admin/element_set_unit.php
@@ -222,10 +222,8 @@ SELECT id,path,tn_ext,name,date_creation,comment,keywords,author,file
!empty($row['name']) ?
$row['name'] : get_name_from_file($row['file']),
'U_EDIT' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
- '&amp;image_id='.$row['id']
- ),
+ '&amp;image_id='.$row['id'],
'ID' => $row['id'],
'FILENAME' => $row['path'],
'TN_SRC' => $src,
diff --git a/admin/group_list.php b/admin/group_list.php
index 7bc08b3f4..0a9946fe5 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -124,8 +124,7 @@ $template->set_filenames(array('group_list' => 'admin/group_list.tpl'));
$template->assign_vars(
array(
- 'F_ADD_ACTION' =>
- add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list')
+ 'F_ADD_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=group_list'
)
);
diff --git a/admin/group_perm.php b/admin/group_perm.php
index 5c974008e..2c474eb89 100644
--- a/admin/group_perm.php
+++ b/admin/group_perm.php
@@ -140,11 +140,9 @@ $template->assign_vars(
'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
'F_ACTION' =>
- add_session_id(
PHPWG_ROOT_PATH.
'admin.php?page=group_perm&amp;group_id='.
$page['group']
- )
)
);
diff --git a/admin/intro.php b/admin/intro.php
index 71a657c03..a72171ec0 100644
--- a/admin/intro.php
+++ b/admin/intro.php
@@ -175,10 +175,8 @@ $template->assign_vars(
'DB_USERS' => sprintf(l10n('%d users'), $nb_users),
'DB_GROUPS' => sprintf(l10n('%d groups'), $nb_groups),
'DB_COMMENTS' => sprintf(l10n('%d comments'), $nb_comments),
- 'U_CHECK_UPGRADE' =>
- add_session_id(PHPWG_ROOT_PATH.'admin.php?action=check_upgrade'),
- 'U_PHPINFO' =>
- add_session_id(PHPWG_ROOT_PATH.'admin.php?action=phpinfo')
+ 'U_CHECK_UPGRADE' => PHPWG_ROOT_PATH.'admin.php?action=check_upgrade',
+ 'U_PHPINFO' => PHPWG_ROOT_PATH.'admin.php?action=phpinfo'
)
);
@@ -215,7 +213,7 @@ if ($nb_waiting > 0)
$template->assign_block_vars(
'waiting',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=waiting'),
+ 'URL' => PHPWG_ROOT_PATH.'admin.php?page=waiting',
'INFO' => sprintf(l10n('%d waiting for validation'), $nb_waiting)
)
);
@@ -234,7 +232,7 @@ if ($nb_comments > 0)
$template->assign_block_vars(
'unvalidated',
array(
- 'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments'),
+ 'URL' => PHPWG_ROOT_PATH.'admin.php?page=comments',
'INFO' => sprintf(l10n('%d waiting for validation'), $nb_comments)
)
);
diff --git a/admin/maintenance.php b/admin/maintenance.php
index ec45196db..067f1ff82 100644
--- a/admin/maintenance.php
+++ b/admin/maintenance.php
@@ -98,11 +98,11 @@ $start_url = PHPWG_ROOT_PATH.'admin.php?page=maintenance&amp;action=';
$template->assign_vars(
array(
- 'U_MAINT_CATEGORIES' => add_session_id($start_url.'categories'),
- 'U_MAINT_IMAGES' => add_session_id($start_url.'images'),
- 'U_MAINT_HISTORY' => add_session_id($start_url.'history'),
- 'U_MAINT_SESSIONS' => add_session_id($start_url.'sessions'),
- 'U_MAINT_FEEDS' => add_session_id($start_url.'feeds'),
+ 'U_MAINT_CATEGORIES' => $start_url.'categories',
+ 'U_MAINT_IMAGES' => $start_url.'images',
+ 'U_MAINT_HISTORY' => $start_url.'history',
+ 'U_MAINT_SESSIONS' => $start_url.'sessions',
+ 'U_MAINT_FEEDS' => $start_url.'feeds',
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=maintenance',
)
);
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index a8fa2b953..097857ec5 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -195,12 +195,10 @@ $template->set_filenames(
$template->assign_vars(
array(
'U_SYNC' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
'&amp;image_id='.$_GET['image_id'].
(isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '').
- '&amp;sync_metadata=1'
- ),
+ '&amp;sync_metadata=1',
'PATH'=>$row['path'],
@@ -230,10 +228,8 @@ $template->assign_vars(
stripslashes($_POST['description']) : @$row['comment'],
'F_ACTION' =>
- add_session_id(
PHPWG_ROOT_PATH.'admin.php'
.get_query_string_diff(array('sync_metadata'))
- )
)
);
diff --git a/admin/remote_site.php b/admin/remote_site.php
index fb778084f..1ce1813a2 100644
--- a/admin/remote_site.php
+++ b/admin/remote_site.php
@@ -515,7 +515,7 @@ $template->assign_vars(
'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=remote_site',
- 'F_ACTION'=>add_session_id(PHPWG_ROOT_PATH.'admin.php?page=remote_site')
+ 'F_ACTION'=>PHPWG_ROOT_PATH.'admin.php?page=remote_site'
)
);
@@ -686,7 +686,7 @@ else
'local',
array(
'URL' => $url,
- 'U_UPDATE' => add_session_id($base_url.'local_update')
+ 'U_UPDATE' => $base_url.'local_update'
)
);
@@ -731,10 +731,10 @@ while ($row = mysql_fetch_array($result))
'sites.site',
array(
'NAME' => $row['galleries_url'],
- 'U_GENERATE' => add_session_id($base_url.'generate'),
- 'U_UPDATE' => add_session_id($base_url.'update'),
- 'U_CLEAN' => add_session_id($base_url.'clean'),
- 'U_DELETE' => add_session_id($base_url.'delete')
+ 'U_GENERATE' => $base_url.'generate',
+ 'U_UPDATE' => $base_url.'update',
+ 'U_CLEAN' => $base_url.'clean',
+ 'U_DELETE' => $base_url.'delete'
)
);
}
diff --git a/admin/stats.php b/admin/stats.php
index 1a821a476..02d7ec5d8 100644
--- a/admin/stats.php
+++ b/admin/stats.php
@@ -62,7 +62,7 @@ if (isset($_GET['day']) && isset($_GET['month']) && isset($_GET['year']) )
$date_of_day=$_GET['day'].' '.$lang['month'][$_GET['month']].' '.$_GET['year'];
$title_page=$lang['stats_day_title'].' du '.$date_of_day;
$url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
- $url_back = add_session_id($url_back);
+ $url_back = $url_back;
$title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
$title_day = $date_of_day;
}
@@ -71,7 +71,7 @@ elseif ( isset($_GET['month']) && isset($_GET['year']) )
$date_of_day=$lang['month'][$_GET['month']].' '.$_GET['year'];
$title_page=$lang['stats_month_title'].' : '.$date_of_day;
$url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
- $url_back = add_session_id($url_back);
+ $url_back = $url_back;
$title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
$title_day=$lang['today'];
}
@@ -105,7 +105,7 @@ $template->assign_vars(array(
'L_STAT_FILE'=>$lang['stats_file'],
'L_STAT_PICTURE'=>$lang['stats_picture'],
- 'IMG_REPORT'=>add_session_id($url_img)
+ 'IMG_REPORT'=>$url_img
));
//---------------------------------------------------------------- log history
@@ -141,7 +141,7 @@ while ( $row = mysql_fetch_array( $result ) )
.'&amp;day='.$row['d']
;
- $value = '<a href="'.add_session_id($url).'">';
+ $value = '<a href="'.$url.'">';
$value.= $row['d'].' ('.$week_day.')';
$value.= "</a>";
}
@@ -160,7 +160,7 @@ while ( $row = mysql_fetch_array( $result ) )
.'&amp;month='.$row['m']
;
- $value = '<a href="'.add_session_id($url).'">';
+ $value = '<a href="'.$url.'">';
$value.= $lang['month'][$row['m']].' '.$row['y'];
$value.= "</a>";
}
diff --git a/admin/thumbnail.php b/admin/thumbnail.php
index 5193388d7..88ffdc952 100644
--- a/admin/thumbnail.php
+++ b/admin/thumbnail.php
@@ -358,7 +358,7 @@ if (count($remainings) > 0)
$template->assign_block_vars(
'params',
array(
- 'F_ACTION'=>add_session_id($form_url),
+ 'F_ACTION'=>$form_url,
$gdlabel=>'checked="checked"',
$nlabel=>'checked="checked"',
'WIDTH_TN'=>$width,
diff --git a/admin/user_list.php b/admin/user_list.php
index f069dfe63..ea1748a2d 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -424,7 +424,7 @@ while ($row = mysql_fetch_array($result))
$template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
-$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
+$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
if (isset($_GET['start']) and is_numeric($_GET['start']))
{
@@ -790,8 +790,8 @@ foreach ($page['filtered_users'] as $num => $local_user)
'CLASS' => ($num % 2 == 1) ? 'row2' : 'row1',
'ID' => $local_user['id'],
'CHECKED' => $checked,
- 'U_MOD' => add_session_id($profile_url.$local_user['id']),
- 'U_PERM' => add_session_id($perm_url.$local_user['id']),
+ 'U_MOD' => $profile_url.$local_user['id'],
+ 'U_PERM' => $perm_url.$local_user['id'],
'USERNAME' => $local_user['username'],
'STATUS' => $lang['user_status_'.$local_user['status']],
'EMAIL' => isset($local_user['email']) ? $local_user['email'] : '',
diff --git a/admin/user_perm.php b/admin/user_perm.php
index 400678ce2..91ade3618 100644
--- a/admin/user_perm.php
+++ b/admin/user_perm.php
@@ -133,11 +133,9 @@ $template->assign_vars(
'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
'F_ACTION' =>
- add_session_id(
PHPWG_ROOT_PATH.
'admin.php?page=user_perm'.
'&amp;user_id='.$page['user']
- )
)
);
diff --git a/admin/waiting.php b/admin/waiting.php
index 7c8e05b51..647fcafe2 100644
--- a/admin/waiting.php
+++ b/admin/waiting.php
@@ -148,7 +148,7 @@ $template->assign_vars(array(
'L_RESET'=>$lang['reset'],
'L_DELETE'=>$lang['delete'],
- 'F_ACTION'=>add_session_id(str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'] ))
+ 'F_ACTION'=>str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'])
));
//---------------------------------------------------------------- form display