aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorpatdenice <patdenice@piwigo.org>2008-10-15 20:58:36 +0000
committerpatdenice <patdenice@piwigo.org>2008-10-15 20:58:36 +0000
commit3e49cf5f56cfb64e1f3b00cecda8868f6b43f72f (patch)
tree29641a82ce9f4418e8d87e3e73dd27c9bc5648ba /admin
parent478291598f09d2055c72b3ff49d6a622e7648f40 (diff)
Merge from trunk 2752:
- change mysql_escape_string function (deprecated) by mysql_real_escape_string. - Correction on install.tpl (link color). git-svn-id: http://piwigo.org/svn/branches/2.0@2753 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r--admin/group_list.php2
-rw-r--r--admin/history.php2
-rw-r--r--admin/template/goto/install.tpl2
-rw-r--r--admin/user_list.php9
4 files changed, 4 insertions, 11 deletions
diff --git a/admin/group_list.php b/admin/group_list.php
index 09462025e..8bb0412b4 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -107,7 +107,7 @@ SELECT COUNT(*)
INSERT INTO '.GROUPS_TABLE.'
(name)
VALUES
- (\''.mysql_escape_string($_POST['groupname']).'\')
+ (\''.mysql_real_escape_string($_POST['groupname']).'\')
;';
pwg_query($query);
diff --git a/admin/history.php b/admin/history.php
index 222deaaf1..a915704d4 100644
--- a/admin/history.php
+++ b/admin/history.php
@@ -110,7 +110,7 @@ if (isset($_POST['submit']))
$search['fields']['filename'] = str_replace(
'*',
'%',
- mysql_escape_string($_POST['filename'])
+ mysql_real_escape_string($_POST['filename'])
);
}
diff --git a/admin/template/goto/install.tpl b/admin/template/goto/install.tpl
index 0fdf9b709..553eb737d 100644
--- a/admin/template/goto/install.tpl
+++ b/admin/template/goto/install.tpl
@@ -29,7 +29,7 @@ TD {
height: 2.5em;
}
-.sql_content {
+.sql_content, .infos a {
color: #ff3363;
}
</style>
diff --git a/admin/user_list.php b/admin/user_list.php
index 8f0430ee5..80d3306f7 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -49,14 +49,7 @@ function get_filtered_user_list()
if (isset($_GET['username']) and !empty($_GET['username']))
{
$username = str_replace('*', '%', $_GET['username']);
- if (function_exists('mysql_real_escape_string'))
- {
- $filter['username'] = mysql_real_escape_string($username);
- }
- else
- {
- $filter['username'] = mysql_escape_string($username);
- }
+ $filter['username'] = mysql_real_escape_string($username);
}
if (isset($_GET['group'])