diff options
author | patdenice <patdenice@piwigo.org> | 2008-11-07 13:54:35 +0000 |
---|---|---|
committer | patdenice <patdenice@piwigo.org> | 2008-11-07 13:54:35 +0000 |
commit | 04395a4c359dddc5c9c7fff5eb447b5ee26204db (patch) | |
tree | b8d788f543590c3128629c794d4614a1ba9b98db /admin | |
parent | e91161f33103f7f415b0cb06045dc5ef1549e27a (diff) |
- improve 1.3.1 upgrade (automatic write in mysql.inc.php).
- translate 1.3.1 upgrade informations messages.
- security fix in upgrade login.
git-svn-id: http://piwigo.org/svn/trunk@2838 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r-- | admin/include/functions_upgrade.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php index afa6596e8..80086c5c9 100644 --- a/admin/include/functions_upgrade.php +++ b/admin/include/functions_upgrade.php @@ -136,11 +136,16 @@ function check_upgrade_access_rights($current_release, $username, $password) { global $conf, $page; + if(!get_magic_quotes_gpc()) + { + $username = mysql_real_escape_string($username); + } + if (version_compare($current_release, '1.5.0', '<')) { $query = ' SELECT password, status -FROM '.PREFIX_TABLE.'users +FROM '.USERS_TABLE.' WHERE username = "'.$username.'" ;'; } @@ -149,8 +154,8 @@ WHERE username = "'.$username.'" $query = ' SELECT u.password, ui.status FROM '.$conf['users_table'].' AS u -INNER JOIN '.PREFIX_TABLE.'user_infos AS ui -ON u.id = ui.user_id +INNER JOIN '.USER_INFOS_TABLE.' AS ui +ON u.'.$conf['user_fields']['id'].'=ui.user_id WHERE '.$conf['user_fields']['username'].'="'.$username.'" ;'; } |