diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-09-12 02:17:35 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-09-12 02:17:35 +0000 |
commit | 4d86bb2234af3939f1e8add3633deaa425fe526e (patch) | |
tree | bfc5274c3fa9e427dc7407288173355e585a9080 /include | |
parent | 272113c4175992de5dee7fed77fa2ab9fdef2850 (diff) |
- images.file categories.permalink old_permalinks.permalink - become binary
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
- metadata sync from the sync button does not overwrite valid data with empty metadata
- other small fixes/enhancements:
- added event get_category_image_orders
- fix display issue with redirect.tpl (h1/h2 within h1)
- fix known_script smarty function registration
- query search form not submitted if q is empty
- better admin css rules
- some other minor changes (ws_core, rest_handler, functions_search...)
git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/functions.inc.php | 9 | ||||
-rw-r--r-- | include/functions_category.inc.php | 9 | ||||
-rw-r--r-- | include/functions_search.inc.php | 8 | ||||
-rw-r--r-- | include/functions_session.inc.php | 13 | ||||
-rw-r--r-- | include/page_header.php | 3 | ||||
-rw-r--r-- | include/template.class.php | 2 | ||||
-rw-r--r-- | include/ws_core.inc.php | 8 | ||||
-rw-r--r-- | include/ws_protocols/rest_handler.php | 4 |
8 files changed, 32 insertions, 24 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index 5a22c475d..3dd62802e 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -747,13 +747,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0) if (empty($msg)) { - $redirect_msg = l10n('redirect_msg'); + $msg = nl2br(l10n('redirect_msg')); } - else - { - $redirect_msg = $msg; - } - $redirect_msg = nl2br($redirect_msg); $refresh = $refresh_time; $url_link = $url; @@ -764,6 +759,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0) include( PHPWG_ROOT_PATH.'include/page_header.php' ); $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) ); + $template->assign('REDIRECT_MSG', $msg); + $template->parse('redirect'); include( PHPWG_ROOT_PATH.'include/page_tail.php' ); diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 92e9cf229..77657b8b1 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -258,8 +258,9 @@ SELECT galleries_url function get_category_preferred_image_orders() { global $conf, $page; - - return array( + + return trigger_event('get_category_preferred_image_orders', + array( array(l10n('default_sort'), '', true), array(l10n('Average rate'), 'average_rate DESC', $conf['rate']), array(l10n('most_visited_cat'), 'hit DESC', true), @@ -269,9 +270,9 @@ function get_category_preferred_image_orders() array( l10n('Rank'), 'rank ASC', - ('categories' == $page['section'] and !isset($page['flat'])) + ('categories' == @$page['section'] and !isset($page['flat'])) ) - ); + )); } function display_select_categories($categories, diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php index a043f041c..2ec709936 100644 --- a/include/functions_search.inc.php +++ b/include/functions_search.inc.php @@ -352,6 +352,10 @@ function get_qsearch_like_clause($q, $field) } else { + if ( strcspn($ch, '%_')==0) + {// escape LIKE specials %_ + $ch = '\\'.$ch; + } $crt_token .= $ch; } break; @@ -366,6 +370,10 @@ function get_qsearch_like_clause($q, $field) $state=0; break; default: + if ( strcspn($ch, '%_')==0) + {// escape LIKE specials %_ + $ch = '\\'.$ch; + } $crt_token .= $ch; } break; diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index f17f2377a..dce1551ea 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -90,6 +90,11 @@ function pwg_session_close() return true; } +function get_remote_addr_session_hash() +{ + return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) ); +} + /** * this function returns * a string corresponding to the value of the variable save in the session @@ -102,7 +107,7 @@ function pwg_session_read($session_id) $query = ' SELECT data FROM '.SESSIONS_TABLE.' - WHERE id = \''.$session_id.'\' + WHERE id = \''.get_remote_addr_session_hash().$session_id.'\' ;'; $result = pwg_query($query); if ($result) @@ -128,7 +133,7 @@ function pwg_session_write($session_id, $data) UPDATE '.SESSIONS_TABLE.' SET expiration = now(), data = \''.$data.'\' - WHERE id = \''.$session_id.'\' + WHERE id = \''.get_remote_addr_session_hash().$session_id.'\' ;'; pwg_query($query); if ( mysql_affected_rows()>0 ) @@ -138,7 +143,7 @@ UPDATE '.SESSIONS_TABLE.' $query = ' INSERT INTO '.SESSIONS_TABLE.' (id,data,expiration) - VALUES(\''.$session_id.'\',\''.$data.'\',now()) + VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now()) ;'; mysql_query($query); return true; @@ -154,7 +159,7 @@ function pwg_session_destroy($session_id) $query = ' DELETE FROM '.SESSIONS_TABLE.' - WHERE id = \''.$session_id.'\' + WHERE id = \''.get_remote_addr_session_hash().$session_id.'\' ;'; pwg_query($query); return true; diff --git a/include/page_header.php b/include/page_header.php index 102e2bdd8..629b45db3 100644 --- a/include/page_header.php +++ b/include/page_header.php @@ -69,11 +69,10 @@ if ( !empty($page['meta_robots']) ) // refresh if ( isset( $refresh ) and intval($refresh) >= 0 - and isset( $url_link ) and isset( $redirect_msg ) ) + and isset( $url_link ) ) { $template->assign( array( - 'REDIRECT_MSG' => $redirect_msg, 'page_refresh' => array( 'TIME' => $refresh, 'U_REFRESH' => $url_link diff --git a/include/template.class.php b/include/template.class.php index 25389b8fa..777d4ddec 100644 --- a/include/template.class.php +++ b/include/template.class.php @@ -62,7 +62,7 @@ class Template { $this->smarty->register_modifier( 'translate', array('Template', 'mod_translate') ); $this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') ); $this->smarty->register_block('html_head', array(&$this, 'block_html_head') ); - $this->smarty->register_function('known_script', array(&$this, 'func_known_script'), false ); + $this->smarty->register_function('known_script', array(&$this, 'func_known_script') ); $this->smarty->register_prefilter( array('Template', 'prefilter_white_space') ); if ( $conf['compiled_template_cache_language'] ) { diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php index 0580d12d7..cc1c1c756 100644 --- a/include/ws_core.inc.php +++ b/include/ws_core.inc.php @@ -378,12 +378,10 @@ class PwgServer { if ( is_null($this->_responseEncoder) ) { - set_status_header(500); + set_status_header(400); @header("Content-Type: text/plain"); echo ("Cannot process your request. Unknown response format. -Request format: ".@$this->_requestFormat." handler:".$this->_requestHandler." -Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder." - "); +Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseFormat."\n"); var_export($this); die(0); } @@ -391,7 +389,7 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder." if ( is_null($this->_requestHandler) ) { $this->sendResponse( - new PwgError(500, 'Unknown request format') + new PwgError(400, 'Unknown request format') ); return; } diff --git a/include/ws_protocols/rest_handler.php b/include/ws_protocols/rest_handler.php index c9c8ad9b0..e22d0b9e2 100644 --- a/include/ws_protocols/rest_handler.php +++ b/include/ws_protocols/rest_handler.php @@ -30,7 +30,7 @@ class PwgRestRequestHandler $param_array = $service->isPost() ? $_POST : $_GET; foreach ($param_array as $name => $value) { - if ($name=='format' or $name=='partner') + if ($name=='format') continue; // ignore - special keys if ($name=='method') { @@ -45,7 +45,7 @@ class PwgRestRequestHandler if ( empty($method) ) { $service->sendResponse( - new PwgError(400, 'Missing "method" name') + new PwgError(WS_ERR_INVALID_METHOD, 'Missing "method" name') ); return; } |