aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2008-10-18 00:45:45 +0000
committerrvelices <rv-github@modusoptimus.com>2008-10-18 00:45:45 +0000
commit90be9fbb84623095a360cfa6e9c1955a891eeba5 (patch)
tree0b61f9e6a0372b6662866a3bd0dd9b746b0f430a /include
parentfaa543851ba9fc25ffb0d25a7876d4486757f21a (diff)
- merge rev 2765,2769 from branch 2.0
* 2765 mysql potential injection paranoia + code compaction in common.inc.php * 2769 added an image sort order by privacy level (admins only) * 2769 fix an IE6 display issue with quick search on index page git-svn-id: http://piwigo.org/svn/trunk@2770 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r--include/common.inc.php61
-rw-r--r--include/functions_category.inc.php5
-rw-r--r--include/ws_functions.inc.php10
3 files changed, 18 insertions, 58 deletions
diff --git a/include/common.inc.php b/include/common.inc.php
index cbe1d6d89..0b1a2b581 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -36,64 +36,21 @@ set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
//
if( !get_magic_quotes_gpc() )
{
+ function sanitize_mysql_kv(&$v, $k)
+ {
+ $v = addslashes($v);
+ }
if( is_array( $_GET ) )
{
- while( list($k, $v) = each($_GET) )
- {
- if( is_array($_GET[$k]) )
- {
- while( list($k2, $v2) = each($_GET[$k]) )
- {
- $_GET[$k][$k2] = addslashes($v2);
- }
- @reset($_GET[$k]);
- }
- else
- {
- $_GET[$k] = addslashes($v);
- }
- }
- @reset($_GET);
+ array_walk_recursive( $_GET, 'sanitize_mysql_kv' );
}
-
- if( is_array($_POST) )
+ if( is_array( $_POST ) )
{
- while( list($k, $v) = each($_POST) )
- {
- if( is_array($_POST[$k]) )
- {
- while( list($k2, $v2) = each($_POST[$k]) )
- {
- $_POST[$k][$k2] = addslashes($v2);
- }
- @reset($_POST[$k]);
- }
- else
- {
- $_POST[$k] = addslashes($v);
- }
- }
- @reset($_POST);
+ array_walk_recursive( $_POST, 'sanitize_mysql_kv' );
}
-
- if( is_array($_COOKIE) )
+ if( is_array( $_COOKIE ) )
{
- while( list($k, $v) = each($_COOKIE) )
- {
- if( is_array($_COOKIE[$k]) )
- {
- while( list($k2, $v2) = each($_COOKIE[$k]) )
- {
- $_COOKIE[$k][$k2] = addslashes($v2);
- }
- @reset($_COOKIE[$k]);
- }
- else
- {
- $_COOKIE[$k] = addslashes($v);
- }
- }
- @reset($_COOKIE);
+ array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' );
}
}
if ( !empty($_SERVER["PATH_INFO"]) )
diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
index 26c9478ef..0705b852b 100644
--- a/include/functions_category.inc.php
+++ b/include/functions_category.inc.php
@@ -273,7 +273,8 @@ function get_category_preferred_image_orders()
l10n('Rank'),
'rank ASC',
('categories' == @$page['section'] and !isset($page['flat']) and !isset($page['chronology_field']) )
- )
+ ),
+ array( l10n('permissions'), 'level DESC', is_admin() )
));
}
@@ -522,4 +523,4 @@ LIMIT 1';
}
}
-?>
+?> \ No newline at end of file
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index a41212f5f..e61a4b2d6 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -187,6 +187,7 @@ function ws_caddie_add($params, &$service)
{
return new PwgError(401, 'Access denied');
}
+ $params['image_id'] = array_map( 'intval',$params['image_id'] );
if ( empty($params['image_id']) )
{
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
@@ -291,7 +292,7 @@ SELECT i.*, GROUP_CONCAT(category_id) cat_ids
AND ', $where_clauses).'
GROUP BY i.id
'.$order_by.'
-LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
+LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))
@@ -683,8 +684,8 @@ SELECT id, date, author, content
FROM '.COMMENTS_TABLE.'
WHERE '.$where_comments.'
ORDER BY date
- LIMIT '.$params['comments_per_page']*(int)$params['comments_page'].
- ','.$params['comments_per_page'];
+ LIMIT '.(int)($params['comments_per_page']*$params['comments_page']).
+ ','.(int)$params['comments_per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))
@@ -857,6 +858,7 @@ function ws_images_setPrivacyLevel($params, &$service)
{
return new PwgError(401, 'Access denied');
}
+ $params['image_id'] = array_map( 'intval',$params['image_id'] );
if ( empty($params['image_id']) )
{
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
@@ -1342,7 +1344,7 @@ SELECT DISTINCT i.* FROM '.IMAGES_TABLE.' i
WHERE '. implode('
AND ', $where_clauses).'
'.$order_by.'
-LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
+LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))