diff options
| -rw-r--r-- | admin/include/functions.php | 23 | ||||
| -rw-r--r-- | admin/include/functions_upgrade.php | 10 | ||||
| -rw-r--r-- | include/functions_session.inc.php | 13 |
3 files changed, 22 insertions, 24 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index 1c938ca56..a8193d3af 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -1948,6 +1948,10 @@ function cat_admin_access($category_id) */ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0) { + // After 3 redirections, return false + if ($step > 3) return false; + + // Initialize $dest is_resource($dest) or $dest = ''; // Try curl to read remote file @@ -1955,16 +1959,20 @@ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0) { $ch = @curl_init(); @curl_setopt($ch, CURLOPT_URL, $src); - @curl_setopt($ch, CURLOPT_HEADER, 0); + @curl_setopt($ch, CURLOPT_HEADER, 1); @curl_setopt($ch, CURLOPT_USERAGENT, $user_agent); - is_resource($dest) ? - @curl_setopt($ch, CURLOPT_FILE, $dest): - @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $content = @curl_exec($ch); + $header_length = @curl_getinfo($ch, CURLINFO_HEADER_SIZE); @curl_close($ch); if ($content !== false) { - is_resource($dest) or $dest = $content; + if (preg_match('/Location:\s+?(.+)/', substr($content, 0, $header_length), $m)) + { + return fetchRemote($m[1], $dest, $user_agent, $step+1); + } + $content = substr($content, $header_length); + is_resource($dest) ? @fwrite($dest, $content) : $dest = $content; return true; } } @@ -1981,11 +1989,6 @@ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0) } // Try fsockopen to read remote file - if ($step > 3) - { - return false; - } - $src = parse_url($src); $host = $src['host']; $path = isset($src['path']) ? $src['path'] : '/'; diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php index 65b0a21ed..01ffb75b8 100644 --- a/admin/include/functions_upgrade.php +++ b/admin/include/functions_upgrade.php @@ -141,7 +141,13 @@ function check_upgrade_access_rights($current_release, $username, $password) $username = mysql_real_escape_string($username); } - if (version_compare($current_release, '1.5.0', '<')) + if (version_compare($current_release, '2.0', '<')) + { + $username = utf8_decode($username); + $password = utf8_decode($password); + } + + if (version_compare($current_release, '1.5', '<')) { $query = ' SELECT password, status @@ -166,7 +172,7 @@ WHERE '.$conf['user_fields']['username'].'="'.$username.'" $conf['pass_convert'] = create_function('$s', 'return md5($s);'); } - if ($row['password'] != $conf['pass_convert']($_POST['password'])) + if ($row['password'] != $conf['pass_convert']($password)) { array_push($page['errors'], l10n('invalid_pwd')); } diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 728fc8fba..dd3e1b24c 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -131,18 +131,7 @@ SELECT data function pwg_session_write($session_id, $data) { $query = ' -UPDATE '.SESSIONS_TABLE.' - SET expiration = now(), - data = \''.$data.'\' - WHERE id = \''.get_remote_addr_session_hash().$session_id.'\' -;'; - pwg_query($query); - if ( mysql_affected_rows()>0 ) - { - return true; - } - $query = ' -INSERT INTO '.SESSIONS_TABLE.' +REPLACE INTO '.SESSIONS_TABLE.' (id,data,expiration) VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now()) ;'; |