aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rw-r--r--admin/include/functions.php23
-rw-r--r--admin/include/functions_upgrade.php10
2 files changed, 21 insertions, 12 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php
index 1c938ca56..a8193d3af 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -1948,6 +1948,10 @@ function cat_admin_access($category_id)
*/
function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
{
+ // After 3 redirections, return false
+ if ($step > 3) return false;
+
+ // Initialize $dest
is_resource($dest) or $dest = '';
// Try curl to read remote file
@@ -1955,16 +1959,20 @@ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
{
$ch = @curl_init();
@curl_setopt($ch, CURLOPT_URL, $src);
- @curl_setopt($ch, CURLOPT_HEADER, 0);
+ @curl_setopt($ch, CURLOPT_HEADER, 1);
@curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
- is_resource($dest) ?
- @curl_setopt($ch, CURLOPT_FILE, $dest):
- @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$content = @curl_exec($ch);
+ $header_length = @curl_getinfo($ch, CURLINFO_HEADER_SIZE);
@curl_close($ch);
if ($content !== false)
{
- is_resource($dest) or $dest = $content;
+ if (preg_match('/Location:\s+?(.+)/', substr($content, 0, $header_length), $m))
+ {
+ return fetchRemote($m[1], $dest, $user_agent, $step+1);
+ }
+ $content = substr($content, $header_length);
+ is_resource($dest) ? @fwrite($dest, $content) : $dest = $content;
return true;
}
}
@@ -1981,11 +1989,6 @@ function fetchRemote($src, &$dest, $user_agent='Piwigo', $step=0)
}
// Try fsockopen to read remote file
- if ($step > 3)
- {
- return false;
- }
-
$src = parse_url($src);
$host = $src['host'];
$path = isset($src['path']) ? $src['path'] : '/';
diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
index 65b0a21ed..01ffb75b8 100644
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -141,7 +141,13 @@ function check_upgrade_access_rights($current_release, $username, $password)
$username = mysql_real_escape_string($username);
}
- if (version_compare($current_release, '1.5.0', '<'))
+ if (version_compare($current_release, '2.0', '<'))
+ {
+ $username = utf8_decode($username);
+ $password = utf8_decode($password);
+ }
+
+ if (version_compare($current_release, '1.5', '<'))
{
$query = '
SELECT password, status
@@ -166,7 +172,7 @@ WHERE '.$conf['user_fields']['username'].'="'.$username.'"
$conf['pass_convert'] = create_function('$s', 'return md5($s);');
}
- if ($row['password'] != $conf['pass_convert']($_POST['password']))
+ if ($row['password'] != $conf['pass_convert']($password))
{
array_push($page['errors'], l10n('invalid_pwd'));
}