From 3e49cf5f56cfb64e1f3b00cecda8868f6b43f72f Mon Sep 17 00:00:00 2001
From: patdenice <patdenice@piwigo.org>
Date: Wed, 15 Oct 2008 20:58:36 +0000
Subject: Merge from trunk 2752: - change mysql_escape_string function
 (deprecated) by mysql_real_escape_string. - Correction on install.tpl (link
 color).

git-svn-id: http://piwigo.org/svn/branches/2.0@2753 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/group_list.php            | 2 +-
 admin/history.php               | 2 +-
 admin/template/goto/install.tpl | 2 +-
 admin/user_list.php             | 9 +--------
 include/functions_user.inc.php  | 4 ++--
 language/fr_FR/install.lang.php | 2 +-
 password.php                    | 2 +-
 7 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/admin/group_list.php b/admin/group_list.php
index 09462025e..8bb0412b4 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -107,7 +107,7 @@ SELECT COUNT(*)
 INSERT INTO '.GROUPS_TABLE.'
   (name)
   VALUES
-  (\''.mysql_escape_string($_POST['groupname']).'\')
+  (\''.mysql_real_escape_string($_POST['groupname']).'\')
 ;';
     pwg_query($query);
 
diff --git a/admin/history.php b/admin/history.php
index 222deaaf1..a915704d4 100644
--- a/admin/history.php
+++ b/admin/history.php
@@ -110,7 +110,7 @@ if (isset($_POST['submit']))
     $search['fields']['filename'] = str_replace(
       '*',
       '%',
-      mysql_escape_string($_POST['filename'])
+      mysql_real_escape_string($_POST['filename'])
       );
   }
 
diff --git a/admin/template/goto/install.tpl b/admin/template/goto/install.tpl
index 0fdf9b709..553eb737d 100644
--- a/admin/template/goto/install.tpl
+++ b/admin/template/goto/install.tpl
@@ -29,7 +29,7 @@ TD {
   height: 2.5em;
 }
 
-.sql_content {
+.sql_content, .infos a {
   color: #ff3363;
 }
 </style>
diff --git a/admin/user_list.php b/admin/user_list.php
index 8f0430ee5..80d3306f7 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -49,14 +49,7 @@ function get_filtered_user_list()
   if (isset($_GET['username']) and !empty($_GET['username']))
   {
     $username = str_replace('*', '%', $_GET['username']);
-    if (function_exists('mysql_real_escape_string'))
-    {
-      $filter['username'] = mysql_real_escape_string($username);
-    }
-    else
-    {
-      $filter['username'] = mysql_escape_string($username);
-    }
+    $filter['username'] = mysql_real_escape_string($username);
   }
 
   if (isset($_GET['group'])
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 472487342..02aa2a5d8 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -115,7 +115,7 @@ SELECT MAX('.$conf['user_fields']['id'].') + 1
     $insert =
       array(
         $conf['user_fields']['id'] => $next_id,
-        $conf['user_fields']['username'] => mysql_escape_string($login),
+        $conf['user_fields']['username'] => mysql_real_escape_string($login),
         $conf['user_fields']['password'] => $conf['pass_convert']($password),
         $conf['user_fields']['email'] => $mail_address
         );
@@ -716,7 +716,7 @@ function get_userid($username)
 {
   global $conf;
 
-  $username = mysql_escape_string($username);
+  $username = mysql_real_escape_string($username);
 
   $query = '
 SELECT '.$conf['user_fields']['id'].'
diff --git a/language/fr_FR/install.lang.php b/language/fr_FR/install.lang.php
index 012499550..6e90429e8 100644
--- a/language/fr_FR/install.lang.php
+++ b/language/fr_FR/install.lang.php
@@ -59,7 +59,7 @@ $lang['install_help'] = 'Besoin d\'aide ? Posez votre question sur le <a href="%
 $lang['install_end_message'] = 'La configuration de l\'application s\'est correctement déroulée, place à la prochaine étape<br /><br />
 Par mesure de sécurité, merci de supprimer le fichier "install.php"<br />
 Un fois ce fichier supprimé, veuillez suivre ces indications :<br />
-* allez sur la page d\'identification : [ <a href="./identification.php">identification</a> ] et connectez-vous avec le pseudo donné pour le webmasterbr<br />
+* allez sur la page d\'identification : [ <a href="./identification.php">identification</a> ] et connectez-vous avec le pseudo donné pour le webmaster<br />
 * celui-ci vous permet d\'accéder à la partie administration et aux instructions pour placer les images dans les répertoires.';
 $lang['conf_mail_webmaster'] = 'Adresse e-mail de l\'Administrateur';
 $lang['conf_mail_webmaster_info'] = 'Les visiteurs pourront vous contacter par ce mail';
diff --git a/password.php b/password.php
index 2161188b7..0a7ca4b87 100644
--- a/password.php
+++ b/password.php
@@ -56,7 +56,7 @@ if (isset($_POST['submit']))
   }
   else if (isset($_POST['mail_address']) and !empty($_POST['mail_address']))
   {
-    $mail_address = mysql_escape_string($_POST['mail_address']);
+    $mail_address = mysql_real_escape_string($_POST['mail_address']);
     
     $query = '
 SELECT '.$conf['user_fields']['id'].' AS id
-- 
cgit v1.2.3