mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-05 01:12:29 +02:00
- images.file categories.permalink old_permalinks.permalink - become binary
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range) - metadata sync from the sync button does not overwrite valid data with empty metadata - other small fixes/enhancements: - added event get_category_image_orders - fix display issue with redirect.tpl (h1/h2 within h1) - fix known_script smarty function registration - query search form not submitted if q is empty - better admin css rules - some other minor changes (ws_core, rest_handler, functions_search...) git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
@@ -90,6 +90,11 @@ function pwg_session_close()
|
||||
return true;
|
||||
}
|
||||
|
||||
function get_remote_addr_session_hash()
|
||||
{
|
||||
return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
|
||||
}
|
||||
|
||||
/**
|
||||
* this function returns
|
||||
* a string corresponding to the value of the variable save in the session
|
||||
@@ -102,7 +107,7 @@ function pwg_session_read($session_id)
|
||||
$query = '
|
||||
SELECT data
|
||||
FROM '.SESSIONS_TABLE.'
|
||||
WHERE id = \''.$session_id.'\'
|
||||
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
|
||||
;';
|
||||
$result = pwg_query($query);
|
||||
if ($result)
|
||||
@@ -128,7 +133,7 @@ function pwg_session_write($session_id, $data)
|
||||
UPDATE '.SESSIONS_TABLE.'
|
||||
SET expiration = now(),
|
||||
data = \''.$data.'\'
|
||||
WHERE id = \''.$session_id.'\'
|
||||
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
|
||||
;';
|
||||
pwg_query($query);
|
||||
if ( mysql_affected_rows()>0 )
|
||||
@@ -138,7 +143,7 @@ UPDATE '.SESSIONS_TABLE.'
|
||||
$query = '
|
||||
INSERT INTO '.SESSIONS_TABLE.'
|
||||
(id,data,expiration)
|
||||
VALUES(\''.$session_id.'\',\''.$data.'\',now())
|
||||
VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
|
||||
;';
|
||||
mysql_query($query);
|
||||
return true;
|
||||
@@ -154,7 +159,7 @@ function pwg_session_destroy($session_id)
|
||||
$query = '
|
||||
DELETE
|
||||
FROM '.SESSIONS_TABLE.'
|
||||
WHERE id = \''.$session_id.'\'
|
||||
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
|
||||
;';
|
||||
pwg_query($query);
|
||||
return true;
|
||||
|
||||
Reference in New Issue
Block a user