- images.file categories.permalink old_permalinks.permalink - become binary

- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
- metadata sync from the sync button does not overwrite valid data with empty metadata
- other small fixes/enhancements:
 - added event get_category_image_orders
 - fix display issue with redirect.tpl (h1/h2 within h1)
 - fix known_script smarty function registration
 - query search form not submitted if q is empty
 - better admin css rules
 - some other minor changes (ws_core, rest_handler, functions_search...)

git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices
2008-09-12 02:17:35 +00:00
parent 272113c417
commit 4d86bb2234
17 changed files with 118 additions and 56 deletions
+9 -4
View File
@@ -90,6 +90,11 @@ function pwg_session_close()
return true;
}
function get_remote_addr_session_hash()
{
return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
}
/**
* this function returns
* a string corresponding to the value of the variable save in the session
@@ -102,7 +107,7 @@ function pwg_session_read($session_id)
$query = '
SELECT data
FROM '.SESSIONS_TABLE.'
WHERE id = \''.$session_id.'\'
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
$result = pwg_query($query);
if ($result)
@@ -128,7 +133,7 @@ function pwg_session_write($session_id, $data)
UPDATE '.SESSIONS_TABLE.'
SET expiration = now(),
data = \''.$data.'\'
WHERE id = \''.$session_id.'\'
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
pwg_query($query);
if ( mysql_affected_rows()>0 )
@@ -138,7 +143,7 @@ UPDATE '.SESSIONS_TABLE.'
$query = '
INSERT INTO '.SESSIONS_TABLE.'
(id,data,expiration)
VALUES(\''.$session_id.'\',\''.$data.'\',now())
VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
;';
mysql_query($query);
return true;
@@ -154,7 +159,7 @@ function pwg_session_destroy($session_id)
$query = '
DELETE
FROM '.SESSIONS_TABLE.'
WHERE id = \''.$session_id.'\'
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
pwg_query($query);
return true;