adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

- images.file categories.permalink old_permalinks.permalink - become binary

Browse Source 
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
- metadata sync from the sync button does not overwrite valid data with empty metadata
- other small fixes/enhancements:
 - added event get_category_image_orders
 - fix display issue with redirect.tpl (h1/h2 within h1)
 - fix known_script smarty function registration
 - query search form not submitted if q is empty
 - better admin css rules
 - some other minor changes (ws_core, rest_handler, functions_search...)

git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices
2008-09-12 02:17:35 +00:00
parent 272113c417
commit 4d86bb2234
17 changed files with 118 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/include/functions_metadata.php
+15 -18
View File
@@ -28,9 +28,9 @@ $page['datefields'] = array('date_creation', 'date_available');
function get_sync_iptc_data($file) function get_sync_iptc_data($file)
{ {
global $conf, $page; global $conf, $page;
$map = $conf['use_iptc_mapping']; $map = $conf['use_iptc_mapping'];
$iptc = get_iptc_data($file, $map); $iptc = get_iptc_data($file, $map);
foreach ($iptc as $pwg_key => $value) foreach ($iptc as $pwg_key => $value)
@@ -108,7 +108,7 @@ function update_metadata($files)
{ {
array_push($image_ids, $id); array_push($image_ids, $id);
} }
$query = ' $query = '
SELECT id SELECT id
FROM '.IMAGES_TABLE.' FROM '.IMAGES_TABLE.'
@@ -118,18 +118,14 @@ SELECT id
) )
;'; ;';
$result = pwg_query($query); $has_high_images = array_from_query($query, 'id');
while ($row = mysql_fetch_array($result))
{
array_push($has_high_images, $row['id']);
}
foreach ($files as $id => $file) foreach ($files as $id => $file)
{ {
$data = array(); $data = array();
$data['id'] = $id; $data['id'] = $id;
$data['filesize'] = floor(filesize($file)/1024); $data['filesize'] = floor(filesize($file)/1024);
if ($image_size = @getimagesize($file)) if ($image_size = @getimagesize($file))
{ {
$data['width'] = $image_size[0]; $data['width'] = $image_size[0];
@@ -142,7 +138,7 @@ SELECT id
$data['high_filesize'] = floor(filesize($high_file)/1024); $data['high_filesize'] = floor(filesize($high_file)/1024);
} }
if ($conf['use_exif']) if ($conf['use_exif'])
{ {
$exif = get_sync_exif_data($file); $exif = get_sync_exif_data($file);
@@ -161,7 +157,7 @@ SELECT id
{ {
$tags_of[$id] = array(); $tags_of[$id] = array();
} }
foreach (explode(',', $iptc[$key]) as $tag_name) foreach (explode(',', $iptc[$key]) as $tag_name)
{ {
array_push( array_push(
@@ -178,7 +174,7 @@ SELECT id
array_push($datas, $data); array_push($datas, $data);
} }
if (count($datas) > 0) if (count($datas) > 0)
{ {
$update_fields = $update_fields =
@@ -189,7 +185,7 @@ SELECT id
'high_filesize', 'high_filesize',
'date_metadata_update' 'date_metadata_update'
); );
if ($conf['use_exif']) if ($conf['use_exif'])
{ {
$update_fields = $update_fields =
@@ -198,7 +194,7 @@ SELECT id
array_keys($conf['use_exif_mapping']) array_keys($conf['use_exif_mapping'])
); );
} }
if ($conf['use_iptc']) if ($conf['use_iptc'])
{ {
$update_fields = $update_fields =
@@ -217,7 +213,8 @@ SELECT id
'primary' => array('id'), 'primary' => array('id'),
'update' => array_unique($update_fields) 'update' => array_unique($update_fields)
), ),
$datas $datas,
MASS_UPDATES_SKIP_EMPTY
); );
} }
@@ -234,12 +231,12 @@ SELECT id
* @param boolean only newly added files ? * @param boolean only newly added files ?
* @return array * @return array
*/ */
function get_filelist($category_id = '', $site_id=1, $recursive = false, function get_filelist($category_id = '', $site_id=1, $recursive = false,
$only_new = false) $only_new = false)
{ {
// filling $cat_ids : all categories required // filling $cat_ids : all categories required
$cat_ids = array(); $cat_ids = array();
$query = ' $query = '
SELECT id SELECT id
FROM '.CATEGORIES_TABLE.' FROM '.CATEGORIES_TABLE.'
@@ -292,7 +289,7 @@ SELECT id, path
{ {
$files[$row['id']] = $row['path']; $files[$row['id']] = $row['path'];
} }
return $files; return $files;
} }
?> ?>
admin/template/yoga/default-layout.css
+1 -1
View File
@@ -290,7 +290,7 @@ INPUT, SELECT {
margin: 0; margin: 0;
font-size: 1em; /* <= some browsers don't set it correctly */ font-size: 1em; /* <= some browsers don't set it correctly */
} }
UL, DL { text-align: left;} UL, DL, OL { text-align: left;}
TABLE { /* horizontaly centered */ TABLE { /* horizontaly centered */
margin-left: auto; margin-left: auto;
margin-right: auto; margin-right: auto;
admin/template/yoga/layout.css
+1 -2
View File
@@ -1,7 +1,6 @@
/* $Id$ */
/* template css */ /* template css */
@import "menubar.css"; /*@import "menubar.css";*/
@import "content.css"; @import "content.css";
@import "thumbnails.css"; @import "thumbnails.css";
@import "default-layout.css"; @import "default-layout.css";
admin/template/yoga/theme/admin/theme.css
-2
View File
@@ -44,11 +44,9 @@ letter-spacing:0.1em; margin-right:30px; text-align:right; color: #777;
text-transform:none; font-weight:bold; padding-left:20px; } text-transform:none; font-weight:bold; padding-left:20px; }
.content dl, dd { margin:5px; } .content dl, dd { margin:5px; }
.content div.titrePage { height:55px; } .content div.titrePage { height:55px; }
.content ol li { text-align: left; }
.instructions { text-align: left; padding: 20px 20px 0 20px; } .instructions { text-align: left; padding: 20px 20px 0 20px; }
.throw, td h3 { .throw, td h3 {
background-image: url(images/fillet.png); background-repeat: repeat-x; } background-image: url(images/fillet.png); background-repeat: repeat-x; }
.browsePath a { color: #eee; }
/* borders */ /* TODO */ /* borders */ /* TODO */
INPUT, SELECT, TEXTAREA { border-left: 2px inset #696969; INPUT, SELECT, TEXTAREA { border-left: 2px inset #696969;
cursor:text; text-indent:4px; } cursor:text; text-indent:4px; }
include/functions.inc.php
+3 -6
View File
@@ -747,13 +747,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0)
if (empty($msg)) if (empty($msg))
{ {
$redirect_msg = l10n('redirect_msg'); $msg = nl2br(l10n('redirect_msg'));
} }
else
{
$redirect_msg = $msg;
}
$redirect_msg = nl2br($redirect_msg);
$refresh = $refresh_time; $refresh = $refresh_time;
$url_link = $url; $url_link = $url;
@@ -764,6 +759,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0)
include( PHPWG_ROOT_PATH.'include/page_header.php' ); include( PHPWG_ROOT_PATH.'include/page_header.php' );
$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) ); $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
$template->assign('REDIRECT_MSG', $msg);
$template->parse('redirect'); $template->parse('redirect');
include( PHPWG_ROOT_PATH.'include/page_tail.php' ); include( PHPWG_ROOT_PATH.'include/page_tail.php' );
include/functions_category.inc.php
+5 -4
View File
@@ -258,8 +258,9 @@ SELECT galleries_url
function get_category_preferred_image_orders() function get_category_preferred_image_orders()
{ {
global $conf, $page; global $conf, $page;
return array( return trigger_event('get_category_preferred_image_orders',
array(
array(l10n('default_sort'), '', true), array(l10n('default_sort'), '', true),
array(l10n('Average rate'), 'average_rate DESC', $conf['rate']), array(l10n('Average rate'), 'average_rate DESC', $conf['rate']),
array(l10n('most_visited_cat'), 'hit DESC', true), array(l10n('most_visited_cat'), 'hit DESC', true),
@@ -269,9 +270,9 @@ function get_category_preferred_image_orders()
array( array(
l10n('Rank'), l10n('Rank'),
'rank ASC', 'rank ASC',
('categories' == $page['section'] and !isset($page['flat'])) ('categories' == @$page['section'] and !isset($page['flat']))
) )
); ));
} }
function display_select_categories($categories, function display_select_categories($categories,
include/functions_search.inc.php
+8
View File
@@ -352,6 +352,10 @@ function get_qsearch_like_clause($q, $field)
} }
else else
{ {
if ( strcspn($ch, '%_')==0)
{// escape LIKE specials %_
$ch = '\\'.$ch;
}
$crt_token .= $ch; $crt_token .= $ch;
} }
break; break;
@@ -366,6 +370,10 @@ function get_qsearch_like_clause($q, $field)
$state=0; $state=0;
break; break;
default: default:
if ( strcspn($ch, '%_')==0)
{// escape LIKE specials %_
$ch = '\\'.$ch;
}
$crt_token .= $ch; $crt_token .= $ch;
} }
break; break;
include/functions_session.inc.php
+9 -4
View File
@@ -90,6 +90,11 @@ function pwg_session_close()
return true; return true;
} }
function get_remote_addr_session_hash()
{
return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
}
/** /**
* this function returns * this function returns
* a string corresponding to the value of the variable save in the session * a string corresponding to the value of the variable save in the session
@@ -102,7 +107,7 @@ function pwg_session_read($session_id)
$query = ' $query = '
SELECT data SELECT data
FROM '.SESSIONS_TABLE.' FROM '.SESSIONS_TABLE.'
WHERE id = \''.$session_id.'\' WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;'; ;';
$result = pwg_query($query); $result = pwg_query($query);
if ($result) if ($result)
@@ -128,7 +133,7 @@ function pwg_session_write($session_id, $data)
UPDATE '.SESSIONS_TABLE.' UPDATE '.SESSIONS_TABLE.'
SET expiration = now(), SET expiration = now(),
data = \''.$data.'\' data = \''.$data.'\'
WHERE id = \''.$session_id.'\' WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;'; ;';
pwg_query($query); pwg_query($query);
if ( mysql_affected_rows()>0 ) if ( mysql_affected_rows()>0 )
@@ -138,7 +143,7 @@ UPDATE '.SESSIONS_TABLE.'
$query = ' $query = '
INSERT INTO '.SESSIONS_TABLE.' INSERT INTO '.SESSIONS_TABLE.'
(id,data,expiration) (id,data,expiration)
VALUES(\''.$session_id.'\',\''.$data.'\',now()) VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
;'; ;';
mysql_query($query); mysql_query($query);
return true; return true;
@@ -154,7 +159,7 @@ function pwg_session_destroy($session_id)
$query = ' $query = '
DELETE DELETE
FROM '.SESSIONS_TABLE.' FROM '.SESSIONS_TABLE.'
WHERE id = \''.$session_id.'\' WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;'; ;';
pwg_query($query); pwg_query($query);
return true; return true;
include/page_header.php
+1 -2
View File
@@ -69,11 +69,10 @@ if ( !empty($page['meta_robots']) )
// refresh // refresh
if ( isset( $refresh ) and intval($refresh) >= 0 if ( isset( $refresh ) and intval($refresh) >= 0
and isset( $url_link ) and isset( $redirect_msg ) ) and isset( $url_link ) )
{ {
$template->assign( $template->assign(
array( array(
'REDIRECT_MSG' => $redirect_msg,
'page_refresh' => array( 'page_refresh' => array(
'TIME' => $refresh, 'TIME' => $refresh,
'U_REFRESH' => $url_link 'U_REFRESH' => $url_link
include/template.class.php
+1 -1
View File
@@ -62,7 +62,7 @@ class Template {
$this->smarty->register_modifier( 'translate', array('Template', 'mod_translate') ); $this->smarty->register_modifier( 'translate', array('Template', 'mod_translate') );
$this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') ); $this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') );
$this->smarty->register_block('html_head', array(&$this, 'block_html_head') ); $this->smarty->register_block('html_head', array(&$this, 'block_html_head') );
$this->smarty->register_function('known_script', array(&$this, 'func_known_script'), false ); $this->smarty->register_function('known_script', array(&$this, 'func_known_script') );
$this->smarty->register_prefilter( array('Template', 'prefilter_white_space') ); $this->smarty->register_prefilter( array('Template', 'prefilter_white_space') );
if ( $conf['compiled_template_cache_language'] ) if ( $conf['compiled_template_cache_language'] )
{ {
include/ws_core.inc.php
+3 -5
View File
@@ -378,12 +378,10 @@ class PwgServer
{ {
if ( is_null($this->_responseEncoder) ) if ( is_null($this->_responseEncoder) )
{ {
set_status_header(500); set_status_header(400);
@header("Content-Type: text/plain"); @header("Content-Type: text/plain");
echo ("Cannot process your request. Unknown response format. echo ("Cannot process your request. Unknown response format.
Request format: ".@$this->_requestFormat." handler:".$this->_requestHandler." Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseFormat."\n");
Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
");
var_export($this); var_export($this);
die(0); die(0);
} }
@@ -391,7 +389,7 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
if ( is_null($this->_requestHandler) ) if ( is_null($this->_requestHandler) )
{ {
$this->sendResponse( $this->sendResponse(
new PwgError(500, 'Unknown request format') new PwgError(400, 'Unknown request format')
); );
return; return;
} }
include/ws_protocols/rest_handler.php
+2 -2
View File
@@ -30,7 +30,7 @@ class PwgRestRequestHandler
$param_array = $service->isPost() ? $_POST : $_GET; $param_array = $service->isPost() ? $_POST : $_GET;
foreach ($param_array as $name => $value) foreach ($param_array as $name => $value)
{ {
if ($name=='format' or $name=='partner') if ($name=='format')
continue; // ignore - special keys continue; // ignore - special keys
if ($name=='method') if ($name=='method')
{ {
@@ -45,7 +45,7 @@ class PwgRestRequestHandler
if ( empty($method) ) if ( empty($method) )
{ {
$service->sendResponse( $service->sendResponse(
new PwgError(400, 'Missing "method" name') new PwgError(WS_ERR_INVALID_METHOD, 'Missing "method" name')
); );
return; return;
} }
install/db/77-database.php
+54
View File
@@ -0,0 +1,54 @@
<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based picture gallery |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008 Piwigo Team http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
$upgrade_description = 'images.file categories.permalink old_permalinks.permalink - become binary';
// +-----------------------------------------------------------------------+
// | Upgrade content |
// +-----------------------------------------------------------------------+
$query = 'ALTER TABLE '.CATEGORIES_TABLE.'
MODIFY COLUMN permalink varchar(64) binary default NULL';
pwg_query($query);
$query = 'ALTER TABLE '.OLD_PERMALINKS_TABLE.'
MODIFY COLUMN permalink varchar(64) binary NOT NULL default ""';
pwg_query($query);
$query = 'ALTER TABLE '.IMAGES_TABLE.'
MODIFY COLUMN file varchar(255) binary NOT NULL default ""';
pwg_query($query);
echo
"\n"
.'"'.$upgrade_description.'"'.' ended'
."\n"
;
?>
install/piwigo_structure.sql
+3 -3
View File
@@ -36,7 +36,7 @@ CREATE TABLE `piwigo_categories` (
`commentable` enum('true','false') NOT NULL default 'true', `commentable` enum('true','false') NOT NULL default 'true',
`global_rank` varchar(255) default NULL, `global_rank` varchar(255) default NULL,
`image_order` varchar(128) default NULL, `image_order` varchar(128) default NULL,
`permalink` varchar(64) default NULL, `permalink` varchar(64) binary default NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
UNIQUE KEY `categories_i3` (`permalink`), UNIQUE KEY `categories_i3` (`permalink`),
KEY `categories_i2` (`id_uppercat`) KEY `categories_i2` (`id_uppercat`)
@@ -174,7 +174,7 @@ CREATE TABLE `piwigo_image_tag` (
DROP TABLE IF EXISTS `piwigo_images`; DROP TABLE IF EXISTS `piwigo_images`;
CREATE TABLE `piwigo_images` ( CREATE TABLE `piwigo_images` (
`id` mediumint(8) unsigned NOT NULL auto_increment, `id` mediumint(8) unsigned NOT NULL auto_increment,
`file` varchar(255) NOT NULL default '', `file` varchar(255) binary NOT NULL default '',
`date_available` datetime NOT NULL default '0000-00-00 00:00:00', `date_available` datetime NOT NULL default '0000-00-00 00:00:00',
`date_creation` date default NULL, `date_creation` date default NULL,
`tn_ext` varchar(4) default '', `tn_ext` varchar(4) default '',
@@ -208,7 +208,7 @@ CREATE TABLE `piwigo_images` (
DROP TABLE IF EXISTS `piwigo_old_permalinks`; DROP TABLE IF EXISTS `piwigo_old_permalinks`;
CREATE TABLE `piwigo_old_permalinks` ( CREATE TABLE `piwigo_old_permalinks` (
`cat_id` smallint(5) unsigned NOT NULL default '0', `cat_id` smallint(5) unsigned NOT NULL default '0',
`permalink` varchar(64) NOT NULL default '', `permalink` varchar(64) binary NOT NULL default '',
`date_deleted` datetime NOT NULL default '0000-00-00 00:00:00', `date_deleted` datetime NOT NULL default '0000-00-00 00:00:00',
`last_hit` datetime default NULL, `last_hit` datetime default NULL,
`hit` int(10) unsigned NOT NULL default '0', `hit` int(10) unsigned NOT NULL default '0',
picture.php
+1 -2
View File
@@ -536,14 +536,13 @@ if (isset($_GET['slideshow']))
if (!empty($id_pict_redirect)) if (!empty($id_pict_redirect))
{ {
// $redirect_msg, $refresh, $url_link and $title are required for creating // $refresh, $url_link and $title are required for creating
// an automated refresh page in header.tpl // an automated refresh page in header.tpl
$refresh = $slideshow_params['period']; $refresh = $slideshow_params['period'];
$url_link = add_url_params( $url_link = add_url_params(
$picture[$id_pict_redirect]['url'], $picture[$id_pict_redirect]['url'],
$slideshow_url_params $slideshow_url_params
); );
$redirect_msg = nl2br(l10n('redirect_msg'));
} }
} }
} }
template/yoga/menubar_menu.tpl
+2 -2
View File
@@ -1,6 +1,6 @@
<dt>{$block->get_title()|@translate}</dt> <dt>{'title_menu'|@translate}</dt>
<dd> <dd>
<form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch"> <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch" onsubmit="return this.q.value!='' && this.q.value!=qsearch_prompt;">
<p style="margin:0;padding:0"{*this <p> is for html validation only - does not affect positioning*}> <p style="margin:0;padding:0"{*this <p> is for html validation only - does not affect positioning*}>
<input type="text" name="q" id="qsearchInput" onfocus="if (value==qsearch_prompt) value='';" onblur="if (value=='') value=qsearch_prompt;" style="width:90%"/> <input type="text" name="q" id="qsearchInput" onfocus="if (value==qsearch_prompt) value='';" onblur="if (value=='') value=qsearch_prompt;" style="width:90%"/>
</p> </p>
template/yoga/redirect.tpl
+9 -2
View File
@@ -1,6 +1,13 @@
{* $Id$ *} {* $Id$ *}
<h2>{$REDIRECT_MSG}</h2> {html_head}
<p style="text-align:center; margin: 2em"> <style type="text/css">#the_page {ldelim}text-align:center;} </style>
{/html_head}
<div>
{$REDIRECT_MSG}
</div>
<p style="margin: 2em">
<a href="{$page_refresh.U_REFRESH}"> <a href="{$page_refresh.U_REFRESH}">
{'click_to_redirect'|@translate} {'click_to_redirect'|@translate}
</a> </a>