plugins improvements: allow plugins to fail the installation/activation

comments.php improvements:
  - no more double sql escaping on author & keyword (once in common.inc.php and
once in comments.php)
  - now can search comment content on all special char ( ', ", <, >, & )
  - author & keyword are correctly redisplayed in browser when they are MySql
escaped


git-svn-id: http://piwigo.org/svn/trunk@1716 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices
2007-01-11 23:15:26 +00:00
parent d0c2de854f
commit a512c69225
2 changed files with 74 additions and 102 deletions
+43 -39
View File
@@ -1,11 +1,10 @@
<?php
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | branch : BSF (Best So Far)
// | file : $RCSfile$
// | file : $Id$
// | last update : $Date$
// | last modifier : $Author$
// | revision : $Revision$
@@ -36,21 +35,12 @@ check_status(ACCESS_ADMINISTRATOR);
$my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugins';
// +-----------------------------------------------------------------------+
// | perform requested actions |
// +-----------------------------------------------------------------------+
if ( isset($_REQUEST['action']) and isset($_REQUEST['plugin']) )
{
if (function_exists('mysql_real_escape_string'))
{
$plugin_id = mysql_real_escape_string($_REQUEST['plugin']);
}
else
{
$plugin_id = mysql_escape_string($_REQUEST['plugin']);
}
$plugin_id = $_REQUEST['plugin'];
$crt_db_plugin = get_db_plugins('', $plugin_id);
if (!empty($crt_db_plugin))
{
@@ -61,6 +51,7 @@ if ( isset($_REQUEST['action']) and isset($_REQUEST['plugin']) )
unset($crt_db_plugin);
}
$errors = array();
$file_to_include = PHPWG_PLUGINS_PATH.$plugin_id.'/maintain.inc.php';
switch ( $_REQUEST['action'] )
@@ -68,50 +59,58 @@ if ( isset($_REQUEST['action']) and isset($_REQUEST['plugin']) )
case 'install':
if ( !empty($crt_db_plugin))
{
die ('CANNOT install - ALREADY INSTALLED');
array_push($errors, 'CANNOT install - ALREADY INSTALLED');
break;
}
$fs_plugins = get_fs_plugins();
if ( !isset( $fs_plugins[$plugin_id] ) )
{
die ('CANNOT install - NO SUCH PLUGIN');
array_push($errors, 'CANNOT install - NO SUCH PLUGIN');
break;
}
$query = '
if ( file_exists($file_to_include) )
{
include_once($file_to_include);
if ( function_exists('plugin_install') )
{
plugin_install($plugin_id, $fs_plugins[$plugin_id]['version'], $errors);
}
}
if (empty($errors))
{
$query = '
INSERT INTO '.PLUGINS_TABLE.' (id,version) VALUES ("'
.$plugin_id.'","'.$fs_plugins[$plugin_id]['version'].'"
)';
pwg_query($query);
// MAYBE TODO HERE = what if we die or we fail ???
@include_once($file_to_include);
if ( function_exists('plugin_install') )
{
plugin_install($plugin_id);
pwg_query($query);
}
break;
case 'activate':
if ( !isset($crt_db_plugin) )
{
die ('CANNOT '. $_REQUEST['action'] .' - NOT INSTALLED');
array_push($errors, 'CANNOT '. $_REQUEST['action'] .' - NOT INSTALLED');
}
if ($crt_db_plugin['state']!='inactive')
{
die('invalid current state '.$crt_db_plugin['state']);
array_push($errors, 'invalid current state '.$crt_db_plugin['state']);
}
$query = '
UPDATE '.PLUGINS_TABLE.' SET state="active" WHERE id="'.$plugin_id.'"';
pwg_query($query);
// MAYBE TODO HERE = what if we die or we fail ???
@include_once($file_to_include);
if ( function_exists('plugin_activate') )
if ( file_exists($file_to_include) )
{
plugin_activate($plugin_id);
include_once($file_to_include);
if ( function_exists('plugin_activate') )
{
plugin_activate($plugin_id, $crt_db_plugin['version'], $errors);
}
}
if (empty($errors))
{
$query = '
UPDATE '.PLUGINS_TABLE.' SET state="active" WHERE id="'.$plugin_id.'"';
pwg_query($query);
}
break;
case 'deactivate':
if ( !isset($crt_db_plugin) )
{
@@ -125,7 +124,6 @@ UPDATE '.PLUGINS_TABLE.' SET state="active" WHERE id="'.$plugin_id.'"';
UPDATE '.PLUGINS_TABLE.' SET state="inactive" WHERE id="'.$plugin_id.'"';
pwg_query($query);
// MAYBE TODO HERE = what if we die or we fail ???
@include_once($file_to_include);
if ( function_exists('plugin_deactivate') )
{
@@ -142,7 +140,6 @@ UPDATE '.PLUGINS_TABLE.' SET state="inactive" WHERE id="'.$plugin_id.'"';
DELETE FROM '.PLUGINS_TABLE.' WHERE id="'.$plugin_id.'"';
pwg_query($query);
// MAYBE TODO HERE = what if we die or we fail ???
@include_once($file_to_include);
if ( function_exists('plugin_uninstall') )
{
@@ -150,8 +147,15 @@ DELETE FROM '.PLUGINS_TABLE.' WHERE id="'.$plugin_id.'"';
}
break;
}
// do the redirection so that we allow the plugins to load/unload
redirect($my_base_url);
if (empty($errors))
{
// do the redirection so that we allow the plugins to load/unload
redirect($my_base_url);
}
else
{
$page['errors'] = array_merge($page['errors'], $errors);
}
}
+31 -63
View File
@@ -2,7 +2,7 @@
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | branch : BSF (Best So Far)
// | file : $Id$
@@ -63,7 +63,7 @@ $since_options = array(
'clause' => '1=1') // stupid but generic
);
$page['since'] = isset($_GET['since']) ? $_GET['since'] : 3;
$page['since'] = isset($_GET['since']) ? $_GET['since'] : 4;
// on which field sorting
//
@@ -91,43 +91,29 @@ if (isset($_GET['items_number']))
$page['items_number'] = $_GET['items_number'];
}
$page['where_clauses'] = array();
// which category to filter on ?
$page['cat_clause'] = '1=1';
if (isset($_GET['cat']) and 0 != $_GET['cat'])
{
$page['cat_clause'] =
$page['where_clauses'][] =
'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
}
// search a particular author
$page['author_clause'] = '1=1';
if (isset($_GET['author']) and !empty($_GET['author']))
{
if (function_exists('mysql_real_escape_string'))
{
$author = mysql_real_escape_string($_GET['author']);
}
else
{
$author = mysql_escape_string($_GET['author']);
}
$page['author_clause'] = 'author = \''.$author.'\'';
$page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\'';
}
// search a substring among comments content
$page['keyword_clause'] = '1=1';
if (isset($_GET['keyword']) and !empty($_GET['keyword']))
{
if (function_exists('mysql_real_escape_string'))
{
$keyword = mysql_real_escape_string($_GET['keyword']);
}
else
{
$keyword = mysql_escape_string($_GET['keyword']);
}
$page['keyword_clause'] =
// fors some odd reason comment content is htmlspecialchars in the database
$keyword = addslashes(
htmlspecialchars( stripslashes($_GET['keyword']), ENT_QUOTES)
);
$page['where_clauses'][] =
'('.
implode(' AND ',
array_map(
@@ -141,16 +127,24 @@ if (isset($_GET['keyword']) and !empty($_GET['keyword']))
')';
}
$page['where_clauses'][] = $since_options[$page['since']]['clause'];
// which status to filter on ?
if ( is_admin() )
if ( !is_admin() )
{
$page['status_clause'] = '1=1';
}
else
{
$page['status_clause'] = 'validated="true"';
$page['where_clauses'][] = 'validated="true"';
}
$page['where_clauses'][] = get_sql_condition_FandF
(
array
(
'forbidden_categories' => 'category_id',
'visible_categories' => 'category_id',
'visible_images' => 'ic.image_id'
),
'', true
);
// +-----------------------------------------------------------------------+
// | comments management |
@@ -193,8 +187,8 @@ $template->assign_vars(
'L_COMMENT_TITLE' => $title,
'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
'F_KEYWORD'=>@htmlentities($_GET['keyword']),
'F_AUTHOR'=>@htmlentities($_GET['author']),
'F_KEYWORD'=>@htmlentities(stripslashes($_GET['keyword'])),
'F_AUTHOR'=>@htmlentities(stripslashes($_GET['author'])),
'U_HOME' => make_index_url(),
)
@@ -307,21 +301,8 @@ SELECT COUNT(DISTINCT(id))
FROM '.IMAGE_CATEGORY_TABLE.' AS ic
INNER JOIN '.COMMENTS_TABLE.' AS com
ON ic.image_id = com.image_id
WHERE '.$since_options[$page['since']]['clause'].'
AND '.$page['cat_clause'].'
AND '.$page['author_clause'].'
AND '.$page['keyword_clause'].'
AND '.$page['status_clause'].'
'.get_sql_condition_FandF
(
array
(
'forbidden_categories' => 'category_id',
'visible_categories' => 'category_id',
'visible_images' => 'ic.image_id'
),
'AND'
).'
WHERE '.implode('
AND ', $page['where_clauses']).'
;';
list($counter) = mysql_fetch_row(pwg_query($query));
@@ -357,21 +338,8 @@ SELECT com.id AS comment_id
FROM '.IMAGE_CATEGORY_TABLE.' AS ic
INNER JOIN '.COMMENTS_TABLE.' AS com
ON ic.image_id = com.image_id
WHERE '.$since_options[$page['since']]['clause'].'
AND '.$page['cat_clause'].'
AND '.$page['author_clause'].'
AND '.$page['keyword_clause'].'
AND '.$page['status_clause'].'
'.get_sql_condition_FandF
(
array
(
'forbidden_categories' => 'category_id',
'visible_categories' => 'category_id',
'visible_images' => 'ic.image_id'
),
'AND'
).'
WHERE '.implode('
AND ', $page['where_clauses']).'
GROUP BY comment_id
ORDER BY '.$page['sort_by'].' '.$page['sort_order'];
if ('all' != $page['items_number'])