- improve 1.3.1 upgrade (automatic write in mysql.inc.php).

- translate 1.3.1 upgrade informations messages. - security fix in upgrade login. git-svn-id: http://piwigo.org/svn/trunk@2838 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-03-28 17:42:57 +01:00 · 2008-11-07 13:54:35 +00:00
parent e91161f331
commit 04395a4c35
8 changed files with 69 additions and 15 deletions
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -136,11 +136,16 @@ function check_upgrade_access_rights($current_release, $username, $password)
 {
  global $conf, $page;

+  if(!get_magic_quotes_gpc())
+  {
+    $username = mysql_real_escape_string($username);
+  }
+
  if (version_compare($current_release, '1.5.0', '<'))
  {
    $query = '
 SELECT password, status
-FROM '.PREFIX_TABLE.'users
+FROM '.USERS_TABLE.'
 WHERE username = "'.$username.'"
 ;';
  }
@@ -149,8 +154,8 @@ WHERE username = "'.$username.'"
    $query = '
 SELECT u.password, ui.status
 FROM '.$conf['users_table'].' AS u
-INNER JOIN '.PREFIX_TABLE.'user_infos AS ui
-ON u.id = ui.user_id
+INNER JOIN '.USER_INFOS_TABLE.' AS ui
+ON u.'.$conf['user_fields']['id'].'=ui.user_id
 WHERE '.$conf['user_fields']['username'].'="'.$username.'"
 ;';
  }
--- a/install/upgrade_1.3.1.php
+++ b/install/upgrade_1.3.1.php
@@ -578,24 +578,43 @@ UPDATE '.CATEGORIES_TABLE.'
  pwg_query($query);
 }

+// load the config file
+$config_file = PHPWG_ROOT_PATH.'include/mysql.inc.php';
+$config_file_contents = @file_get_contents($config_file);
+if ($config_file_contents === false)
+{
+  die('CANNOT LOAD '.$config_file);
+}
+$php_end_tag = strrpos($config_file_contents, '?'.'>');
+if ($php_end_tag === false)
+{
+  die('CANNOT FIND PHP END TAG IN '.$config_file);
+}
+if (!is_writable($config_file))
+{
+  die('FILE NOT WRITABLE '.$config_file);
+}
+
+// Insert define('PHPWG_INSTALLED', true); in mysql.inc.php
+$config_file_contents =
+    substr($config_file_contents, 0, $php_end_tag).'
+define(\'PHPWG_INSTALLED\', true);
+'.substr($config_file_contents, $php_end_tag);
+
+$fp = @fopen( $config_file, 'w' );
+@fputs($fp, $config_file_contents, strlen($config_file_contents));
+@fclose($fp);
+
+// Send infos
 $page['infos'] = array_merge(
  $page['infos'],
  array(
-    'all sub-categories of private categories become private',
-
-    'user permissions and group permissions have been erased',
-
-    'only thumbnails prefix and webmaster mail address have been saved from
-previous configuration',
-
-    'in include/mysql.inc.php, before
-<pre style="background-color:lightgray">?&gt;</pre>
-insert
-<pre style="background-color:lightgray">define(\'PHPWG_INSTALLED\', true);</pre>'
+    l10n('all sub-categories of private categories become private'),
+    l10n('user permissions and group permissions have been erased'),
+    l10n('only thumbnails prefix and webmaster mail saved')
    )
  );

-
 // now we upgrade from 1.4.0
 include_once(PHPWG_ROOT_PATH.'install/upgrade_1.4.0.php');
 ?>
--- a/language/de_DE/upgrade.lang.php
+++ b/language/de_DE/upgrade.lang.php
@@ -37,4 +37,9 @@ $lang['deactivated plugins'] = 'As a precaution, following plugins have been dea
 $lang['upgrade login message'] = 'Only administrator can run upgrade: please sign in below.';
 $lang['You do not have access rights to run upgrade'] = 'You do not have access rights to run upgrade';

+// Upgrade informations from upgrade_1.3.1.php
+$lang['all sub-categories of private categories become private'] = 'All sub-categories of private categories become private';
+$lang['user permissions and group permissions have been erased'] = 'User permissions and group permissions have been erased';
+$lang['only thumbnails prefix and webmaster mail saved'] = 'Only thumbnails prefix and webmaster mail address have been saved from previous configuration';
+
 ?>
--- a/language/en_UK/upgrade.lang.php
+++ b/language/en_UK/upgrade.lang.php
@@ -36,4 +36,9 @@ $lang['deactivated plugins'] = 'As a precaution, following plugins have been dea
 $lang['upgrade login message'] = 'Only administrator can run upgrade: please sign in below.';
 $lang['You do not have access rights to run upgrade'] = 'You do not have access rights to run upgrade';

+// Upgrade infoformations from upgrade_1.3.1.php
+$lang['all sub-categories of private categories become private'] = 'All sub-categories of private categories become private';
+$lang['user permissions and group permissions have been erased'] = 'User permissions and group permissions have been erased';
+$lang['only thumbnails prefix and webmaster mail saved'] = 'Only thumbnails prefix and webmaster mail address have been saved from previous configuration';
+
 ?>
--- a/language/es_ES/upgrade.lang.php
+++ b/language/es_ES/upgrade.lang.php
@@ -36,4 +36,9 @@ $lang['deactivated plugins'] = 'Por precaución, el plugins siguiente han sido d
 /*TODO*/$lang['upgrade login message'] = 'Only administrator can run upgrade: please sign in below.';
 /*TODO*/$lang['You do not have access rights to run upgrade'] = 'You do not have access rights to run upgrade';

+// Upgrade informations from upgrade_1.3.1.php
+/*TODO*/$lang['all sub-categories of private categories become private'] = 'All sub-categories of private categories become private';
+/*TODO*/$lang['user permissions and group permissions have been erased'] = 'User permissions and group permissions have been erased';
+/*TODO*/$lang['only thumbnails prefix and webmaster mail saved'] = 'Only thumbnails prefix and webmaster mail address have been saved from previous configuration';
+
 ?>
--- a/language/fr_FR/upgrade.lang.php
+++ b/language/fr_FR/upgrade.lang.php
@@ -37,4 +37,9 @@ $lang['deactivated plugins'] = 'Par précaution, les plugins suivants ont été
 $lang['upgrade login message'] = 'Seul un adminitrateur peut lancer la mise à jour: veuillez vous identifier ci-dessous.';
 $lang['You do not have access rights to run upgrade'] = 'Vous n\'avez pas les droits necessaires pour lancer la mise à jour.';

+// Upgrade informations from upgrade_1.3.1.php
+$lang['all sub-categories of private categories become private'] = 'Toutes les sous-catégories de catégories privées deviennent privées';
+$lang['user permissions and group permissions have been erased'] = 'Les permissions des utilisateurs et des groupes ont été effacées';
+$lang['only thumbnails prefix and webmaster mail saved'] = 'Seuls le préfixe des miniatures et l\'adresse email du webmestre ont étés sauvegardés de la configuration précédente';
+
 ?>
--- a/language/it_IT/upgrade.lang.php
+++ b/language/it_IT/upgrade.lang.php
@@ -38,4 +38,9 @@ $lang['deactivated plugins'] = 'As a precaution, following plugins have been dea
 $lang['upgrade login message'] = 'Only administrator can run upgrade: please sign in below.';
 $lang['You do not have access rights to run upgrade'] = 'You do not have access rights to run upgrade';

+// Upgrade infoformations from upgrade_1.3.1.php
+$lang['all sub-categories of private categories become private'] = 'All sub-categories of private categories become private';
+$lang['user permissions and group permissions have been erased'] = 'User permissions and group permissions have been erased';
+$lang['only thumbnails prefix and webmaster mail saved'] = 'Only thumbnails prefix and webmaster mail address have been saved from previous configuration';
+
 ?>
--- a/language/nl_NL/upgrade.lang.php
+++ b/language/nl_NL/upgrade.lang.php
@@ -38,4 +38,9 @@ $lang['deactivated plugins'] = 'As a precaution, following plugins have been dea
 $lang['upgrade login message'] = 'Only administrator can run upgrade: please sign in below.';
 $lang['You do not have access rights to run upgrade'] = 'You do not have access rights to run upgrade';

+// Upgrade infoformations from upgrade_1.3.1.php
+$lang['all sub-categories of private categories become private'] = 'All sub-categories of private categories become private';
+$lang['user permissions and group permissions have been erased'] = 'User permissions and group permissions have been erased';
+$lang['only thumbnails prefix and webmaster mail saved'] = 'Only thumbnails prefix and webmaster mail address have been saved from previous configuration';
+
 ?>