iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

- images.file categories.permalink old_permalinks.permalink - become binary

Browse Source 
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
- metadata sync from the sync button does not overwrite valid data with empty metadata
- other small fixes/enhancements:
 - added event get_category_image_orders
 - fix display issue with redirect.tpl (h1/h2 within h1)
 - fix known_script smarty function registration
 - query search form not submitted if q is empty
 - better admin css rules
 - some other minor changes (ws_core, rest_handler, functions_search...)

git-svn-id: http://piwigo.org/svn/trunk@2521 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices
2008-09-12 02:17:35 +00:00
parent 272113c417
commit 4d86bb2234
17 changed files with 118 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
admin/include/functions_metadata.php
View File

@@ -28,9 +28,9 @@ $page['datefields'] = array('date_creation', 'date_available');
function get_sync_iptc_data($file)
{
global $conf, $page;
$map = $conf['use_iptc_mapping'];
$iptc = get_iptc_data($file, $map);
foreach ($iptc as $pwg_key => $value)
@@ -108,7 +108,7 @@ function update_metadata($files)
{
array_push($image_ids, $id);
}
$query = '
SELECT id
FROM '.IMAGES_TABLE.'
@@ -118,18 +118,14 @@ SELECT id
)
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
array_push($has_high_images, $row['id']);
}
$has_high_images = array_from_query($query, 'id');
foreach ($files as $id => $file)
{
$data = array();
$data['id'] = $id;
$data['filesize'] = floor(filesize($file)/1024);
if ($image_size = @getimagesize($file))
{
$data['width'] = $image_size[0];
@@ -142,7 +138,7 @@ SELECT id
$data['high_filesize'] = floor(filesize($high_file)/1024);
}
if ($conf['use_exif'])
{
$exif = get_sync_exif_data($file);
@@ -161,7 +157,7 @@ SELECT id
{
$tags_of[$id] = array();
}
foreach (explode(',', $iptc[$key]) as $tag_name)
{
array_push(
@@ -178,7 +174,7 @@ SELECT id
array_push($datas, $data);
}
if (count($datas) > 0)
{
$update_fields =
@@ -189,7 +185,7 @@ SELECT id
'high_filesize',
'date_metadata_update'
);
if ($conf['use_exif'])
{
$update_fields =
@@ -198,7 +194,7 @@ SELECT id
array_keys($conf['use_exif_mapping'])
);
}
if ($conf['use_iptc'])
{
$update_fields =
@@ -217,7 +213,8 @@ SELECT id
'primary' => array('id'),
'update' => array_unique($update_fields)
),
$datas
$datas,
MASS_UPDATES_SKIP_EMPTY
);
}
@@ -234,12 +231,12 @@ SELECT id
* @param boolean only newly added files ?
* @return array
*/
function get_filelist($category_id = '', $site_id=1, $recursive = false,
function get_filelist($category_id = '', $site_id=1, $recursive = false,
$only_new = false)
{
// filling $cat_ids : all categories required
$cat_ids = array();
$query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
@@ -292,7 +289,7 @@ SELECT id, path
{
$files[$row['id']] = $row['path'];
}
return $files;
}
?>

2
admin/template/yoga/default-layout.css
View File

@@ -290,7 +290,7 @@ INPUT, SELECT {
margin: 0;
font-size: 1em; /* <= some browsers don't set it correctly */
}
UL, DL { text-align: left;}
UL, DL, OL { text-align: left;}
TABLE { /* horizontaly centered */
margin-left: auto;
margin-right: auto;

3
admin/template/yoga/layout.css
View File

@@ -1,7 +1,6 @@
/* $Id$ */
/* template css */
@import "menubar.css";
/*@import "menubar.css";*/
@import "content.css";
@import "thumbnails.css";
@import "default-layout.css";

2
admin/template/yoga/theme/admin/theme.css
View File

@@ -44,11 +44,9 @@ letter-spacing:0.1em; margin-right:30px; text-align:right; color: #777;
text-transform:none; font-weight:bold; padding-left:20px; }
.content dl, dd { margin:5px; }
.content div.titrePage { height:55px; }
.content ol li { text-align: left; }
.instructions { text-align: left; padding: 20px 20px 0 20px; }
.throw, td h3 {
background-image: url(images/fillet.png); background-repeat: repeat-x; }
.browsePath a { color: #eee; }
/* borders */ /* TODO */
INPUT, SELECT, TEXTAREA { border-left: 2px inset #696969;
cursor:text; text-indent:4px; }

9
include/functions.inc.php
View File

@@ -747,13 +747,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0)
if (empty($msg))
{
$redirect_msg = l10n('redirect_msg');
$msg = nl2br(l10n('redirect_msg'));
}
else
{
$redirect_msg = $msg;
}
$redirect_msg = nl2br($redirect_msg);
$refresh = $refresh_time;
$url_link = $url;
@@ -764,6 +759,8 @@ function redirect_html( $url , $msg = '', $refresh_time = 0)
include( PHPWG_ROOT_PATH.'include/page_header.php' );
$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
$template->assign('REDIRECT_MSG', $msg);
$template->parse('redirect');
include( PHPWG_ROOT_PATH.'include/page_tail.php' );

9
include/functions_category.inc.php
View File

@@ -258,8 +258,9 @@ SELECT galleries_url
function get_category_preferred_image_orders()
{
global $conf, $page;
return array(
return trigger_event('get_category_preferred_image_orders',
array(
array(l10n('default_sort'), '', true),
array(l10n('Average rate'), 'average_rate DESC', $conf['rate']),
array(l10n('most_visited_cat'), 'hit DESC', true),
@@ -269,9 +270,9 @@ function get_category_preferred_image_orders()
array(
l10n('Rank'),
'rank ASC',
('categories' == $page['section'] and !isset($page['flat']))
('categories' == @$page['section'] and !isset($page['flat']))
)
);
));
}
function display_select_categories($categories,

8
include/functions_search.inc.php
View File

@@ -352,6 +352,10 @@ function get_qsearch_like_clause($q, $field)
}
else
{
if ( strcspn($ch, '%_')==0)
{// escape LIKE specials %_
$ch = '\\'.$ch;
}
$crt_token .= $ch;
}
break;
@@ -366,6 +370,10 @@ function get_qsearch_like_clause($q, $field)
$state=0;
break;
default:
if ( strcspn($ch, '%_')==0)
{// escape LIKE specials %_
$ch = '\\'.$ch;
}
$crt_token .= $ch;
}
break;

13
include/functions_session.inc.php
View File

@@ -90,6 +90,11 @@ function pwg_session_close()
return true;
}
function get_remote_addr_session_hash()
{
return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
}
/**
* this function returns
* a string corresponding to the value of the variable save in the session
@@ -102,7 +107,7 @@ function pwg_session_read($session_id)
$query = '
SELECT data
FROM '.SESSIONS_TABLE.'
WHERE id = \''.$session_id.'\'
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
$result = pwg_query($query);
if ($result)
@@ -128,7 +133,7 @@ function pwg_session_write($session_id, $data)
UPDATE '.SESSIONS_TABLE.'
SET expiration = now(),
data = \''.$data.'\'
WHERE id = \''.$session_id.'\'
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
pwg_query($query);
if ( mysql_affected_rows()>0 )
@@ -138,7 +143,7 @@ UPDATE '.SESSIONS_TABLE.'
$query = '
INSERT INTO '.SESSIONS_TABLE.'
(id,data,expiration)
VALUES(\''.$session_id.'\',\''.$data.'\',now())
VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
;';
mysql_query($query);
return true;
@@ -154,7 +159,7 @@ function pwg_session_destroy($session_id)
$query = '
DELETE
FROM '.SESSIONS_TABLE.'
WHERE id = \''.$session_id.'\'
WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
;';
pwg_query($query);
return true;

3
include/page_header.php
View File

@@ -69,11 +69,10 @@ if ( !empty($page['meta_robots']) )
// refresh
if ( isset( $refresh ) and intval($refresh) >= 0
and isset( $url_link ) and isset( $redirect_msg ) )
and isset( $url_link ) )
{
$template->assign(
array(
'REDIRECT_MSG' => $redirect_msg,
'page_refresh' => array(
'TIME' => $refresh,
'U_REFRESH' => $url_link

2
include/template.class.php
View File

@@ -62,7 +62,7 @@ class Template {
$this->smarty->register_modifier( 'translate', array('Template', 'mod_translate') );
$this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') );
$this->smarty->register_block('html_head', array(&$this, 'block_html_head') );
$this->smarty->register_function('known_script', array(&$this, 'func_known_script'), false );
$this->smarty->register_function('known_script', array(&$this, 'func_known_script') );
$this->smarty->register_prefilter( array('Template', 'prefilter_white_space') );
if ( $conf['compiled_template_cache_language'] )
{

8
include/ws_core.inc.php
View File

@@ -378,12 +378,10 @@ class PwgServer
{
if ( is_null($this->_responseEncoder) )
{
set_status_header(500);
set_status_header(400);
@header("Content-Type: text/plain");
echo ("Cannot process your request. Unknown response format.
Request format: ".@$this->_requestFormat." handler:".$this->_requestHandler."
Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
");
Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseFormat."\n");
var_export($this);
die(0);
}
@@ -391,7 +389,7 @@ Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
if ( is_null($this->_requestHandler) )
{
$this->sendResponse(
new PwgError(500, 'Unknown request format')
new PwgError(400, 'Unknown request format')
);
return;
}

4
include/ws_protocols/rest_handler.php
View File

@@ -30,7 +30,7 @@ class PwgRestRequestHandler
$param_array = $service->isPost() ? $_POST : $_GET;
foreach ($param_array as $name => $value)
{
if ($name=='format' or $name=='partner')
if ($name=='format')
continue; // ignore - special keys
if ($name=='method')
{
@@ -45,7 +45,7 @@ class PwgRestRequestHandler
if ( empty($method) )
{
$service->sendResponse(
new PwgError(400, 'Missing "method" name')
new PwgError(WS_ERR_INVALID_METHOD, 'Missing "method" name')
);
return;
}

54
install/db/77-database.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based picture gallery |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008 Piwigo Team http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
$upgrade_description = 'images.file categories.permalink old_permalinks.permalink - become binary';
// +-----------------------------------------------------------------------+
// | Upgrade content |
// +-----------------------------------------------------------------------+
$query = 'ALTER TABLE '.CATEGORIES_TABLE.'
MODIFY COLUMN permalink varchar(64) binary default NULL';
pwg_query($query);
$query = 'ALTER TABLE '.OLD_PERMALINKS_TABLE.'
MODIFY COLUMN permalink varchar(64) binary NOT NULL default ""';
pwg_query($query);
$query = 'ALTER TABLE '.IMAGES_TABLE.'
MODIFY COLUMN file varchar(255) binary NOT NULL default ""';
pwg_query($query);
echo
"\n"
.'"'.$upgrade_description.'"'.' ended'
."\n"
;
?>

6
install/piwigo_structure.sql
View File

@@ -36,7 +36,7 @@ CREATE TABLE `piwigo_categories` (
`commentable` enum('true','false') NOT NULL default 'true',
`global_rank` varchar(255) default NULL,
`image_order` varchar(128) default NULL,
`permalink` varchar(64) default NULL,
`permalink` varchar(64) binary default NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `categories_i3` (`permalink`),
KEY `categories_i2` (`id_uppercat`)
@@ -174,7 +174,7 @@ CREATE TABLE `piwigo_image_tag` (
DROP TABLE IF EXISTS `piwigo_images`;
CREATE TABLE `piwigo_images` (
`id` mediumint(8) unsigned NOT NULL auto_increment,
`file` varchar(255) NOT NULL default '',
`file` varchar(255) binary NOT NULL default '',
`date_available` datetime NOT NULL default '0000-00-00 00:00:00',
`date_creation` date default NULL,
`tn_ext` varchar(4) default '',
@@ -208,7 +208,7 @@ CREATE TABLE `piwigo_images` (
DROP TABLE IF EXISTS `piwigo_old_permalinks`;
CREATE TABLE `piwigo_old_permalinks` (
`cat_id` smallint(5) unsigned NOT NULL default '0',
`permalink` varchar(64) NOT NULL default '',
`permalink` varchar(64) binary NOT NULL default '',
`date_deleted` datetime NOT NULL default '0000-00-00 00:00:00',
`last_hit` datetime default NULL,
`hit` int(10) unsigned NOT NULL default '0',

3
picture.php
View File

@@ -536,14 +536,13 @@ if (isset($_GET['slideshow']))
if (!empty($id_pict_redirect))
{
// $redirect_msg, $refresh, $url_link and $title are required for creating
// $refresh, $url_link and $title are required for creating
// an automated refresh page in header.tpl
$refresh = $slideshow_params['period'];
$url_link = add_url_params(
$picture[$id_pict_redirect]['url'],
$slideshow_url_params
);
$redirect_msg = nl2br(l10n('redirect_msg'));
}
}
}

4
template/yoga/menubar_menu.tpl
View File

@@ -1,6 +1,6 @@
<dt>{$block->get_title()|@translate}</dt>
<dt>{'title_menu'|@translate}</dt>
<dd>
<form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch">
<form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch" onsubmit="return this.q.value!='' && this.q.value!=qsearch_prompt;">
<p style="margin:0;padding:0"{*this <p> is for html validation only - does not affect positioning*}>
<input type="text" name="q" id="qsearchInput" onfocus="if (value==qsearch_prompt) value='';" onblur="if (value=='') value=qsearch_prompt;" style="width:90%"/>
</p>

11
template/yoga/redirect.tpl
View File

@@ -1,6 +1,13 @@
{* $Id$ *}
<h2>{$REDIRECT_MSG}</h2>
<p style="text-align:center; margin: 2em">
{html_head}
<style type="text/css">#the_page {ldelim}text-align:center;} </style>
{/html_head}
<div>
{$REDIRECT_MSG}
</div>
<p style="margin: 2em">
<a href="{$page_refresh.U_REFRESH}">
{'click_to_redirect'|@translate}
</a>