Context Navigation

← Previous Changeset
Next Changeset →

Changeset 530

Timestamp:

04/22/08 14:48:35 (8 months ago)

Author:

sidtheduck

Message:

+ Fix for ticket #150 - collection and album paths were being escaped twice before comparison, so mysql query was not matching paths with apostrophes (') or parenthesis"()", etc.
+ Updated all instances of mysql_escape_string() to mysql_real_escape_string() for consistency (however, now requires PHP<=4.3.0)

Location:

trunk

Files:

: 5 modified

admin/plog-admin-functions.php (modified) (6 diffs)
admin/plog-options.php (modified) (1 diff)
admin/plog-upload.php (modified) (1 diff)
lib/plogger/install_functions.php (modified) (1 diff)
plog-functions.php (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/admin/plog-admin-functions.php

r522	r530
71	71	$create_path = $dest_collection_name."/".$dest_album_name;
72	72
73		while (is_file(~~'../~~images/'.$create_path."/".$unique_filename_base . "." . $filename_ext)){
	73	while (is_file($config['basedir'].'images/'.$create_path."/".$unique_filename_base . "." . $filename_ext)){
74	74	$unique_filename_base = $filename_base . " (" . ++$i .")";
75	75	}
…	…
133	133	VALUES
134	134	('".$albumdata['collection_id']."',
135		'".$albumdata['album_id']."','".mysql_escape_string($picture_path)."',
	135	'".$albumdata['album_id']."','".mysql_real_escape_string($picture_path)."',
136	136	NOW(),
137	137	NOW(),
138	138	1,
139		'".mysql_escape_string($exif["date_taken"])."',
140		'".mysql_escape_string($exif["camera"])."',
141		'".mysql_escape_string($exif["shutter_speed"])."',
142		'".mysql_escape_string($exif["focal_length"])."',
143		'".mysql_escape_string($exif["flash"])."',
144		'".mysql_escape_string($exif["aperture"])."',
145		'".mysql_escape_string($caption)."',
146		'".mysql_escape_string($desc)."')";
	139	'".mysql_real_escape_string($exif["date_taken"])."',
	140	'".mysql_real_escape_string($exif["camera"])."',
	141	'".mysql_real_escape_string($exif["shutter_speed"])."',
	142	'".mysql_real_escape_string($exif["focal_length"])."',
	143	'".mysql_real_escape_string($exif["flash"])."',
	144	'".mysql_real_escape_string($exif["aperture"])."',
	145	'".mysql_real_escape_string($caption)."',
	146	'".mysql_real_escape_string($desc)."')";
147	147
148	148	$sql_result = run_query($query);
…	…
348	348	};
349	349
350		$target_name = strtolower(sanitize_filename(~~$name~~));
	350	$target_name = strtolower(sanitize_filename(SmartStripSlashes($name)));
351	351
352	352
…	…
410	410	$album_path = $row['album_path'];
411	411
412		$new_path = mysql_escape_string($target_name."/".$album_path."/".$filename);
	412	$new_path = mysql_real_escape_string($target_name."/".$album_path."/".$filename);
413	413
414	414	// update database
…	…
511	511	};
512	512
513		$album_folder = strtolower(sanitize_filename(~~$album_name~~));
	513	$album_folder = strtolower(sanitize_filename(SmartStripSlashes($album_name)));
514	514
515	515	// first try to create the directory to hold the images, if that fails, then the album
…	…
545	545	$errors = $output = "";
546	546
547		$target_name = strtolower(sanitize_filename(~~$name~~));
	547	$target_name = strtolower(sanitize_filename(SmartStripSlashes($name)));
548	548
549	549	$album_id = intval($album_id);

trunk/admin/plog-options.php

r509	r530
23	23	$query = "UPDATE `".TABLE_PREFIX."config` SET
24	24	`truncate`='".intval($_POST["truncate"])."',
25		`feed_title`='".mysql_escape_string($_POST["feed_title"])."',
26		`feed_language`='".mysql_escape_string($_POST["feed_language"])."',
	25	`feed_title`='".mysql_real_escape_string($_POST["feed_title"])."',
	26	`feed_language`='".mysql_real_escape_string($_POST["feed_language"])."',
27	27	`feed_num_entries`='".intval($_POST["feed_num_entries"])."',
28	28	`allow_dl`='".intval($allow_dl)."',
29	29	`allow_comments`='".intval($allow_comments)."',
30	30	`allow_print`='".intval($allow_print)."',
31		`default_sortby`='".mysql_escape_string($_POST["default_sortby"])."',
32		`default_sortdir`='".mysql_escape_string($_POST["default_sortdir"])."',
33		`album_sortby`='".mysql_escape_string($_POST["album_sortby"])."',
34		`album_sortdir`='".mysql_escape_string($_POST["album_sortdir"])."',
35		`collection_sortby`='".mysql_escape_string($_POST["collection_sortby"])."',
36		`collection_sortdir`='".mysql_escape_string($_POST["collection_sortdir"])."',
	31	`default_sortby`='".mysql_real_escape_string($_POST["default_sortby"])."',
	32	`default_sortdir`='".mysql_real_escape_string($_POST["default_sortdir"])."',
	33	`album_sortby`='".mysql_real_escape_string($_POST["album_sortby"])."',
	34	`album_sortdir`='".mysql_real_escape_string($_POST["album_sortdir"])."',
	35	`collection_sortby`='".mysql_real_escape_string($_POST["collection_sortby"])."',
	36	`collection_sortdir`='".mysql_real_escape_string($_POST["collection_sortdir"])."',
37	37	`thumb_num`='".intval($_POST["thumb_num"])."',
38	38	`compression`='".intval($_POST["image_quality"])."',
39		`admin_username`='".mysql_escape_string($_POST["admin_username"])."',
40		`admin_email`='".mysql_escape_string($_POST["admin_email"])."',
41		`date_format`='".mysql_escape_string($_POST["date_format"])."',
	39	`admin_username`='".mysql_real_escape_string($_POST["admin_username"])."',
	40	`admin_email`='".mysql_real_escape_string($_POST["admin_email"])."',
	41	`date_format`='".mysql_real_escape_string($_POST["date_format"])."',
42	42	`use_mod_rewrite`='".intval(@$_POST["use_mod_rewrite"])."',
43	43	`square_thumbs`='".intval($square_thumbs)."',
44	44	`comments_notify`='".intval($_POST["comments_notify"])."',
45	45	`comments_moderate`='".intval($comments_moderate)."',
46		`gallery_url`='".mysql_escape_string($_POST["gallery_url"])."',
47		`gallery_name`='".mysql_escape_string($_POST["gallery_name"])."',
	46	`gallery_url`='".mysql_real_escape_string($_POST["gallery_url"])."',
	47	`gallery_name`='".mysql_real_escape_string($_POST["gallery_name"])."',
48	48	`thumb_nav_range`='".intval($_POST["thumb_nav_range"])."',
49	49	`enable_thumb_nav`='".intval(@$_POST["enable_thumb_nav"])."',

trunk/admin/plog-upload.php

r518	r530
109	109	if ($_REQUEST["destination_radio"] == "new"){
110	110	// Create the new album
111		$result = add_album(mysql_escape_string($_REQUEST["new_album_name"]), NULL, $_REQUEST["collections_menu"]);
	111	$result = add_album(mysql_real_escape_string($_REQUEST["new_album_name"]), NULL, $_REQUEST["collections_menu"]);
112	112	$album_id = $result["id"];
113	113	} else {

trunk/lib/plogger/install_functions.php

r517	r530
292	292	$config['gallery_name'] = $form['gallery_name'];
293	293
294		$config = array_map('mysql_escape_string',$config);
	294	$config = array_map('mysql_real_escape_string',$config);
295	295
296	296	$query = "INSERT INTO `".TABLE_PREFIX."config`

trunk/plog-functions.php

r529	r530
920	920	foreach($levels as $key => $level) {
921	921	if (isset($path_parts[$key])) {
922		$names[$level] = mysql_escape_string(urldecode(SmartStripSlashes($path_parts[$key])));
	922	$names[$level] = mysql_real_escape_string(urldecode(SmartStripSlashes($path_parts[$key])));
923	923	$current_level = $level;
924	924	}
…	…
928	928	$sql = "SELECT *
929	929	FROM `".TABLE_PREFIX."collections`
930		WHERE `path`='".~~mysql_real_escape_string($names["collection"])~~."'";
	930	WHERE `path`='".$names["collection"]."'";
931	931	$result = run_query($sql);
932	932
…	…
945	945	$sql = "SELECT *
946	946	FROM `".TABLE_PREFIX."albums`
947		WHERE `path`='".~~mysql_real_escape_string($names["album"])~~."'
	947	WHERE `path`='".$names["album"]."'
948	948	AND `parent_id`=".intval($collection["id"]);
949	949	$result = run_query($sql);
…	…
980	980	$sql = "SELECT *
981	981	FROM `".TABLE_PREFIX."pictures`
982		WHERE `caption`='".~~mysql_real_escape_string($names["picture"])~~."'
	982	WHERE `caption`='".$names["picture"]."'
983	983	AND `parent_album`=".intval($album["id"]);
984	984	$result = run_query($sql);
…	…
991	991	$like_match = array("_", "%");
992	992	$like_replace = array("\_", "\%");
993		$~~esc_~~filepath = str_replace($like_match, $like_replace, $filepath);
	993	$filepath = str_replace($like_match, $like_replace, $filepath);
994	994	$sql = "SELECT *
995	995	FROM `".TABLE_PREFIX."pictures`
996		WHERE `path` LIKE '" ~~. mysql_real_escape_string($esc_filepath)~~."____'
	996	WHERE `path` LIKE '".$filepath."____'
997	997	AND `parent_album`=".intval($album["id"]);
998	998	$result = run_query($sql);
…	…
1513	1513	foreach ($terms as $term) {
1514	1514	$query .= "
1515		`path` LIKE '%".mysql_escape_string($term)."%' OR
1516		`description` LIKE '%".mysql_escape_string($term)."%' OR
1517		`comment` LIKE '%".mysql_escape_string($term)."%' OR
1518		`caption` LIKE '%".mysql_escape_string($term)."%' OR ";
	1515	`path` LIKE '%".mysql_real_escape_string($term)."%' OR
	1516	`description` LIKE '%".mysql_real_escape_string($term)."%' OR
	1517	`comment` LIKE '%".mysql_real_escape_string($term)."%' OR
	1518	`caption` LIKE '%".mysql_real_escape_string($term)."%' OR ";
1519	1519	}
1520	1520