Changeset 536

Timestamp:

05/08/08 17:44:19 (7 months ago)

Author:

sidtheduck

Message:

+ Fix for ticket #157 - cleaning up notices, undefined indexes, and undefined variables

Location:

trunk

Files:

• admin/index.php (modified) (1 diff)
• admin/plog-admin-functions.php (modified) (19 diffs)
• admin/plog-admin.php (modified) (1 diff)
• admin/plog-feedback.php (modified) (4 diffs)
• admin/plog-import.php (modified) (4 diffs)
• admin/plog-manage.php (modified) (2 diffs)
• admin/plog-options.php (modified) (1 diff)
• admin/plog-themes.php (modified) (4 diffs)
• admin/plog-upload.php (modified) (3 diffs)
• plog-comment.php (modified) (1 diff)
• plog-functions.php (modified) (7 diffs)
• plog-print.php (modified) (2 diffs)
• plog-rss.php (modified) (1 diff)

trunk/admin/index.php

@@ -1 +1 @@
 <?php
-
-session_start();
-
 require_once("../plog-functions.php");
 require_once("../plog-globals.php");

trunk/admin/plog-admin-functions.php

@@ -71 +71 @@
         $create_path = $dest_collection_name."/".$dest_album_name;
 
-        while (is_file($config['basedir'].'images/'.$create_path."/".$unique_filename_base . "." . $filename_ext)){
-                $unique_filename_base = $filename_base . " (" . ++$i .")";
+        while (is_file($config['basedir'].'images/'.$create_path."/".$unique_filename_base.".".$filename_ext)){
+                $unique_filename_base = SmartStripSlashes($filename_base)." (" . ++$i .")";
         }
 
@@ -190 +190 @@
         
         $picture_id = intval($picture_id);
-        $value = mysql_real_escape_string($value);
+        $value = mysql_real_escape_string(trim($value));
 
         $query = "UPDATE ".TABLE_PREFIX."pictures SET $field = '$value' WHERE id='$picture_id'";
@@ -263 +263 @@
 
                 // make sure that the file is actually located inside our images directory
-                $full_path = realpath($config['basedir'] . 'images/' . $picture['path']);
+                $full_path = realpath($config['basedir'] . 'images/' . SmartStripSlashes($picture['path']));
                 // also check whether this image is in the correct folder
                 $relative_path = substr($full_path,0,strlen($config['basedir']));
-                $basename = basename($picture['path']);
+                $basename = SmartStripSlashes(basename($picture['path']));
                 if ($relative_path == $config['basedir']) {
                         foreach($thumbnail_config as $tkey => $tval) {
@@ -349 +349 @@
         };
 
-        $target_name = strtolower(sanitize_filename(SmartStripSlashes($name)));
+        $target_name = strtolower(sanitize_filename($name));
         
 
@@ -408 +408 @@
         while($row = mysql_fetch_assoc($result)) {
 
-                $filename = basename(SmartStripSlashes($row['path']));
+                $filename = basename($row['path']);
                 $album_path = $row['album_path'];
 
@@ -433 +433 @@
         
         $collection_id = intval($collection_id);
-        $value = mysql_real_escape_string($value);
+        $value = mysql_real_escape_string(trim($value));
 
         $query = "UPDATE ".TABLE_PREFIX."collections SET $field = '$value' WHERE id='$collection_id'";
@@ -473 +473 @@
         // if there are then .. how did they get there? Probably not through plogger and in this case do we 
         // really want to delete those?
-        $source_collection_name = $collection["collection_path"];
+        $source_collection_name = SmartStripSlashes($collection["collection_path"]);
 
         $collection_directory = realpath($config['basedir'] . 'images/'.$source_collection_name);
@@ -512 +512 @@
         };
 
-        $album_folder = strtolower(sanitize_filename(SmartStripSlashes($album_name)));
+        $album_folder = strtolower(sanitize_filename($album_name));
 
         // first try to create the directory to hold the images, if that fails, then the album
         // will be unusable anyway
-        $create_path = $config["basedir"] . "images/".$row["collection_path"]."/".$album_folder;
+        $create_path = $config["basedir"] . "images/".SmartStripSlashes($row["collection_path"])."/".$album_folder;
 
         if (!makeDirs($create_path, 0777)) {
@@ -605 +605 @@
 
                 $filename = basename($row['path']);
-                $new_path = $source_collection_name."/".$target_name."/".$filename;
+                $new_path = mysql_real_escape_string(SmartStripSlashes($source_collection_name."/".$target_name."/".$filename));
 
                 // update database
@@ -624 +624 @@
         };
         
-        $value = mysql_real_escape_string(SmartStripSlashes($value));
+        $value = mysql_real_escape_string(trim(SmartStripSlashes($value)));
         $errors = $output = "";
         $album_id = intval($album_id);
@@ -690 +690 @@
 
         while($row = mysql_fetch_assoc($result)) {
-                $filename = basename($row['path']);
+                $filename = SmartStripSlashes(basename($row['path']));
 
                 $old_path = $source_path."/".$filename;
@@ -741 +741 @@
         // if there are then .. how did they get there? Probably not through plogger and in this case do we 
         // really want to delete those?
-        $source_album_name = $album["album_path"];
-        $source_collection_name = $album["collection_path"];
+        $source_album_name = SmartStripSlashes($album["album_path"]);
+        $source_collection_name = SmartStripSlashes($album["collection_path"]);
 
         $album_directory = realpath($config['basedir'] . 'images/'.$source_collection_name."/".$source_album_name);
@@ -748 +748 @@
         $album_path = explode('/',substr($album_directory,strlen($config['basedir'])));
         // it needs to have 3 parts - images, collection name and album name, if it doesn't, then there is something
-        // wrong with either collectio or album name and it's probably not safe to try to delete the directory
+        // wrong with either collection or album name and it's probably not safe to try to delete the directory
         if ($relative_path == $config['basedir'] && sizeof($album_path) == 3) {
                 @chmod($album_directory,0777);
@@ -769 +769 @@
         $email = mysql_real_escape_string($email);
         $url = mysql_real_escape_string($url);
-        $comment = mysql_real_escape_string($comment);
+        $comment = mysql_real_escape_string(trim($comment));
 
         $query = "UPDATE ".TABLE_PREFIX."comments SET author = '$author', comment = '$comment',
@@ -1135 +1135 @@
         $auto_graphic = "../graphics/auto.gif";
         
-        $output .= '<form class="edit" action="'.$_SERVER["PHP_SELF"].'?level=albums&amp;id='.$album["parent_id"].'" method="post">';
+        $output = '<form class="edit" action="'.$_SERVER["PHP_SELF"].'?level=albums&amp;id='.$album["parent_id"].'" method="post">';
         
         $images = '<option class="thumboption" value="0" style="padding-left: 100px; background-image: url('.$auto_graphic.'); 
@@ -1170 +1170 @@
 
 function plog_picture_manager($id,$from,$limit) {
+        $output = '';
 
         plogger_init_pictures(array(
@@ -1266 +1267 @@
 
 function plog_album_manager($id,$from,$limit) {
-        
+        $output = '';
         
         plogger_init_albums(array(
@@ -1343 +1344 @@
 
 function plog_collection_manager($from,$limit) {
+        $output = '';
 
         plogger_init_collections(array(
@@ -1412 +1414 @@
 
 function plog_comment_manager($id,$from,$limit) {
+        $output = '';
 
         plogger_init_picture(array(

trunk/admin/plog-admin.php

@@ -1 +1 @@
 <?php
-
-//session_start();
 header("Content-Type: text/html; charset=utf-8");
 global $inHead;

trunk/admin/plog-feedback.php

@@ -16 +16 @@
         
         $possible_values = array("5"=>5, "10"=>10, "20"=>20, "50"=>50);
-        $output= plog_tr('Entries per page') . ' <select onchange="'.$java.'" name="entries_per_page">';
+        $output = plog_tr('Entries per page') . ' <select onchange="'.$java.'" name="entries_per_page">';
         
         foreach ($possible_values as $key => $value)
@@ -37 +37 @@
 
 // perform the delete function on the selected items
-if (isset($_REQUEST['delete_checked']) || $_REQUEST['action'] == 'delete_checked') {
+if (isset($_REQUEST['delete_checked']) || (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_checked')) {
                 
         if (isset($_REQUEST["Selected"])) {
@@ -57 +57 @@
 };
 
-if (isset($_REQUEST['approve_checked']) || $_REQUEST['action'] == 'approve_checked') {
+if (isset($_REQUEST['approve_checked']) || (isset($_REQUEST['action']) && $_REQUEST['action'] == 'approve_checked')) {
         // set the approval bit to 1 for all selected comments
                 
@@ -236 +236 @@
                         else {
                                 if (in_array($key, $allowedCommentKeys))
-                                                $output .= "<td><p id=\"comment-$key-" . $row[id] ."\">$value&nbsp;</p></td>";
+                                                $output .= "<td><p id=\"comment-$key-" . $row['id'] ."\">$value&nbsp;</p></td>";
                         }
                 }

trunk/admin/plog-import.php

@@ -51 +51 @@
 
 $output = '';
+$counter = $imported = 0;
 
 // Check if update has been clicked, handle erroneous conditions, or upload
 //print_r($_POST);
 
-if (isset($_POST["upload"])){
-        
-        $destinations = $_POST["destinations"];
-        $captions = $_POST["captions"];
-        $descriptions = $_POST["descriptions"];
-        $files = $_POST["files"];
-        $selected = $_POST["Selected"];
-        
-        $counter = $imported = 0;
+if (isset($_POST['upload'])){
+        
+        $destinations = isset($_POST['destinations']) ? $_POST['destinations'] : '';
+        $captions = $_POST['captions'];
+        $descriptions = $_POST['descriptions'];
+        $files = $_POST['files'];
+        $selected = $_POST['Selected'];
 
         global $config;
@@ -69 +68 @@
         $files = get_files($config['basedir'] . 'uploads');
 
-        if ($_POST["destination_radio"] == "new" && $_POST["new_album_name"] == ""){
+        if ($_POST['destination_radio'] == "new" && $_POST["new_album_name"] == ""){
             $output .= '<p class="errors">' . plog_tr('New album name not specified!') . '</p>';
         }
@@ -145 +144 @@
                         $directories[md5($dirname)] = $dirname;
         }                
-                
-        // here we will check which group of pictures we are editing, grouped by directory
+
+                // here we will check which group of pictures we are editing, grouped by directory
         if (count($directories) > 0) {
                 $output .= '<div class="actions">' . plog_tr('Would you like to import anything else?');
@@ -155 +154 @@
                                  $output .= '<li><a class="folder" href="'.$_SERVER['PHP_SELF']."?directory=$dirkey".'">'.basename($group).'</a></li>';
                 }
-                
+                        
+                        $upload_directory = $config['basedir'] . 'uploads';
                 $dirkey = md5($upload_directory);
                   $output .= '<li><a class="folder" href="'.$_SERVER['PHP_SELF']."?directory=$dirkey".'">' . plog_tr('All Pictures') . '</a></li>';

trunk/admin/plog-manage.php

@@ -30 +30 @@
 
 function generate_move_menu($level) {
-        
         if ($level == "albums") $parent = "collections";
         if ($level == "pictures") $parent = "albums";
-        $output .=  '<input class="submit" type="submit" name="move_checked" value="' . plog_tr("Move Checked To") . '"/>';
+        $output = '<input class="submit" type="submit" name="move_checked" value="' . plog_tr("Move Checked To") . '"/>';
         
         if ($level == "pictures") {
@@ -52 +51 @@
 
 function generate_albums_menu($albums) {
-        $output .=  '<select name="group_id">';
+        $output = '<select name="group_id">';
         foreach($albums as $album_id => $album) {
-                if ($_REQUEST["albums_menu"] == $album_id || $_REQUEST["new_album_name"] == $album['album_name']) 
-                        $selected = " selected"; else $selected = "";
+                $selected = '';
+                // if we are on the current album then set it to be the default option
+                if (isset($_REQUEST["albums_menu"]) && isset($_REQUEST["new_album_name"])){
+                        if ($albums_menu == $album_id || $new_album_name == $album['album_name']){
+                                $selected = " selected";
+                        }
+                }
                                                 
                 $output .= "<option value=\"".$album_id."\"$selected>".SmartStripSlashes($album['collection_name'])." : ".SmartStripSlashes($album['album_name'])."" ;

trunk/admin/plog-options.php

@@ -42 +42 @@
                 `use_mod_rewrite`='".intval(@$_POST["use_mod_rewrite"])."',
                 `square_thumbs`='".intval($square_thumbs)."',
-                `comments_notify`='".intval($_POST["comments_notify"])."',
+                `comments_notify`='".intval(@$_POST["comments_notify"])."',
                 `comments_moderate`='".intval($comments_moderate)."',
                 `gallery_url`='".mysql_real_escape_string($_POST["gallery_url"])."',

trunk/admin/plog-themes.php

@@ -28 +28 @@
 $inHead = '<script type="text/javascript" src="js/plogger.js"></script>';
 
-$output.= "<h1>" . plog_tr("Manage Themes") . "</h1>";
+$output = "<h1>" . plog_tr("Manage Themes") . "</h1>";
 
-$output.= "<p>$theme_url</p>";
+// what is this?
+//$output.= "<p>$theme_url</p>";
 
-$theme_dir = $config["basedir"] . 'themes/';
+$theme_dir = $config['basedir'] . 'themes/';
 
 // scan list of folders within theme directory
 $theme_list = read_dir($theme_dir);
 
-if ($_REQUEST["activate"]) { // activate new theme by setting configuration dir
+if (isset($_REQUEST['activate'])) { // activate new theme by setting configuration dir
         // insert into database
         $new_theme_dir = basename($_REQUEST["activate"]);
@@ -49 +50 @@
                 } else {
                         $output .= '<p class="errors">' . plog_tr("Error Activating Theme!") . '</p>';
-                };
+                }
 
                 // update config variable if page doesn't refresh
@@ -55 +56 @@
         } else {
                         $output .= '<p class="errors">' . plog_tr("No such theme") . '</p>';
-        };
+        }
 }
 
 // Output table header
-$output.= '<table id="theme-table" cellpadding="5" width="100%"><tr class="header"><td class="table-header-left">Theme</td><td class="table-header-middle">Description</td><td class="table-header-middle">Author</td><td class="table-header-right">&nbsp;</td></tr>';
+$output .= '<table id="theme-table" cellpadding="5" width="100%"><tr class="header"><td class="table-header-left">Theme</td><td class="table-header-middle">Description</td><td class="table-header-middle">Author</td><td class="table-header-right">&nbsp;</td></tr>';
 $counter = 0;
 
@@ -90 +91 @@
                         $output .= "<td>" .plog_tr("Active Theme") . "</td>";
                 else
-                        $output .= "<td><a href=\"${_SERVER[PHP_SELF]}?activate=$theme_folder_basename\">" . plog_tr('Activate') . "</a></td>";
-                
-                
+                        $output .= "<td><a href=\"${_SERVER['PHP_SELF']}?activate=$theme_folder_basename\">" . plog_tr('Activate') . "</a></td>";               
+
                 $output .= "</tr>";
                 

trunk/admin/plog-upload.php

@@ -10 +10 @@
 
 function generate_albums_menu($albums) {
+        $albums_menu = isset($_REQUEST['albums_menu']) ?  $_REQUEST['albums_menu'] : '';
+        $new_album_name = isset($_REQUEST['new_album_name']) ?  $_REQUEST['new_album_name'] : '';
         $output =  '<select name="albums_menu" onclick="var k=document.getElementsByName(\'destination_radio\');k[0].checked=true;">';
         foreach($albums as $album_id => $album) {
 
-                if ($_REQUEST["albums_menu"] == $album_id || $_REQUEST["new_album_name"] == $album['album_name']) 
+                if ($albums_menu == $album_id || $new_album_name == $album['album_name']) 
                                                 $selected = " selected='selected'"; else $selected = "";
                                                 
@@ -38 +40 @@
 }
 
+$output = '';
+
 // Check if update has been clicked, handle erroneous conditions, or upload
-if (isset($_REQUEST["upload"])){
+if (isset($_REQUEST['upload'])){
         foreach($_REQUEST as $key => $val) $_REQUEST[$key] = stripslashes($val);
         
@@ -175 +179 @@
         else
                  display($output_error, "upload");
-};
+}
 ?>

trunk/plog-comment.php

@@ -53 +53 @@
 
 // redirect back to picture page
-if ($rv["errors"]) {
+if (isset($rv['errors'])) {
         // will this work?
-        $_SESSION["comment_post_error"] = $rv["errors"];
+        $_SESSION['comment_post_error'] = $rv['errors'];
 }
 else if ($config['comments_moderate']) {
-        $_SESSION["comment_moderated"] = 1;
+        $_SESSION['comment_moderated'] = 1;
 }
 

trunk/plog-functions.php

@@ -961 +961 @@
                 
                 // try to detect slideshow. Downside is that you cannot have a picture with that name
-                if ('slideshow' == $names['picture']) {
+                if (isset($names['picture']) && $names['picture'] == 'slideshow') {
                         return array('level' => 'album','mode' => 'slideshow','id' => $album['id']);
                 }
                 
                 // deal with http://plogger/collection/album/sorted/field/asc and friends
-                if ('sorted' == $names['picture']) {
+                if (isset($names['picture']) && $names['picture'] == 'sorted') {
                         if (isset($names['arg1'])) {
                                 $_SESSION['plogger_sortby'] = $names['arg1'];
@@ -1166 +1166 @@
         } else {
                 $approved = 1;
+                $notify_msg = '';
         }
         
@@ -1729 +1730 @@
 function plogger_rss_link() {
         global $config;
+        $rss_link = '';
         
         if ($config["use_mod_rewrite"]) {
@@ -2186 +2188 @@
 
 function plogger_collection_album_count() {
-        if (isset($GLOBALS["album_count"][$GLOBALS["current_collection"]["id"]])) {
-                return $GLOBALS["album_count"][$GLOBALS["current_collection"]["id"]];
+        if (isset($GLOBALS['album_count']) && isset($GLOBALS['current_collection']['id'])) {
+                return $GLOBALS['album_count'][$GLOBALS['current_collection']['id']];
         } else {
                 return 0;
@@ -2253 +2255 @@
 
 function plogger_album_picture_count() {
-        $row = $GLOBALS["current_album"];
-        // XXX: surely this can be optimized?
-        $numquery = "SELECT COUNT(*) AS `num_pictures` FROM `".TABLE_PREFIX."pictures` WHERE `parent_album`='".$row["id"]."'";
-        $numresult = run_query($numquery);
-        return mysql_result($numresult, 'num_pictures');
+        if (isset($GLOBALS['current_album'])) {
+                $row = $GLOBALS['current_album'];
+                // XXX: surely this can be optimized?
+                $numquery = "SELECT COUNT(*) AS `num_pictures` FROM `".TABLE_PREFIX."pictures` WHERE `parent_album`='".$row['id']."'";
+                $numresult = run_query($numquery);
+                return mysql_result($numresult, 'num_pictures');
+        }
 }
 
@@ -2295 +2299 @@
 
 function plogger_get_next_picture_link() {
+        global $config;
+
         $next_url = plogger_get_next_picture_url();
 
         if ($next_url)
-        if ($config["embedded"] == 0) {
+        if ($config['embedded'] == 0) {
                   $next_link = '<a id="next-button" accesskey="." href="'.$next_url.'#prev-button">' . plog_tr('Next') . ' &raquo;</a>';    
         } else {
@@ -2310 +2316 @@
 
 function plogger_get_prev_picture_link() {
+        global $config;
+
         $prev_url = plogger_get_prev_picture_url();
         
         if ($prev_url) 
-        if ($config["embedded"] == 0) {
+        if ($config['embedded'] == 0) {
                   $prev_link = '<a id="prev-button" accesskey="," href="'.$prev_url.'#next-button">&laquo; ' . plog_tr('Previous') . '</a>';
         } else {

trunk/plog-print.php

@@ -6 +6 @@
 
 $picture = get_picture_by_id($_GET['id']);
+$GLOBALS['plogger_level'] = "picture";
+$GLOBALS['plogger_id'] = $_GET['id'];
+$GLOBALS['plogger_mode'] = "print";
 
 ?>
@@ -18 +21 @@
 
         <body onload="window.print();">
-                <div><img src="<?php echo $picture["url"]; ?>" alt="<?php echo $picture["caption"]; ?>" /></div>
+                <div><img src="<?php echo $picture['url']; ?>" alt="<?php echo $picture['caption']; ?>" /></div>
         </body>
 

trunk/plog-rss.php

@@ -131 +131 @@
 $parts = parse_url($_SERVER["REQUEST_URI"]);
 parse_str($parts["query"],$query_parts);
-generate_RSS_feed($level, $id, $query_parts["searchterms"]);
+if (isset($query_parts["searchterms"])) {
+        generate_RSS_feed($level, $id, $query_parts["searchterms"]);
+} else {
+        generate_RSS_feed($level, $id);
+}
 
 ?>