Ignore:
Timestamp:
05/18/11 22:32:20 (9 years ago)
Author:
J.Commelin
Message:

Added banners to php files.
Escaped user data that would be inserted in queries.

Location:
extensions/Copyrights
Files:
1 deleted
3 edited

Legend:

Unmodified
Added
Removed
  • extensions/Copyrights/admin.php

    r10874 r10931  
    11<?php 
     2// +-----------------------------------------------------------------------+ 
     3// | Piwigo - a PHP based picture gallery                                  | 
     4// +-----------------------------------------------------------------------+ 
     5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org | 
     6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net | 
     7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick | 
     8// +-----------------------------------------------------------------------+ 
     9// | This program is free software; you can redistribute it and/or modify  | 
     10// | it under the terms of the GNU General Public License as published by  | 
     11// | the Free Software Foundation                                          | 
     12// |                                                                       | 
     13// | This program is distributed in the hope that it will be useful, but   | 
     14// | WITHOUT ANY WARRANTY; without even the implied warranty of            | 
     15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      | 
     16// | General Public License for more details.                              | 
     17// |                                                                       | 
     18// | You should have received a copy of the GNU General Public License     | 
     19// | along with this program; if not, write to the Free Software           | 
     20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | 
     21// | USA.                                                                  | 
     22// +-----------------------------------------------------------------------+ 
    223 
    324if (!defined("PHPWG_ROOT_PATH")){ 
     
    2243if (isset($_GET['tab'])) { 
    2344  if ($_GET['tab'] == 'create') { 
    24     $name = $_REQUEST['name']; 
    25     $url = $_REQUEST['url']; 
     45    $name = pwg_db_real_escape_string($_REQUEST['name']); 
     46    $url = pwg_db_real_escape_string($_REQUEST['url']); 
    2647    $visible = (isset($_REQUEST['visible']) ? 1 : 0); 
    27     $query = ' 
    28       INSERT INTO '.COPYRIGHTS_ADMIN.' 
     48    $query = sprintf( 
     49      'INSERT INTO %s 
    2950      (`name`,`url`,`visible`) VALUES 
    30       ("'.$name.'","'.$url.'",'.$visible.') 
    31       ;'; 
     51      ("%s","%s",%d) 
     52      ;', 
     53      COPYRIGHTS_ADMIN, $name, $url, $visible); 
    3254    pwg_query($query); 
    3355  } 
     
    3658    $edit = 1; 
    3759    $CRid = $_REQUEST['id']; 
    38     $query = ' 
    39       SELECT * 
    40       FROM '.COPYRIGHTS_ADMIN.' 
    41       WHERE `cr_id`='.$CRid.' 
    42       ;'; 
     60    $query = sprintf( 
     61      'SELECT * 
     62      FROM %s 
     63      WHERE `cr_id`=%d 
     64      ;', 
     65      COPYRIGHTS_ADMIN, $CRid); 
    4366    $result = pwg_query($query); 
    4467    $row = pwg_db_fetch_assoc($result); 
     
    4972 
    5073  if ($_GET['tab'] == 'update') { 
    51     $id = $_REQUEST['id']; 
    52     $name = $_REQUEST['name']; 
    53     $url = $_REQUEST['url']; 
     74    $id = pwg_db_real_escape_string($_REQUEST['id']); 
     75    $name = pwg_db_real_escape_string($_REQUEST['name']); 
     76    $url = pwg_db_real_escape_string($_REQUEST['url']); 
    5477    $visible = (isset($_REQUEST['visible']) ? 1 : 0); 
    55     $query = ' 
    56       UPDATE '.$prefixeTable.'copyrights_admin 
    57       SET `name`="'.$name.'", `url`="'.$url.'", `visible`='.$visible.' 
    58       WHERE `cr_id`='.$id.' 
    59       ;'; 
     78    $query = sprintf( 
     79      'UPDATE %s 
     80      SET `name`="%s", `url`="%s", `visible`=%d 
     81      WHERE `cr_id`=%d 
     82      ;', 
     83      COPYRIGHTS_ADMIN, $name, $url, $visible, $id); 
    6084    pwg_query($query); 
    6185  } 
     
    6387  if ($_GET['tab'] == 'delete') { 
    6488    $id = $_REQUEST['id']; 
    65     $query = ' 
    66       DELETE FROM '.$prefixeTable.'copyrights_admin 
    67       WHERE `cr_id`='.$id.' 
    68       ;'; 
     89    $query = sprintf( 
     90      'DELETE FROM %s 
     91      WHERE `cr_id`=%d 
     92      ;', 
     93      COPYRIGHTS_ADMIN, $id); 
    6994    pwg_query($query); 
    7095  } 
     
    80105); 
    81106 
    82 $query = ' 
    83   SELECT * 
    84   FROM '.COPYRIGHTS_ADMIN.' 
    85   ;'; 
     107$query = sprintf( 
     108  'SELECT * 
     109  FROM %s 
     110  ;', 
     111  COPYTIGHTS_ADMIN); 
    86112$result = pwg_query($query); 
    87113 
  • extensions/Copyrights/main.inc.php

    r10874 r10931  
    88Author URI: http://www.watergallery.nl/piwigo/plugins/copyrights/ 
    99*/ 
     10// +-----------------------------------------------------------------------+ 
     11// | Piwigo - a PHP based picture gallery                                  | 
     12// +-----------------------------------------------------------------------+ 
     13// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org | 
     14// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net | 
     15// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick | 
     16// +-----------------------------------------------------------------------+ 
     17// | This program is free software; you can redistribute it and/or modify  | 
     18// | it under the terms of the GNU General Public License as published by  | 
     19// | the Free Software Foundation                                          | 
     20// |                                                                       | 
     21// | This program is distributed in the hope that it will be useful, but   | 
     22// | WITHOUT ANY WARRANTY; without even the implied warranty of            | 
     23// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      | 
     24// | General Public License for more details.                              | 
     25// |                                                                       | 
     26// | You should have received a copy of the GNU General Public License     | 
     27// | along with this program; if not, write to the Free Software           | 
     28// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | 
     29// | USA.                                                                  | 
     30// +-----------------------------------------------------------------------+ 
    1031 
    1132if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); 
     
    4970 
    5071  // Fetch all the copyrights and assign them to the template 
    51   $query = ' 
    52     SELECT `cr_id`,`name` 
    53     FROM '.COPYRIGHTS_ADMIN.' 
     72  $query = sprintf( 
     73    'SELECT `cr_id`,`name` 
     74    FROM %s 
    5475    WHERE `visible`<>0 
    55     ;'; 
     76    ;', 
     77    COPYRIGHT_ADMIN); 
    5678  $result = pwg_query($query); 
    5779  $CRoptions = array(); 
     
    79101  if ($action == 'copyrights') 
    80102  { 
    81           $crID = $_POST['copyrightID']; 
     103          $crID = pwg_db_real_escape_string($_POST['copyrightID']); 
    82104     
    83105    if (count($collection) > 0) { 
    84       $query = ' 
    85         DELETE 
    86         FROM '.COPYRIGHTS_MEDIA.' 
    87         WHERE media_id IN ('.implode(',', $collection).') 
    88         ;'; 
     106      $query = sprintf( 
     107        'DELETE 
     108        FROM %s 
     109        WHERE media_id IN (%s) 
     110        ;', 
     111        COPYRIGHT_MEDIA, implode(',', $collection)); 
    89112      pwg_query($query); 
    90113    } 
  • extensions/Copyrights/maintain.inc.php

    r10874 r10931  
    11<?php 
     2// +-----------------------------------------------------------------------+ 
     3// | Piwigo - a PHP based picture gallery                                  | 
     4// +-----------------------------------------------------------------------+ 
     5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org | 
     6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net | 
     7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick | 
     8// +-----------------------------------------------------------------------+ 
     9// | This program is free software; you can redistribute it and/or modify  | 
     10// | it under the terms of the GNU General Public License as published by  | 
     11// | the Free Software Foundation                                          | 
     12// |                                                                       | 
     13// | This program is distributed in the hope that it will be useful, but   | 
     14// | WITHOUT ANY WARRANTY; without even the implied warranty of            | 
     15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      | 
     16// | General Public License for more details.                              | 
     17// |                                                                       | 
     18// | You should have received a copy of the GNU General Public License     | 
     19// | along with this program; if not, write to the Free Software           | 
     20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | 
     21// | USA.                                                                  | 
     22// +-----------------------------------------------------------------------+ 
    223 
    324function plugin_install() { 
Note: See TracChangeset for help on using the changeset viewer.