Changeset 2521

Timestamp:

09/12/08 04:17:35 (5 years ago)

Author:

rvelices

Message:

- images.file categories.permalink old_permalinks.permalink - become binary
- session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
- metadata sync from the sync button does not overwrite valid data with empty metadata
- other small fixes/enhancements:

• added event get_category_image_orders
• fix display issue with redirect.tpl (h1/h2 within h1)
• fix known_script smarty function registration
• query search form not submitted if q is empty
• better admin css rules
• some other minor changes (ws_core, rest_handler, functions_search...)

Location:

trunk

Files:

• admin/include/functions_metadata.php (modified) (12 diffs)
• admin/template/yoga/default-layout.css (modified) (1 diff)
• admin/template/yoga/layout.css (modified) (1 diff)
• admin/template/yoga/theme/admin/theme.css (modified) (1 diff)
• include/functions.inc.php (modified) (2 diffs)
• include/functions_category.inc.php (modified) (2 diffs)
• include/functions_search.inc.php (modified) (2 diffs)
• include/functions_session.inc.php (modified) (5 diffs)
• include/page_header.php (modified) (1 diff)
• include/template.class.php (modified) (1 diff)
• include/ws_core.inc.php (modified) (2 diffs)
• include/ws_protocols/rest_handler.php (modified) (2 diffs)
• install/db/77-database.php (added)
• install/piwigo_structure.sql (modified) (3 diffs)
• picture.php (modified) (2 diffs)
• template/yoga/menubar_menu.tpl (modified) (1 diff)
• template/yoga/redirect.tpl (modified) (1 diff)

trunk/admin/include/functions_metadata.php

@@ -29 +29 @@
 {
   global $conf, $page;
-  
+
   $map = $conf['use_iptc_mapping'];
-  
+
   $iptc = get_iptc_data($file, $map);
 
@@ -109 +109 @@
     array_push($image_ids, $id);
   }
-  
+
   $query = '
 SELECT id
@@ -119 +119 @@
 ;';
 
-  $result = pwg_query($query);
-  while ($row = mysql_fetch_array($result))
-  {
-    array_push($has_high_images, $row['id']);
-  }
+  $has_high_images = array_from_query($query, 'id');
 
   foreach ($files as $id => $file)
@@ -130 +126 @@
     $data['id'] = $id;
     $data['filesize'] = floor(filesize($file)/1024);
-  
+
     if ($image_size = @getimagesize($file))
     {
@@ -143 +139 @@
       $data['high_filesize'] = floor(filesize($high_file)/1024);
     }
-  
+
     if ($conf['use_exif'])
     {
@@ -162 +158 @@
               $tags_of[$id] = array();
             }
-            
+
             foreach (explode(',', $iptc[$key]) as $tag_name)
             {
@@ -179 +175 @@
     array_push($datas, $data);
   }
-  
+
   if (count($datas) > 0)
   {
@@ -190 +186 @@
         'date_metadata_update'
         );
-    
+
     if ($conf['use_exif'])
     {
@@ -199 +195 @@
           );
     }
-    
+
     if ($conf['use_iptc'])
     {
@@ -218 +214 @@
         'update'  => array_unique($update_fields)
         ),
-      $datas
+      $datas,
+      MASS_UPDATES_SKIP_EMPTY
       );
   }
@@ -235 +232 @@
  * @return array
  */
-function get_filelist($category_id = '', $site_id=1, $recursive = false, 
+function get_filelist($category_id = '', $site_id=1, $recursive = false,
                       $only_new = false)
 {
   // filling $cat_ids : all categories required
   $cat_ids = array();
-  
+
   $query = '
 SELECT id
@@ -293 +290 @@
     $files[$row['id']] = $row['path'];
   }
-  
+
   return $files;
 }

trunk/admin/template/yoga/default-layout.css

@@ -291 +291 @@
   font-size: 1em;       /* <= some browsers don't set it correctly */
 }
-UL, DL { text-align: left;}
+UL, DL, OL { text-align: left;}
 TABLE {                 /* horizontaly centered */
   margin-left: auto;

trunk/admin/template/yoga/layout.css

@@ -1 @@
-/* $Id$ */
 
 /* template css */
-@import "menubar.css";
+/*@import "menubar.css";*/
 @import "content.css";
 @import "thumbnails.css";

trunk/admin/template/yoga/theme/admin/theme.css

@@ -45 +45 @@
 .content dl, dd { margin:5px; }
 .content div.titrePage { height:55px; }
-.content ol li { text-align: left; }
 .instructions { text-align: left; padding: 20px 20px 0 20px; }
 .throw, td h3 {
  background-image: url(images/fillet.png); background-repeat: repeat-x; }
-.browsePath a { color: #eee; }
 /* borders */ /* TODO */
 INPUT, SELECT, TEXTAREA { border-left: 2px inset #696969; 

trunk/include/functions.inc.php

@@ -748 +748 @@
   if (empty($msg))
   {
-    $redirect_msg = l10n('redirect_msg');
-  }
-  else
-  {
-    $redirect_msg = $msg;
-  }
-  $redirect_msg = nl2br($redirect_msg);
+    $msg = nl2br(l10n('redirect_msg'));
+  }
 
   $refresh = $refresh_time;
@@ -765 +760 @@
 
   $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
+  $template->assign('REDIRECT_MSG', $msg);
+
   $template->parse('redirect');
 

trunk/include/functions_category.inc.php

@@ -259 +259 @@
 {
   global $conf, $page;
-  
-  return array(
+
+  return trigger_event('get_category_preferred_image_orders',
+    array(
     array(l10n('default_sort'), '', true),
     array(l10n('Average rate'), 'average_rate DESC', $conf['rate']),
@@ -270 +271 @@
       l10n('Rank'),
       'rank ASC',
-      ('categories' == $page['section'] and !isset($page['flat']))
+      ('categories' == @$page['section'] and !isset($page['flat']))
       )
-    );
+    ));
 }
 

trunk/include/functions_search.inc.php

@@ -353 +353 @@
         else
         {
+          if ( strcspn($ch, '%_')==0)
+          {// escape LIKE specials %_
+            $ch = '\\'.$ch;
+          }
           $crt_token .= $ch;
         }
@@ -367 +371 @@
             break;
           default:
+            if ( strcspn($ch, '%_')==0)
+            {// escape LIKE specials %_
+                $ch = '\\'.$ch;
+            }
             $crt_token .= $ch;
         }

trunk/include/functions_session.inc.php

@@ -91 +91 @@
 }
 
+function get_remote_addr_session_hash()
+{
+        return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
+}
+
 /**
  * this function returns
@@ -103 +108 @@
 SELECT data
   FROM '.SESSIONS_TABLE.'
-  WHERE id = \''.$session_id.'\'
+  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
 ;';
   $result = pwg_query($query);
@@ -129 +134 @@
   SET expiration = now(),
   data = \''.$data.'\'
-  WHERE id = \''.$session_id.'\'
+  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
 ;';
   pwg_query($query);
@@ -139 +144 @@
 INSERT INTO '.SESSIONS_TABLE.'
   (id,data,expiration)
-  VALUES(\''.$session_id.'\',\''.$data.'\',now())
+  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
 ;';
   mysql_query($query);
@@ -155 +160 @@
 DELETE
   FROM '.SESSIONS_TABLE.'
-  WHERE id = \''.$session_id.'\'
+  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
 ;';
   pwg_query($query);

trunk/include/page_header.php

@@ -70 +70 @@
 // refresh
 if ( isset( $refresh ) and intval($refresh) >= 0
-    and isset( $url_link ) and isset( $redirect_msg ) )
+    and isset( $url_link ) )
 {
   $template->assign(
     array(
-      'REDIRECT_MSG' => $redirect_msg,
       'page_refresh' => array(
             'TIME' => $refresh,

trunk/include/template.class.php

@@ -63 +63 @@
     $this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') );
     $this->smarty->register_block('html_head', array(&$this, 'block_html_head') );
-    $this->smarty->register_function('known_script', array(&$this, 'func_known_script'), false );
+    $this->smarty->register_function('known_script', array(&$this, 'func_known_script') );
     $this->smarty->register_prefilter( array('Template', 'prefilter_white_space') );
     if ( $conf['compiled_template_cache_language'] )

trunk/include/ws_core.inc.php

@@ -379 +379 @@
     if ( is_null($this->_responseEncoder) )
     {
-      set_status_header(500);
+      set_status_header(400);
       @header("Content-Type: text/plain");
       echo ("Cannot process your request. Unknown response format.
-Request format: ".@$this->_requestFormat." handler:".$this->_requestHandler."
-Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
-    ");
+Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseFormat."\n");
       var_export($this);
       die(0);
@@ -392 +390 @@
     {
       $this->sendResponse(
-        new PwgError(500, 'Unknown request format')
+        new PwgError(400, 'Unknown request format')
         );
       return;

trunk/include/ws_protocols/rest_handler.php

@@ -31 +31 @@
     foreach ($param_array as $name => $value)
     {
-      if ($name=='format' or $name=='partner')
+      if ($name=='format')
         continue; // ignore - special keys
       if ($name=='method')
@@ -46 +46 @@
     {
       $service->sendResponse(
-          new PwgError(400, 'Missing "method" name')
+          new PwgError(WS_ERR_INVALID_METHOD, 'Missing "method" name')
         );
       return;

trunk/install/piwigo_structure.sql

@@ -37 +37 @@
   `global_rank` varchar(255) default NULL,
   `image_order` varchar(128) default NULL,
-  `permalink` varchar(64) default NULL,
+  `permalink` varchar(64) binary default NULL,
   PRIMARY KEY  (`id`),
   UNIQUE KEY `categories_i3` (`permalink`),
@@ -175 +175 @@
 CREATE TABLE `piwigo_images` (
   `id` mediumint(8) unsigned NOT NULL auto_increment,
-  `file` varchar(255) NOT NULL default '',
+  `file` varchar(255) binary NOT NULL default '',
   `date_available` datetime NOT NULL default '0000-00-00 00:00:00',
   `date_creation` date default NULL,
@@ -209 +209 @@
 CREATE TABLE `piwigo_old_permalinks` (
   `cat_id` smallint(5) unsigned NOT NULL default '0',
-  `permalink` varchar(64) NOT NULL default '',
+  `permalink` varchar(64) binary NOT NULL default '',
   `date_deleted` datetime NOT NULL default '0000-00-00 00:00:00',
   `last_hit` datetime default NULL,

trunk/picture.php

@@ -537 +537 @@
     if (!empty($id_pict_redirect))
     {
-      // $redirect_msg, $refresh, $url_link and $title are required for creating
+      // $refresh, $url_link and $title are required for creating
       // an automated refresh page in header.tpl
       $refresh = $slideshow_params['period'];
@@ -544 +544 @@
           $slideshow_url_params
         );
-      $redirect_msg = nl2br(l10n('redirect_msg'));
     }
   }

trunk/template/yoga/menubar_menu.tpl

@@ -1 @@
-<dt>{$block->get_title()|@translate}</dt>
+<dt>{'title_menu'|@translate}</dt>
 <dd>
-        <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch">
+        <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch" onsubmit="return this.q.value!='' && this.q.value!=qsearch_prompt;">
                 <p style="margin:0;padding:0"{*this <p> is for html validation only - does not affect positioning*}>
                         <input type="text" name="q" id="qsearchInput" onfocus="if (value==qsearch_prompt) value='';" onblur="if (value=='') value=qsearch_prompt;" style="width:90%"/>

trunk/template/yoga/redirect.tpl

@@ -1 +1 @@
 {* $Id$ *}
-<h2>{$REDIRECT_MSG}</h2>
-<p style="text-align:center; margin: 2em">
+{html_head}
+<style type="text/css">#the_page {ldelim}text-align:center;} </style>
+{/html_head}
+
+<div>
+        {$REDIRECT_MSG}
+</div>
+
+<p style="margin: 2em">
         <a href="{$page_refresh.U_REFRESH}">
                 {'click_to_redirect'|@translate}