Changeset 2521 for trunk/include

Timestamp:

Sep 12, 2008, 4:17:35 AM (16 years ago)

Author:

rvelices

Message:

• images.file categories.permalink old_permalinks.permalink - become binary
• session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
• metadata sync from the sync button does not overwrite valid data with empty metadata
• other small fixes/enhancements:
  • added event get_category_image_orders
  • fix display issue with redirect.tpl (h1/h2 within h1)
  • fix known_script smarty function registration
  • query search form not submitted if q is empty
  • better admin css rules
  • some other minor changes (ws_core, rest_handler, functions_search...)

Location:

trunk/include

Files:

• functions.inc.php (modified) (2 diffs)
• functions_category.inc.php (modified) (2 diffs)
• functions_search.inc.php (modified) (2 diffs)
• functions_session.inc.php (modified) (5 diffs)
• page_header.php (modified) (1 diff)
• template.class.php (modified) (1 diff)
• ws_core.inc.php (modified) (2 diffs)
• ws_protocols/rest_handler.php (modified) (2 diffs)

trunk/include/functions.inc.php

@@ -748 +748 @@
   if (empty($msg))
   {
-    $redirect_msg = l10n('redirect_msg');
-  }
-  else
-  {
-    $redirect_msg = $msg;
-  }
-  $redirect_msg = nl2br($redirect_msg);
+    $msg = nl2br(l10n('redirect_msg'));
+  }
 
   $refresh = $refresh_time;
@@ -765 +760 @@
 
   $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
+  $template->assign('REDIRECT_MSG', $msg);
+
   $template->parse('redirect');
 

trunk/include/functions_category.inc.php

@@ -259 +259 @@
 {
   global $conf, $page;
-  
-  return array(
+
+  return trigger_event('get_category_preferred_image_orders',
+    array(
     array(l10n('default_sort'), '', true),
     array(l10n('Average rate'), 'average_rate DESC', $conf['rate']),
@@ -270 +271 @@
       l10n('Rank'),
       'rank ASC',
-      ('categories' == $page['section'] and !isset($page['flat']))
+      ('categories' == @$page['section'] and !isset($page['flat']))
       )
-    );
+    ));
 }
 

trunk/include/functions_search.inc.php

@@ -353 +353 @@
         else
         {
+          if ( strcspn($ch, '%_')==0)
+          {// escape LIKE specials %_
+            $ch = '\\'.$ch;
+          }
           $crt_token .= $ch;
         }
@@ -367 +371 @@
             break;
           default:
+            if ( strcspn($ch, '%_')==0)
+            {// escape LIKE specials %_
+                $ch = '\\'.$ch;
+            }
             $crt_token .= $ch;
         }

trunk/include/functions_session.inc.php

@@ -91 +91 @@
 }
 
+function get_remote_addr_session_hash()
+{
+        return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
+}
+
 /**
  * this function returns
@@ -103 +108 @@
 SELECT data
   FROM '.SESSIONS_TABLE.'
-  WHERE id = \''.$session_id.'\'
+  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
 ;';
   $result = pwg_query($query);
@@ -129 +134 @@
   SET expiration = now(),
   data = \''.$data.'\'
-  WHERE id = \''.$session_id.'\'
+  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
 ;';
   pwg_query($query);
@@ -139 +144 @@
 INSERT INTO '.SESSIONS_TABLE.'
   (id,data,expiration)
-  VALUES(\''.$session_id.'\',\''.$data.'\',now())
+  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
 ;';
   mysql_query($query);
@@ -155 +160 @@
 DELETE
   FROM '.SESSIONS_TABLE.'
-  WHERE id = \''.$session_id.'\'
+  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
 ;';
   pwg_query($query);

trunk/include/page_header.php

@@ -70 +70 @@
 // refresh
 if ( isset( $refresh ) and intval($refresh) >= 0
-    and isset( $url_link ) and isset( $redirect_msg ) )
+    and isset( $url_link ) )
 {
   $template->assign(
     array(
-      'REDIRECT_MSG' => $redirect_msg,
       'page_refresh' => array(
             'TIME' => $refresh,

trunk/include/template.class.php

@@ -63 +63 @@
     $this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') );
     $this->smarty->register_block('html_head', array(&$this, 'block_html_head') );
-    $this->smarty->register_function('known_script', array(&$this, 'func_known_script'), false );
+    $this->smarty->register_function('known_script', array(&$this, 'func_known_script') );
     $this->smarty->register_prefilter( array('Template', 'prefilter_white_space') );
     if ( $conf['compiled_template_cache_language'] )

trunk/include/ws_core.inc.php

@@ -379 +379 @@
     if ( is_null($this->_responseEncoder) )
     {
-      set_status_header(500);
+      set_status_header(400);
       @header("Content-Type: text/plain");
       echo ("Cannot process your request. Unknown response format.
-Request format: ".@$this->_requestFormat." handler:".$this->_requestHandler."
-Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
-    ");
+Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseFormat."\n");
       var_export($this);
       die(0);
@@ -392 +390 @@
     {
       $this->sendResponse(
-        new PwgError(500, 'Unknown request format')
+        new PwgError(400, 'Unknown request format')
         );
       return;

trunk/include/ws_protocols/rest_handler.php

@@ -31 +31 @@
     foreach ($param_array as $name => $value)
     {
-      if ($name=='format' or $name=='partner')
+      if ($name=='format')
         continue; // ignore - special keys
       if ($name=='method')
@@ -46 +46 @@
     {
       $service->sendResponse(
-          new PwgError(400, 'Missing "method" name')
+          new PwgError(WS_ERR_INVALID_METHOD, 'Missing "method" name')
         );
       return;