source: branches/2.1/include/section_init.inc.php @ 12321

Last change on this file since 12321 was 6905, checked in by plg, 14 years ago

bug 1849 fixed: protect $_GET keys against SQL injections before parsing URL.

  • Property svn:eol-style set to LF
File size: 18.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24/**
25 * This included page checks section related parameter and provides
26 * following informations:
27 *
28 * - $page['title']
29 *
30 * - $page['items']: ordered list of items to display
31 *
32 */
33
34// "index.php?/category/12-foo/start-24" or
35// "index.php/category/12-foo/start-24"
36// must return :
37//
38// array(
39//   'section'  => 'categories',
40//   'category' => array('id'=>12, ...),
41//   'start'    => 24
42//   );
43
44$page['items'] = array();
45
46// some ISPs set PATH_INFO to empty string or to SCRIPT_FILENAME while in the
47// default apache implementation it is not set
48if ( $conf['question_mark_in_urls']==false and
49     isset($_SERVER["PATH_INFO"]) and !empty($_SERVER["PATH_INFO"]) )
50{
51  $rewritten = $_SERVER["PATH_INFO"];
52  $rewritten = str_replace('//', '/', $rewritten);
53  $path_count = count( explode('/', $rewritten) );
54  $page['root_path'] = PHPWG_ROOT_PATH.str_repeat('../', $path_count-1);
55}
56else
57{
58  $rewritten = '';
59  foreach (array_keys($_GET) as $keynum => $key)
60  {
61    $rewritten = $key;
62    break;
63  }
64 
65  // the $_GET keys are not protected in include/common.inc.php, only the values
66  $rewritten = pwg_db_real_escape_string($rewritten);
67 
68  $page['root_path'] = PHPWG_ROOT_PATH;
69}
70
71// deleting first "/" if displayed
72$tokens = explode('/', ltrim($rewritten, '/') );
73// $tokens = array(
74//   0 => category,
75//   1 => 12-foo,
76//   2 => start-24
77//   );
78
79$next_token = 0;
80if (script_basename() == 'picture') // basename without file extention
81{ // the first token must be the identifier for the picture
82  if ( isset($_GET['image_id'])
83       and isset($_GET['cat']) and is_numeric($_GET['cat']) )
84  {// url compatibility with versions below 1.6
85    $url = make_picture_url( array(
86        'section' => 'categories',
87        'category' => get_cat_info($_GET['cat']),
88        'image_id' => $_GET['image_id']
89      ) );
90    redirect($url);
91  }
92  $token = $tokens[$next_token];
93  $next_token++;
94  if ( is_numeric($token) )
95  {
96    $page['image_id'] = $token;
97    if ($page['image_id']==0)
98    {
99      bad_request('invalid picture identifier');
100    }
101  }
102  else
103  {
104    preg_match('/^(\d+-)?(.*)?$/', $token, $matches);
105    if (isset($matches[1]) and is_numeric($matches[1]=rtrim($matches[1],'-')) )
106    {
107      $page['image_id'] = $matches[1];
108      if ( !empty($matches[2]) )
109      {
110        $page['image_file'] = $matches[2];
111      }
112    }
113    else
114    {
115      $page['image_id'] = 0; // more work in picture.php
116      if ( !empty($matches[2]) )
117      {
118        $page['image_file'] = $matches[2];
119      }
120      else
121      {
122        bad_request('picture identifier is missing');
123      }
124    }
125  }
126}
127
128$page = array_merge( $page, parse_section_url( $tokens, $next_token) );
129
130if ( !isset($page['section']) )
131{
132  $page['section'] = 'categories';
133
134  switch (script_basename())
135  {
136    case 'picture':
137      break;
138    case 'index':
139    {
140      // No section defined, go to selected url
141      if (!empty($conf['random_index_redirect']) and empty($tokens[$next_token]) )
142      {
143        $random_index_redirect = array();
144        foreach ($conf['random_index_redirect'] as $random_url => $random_url_condition)
145        {
146          if (empty($random_url_condition) or eval($random_url_condition))
147          {
148            $random_index_redirect[] = $random_url;
149          }
150        }
151        if (!empty($random_index_redirect))
152        {
153          redirect($random_index_redirect[mt_rand(0, count($random_index_redirect)-1)]);
154        }
155      }
156      break;
157    }
158    default:
159      trigger_error('script_basename "'.script_basename().'" unknown',
160        E_USER_WARNING);
161  }
162}
163
164$page = array_merge( $page, parse_well_known_params_url( $tokens, $next_token) );
165if ( script_basename()=='picture' and 'categories'==$page['section'] and
166      !isset($page['category']) and !isset($page['chronology_field']) )
167{ //access a picture only by id, file or id-file without given section
168  $page['flat']=true;
169}
170
171// $page['nb_image_page'] is the number of picture to display on this page
172// By default, it is the same as the $user['nb_image_page']
173$page['nb_image_page'] = $user['nb_image_page'];
174
175// if flat mode is active, we must consider the image set as a standard set
176// and not as a category set because we can't use the #image_category.rank :
177// displayed images are not directly linked to the displayed category
178if ('categories' == $page['section'] and !isset($page['flat']))
179{
180  $conf['order_by'] = $conf['order_by_inside_category'];
181}
182
183if (pwg_get_session_var('image_order',0) > 0)
184{
185  $image_order_id = pwg_get_session_var('image_order');
186
187  $orders = get_category_preferred_image_orders();
188
189  // the current session stored image_order might be not compatible with
190  // current image set, for example if the current image_order is the rank
191  // and that we are displaying images related to a tag.
192  //
193  // In case of incompatibility, the session stored image_order is removed.
194  if ($orders[$image_order_id][2])
195  {
196    $conf['order_by'] = str_replace(
197      'ORDER BY ',
198      'ORDER BY '.$orders[$image_order_id][1].',',
199      $conf['order_by']
200    );
201    $page['super_order_by'] = true;
202
203  }
204  else
205  {
206    pwg_unset_session_var('image_order');
207    $page['super_order_by'] = false;
208  }
209}
210
211$forbidden = get_sql_condition_FandF(
212      array
213        (
214          'forbidden_categories' => 'category_id',
215          'visible_categories' => 'category_id',
216          'visible_images' => 'id'
217        ),
218      'AND'
219  );
220
221// +-----------------------------------------------------------------------+
222// |                              category                                 |
223// +-----------------------------------------------------------------------+
224if ('categories' == $page['section'])
225{
226  if (isset($page['category']))
227  {
228    $page = array_merge(
229      $page,
230      array(
231        'comment'           =>
232            trigger_event(
233              'render_category_description',
234              $page['category']['comment'],
235              'main_page_category_description'
236            ),
237        'title'             => get_cat_display_name($page['category']['upper_names'], '', false),
238        )
239      );
240  }
241  else
242    $page['title'] = ''; // will be set later
243
244  if
245    (
246      (!isset($page['chronology_field'])) and
247      (
248        (isset($page['category'])) or
249        (isset($page['flat']))
250      )
251    )
252  {
253    if ( !empty($page['category']['image_order']) and !isset($page['super_order_by']) )
254    {
255      $conf[ 'order_by' ] = ' ORDER BY '.$page['category']['image_order'];
256    }
257
258    if (isset($page['flat']))
259    {// flat categories mode
260      if ( isset($page['category']) )
261      { // get all allowed sub-categories
262        $query = '
263SELECT id
264  FROM '.CATEGORIES_TABLE.'
265  WHERE
266    uppercats LIKE \''.$page['category']['uppercats'].',%\' '
267    .get_sql_condition_FandF(
268      array
269        (
270          'forbidden_categories' => 'id',
271          'visible_categories' => 'id',
272        ),
273      "\n  AND"
274          );
275        $subcat_ids = array_from_query($query, 'id');
276        $subcat_ids[] = $page['category']['id'];
277        $where_sql = 'category_id IN ('.implode(',',$subcat_ids).')';
278        // remove categories from forbidden because just checked above
279        $forbidden = get_sql_condition_FandF(
280              array( 'visible_images' => 'id' ),
281              'AND'
282          );
283      }
284      else
285      {
286        $where_sql = '1=1';
287      }
288    }
289    else
290    {// Normal mode
291      $where_sql = 'category_id = '.$page['category']['id'];
292    }
293
294    // Main query
295    $query = '
296SELECT DISTINCT(image_id)
297  FROM '.IMAGE_CATEGORY_TABLE.'
298    INNER JOIN '.IMAGES_TABLE.' ON id = image_id
299  WHERE
300    '.$where_sql.'
301'.$forbidden.'
302  '.$conf['order_by'].'
303;';
304
305    $page['items'] = array_from_query($query, 'image_id');
306  } //otherwise the calendar will requery all subitems
307}
308// special sections
309else
310{
311// +-----------------------------------------------------------------------+
312// |                            tags section                               |
313// +-----------------------------------------------------------------------+
314  if ($page['section'] == 'tags')
315  {
316    $page['tag_ids'] = array();
317    foreach ($page['tags'] as $tag)
318    {
319      array_push($page['tag_ids'], $tag['id']);
320    }
321
322    $items = get_image_ids_for_tags($page['tag_ids']);
323
324    // permissions depends on category, so to only keep images that are
325    // reachable to the connected user, we need to check category
326    // associations
327    if (!empty($items) )
328    {
329      $query = '
330SELECT DISTINCT image_id
331  FROM '.IMAGE_CATEGORY_TABLE.' INNER JOIN '.IMAGES_TABLE.' ON image_id=id
332  WHERE image_id IN ('.implode(',', $items).')
333    '.$forbidden.
334    $conf['order_by'].'
335;';
336      $items =  array_from_query($query, 'image_id');
337    }
338
339    $page = array_merge(
340      $page,
341      array(
342        'title' => get_tags_content_title(),
343        'items' => $items,
344        )
345      );
346  }
347// +-----------------------------------------------------------------------+
348// |                           search section                              |
349// +-----------------------------------------------------------------------+
350  if ($page['section'] == 'search')
351  {
352    include_once( PHPWG_ROOT_PATH .'include/functions_search.inc.php' );
353
354    $search_result = get_search_results($page['search'], @$page['super_order_by'] );
355    if ( isset($search_result['qs']) )
356    {//save the details of the query search
357      $page['qsearch_details'] = $search_result['qs'];
358    }
359
360    $page = array_merge(
361      $page,
362      array(
363        'items' => $search_result['items'],
364        'title' => '<a href="'.duplicate_index_url(array('start'=>0)).'">'
365                  .l10n('Search results').'</a>',
366        )
367      );
368  }
369// +-----------------------------------------------------------------------+
370// |                           favorite section                            |
371// +-----------------------------------------------------------------------+
372  else if ($page['section'] == 'favorites')
373  {
374    check_user_favorites();
375
376    $page = array_merge(
377      $page,
378      array(
379        'title' => l10n('Favorites')
380      )
381    );
382
383    if (!empty($_GET['action']) && ($_GET['action'] == 'remove_all_from_favorites'))
384    {
385      $query = '
386DELETE FROM '.FAVORITES_TABLE.'
387  WHERE user_id = '.$user['id'].'
388;';
389      pwg_query($query);
390      redirect(make_index_url( array('section'=>'favorites') ));
391    }
392    else
393    {
394      $query = '
395SELECT image_id
396  FROM '.FAVORITES_TABLE.'
397    INNER JOIN '.IMAGES_TABLE.' ON image_id = id
398  WHERE user_id = '.$user['id'].'
399'.get_sql_condition_FandF
400  (
401    array
402      (
403        'visible_images' => 'id'
404      ),
405    'AND'
406  ).'
407  '.$conf['order_by'].'
408;';
409      $page = array_merge(
410        $page,
411        array(
412          'items' => array_from_query($query, 'image_id'),
413         )
414      );
415
416      if (count($page['items'])>0)
417      {
418        $template->assign(
419          'favorite',
420          array(
421            'FAVORITE_IMG'  =>
422            get_root_url().get_themeconf('icon_dir').'/del_all_favorites.png',
423            'U_FAVORITE'    => add_url_params(
424              make_index_url( array('section'=>'favorites') ),
425              array('action'=>'remove_all_from_favorites')
426               ),
427             )
428           );
429      }
430    }
431  }
432// +-----------------------------------------------------------------------+
433// |                       recent pictures section                         |
434// +-----------------------------------------------------------------------+
435  else if ($page['section'] == 'recent_pics')
436  {
437    if ( !isset($page['super_order_by']) )
438    {
439      $conf['order_by'] = str_replace(
440        'ORDER BY ',
441        'ORDER BY date_available DESC,',
442        $conf['order_by']
443        );
444    }
445
446    $query = '
447SELECT DISTINCT(id)
448  FROM '.IMAGES_TABLE.'
449    INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON id = ic.image_id
450  WHERE
451    date_available >= '.pwg_db_get_recent_period_expression($user['recent_period']).'
452    '.$forbidden.'
453  '.$conf['order_by'].'
454;';
455
456    $page = array_merge(
457      $page,
458      array(
459        'title' => '<a href="'.duplicate_index_url(array('start'=>0)).'">'
460                  .l10n('Recent pictures').'</a>',
461        'items' => array_from_query($query, 'id'),
462        )
463      );
464  }
465// +-----------------------------------------------------------------------+
466// |                 recently updated categories section                   |
467// +-----------------------------------------------------------------------+
468  else if ($page['section'] == 'recent_cats')
469  {
470    $page = array_merge(
471      $page,
472      array(
473        'title' => l10n('Recent categories'),
474        )
475      );
476  }
477// +-----------------------------------------------------------------------+
478// |                        most visited section                           |
479// +-----------------------------------------------------------------------+
480  else if ($page['section'] == 'most_visited')
481  {
482    $page['super_order_by'] = true;
483    $conf['order_by'] = ' ORDER BY hit DESC, file ASC';
484    $query = '
485SELECT DISTINCT(id), hit, file
486  FROM '.IMAGES_TABLE.'
487    INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON id = ic.image_id
488  WHERE hit > 0
489    '.$forbidden.'
490    '.$conf['order_by'].'
491  LIMIT '.$conf['top_number'].'
492;';
493
494    $page = array_merge(
495      $page,
496      array(
497        'title' => '<a href="'.duplicate_index_url(array('start'=>0)).'">'
498                  .$conf['top_number'].' '.l10n('Most visited').'</a>',
499        'items' => array_from_query($query, 'id'),
500        )
501      );
502  }
503// +-----------------------------------------------------------------------+
504// |                          best rated section                           |
505// +-----------------------------------------------------------------------+
506  else if ($page['section'] == 'best_rated')
507  {
508    $page['super_order_by'] = true;
509    $conf['order_by'] = ' ORDER BY average_rate DESC, id ASC';
510
511    $query ='
512SELECT DISTINCT(id), average_rate
513  FROM '.IMAGES_TABLE.'
514    INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON id = ic.image_id
515  WHERE average_rate IS NOT NULL
516    '.$forbidden.'
517    '.$conf['order_by'].'
518  LIMIT '.$conf['top_number'].'
519;';
520    $page = array_merge(
521      $page,
522      array(
523        'title' => '<a href="'.duplicate_index_url(array('start'=>0)).'">'
524                  .$conf['top_number'].' '.l10n('Best rated').'</a>',
525        'items' => array_from_query($query, 'id'),
526        )
527      );
528  }
529// +-----------------------------------------------------------------------+
530// |                             list section                              |
531// +-----------------------------------------------------------------------+
532  else if ($page['section'] == 'list')
533  {
534    $query ='
535SELECT DISTINCT(id)
536  FROM '.IMAGES_TABLE.'
537    INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON id = ic.image_id
538  WHERE image_id IN ('.implode(',', $page['list']).')
539    '.$forbidden.'
540  '.$conf['order_by'].'
541;';
542
543    $page = array_merge(
544      $page,
545      array(
546        'title' => '<a href="'.duplicate_index_url(array('start'=>0)).'">'
547                    .l10n('Random pictures').'</a>',
548        'items' => array_from_query($query, 'id'),
549        )
550      );
551  }
552}
553
554// +-----------------------------------------------------------------------+
555// |                             chronology                                |
556// +-----------------------------------------------------------------------+
557
558if (isset($page['chronology_field']))
559{
560  include_once( PHPWG_ROOT_PATH.'include/functions_calendar.inc.php' );
561  initialize_calendar();
562}
563
564// title update
565if (isset($page['title']))
566{
567  if (!empty($page['title']))
568        {
569          $page['title'] = $conf['level_separator'].$page['title'];
570        }
571  $page['title'] = '<a href="'.get_gallery_home_url().'">'.l10n('Home').'</a>'.$page['title'];
572}
573
574// add meta robots noindex, nofollow to avoid unnecesary robot crawls
575$page['meta_robots']=array();
576if ( isset($page['chronology_field'])
577      or ( isset($page['flat']) and isset($page['category']) )
578      or 'list'==$page['section'] or 'recent_pics'==$page['section'] )
579{
580  $page['meta_robots']=array('noindex'=>1, 'nofollow'=>1);
581}
582elseif ('tags' == $page['section'])
583{
584  if ( count($page['tag_ids'])>1 )
585  {
586    $page['meta_robots']=array('noindex'=>1, 'nofollow'=>1);
587  }
588}
589elseif ('recent_cats'==$page['section'])
590{
591  $page['meta_robots']['noindex']=1;
592}
593elseif ('search'==$page['section'])
594{
595  $page['meta_robots']['nofollow']=1;
596}
597if ( $filter['enabled'] )
598{
599  $page['meta_robots']['noindex']=1;
600}
601
602// see if we need a redirect because of a permalink
603if ( 'categories'==$page['section'] and isset($page['category']) )
604{
605  $need_redirect=false;
606  if ( empty($page['category']['permalink']) )
607  {
608    if ( $conf['category_url_style'] == 'id-name' and
609        @$page['hit_by']['cat_url_name'] !== str2url($page['category']['name']) )
610    {
611      $need_redirect=true;
612    }
613  }
614  else
615  {
616    if ( $page['category']['permalink'] !== @$page['hit_by']['cat_permalink'] )
617    {
618      $need_redirect=true;
619    }
620  }
621
622  if ($need_redirect)
623  {
624    $redirect_url = ( script_basename()=='picture'
625        ? duplicate_picture_url()
626          : duplicate_index_url()
627      );
628    if (!headers_sent())
629    { // this is a permanent redirection
630      set_status_header(301);
631      redirect_http( $redirect_url );
632    }
633    redirect( $redirect_url );
634  }
635  unset( $need_redirect, $page['hit_by'] );
636}
637
638trigger_action('loc_end_section_init');
639?>
Note: See TracBrowser for help on using the repository browser.