Changeset 20762
- Timestamp:
- Feb 15, 2013, 2:04:39 PM (11 years ago)
- Location:
- extensions/user_tags
- Files:
-
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/user_tags/CHANGELOG
r20252 r20762 1 User Tags 0.7.3 - 2013-02-15 2 ================================ 3 * Fix issue that altering picture page content 4 * Fix possible sql injections issues 5 1 6 User Tags 0.7.2 - 2013-01-18 2 7 ================================ -
extensions/user_tags/admin.php
r20251 r20762 62 62 63 63 $template->assign('U_HELP', get_root_url().'admin/popuphelp.php?page=readme'); 64 ?> -
extensions/user_tags/include/constants.inc.php
r20251 r20762 27 27 define('T4U_JS', PHPWG_PLUGINS_PATH . basename(T4U_PLUGIN_ROOT). '/js'); 28 28 define('T4U_WS', 'user_tags.tags.'); 29 ?> -
extensions/user_tags/include/default_values.inc.php
r20251 r20762 22 22 $default_values = array(); 23 23 $default_values['t4u_permission_update'] = null; 24 ?> -
extensions/user_tags/include/t4u_config.class.php
r20252 r20762 89 89 and is_autorize_status(get_access_type_status($this->getPermission($permission)))); 90 90 } 91 91 92 92 public static function plugin_admin_menu($menu) { 93 93 $menu[] = array('NAME' => T4U_PLUGIN_NAME, 94 94 'URL' => get_admin_plugin_menu_link(T4U_PLUGIN_ROOT .'/admin.php') 95 95 ); 96 96 97 97 return $menu; 98 98 } … … 122 122 } 123 123 } 124 ?> -
extensions/user_tags/include/t4u_content.class.php
r20251 r20762 47 47 $related_tags = array(); 48 48 if (!empty($template->smarty->_tpl_vars['related_tags'])) { 49 50 51 52 49 foreach ($template->smarty->_tpl_vars['related_tags'] as $id => $tag_infos) { 50 $related_tags['~~'.$tag_infos['id'].'~~'] = $tag_infos['name']; 51 } 52 $template->assign('T4U_RELATED_TAGS', $related_tags); 53 53 } 54 54 … … 56 56 $template->assign_var_from_handle('PLUGIN_PICTURE_AFTER', 'add_tags'); 57 57 } 58 59 return $content; 58 60 } 59 61 … … 65 67 } 66 68 } 67 ?> -
extensions/user_tags/include/t4u_ws.class.php
r20252 r20762 43 43 $query = 'SELECT id AS tag_id, name AS tag_name FROM '.TAGS_TABLE; 44 44 if (!empty($params['q'])) { 45 $query .= sprintf(' WHERE name like \'%%%s%%\'', $params['q']);45 $query .= sprintf(' WHERE name like \'%%%s%%\'', pwg_db_real_escape_string($params['q'])); 46 46 } 47 47 … … 68 68 $message = ''; 69 69 70 $query = ' 71 SELECT 72 tag_id, 73 name AS tag_name 74 FROM '.IMAGE_TAG_TABLE.' AS it 75 JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id 76 WHERE image_id = '.(int) $params['image_id'].' 77 ;'; 70 $query = 'SELECT tag_id, name AS tag_name'; 71 $query .= ' FROM '.IMAGE_TAG_TABLE.' AS it'; 72 $query .= ' JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id'; 73 $query .= sprintf(' WHERE image_id = %s', pwg_db_real_escape_string($params['image_id'])); 78 74 79 75 $current_tags = $this->__makeTagsList($query); … … 107 103 if (empty($tags_to_associate)) { // remove all tags for an image 108 104 $query = 'DELETE FROM '.IMAGE_TAG_TABLE; 109 $query .= sprintf(' WHERE image_id = %d', $params['image_id']);105 $query .= sprintf(' WHERE image_id = %d', pwg_db_real_escape_string($params['image_id'])); 110 106 pwg_query($query); 111 107 } else { -
extensions/user_tags/init.php
r20252 r20762 46 46 47 47 set_plugin_data($plugin['id'], $plugin_config); 48 ?> -
extensions/user_tags/main.inc.php
r20252 r20762 22 22 /* 23 23 Plugin Name: User Tags 24 Version: 0.7. 224 Version: 0.7.3 25 25 Description: Allow visitors to add tag to images 26 26 Plugin URI: http://piwigo.org/ext/extension_view.php?eid=441 … … 34 34 35 35 include_once(dirname(__FILE__).'/init.php'); 36 ?> -
extensions/user_tags/maintain.inc.php
r20252 r20762 40 40 } 41 41 } 42 ?> -
extensions/user_tags/public.php
r20251 r20762 35 35 array($t4u_ws, 'addMethods') 36 36 ); 37 ?>
Note: See TracChangeset
for help on using the changeset viewer.