Changeset 2521


Ignore:
Timestamp:
Sep 12, 2008, 4:17:35 AM (16 years ago)
Author:
rvelices
Message:
  • images.file categories.permalink old_permalinks.permalink - become binary
  • session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range)
  • metadata sync from the sync button does not overwrite valid data with empty metadata
  • other small fixes/enhancements:
    • added event get_category_image_orders
    • fix display issue with redirect.tpl (h1/h2 within h1)
    • fix known_script smarty function registration
    • query search form not submitted if q is empty
    • better admin css rules
    • some other minor changes (ws_core, rest_handler, functions_search...)
Location:
trunk
Files:
1 added
16 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/include/functions_metadata.php

    r2299 r2521  
    2929{
    3030  global $conf, $page;
    31  
     31
    3232  $map = $conf['use_iptc_mapping'];
    33  
     33
    3434  $iptc = get_iptc_data($file, $map);
    3535
     
    109109    array_push($image_ids, $id);
    110110  }
    111  
     111
    112112  $query = '
    113113SELECT id
     
    119119;';
    120120
    121   $result = pwg_query($query);
    122   while ($row = mysql_fetch_array($result))
    123   {
    124     array_push($has_high_images, $row['id']);
    125   }
     121  $has_high_images = array_from_query($query, 'id');
    126122
    127123  foreach ($files as $id => $file)
     
    130126    $data['id'] = $id;
    131127    $data['filesize'] = floor(filesize($file)/1024);
    132  
     128
    133129    if ($image_size = @getimagesize($file))
    134130    {
     
    143139      $data['high_filesize'] = floor(filesize($high_file)/1024);
    144140    }
    145  
     141
    146142    if ($conf['use_exif'])
    147143    {
     
    162158              $tags_of[$id] = array();
    163159            }
    164            
     160
    165161            foreach (explode(',', $iptc[$key]) as $tag_name)
    166162            {
     
    179175    array_push($datas, $data);
    180176  }
    181  
     177
    182178  if (count($datas) > 0)
    183179  {
     
    190186        'date_metadata_update'
    191187        );
    192    
     188
    193189    if ($conf['use_exif'])
    194190    {
     
    199195          );
    200196    }
    201    
     197
    202198    if ($conf['use_iptc'])
    203199    {
     
    218214        'update'  => array_unique($update_fields)
    219215        ),
    220       $datas
     216      $datas,
     217      MASS_UPDATES_SKIP_EMPTY
    221218      );
    222219  }
     
    235232 * @return array
    236233 */
    237 function get_filelist($category_id = '', $site_id=1, $recursive = false, 
     234function get_filelist($category_id = '', $site_id=1, $recursive = false,
    238235                      $only_new = false)
    239236{
    240237  // filling $cat_ids : all categories required
    241238  $cat_ids = array();
    242  
     239
    243240  $query = '
    244241SELECT id
     
    293290    $files[$row['id']] = $row['path'];
    294291  }
    295  
     292
    296293  return $files;
    297294}
  • trunk/admin/template/yoga/default-layout.css

    r2503 r2521  
    291291  font-size: 1em;       /* <= some browsers don't set it correctly */
    292292}
    293 UL, DL { text-align: left;}
     293UL, DL, OL { text-align: left;}
    294294TABLE {                 /* horizontaly centered */
    295295  margin-left: auto;
  • trunk/admin/template/yoga/layout.css

    r2390 r2521  
    1 /* $Id$ */
    21
    32/* template css */
    4 @import "menubar.css";
     3/*@import "menubar.css";*/
    54@import "content.css";
    65@import "thumbnails.css";
  • trunk/admin/template/yoga/theme/admin/theme.css

    r2503 r2521  
    4545.content dl, dd { margin:5px; }
    4646.content div.titrePage { height:55px; }
    47 .content ol li { text-align: left; }
    4847.instructions { text-align: left; padding: 20px 20px 0 20px; }
    4948.throw, td h3 {
    5049 background-image: url(images/fillet.png); background-repeat: repeat-x; }
    51 .browsePath a { color: #eee; }
    5250/* borders */ /* TODO */
    5351INPUT, SELECT, TEXTAREA { border-left: 2px inset #696969;
  • trunk/include/functions.inc.php

    r2505 r2521  
    748748  if (empty($msg))
    749749  {
    750     $redirect_msg = l10n('redirect_msg');
    751   }
    752   else
    753   {
    754     $redirect_msg = $msg;
    755   }
    756   $redirect_msg = nl2br($redirect_msg);
     750    $msg = nl2br(l10n('redirect_msg'));
     751  }
    757752
    758753  $refresh = $refresh_time;
     
    765760
    766761  $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
     762  $template->assign('REDIRECT_MSG', $msg);
     763
    767764  $template->parse('redirect');
    768765
  • trunk/include/functions_category.inc.php

    r2517 r2521  
    259259{
    260260  global $conf, $page;
    261  
    262   return array(
     261
     262  return trigger_event('get_category_preferred_image_orders',
     263    array(
    263264    array(l10n('default_sort'), '', true),
    264265    array(l10n('Average rate'), 'average_rate DESC', $conf['rate']),
     
    270271      l10n('Rank'),
    271272      'rank ASC',
    272       ('categories' == $page['section'] and !isset($page['flat']))
     273      ('categories' == @$page['section'] and !isset($page['flat']))
    273274      )
    274     );
     275    ));
    275276}
    276277
  • trunk/include/functions_search.inc.php

    r2451 r2521  
    353353        else
    354354        {
     355          if ( strcspn($ch, '%_')==0)
     356          {// escape LIKE specials %_
     357            $ch = '\\'.$ch;
     358          }
    355359          $crt_token .= $ch;
    356360        }
     
    367371            break;
    368372          default:
     373            if ( strcspn($ch, '%_')==0)
     374            {// escape LIKE specials %_
     375                $ch = '\\'.$ch;
     376            }
    369377            $crt_token .= $ch;
    370378        }
  • trunk/include/functions_session.inc.php

    r2299 r2521  
    9191}
    9292
     93function get_remote_addr_session_hash()
     94{
     95        return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
     96}
     97
    9398/**
    9499 * this function returns
     
    103108SELECT data
    104109  FROM '.SESSIONS_TABLE.'
    105   WHERE id = \''.$session_id.'\'
     110  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
    106111;';
    107112  $result = pwg_query($query);
     
    129134  SET expiration = now(),
    130135  data = \''.$data.'\'
    131   WHERE id = \''.$session_id.'\'
     136  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
    132137;';
    133138  pwg_query($query);
     
    139144INSERT INTO '.SESSIONS_TABLE.'
    140145  (id,data,expiration)
    141   VALUES(\''.$session_id.'\',\''.$data.'\',now())
     146  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
    142147;';
    143148  mysql_query($query);
     
    155160DELETE
    156161  FROM '.SESSIONS_TABLE.'
    157   WHERE id = \''.$session_id.'\'
     162  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
    158163;';
    159164  pwg_query($query);
  • trunk/include/page_header.php

    r2299 r2521  
    7070// refresh
    7171if ( isset( $refresh ) and intval($refresh) >= 0
    72     and isset( $url_link ) and isset( $redirect_msg ) )
     72    and isset( $url_link ) )
    7373{
    7474  $template->assign(
    7575    array(
    76       'REDIRECT_MSG' => $redirect_msg,
    7776      'page_refresh' => array(
    7877            'TIME' => $refresh,
  • trunk/include/template.class.php

    r2513 r2521  
    6363    $this->smarty->register_modifier( 'explode', array('Template', 'mod_explode') );
    6464    $this->smarty->register_block('html_head', array(&$this, 'block_html_head') );
    65     $this->smarty->register_function('known_script', array(&$this, 'func_known_script'), false );
     65    $this->smarty->register_function('known_script', array(&$this, 'func_known_script') );
    6666    $this->smarty->register_prefilter( array('Template', 'prefilter_white_space') );
    6767    if ( $conf['compiled_template_cache_language'] )
  • trunk/include/ws_core.inc.php

    r2499 r2521  
    379379    if ( is_null($this->_responseEncoder) )
    380380    {
    381       set_status_header(500);
     381      set_status_header(400);
    382382      @header("Content-Type: text/plain");
    383383      echo ("Cannot process your request. Unknown response format.
    384 Request format: ".@$this->_requestFormat." handler:".$this->_requestHandler."
    385 Response format: ".@$this->_responseFormat." encoder:".$this->_responseEncoder."
    386     ");
     384Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseFormat."\n");
    387385      var_export($this);
    388386      die(0);
     
    392390    {
    393391      $this->sendResponse(
    394         new PwgError(500, 'Unknown request format')
     392        new PwgError(400, 'Unknown request format')
    395393        );
    396394      return;
  • trunk/include/ws_protocols/rest_handler.php

    r2299 r2521  
    3131    foreach ($param_array as $name => $value)
    3232    {
    33       if ($name=='format' or $name=='partner')
     33      if ($name=='format')
    3434        continue; // ignore - special keys
    3535      if ($name=='method')
     
    4646    {
    4747      $service->sendResponse(
    48           new PwgError(400, 'Missing "method" name')
     48          new PwgError(WS_ERR_INVALID_METHOD, 'Missing "method" name')
    4949        );
    5050      return;
  • trunk/install/piwigo_structure.sql

    r2518 r2521  
    3737  `global_rank` varchar(255) default NULL,
    3838  `image_order` varchar(128) default NULL,
    39   `permalink` varchar(64) default NULL,
     39  `permalink` varchar(64) binary default NULL,
    4040  PRIMARY KEY  (`id`),
    4141  UNIQUE KEY `categories_i3` (`permalink`),
     
    175175CREATE TABLE `piwigo_images` (
    176176  `id` mediumint(8) unsigned NOT NULL auto_increment,
    177   `file` varchar(255) NOT NULL default '',
     177  `file` varchar(255) binary NOT NULL default '',
    178178  `date_available` datetime NOT NULL default '0000-00-00 00:00:00',
    179179  `date_creation` date default NULL,
     
    209209CREATE TABLE `piwigo_old_permalinks` (
    210210  `cat_id` smallint(5) unsigned NOT NULL default '0',
    211   `permalink` varchar(64) NOT NULL default '',
     211  `permalink` varchar(64) binary NOT NULL default '',
    212212  `date_deleted` datetime NOT NULL default '0000-00-00 00:00:00',
    213213  `last_hit` datetime default NULL,
  • trunk/picture.php

    r2513 r2521  
    537537    if (!empty($id_pict_redirect))
    538538    {
    539       // $redirect_msg, $refresh, $url_link and $title are required for creating
     539      // $refresh, $url_link and $title are required for creating
    540540      // an automated refresh page in header.tpl
    541541      $refresh = $slideshow_params['period'];
     
    544544          $slideshow_url_params
    545545        );
    546       $redirect_msg = nl2br(l10n('redirect_msg'));
    547546    }
    548547  }
  • trunk/template/yoga/menubar_menu.tpl

    r2488 r2521  
    1 <dt>{$block->get_title()|@translate}</dt>
     1<dt>{'title_menu'|@translate}</dt>
    22<dd>
    3         <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch">
     3        <form action="{$ROOT_URL}qsearch.php" method="get" id="quicksearch" onsubmit="return this.q.value!='' && this.q.value!=qsearch_prompt;">
    44                <p style="margin:0;padding:0"{*this <p> is for html validation only - does not affect positioning*}>
    55                        <input type="text" name="q" id="qsearchInput" onfocus="if (value==qsearch_prompt) value='';" onblur="if (value=='') value=qsearch_prompt;" style="width:90%"/>
  • trunk/template/yoga/redirect.tpl

    r2489 r2521  
    11{* $Id$ *}
    2 <h2>{$REDIRECT_MSG}</h2>
    3 <p style="text-align:center; margin: 2em">
     2{html_head}
     3<style type="text/css">#the_page {ldelim}text-align:center;} </style>
     4{/html_head}
     5
     6<div>
     7        {$REDIRECT_MSG}
     8</div>
     9
     10<p style="margin: 2em">
    411        <a href="{$page_refresh.U_REFRESH}">
    512                {'click_to_redirect'|@translate}
Note: See TracChangeset for help on using the changeset viewer.