Piwigo.org

mistic100 · 2013-01-19 14:07:28

Hi,

I spent 3 hours trying to figure out why http://hybridauth.sourceforge.net/ didn't work with Piwigo

first I forgot that Piwigo change the session name
then I forgot that Piwigo store the session in the database

And after fixing all that, things still not work !!!

I dump all the session variable many time before realized that the return value from the database was corrupted (HybridAuth stores a complex serialized array in the session)

And I found that it's Piwigo which corrupt the datas : in functions_session.inc.php, function pwg_session_write()
datas are protected with str_replace("'", "\'", $data), I replaced it with pwg_db_real_escape_string($data) and miracle, all that stuff work !

was there a good reason to not use real_escape_string ?

nicolas · 2013-01-19 21:18:15

mistic100 wrote:
And I found that it's Piwigo which corrupt the datas : in functions_session.inc.php, function pwg_session_write()
datas are protected with str_replace("'", "\'", $data), I replaced it with pwg_db_real_escape_string($data) and miracle, all that stuff work !

was there a good reason to not use real_escape_string ?

You're right, data must be escaped with mysql_real_escape_string. I didn't remember why this had not been done.
But you introduce the ugly str_replace : http://piwigo.org/dev/changeset/12767/t … on.inc.php

mistic100 · 2013-01-19 21:30:37

:facepalm to myself:

Piwigo.org

Announcement

#1 2013-01-19 14:07:28

[resolved] Session storage system

#2 2013-01-19 21:18:15

Re: [resolved] Session storage system

mistic100 wrote:

#3 2013-01-19 21:30:37

Re: [resolved] Session storage system

Board footer