[fix] PHP 8.1 warnings
This commit is contained in:
parent
d79dc9b49f
commit
e438d95292
1
CHANGES
1
CHANGES
|
@ -50,6 +50,7 @@ v2.38 (Unreleased)
|
|||
[fix] Respect embedded (and non-sRGB) ICC profiles when printing
|
||||
[misc] Have next/prev photo links remember display size
|
||||
[fix] A few warnings triggered by sql query failures
|
||||
[fix] PHP 8.1-related warnings
|
||||
|
||||
v2.37.1 (December 3, 2012)
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ include_once "include/common.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_ADMIN);
|
||||
|
||||
$user_id = pg_escape_string($_REQUEST['user']);
|
||||
$user_id = pg_escape_string($database, $_REQUEST['user']);
|
||||
|
||||
/* First we nuke the user's photos and their associated records */
|
||||
$result = nuke_photos($database, FALSE, $user_id);
|
||||
|
|
|
@ -26,19 +26,19 @@ include_once "include/common.php";
|
|||
$database = site_prolog(PO_USER_TYPE_ADMIN);
|
||||
$auth_handle = new $po_auth();
|
||||
|
||||
$user_id = pg_escape_string($_REQUEST['user']);
|
||||
$type = pg_escape_string($_REQUEST['type']);
|
||||
$email = pg_escape_string($_REQUEST['email']);
|
||||
$username = pg_escape_string($_REQUEST['username']);
|
||||
$hide = pg_escape_string($_REQUEST['hide']);
|
||||
$bulk_upload_enable = pg_escape_string($_REQUEST['bulk_upload_enable']);
|
||||
$local_print_enable = pg_escape_string($_REQUEST['local_print_enable']);
|
||||
$quota_size = pg_escape_string($_REQUEST['quota_size']);
|
||||
$quota_count = pg_escape_string($_REQUEST['quota_count']);
|
||||
$show_ads = pg_escape_string($_REQUEST['show_ads']);
|
||||
$local_path = pg_escape_string($_REQUEST['local_path']);
|
||||
$password_1 = pg_escape_string($_REQUEST['password_1']);
|
||||
$password_2 = pg_escape_string($_REQUEST['password_2']);
|
||||
$user_id = pg_escape_string($database, $_REQUEST['user']);
|
||||
$type = pg_escape_string($database, $_REQUEST['type']);
|
||||
$email = pg_escape_string($database, $_REQUEST['email']);
|
||||
$username = pg_escape_string($database, $_REQUEST['username']);
|
||||
$hide = pg_escape_string($database, $_REQUEST['hide']);
|
||||
$bulk_upload_enable = pg_escape_string($database, $_REQUEST['bulk_upload_enable']);
|
||||
$local_print_enable = pg_escape_string($database, $_REQUEST['local_print_enable']);
|
||||
$quota_size = pg_escape_string($database, $_REQUEST['quota_size']);
|
||||
$quota_count = pg_escape_string($database, $_REQUEST['quota_count']);
|
||||
$show_ads = pg_escape_string($database, $_REQUEST['show_ads']);
|
||||
$local_path = pg_escape_string($database, $_REQUEST['local_path']);
|
||||
$password_1 = pg_escape_string($database, $_REQUEST['password_1']);
|
||||
$password_2 = pg_escape_string($database, $_REQUEST['password_2']);
|
||||
|
||||
$quota_size = $quota_size * 1048576;
|
||||
|
||||
|
|
|
@ -24,9 +24,9 @@ include_once "include/site.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_ADMIN);
|
||||
|
||||
$volume = pg_escape_string($_REQUEST['volume']);
|
||||
$new_volume = pg_escape_string($_REQUEST['new_volume']);
|
||||
$current = pg_escape_string($_REQUEST['current']);
|
||||
$volume = pg_escape_string($database, $_REQUEST['volume']);
|
||||
$new_volume = pg_escape_string($database, $_REQUEST['new_volume']);
|
||||
$current = pg_escape_string($database, $_REQUEST['current']);
|
||||
|
||||
$result = TRUE;
|
||||
|
||||
|
|
|
@ -22,14 +22,14 @@ include_once "include/site.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_CLIENT);
|
||||
|
||||
$album_caption = pg_escape_string($_REQUEST['album_caption']);
|
||||
$album_description = pg_escape_string($_REQUEST['album_description']);
|
||||
$album_access_rights = pg_escape_string($_REQUEST['album_access_rights']);
|
||||
$parent_album = pg_escape_string($_REQUEST['parent']);
|
||||
$password = pg_escape_string($_REQUEST['password']);
|
||||
$spool_seed = pg_escape_string($_REQUEST['spool_seed']);
|
||||
$orderby = pg_escape_string($_REQUEST['order_by']);
|
||||
$event = pg_escape_string($_REQUEST['event']);
|
||||
$album_caption = pg_escape_string($database, $_REQUEST['album_caption']);
|
||||
$album_description = pg_escape_string($database, $_REQUEST['album_description']);
|
||||
$album_access_rights = pg_escape_string($database, $_REQUEST['album_access_rights']);
|
||||
$parent_album = pg_escape_string($database, $_REQUEST['parent']);
|
||||
$password = pg_escape_string($database, $_REQUEST['password']);
|
||||
$spool_seed = pg_escape_string($database, $_REQUEST['spool_seed']);
|
||||
$orderby = pg_escape_string($database, $_REQUEST['order_by']);
|
||||
$event = pg_escape_string($database, $_REQUEST['event']);
|
||||
if ($event != "null") $event = "'$event'";
|
||||
|
||||
$go = TRUE;
|
||||
|
|
|
@ -24,7 +24,7 @@ include_once "include/contacts.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_CLIENT);
|
||||
|
||||
$parent_album = pg_escape_string($_REQUEST['parent']);
|
||||
$parent_album = pg_escape_string($database, $_REQUEST['parent']);
|
||||
|
||||
if ($parent_album)
|
||||
$path_to_album = get_path_to_album($database, $parent_album);
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
include_once "include/config.php";
|
||||
include_once "include/site.php";
|
||||
|
||||
$album_id = pg_escape_string($_REQUEST['album']);
|
||||
$album_id = pg_escape_string($database, $_REQUEST['album']);
|
||||
|
||||
$database = site_prolog(PO_USER_TYPE_CLIENT);
|
||||
$go = TRUE;
|
||||
|
|
|
@ -23,7 +23,7 @@ include_once "include/common.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_CLIENT);
|
||||
|
||||
$album_id = pg_escape_string($_REQUEST['album']);
|
||||
$album_id = pg_escape_string($database, $_REQUEST['album']);
|
||||
|
||||
$album_data = pg_fetch_row(pg_query($database, "
|
||||
select album.identifier, caption, date_of_creation, access_rights, users, parent_album
|
||||
|
|
|
@ -20,14 +20,14 @@
|
|||
include_once "include/config.php";
|
||||
include_once "include/site.php";
|
||||
|
||||
$album_id = pg_escape_string($_REQUEST['album']);
|
||||
$album_name = pg_escape_string($_REQUEST['album_caption']);
|
||||
$album_description = pg_escape_string($_REQUEST['album_description']);
|
||||
$album_access_rights = pg_escape_string($_REQUEST['album_access_rights']);
|
||||
$album_parent = pg_escape_string($_REQUEST['parent']);
|
||||
$password = pg_escape_string($_REQUEST['password']);
|
||||
$event = pg_escape_string($_REQUEST['event']);
|
||||
$orderby = pg_escape_string($_REQUEST['order_by']);
|
||||
$album_id = pg_escape_string($database, $_REQUEST['album']);
|
||||
$album_name = pg_escape_string($database, $_REQUEST['album_caption']);
|
||||
$album_description = pg_escape_string($database, $_REQUEST['album_description']);
|
||||
$album_access_rights = pg_escape_string($database, $_REQUEST['album_access_rights']);
|
||||
$album_parent = pg_escape_string($database, $_REQUEST['parent']);
|
||||
$password = pg_escape_string($database, $_REQUEST['password']);
|
||||
$event = pg_escape_string($database, $_REQUEST['event']);
|
||||
$orderby = pg_escape_string($database, $_REQUEST['order_by']);
|
||||
$keep_thumb = $_REQUEST['keep_thumb'];
|
||||
|
||||
if ($event != "null") $event = "'$event'";
|
||||
|
|
|
@ -25,7 +25,7 @@ include_once "include/orderby.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_CLIENT);
|
||||
|
||||
$album_id = pg_escape_string($_REQUEST['album']);
|
||||
$album_id = pg_escape_string($database, $_REQUEST['album']);
|
||||
|
||||
$album_data = pg_fetch_row(pg_query($database, "select caption, date_of_creation, access_rights, description, parent_album, users, password, event, thumb_ver, orderby from album where identifier='$album_id'"));
|
||||
|
||||
|
|
|
@ -22,8 +22,8 @@ include_once "include/common.php";
|
|||
include_once "include/orderby.php";
|
||||
include_once "include/site.php";
|
||||
|
||||
$album_id = pg_escape_string($_REQUEST['album']);
|
||||
$offset = pg_escape_string(isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
|
||||
$album_id = pg_escape_string($database, $_REQUEST['album']);
|
||||
$offset = pg_escape_string($database, isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
|
||||
|
||||
if ($offset && !is_numeric($offset)) {
|
||||
$offset = 0;
|
||||
|
|
|
@ -24,10 +24,10 @@ include_once "include/common.php";
|
|||
include_once "include/site.php";
|
||||
include_once "include/import.php";
|
||||
|
||||
$select_folder = pg_escape_string($_REQUEST['select_folder']);
|
||||
$select_album = pg_escape_string($_REQUEST['select_album']);
|
||||
$select_folder = pg_escape_string($database, $_REQUEST['select_folder']);
|
||||
$select_album = pg_escape_string($database, $_REQUEST['select_album']);
|
||||
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : FALSE;
|
||||
$selection = pg_escape_string(isset($_REQUEST['selection']) ? $_REQUEST['selection'] : "");
|
||||
$selection = pg_escape_string($database, isset($_REQUEST['selection']) ? $_REQUEST['selection'] : "");
|
||||
$to_update = isset($_REQUEST['to_update']) ? $_REQUEST['to_update'] : array();
|
||||
$recursive = isset($_REQUEST['recursive']);
|
||||
$set_generate_images = $_REQUEST['set_generate_images'];
|
||||
|
@ -56,55 +56,55 @@ $clear_equipment = array();
|
|||
foreach ($to_update as $field) {
|
||||
switch ($field) {
|
||||
case 'set_title':
|
||||
$set_title = pg_escape_string($_REQUEST['title']);
|
||||
$set_title = pg_escape_string($database, $_REQUEST['title']);
|
||||
$update_photo_sql .= " title = '$set_title', ";
|
||||
break;
|
||||
case 'set_author':
|
||||
$set_author = pg_escape_string($_REQUEST['author']);
|
||||
$set_author = pg_escape_string($database, $_REQUEST['author']);
|
||||
$update_photo_sql .= " author = '$set_author', ";
|
||||
break;
|
||||
case 'set_headline':
|
||||
$set_headline = pg_escape_string($_REQUEST['headline']);
|
||||
$set_headline = pg_escape_string($database, $_REQUEST['headline']);
|
||||
$update_photo_sql .= " headline = '$set_headline', ";
|
||||
break;
|
||||
case 'set_caption_writer':
|
||||
$set_caption_writer = pg_escape_string($_REQUEST['caption_writer']);
|
||||
$set_caption_writer = pg_escape_string($database, $_REQUEST['caption_writer']);
|
||||
$update_photo_sql .= " caption_writer = '$set_caption_writer', ";
|
||||
break;
|
||||
case 'set_caption':
|
||||
$set_caption = pg_escape_string($_REQUEST['caption']);
|
||||
$set_caption = pg_escape_string($database, $_REQUEST['caption']);
|
||||
$update_photo_sql .= " caption = '$set_caption', ";
|
||||
break;
|
||||
case 'set_category':
|
||||
$set_category = pg_escape_string($_REQUEST['category']);
|
||||
$set_category = pg_escape_string($database, $_REQUEST['category']);
|
||||
$update_photo_sql .= " category = '$set_category', ";
|
||||
break;
|
||||
case 'set_supplemental_category':
|
||||
$set_supplemental_category = pg_escape_string($_REQUEST['supplemental_category']);
|
||||
$set_supplemental_category = pg_escape_string($database, $_REQUEST['supplemental_category']);
|
||||
$update_photo_sql .= " supplemental_category = '$set_supplemental_category', ";
|
||||
break;
|
||||
case 'set_credit':
|
||||
$set_credit = pg_escape_string($_REQUEST['credit']);
|
||||
$set_credit = pg_escape_string($database, $_REQUEST['credit']);
|
||||
$update_photo_sql .= " credit = '$set_credit', ";
|
||||
break;
|
||||
case 'set_copyright':
|
||||
$set_copyright = pg_escape_string($_REQUEST['copyright']);
|
||||
$set_copyright = pg_escape_string($database, $_REQUEST['copyright']);
|
||||
$update_photo_sql .= " copyright_statement = '$set_copyright', ";
|
||||
break;
|
||||
case 'set_web_statement':
|
||||
$set_web_statement = pg_escape_string($_REQUEST['web_statement']);
|
||||
$set_web_statement = pg_escape_string($database, $_REQUEST['web_statement']);
|
||||
$update_photo_sql .= " web_statement = '$set_web_statement', ";
|
||||
break;
|
||||
case 'set_instructions':
|
||||
$set_instructions = pg_escape_string($_REQUEST['instructions']);
|
||||
$set_instructions = pg_escape_string($database, $_REQUEST['instructions']);
|
||||
$update_photo_sql .= " instructions = '$set_instructions', ";
|
||||
break;
|
||||
case 'set_source':
|
||||
$set_source = pg_escape_string($_REQUEST['source']);
|
||||
$set_source = pg_escape_string($database, $_REQUEST['source']);
|
||||
$update_photo_sql .= " source = '$set_source', ";
|
||||
break;
|
||||
case 'set_transmission_reference':
|
||||
$set_transmission_reference = pg_escape_string($_REQUEST['transmission_reference']);
|
||||
$set_transmission_reference = pg_escape_string($database, $_REQUEST['transmission_reference']);
|
||||
$update_photo_sql .= " transmission_reference = '$set_transmission_reference', ";
|
||||
break;
|
||||
case 'set_date_of_exposure':
|
||||
|
@ -112,92 +112,92 @@ foreach ($to_update as $field) {
|
|||
$update_photo_sql .= " date_of_exposure = $set_date_of_exposure, ";
|
||||
break;
|
||||
case 'set_location':
|
||||
$set_location = pg_escape_string($_REQUEST['location']);
|
||||
$set_location = pg_escape_string($database, $_REQUEST['location']);
|
||||
$update_photo_sql .= " location = $set_location, ";
|
||||
break;
|
||||
case 'set_access_rights':
|
||||
$set_access_rights = pg_escape_string($_REQUEST['access_rights']);
|
||||
$set_access_rights = pg_escape_string($database, $_REQUEST['access_rights']);
|
||||
$update_photo_sql .= " access_rights = $set_access_rights, ";
|
||||
break;
|
||||
case 'set_hide_original':
|
||||
$set_hide_original = pg_escape_string($_REQUEST['hide_original']);
|
||||
$set_hide_original = pg_escape_string($database, $_REQUEST['hide_original']);
|
||||
$update_photo_sql .= " hide_original = '$set_hide_original', ";
|
||||
break;
|
||||
case 'set_store_url':
|
||||
$set_store_url = pg_escape_string($_REQUEST['store_url']);
|
||||
$set_store_url = pg_escape_string($database, $_REQUEST['store_url']);
|
||||
$update_photo_sql .= " store_url = '$set_store_url', ";
|
||||
break;
|
||||
case 'set_remark':
|
||||
$set_remark = pg_escape_string($_REQUEST['remark']);
|
||||
$set_remark = pg_escape_string($database, $_REQUEST['remark']);
|
||||
$update_photo_sql .= " comments = '$set_remark', ";
|
||||
break;
|
||||
case 'set_camera':
|
||||
$set_camera = pg_escape_string($_REQUEST['camera']);
|
||||
$set_camera = pg_escape_string($database, $_REQUEST['camera']);
|
||||
$update_photo_tech_sql .= " camera = $set_camera, ";
|
||||
break;
|
||||
case 'set_camera_metering':
|
||||
$set_camera_metering = pg_escape_string($_REQUEST['camera_metering']);
|
||||
$set_camera_metering = pg_escape_string($database, $_REQUEST['camera_metering']);
|
||||
$update_photo_tech_sql .= " camera_metering = $set_camera_metering, ";
|
||||
break;
|
||||
case 'set_camera_program':
|
||||
$set_camera_program = pg_escape_string($_REQUEST['camera_program']);
|
||||
$set_camera_program = pg_escape_string($database, $_REQUEST['camera_program']);
|
||||
$update_photo_tech_sql .= " camera_program = $set_camera_program, ";
|
||||
break;
|
||||
case 'set_focal_length':
|
||||
$set_focal_length = pg_escape_string($_REQUEST['focal_length']);
|
||||
$set_focal_length = pg_escape_string($database, $_REQUEST['focal_length']);
|
||||
$update_photo_tech_sql .= " focal_length = '$set_focal_length', ";
|
||||
break;
|
||||
case 'set_film':
|
||||
$set_film = pg_escape_string($_REQUEST['film']);
|
||||
$set_film = pg_escape_string($database, $_REQUEST['film']);
|
||||
$update_photo_tech_sql .= " film = $set_film, ";
|
||||
break;
|
||||
case 'set_iso_override':
|
||||
$set_iso_override = pg_escape_string($_REQUEST['iso_override']);
|
||||
$set_iso_override = pg_escape_string($database, $_REQUEST['iso_override']);
|
||||
$update_photo_tech_sql .= " iso_override = $set_iso_override, ";
|
||||
break;
|
||||
case 'set_aperture':
|
||||
$set_aperture = pg_escape_string($_REQUEST['aperture']);
|
||||
$set_aperture = pg_escape_string($database, $_REQUEST['aperture']);
|
||||
$update_photo_tech_sql .= " aperture = '$set_aperture', ";
|
||||
break;
|
||||
case 'set_shutter':
|
||||
$set_shutter = pg_escape_string($_REQUEST['shutter']);
|
||||
$set_shutter = pg_escape_string($database, $_REQUEST['shutter']);
|
||||
$update_photo_tech_sql .= " shutter = $set_shutter, ";
|
||||
break;
|
||||
case 'set_exp_comp':
|
||||
$set_exp_comp = pg_escape_string($_REQUEST['exp_comp']);
|
||||
$set_exp_comp = pg_escape_string($database, $_REQUEST['exp_comp']);
|
||||
$update_photo_tech_sql .= " exposure_comp = $set_exp_comp, ";
|
||||
break;
|
||||
case 'set_exp_diff':
|
||||
$set_exp_diff = pg_escape_string($_REQUEST['exp_diff']);
|
||||
$set_exp_diff = pg_escape_string($database, $_REQUEST['exp_diff']);
|
||||
$update_photo_tech_sql .= " ev_difference = $set_exp_diff, ";
|
||||
break;
|
||||
case 'set_flash_mode':
|
||||
$set_flash_mode = pg_escape_string($_REQUEST['flash_mode']);
|
||||
$set_flash_mode = pg_escape_string($database, $_REQUEST['flash_mode']);
|
||||
$update_photo_tech_sql .= " flash_mode = $set_flash_mode, ";
|
||||
break;
|
||||
case 'set_flash_comp':
|
||||
$set_flash_comp = pg_escape_string($_REQUEST['flash_comp']);
|
||||
$set_flash_comp = pg_escape_string($database, $_REQUEST['flash_comp']);
|
||||
$update_photo_tech_sql .= " flash_comp = $set_flash_comp, ";
|
||||
break;
|
||||
case 'set_scan_params':
|
||||
$param = pg_escape_string($_REQUEST['scan_resolution']);
|
||||
$param = pg_escape_string($database, $_REQUEST['scan_resolution']);
|
||||
$update_photo_tech_sql .= " scan_resolution = $param, ";
|
||||
$param = pg_escape_string($_REQUEST['scan_bitdepth']);
|
||||
$param = pg_escape_string($database, $_REQUEST['scan_bitdepth']);
|
||||
$update_photo_tech_sql .= " scan_bitdepth = $param, ";
|
||||
$param = pg_escape_string($_REQUEST['scan_multiscan']);
|
||||
$param = pg_escape_string($database, $_REQUEST['scan_multiscan']);
|
||||
$update_photo_tech_sql .= " scan_multiscan = $param, ";
|
||||
break;
|
||||
case 'set_geo_location':
|
||||
$pos = pg_escape_string(parse_latitude($_REQUEST['latitude']));
|
||||
$pos = pg_escape_string($database, parse_latitude($_REQUEST['latitude']));
|
||||
if ($pos == "") $pos = "null";
|
||||
$update_photo_tech_sql .= " latitude = $pos, ";
|
||||
$pos = pg_escape_string(parse_latitude($_REQUEST['longitude']));
|
||||
$pos = pg_escape_string($database, parse_latitude($_REQUEST['longitude']));
|
||||
if ($pos == "") $pos = "null";
|
||||
$update_photo_tech_sql .= " longitude = $pos, ";
|
||||
$pos = pg_escape_string($_REQUEST['altitude']);
|
||||
$pos = pg_escape_string($database, $_REQUEST['altitude']);
|
||||
if ($pos == "") $pos = "null";
|
||||
$update_photo_tech_sql .= " altitude = $pos, ";
|
||||
$pos = pg_escape_string($_REQUEST['direction']);
|
||||
$pos = pg_escape_string($database, $_REQUEST['direction']);
|
||||
if ($pos == "") $pos = "null";
|
||||
$update_photo_tech_sql .= " direction = $pos, ";
|
||||
break;
|
||||
|
@ -302,8 +302,8 @@ if ($result && $update_photo_tech_sql != "") {
|
|||
if ($result && $clear_equipment) {
|
||||
foreach ($clear_equipment as $equip) {
|
||||
$parts = explode(":", $equip);
|
||||
$parts[0] = pg_escape_string($parts[0]);
|
||||
$parts[1] = pg_escape_string($parts[1]);
|
||||
$parts[0] = pg_escape_string($database, $parts[0]);
|
||||
$parts[1] = pg_escape_string($database, $parts[1]);
|
||||
|
||||
$result = pg_query($database, "delete from photo_equipment where photo in (select p.identifier from photo p where $sql_selector) and equipment = $parts[0]");
|
||||
}
|
||||
|
@ -312,8 +312,8 @@ if ($result && $clear_equipment) {
|
|||
if ($result && $set_equipment) {
|
||||
foreach ($set_equipment as $equip) {
|
||||
$parts = explode(":", $equip);
|
||||
$parts[0] = pg_escape_string($parts[0]);
|
||||
$parts[1] = pg_escape_string($parts[1]);
|
||||
$parts[0] = pg_escape_string($database, $parts[0]);
|
||||
$parts[1] = pg_escape_string($database, $parts[1]);
|
||||
|
||||
$result = pg_query($database, "insert into photo_equipment (photo, equipment, type) select p.identifier, $parts[0], $parts[1] from photo p where $sql_selector and not exists(select e.photo from photo_equipment e where e.photo = p.identifier and e.equipment = $parts[0])");
|
||||
}
|
||||
|
@ -325,7 +325,7 @@ if ($result) {
|
|||
$keyword = strtolower(trim($keyword));
|
||||
$keyword = trim($keyword);
|
||||
if ($keyword == "") continue;
|
||||
$keyword = pg_escape_string($keyword);
|
||||
$keyword = pg_escape_string($database, $keyword);
|
||||
|
||||
$result = pg_query($database, "insert into photo_keywords (photo, keyword)
|
||||
select p.identifier, '$keyword' from photo p where $sql_selector and not exists (select k.photo from photo_keywords k where k.photo = p.identifier and k.keyword = '$keyword')");
|
||||
|
@ -337,7 +337,7 @@ if ($result) {
|
|||
$keyword = strtolower(trim($keyword));
|
||||
$keyword = trim($keyword);
|
||||
if ($keyword == "") continue;
|
||||
$keyword = pg_escape_string($keyword);
|
||||
$keyword = pg_escape_string($database, $keyword);
|
||||
|
||||
$query = "delete from photo_keywords where keyword = '$keyword' and photo in (select p.identifier from photo p where $sql_selector)";
|
||||
|
||||
|
|
|
@ -32,9 +32,9 @@ function add_camera($database, $user_id,
|
|||
|
||||
$camera_date_of_purchase = check_date_validity($camera_purchase_timestamp);
|
||||
|
||||
$camera_model = pg_escape_string($camera_model);
|
||||
$camera_variation = pg_escape_string($camera_variation);
|
||||
$camera_serial_number = pg_escape_string($camera_serial_number);
|
||||
$camera_model = pg_escape_string($database, $camera_model);
|
||||
$camera_variation = pg_escape_string($database, $camera_variation);
|
||||
$camera_serial_number = pg_escape_string($database, $camera_serial_number);
|
||||
|
||||
$result = TRUE;
|
||||
|
||||
|
@ -66,16 +66,16 @@ function add_camera($database, $user_id,
|
|||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
add_camera($database, $po_user['id'],
|
||||
pg_escape_string($_REQUEST['type_id']),
|
||||
pg_escape_string($_REQUEST['manufacturer_id']),
|
||||
pg_escape_string($_REQUEST['model']),
|
||||
pg_escape_string($_REQUEST['variation']),
|
||||
pg_escape_string($_REQUEST['serial_number']),
|
||||
pg_escape_string($_REQUEST['purchase_timestamp']),
|
||||
pg_escape_string($_REQUEST['purchased_new']),
|
||||
pg_escape_string($_REQUEST['access_rights']),
|
||||
pg_escape_string($_REQUEST['icc_profile']),
|
||||
pg_escape_string($_REQUEST['ignore_comment']));
|
||||
pg_escape_string($database, $_REQUEST['type_id']),
|
||||
pg_escape_string($database, $_REQUEST['manufacturer_id']),
|
||||
pg_escape_string($database, $_REQUEST['model']),
|
||||
pg_escape_string($database, $_REQUEST['variation']),
|
||||
pg_escape_string($database, $_REQUEST['serial_number']),
|
||||
pg_escape_string($database, $_REQUEST['purchase_timestamp']),
|
||||
pg_escape_string($database, $_REQUEST['purchased_new']),
|
||||
pg_escape_string($database, $_REQUEST['access_rights']),
|
||||
pg_escape_string($database, $_REQUEST['icc_profile']),
|
||||
pg_escape_string($database, $_REQUEST['ignore_comment']));
|
||||
site_epilog($database);
|
||||
header("Location: my.profile.php?selector=".$profile_data['camera']['idx']);
|
||||
?>
|
||||
|
|
|
@ -25,7 +25,7 @@ include_once "include/site.php";
|
|||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
$type = "camera";
|
||||
|
||||
$manufacturer_filter = pg_escape_string(isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
|
||||
$manufacturer_filter = pg_escape_string($database, isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
|
||||
$manufacturer = get_generic_query_all($database, "select identifier, name from manufacturer order by name", 'manuf_all');
|
||||
|
||||
switch ($manufacturer_filter) {
|
||||
|
|
|
@ -24,7 +24,7 @@ include_once "include/common.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$camera_id = pg_escape_string($_REQUEST['item']);
|
||||
$camera_id = pg_escape_string($database, $_REQUEST['item']);
|
||||
$number_of_references = pg_fetch_row(pg_query($database, "select number_of_camera_references($camera_id)"));
|
||||
|
||||
/* Ensure the user owns it !*/
|
||||
|
|
|
@ -30,10 +30,10 @@ function update_camera($database, $user_id, $camera_id, $camera_type_id, $camera
|
|||
|
||||
$camera_date_of_purchase = check_date_validity($camera_purchase_timestamp);
|
||||
|
||||
$camera_model = pg_escape_string($camera_model);
|
||||
$camera_variation = pg_escape_string($camera_variation);
|
||||
$camera_serial_number = pg_escape_string($camera_serial_number);
|
||||
$camera_ignore_comment = pg_escape_string($camera_ignore_comment);
|
||||
$camera_model = pg_escape_string($database, $camera_model);
|
||||
$camera_variation = pg_escape_string($database, $camera_variation);
|
||||
$camera_serial_number = pg_escape_string($database, $camera_serial_number);
|
||||
$camera_ignore_comment = pg_escape_string($database, $camera_ignore_comment);
|
||||
|
||||
$result = TRUE;
|
||||
|
||||
|
@ -95,17 +95,17 @@ function update_camera($database, $user_id, $camera_id, $camera_type_id, $camera
|
|||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
update_camera($database, $po_user['id'],
|
||||
pg_escape_string($_REQUEST['item_id']),
|
||||
pg_escape_string($_REQUEST['camera_type_id']),
|
||||
pg_escape_string($_REQUEST['manufacturer_id']),
|
||||
pg_escape_string($_REQUEST['camera_model']),
|
||||
pg_escape_string($_REQUEST['camera_variation']),
|
||||
pg_escape_string($_REQUEST['camera_serial_number']),
|
||||
pg_escape_string($_REQUEST['camera_purchase_timestamp']),
|
||||
pg_escape_string($_REQUEST['camera_purchased_new']),
|
||||
pg_escape_string($_REQUEST['camera_access_rights']),
|
||||
pg_escape_string($_REQUEST['camera_icc_profile']),
|
||||
pg_escape_string($_REQUEST['camera_ignore_comment']));
|
||||
pg_escape_string($database, $_REQUEST['item_id']),
|
||||
pg_escape_string($database, $_REQUEST['camera_type_id']),
|
||||
pg_escape_string($database, $_REQUEST['manufacturer_id']),
|
||||
pg_escape_string($database, $_REQUEST['camera_model']),
|
||||
pg_escape_string($database, $_REQUEST['camera_variation']),
|
||||
pg_escape_string($database, $_REQUEST['camera_serial_number']),
|
||||
pg_escape_string($database, $_REQUEST['camera_purchase_timestamp']),
|
||||
pg_escape_string($database, $_REQUEST['camera_purchased_new']),
|
||||
pg_escape_string($database, $_REQUEST['camera_access_rights']),
|
||||
pg_escape_string($database, $_REQUEST['camera_icc_profile']),
|
||||
pg_escape_string($database, $_REQUEST['camera_ignore_comment']));
|
||||
|
||||
|
||||
site_epilog($database);
|
||||
|
|
|
@ -22,8 +22,8 @@ include_once "include/profile.php";
|
|||
include_once "include/site.php";
|
||||
include_once "include/common.php";
|
||||
|
||||
$manufacturer_filter = pg_escape_string(isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
|
||||
$camera_id = pg_escape_string(array_key_exists('item', $_REQUEST) ? $_REQUEST['item'] : 0);
|
||||
$manufacturer_filter = pg_escape_string($database, isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
|
||||
$camera_id = pg_escape_string($database, array_key_exists('item', $_REQUEST) ? $_REQUEST['item'] : 0);
|
||||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
$type = 'camera';
|
||||
|
|
|
@ -22,7 +22,7 @@ include_once "include/site.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_CLIENT);
|
||||
|
||||
$client_id = pg_escape_string($_REQUEST['client']);
|
||||
$client_id = pg_escape_string($database, $_REQUEST['client']);
|
||||
|
||||
/* Ensure the user owns it !*/
|
||||
if ($po_user['type'] < PO_USER_TYPE_USER) {
|
||||
|
|
|
@ -23,7 +23,7 @@ include_once "include/common.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$client_id = pg_escape_string($_REQUEST['client']);
|
||||
$client_id = pg_escape_string($database, $_REQUEST['client']);
|
||||
|
||||
$result = pg_fetch_row(pg_query($database, "select identifier, client, last_name, first_name, date_of_creation, value, users from view_client where users=$po_user[id] and identifier=$client_id"));
|
||||
|
||||
|
|
|
@ -23,9 +23,9 @@ include_once "include/site.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$client_id = pg_escape_string($_REQUEST['client']);
|
||||
$status = pg_escape_string($_REQUEST['status']);
|
||||
$trusted = pg_escape_string($_REQUEST['trusted']);
|
||||
$client_id = pg_escape_string($database, $_REQUEST['client']);
|
||||
$status = pg_escape_string($database, $_REQUEST['status']);
|
||||
$trusted = pg_escape_string($database, $_REQUEST['trusted']);
|
||||
|
||||
/* Ensure the user owns it !*/
|
||||
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {
|
||||
|
|
|
@ -23,7 +23,7 @@ include_once "include/common.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$client_id = pg_escape_string($_REQUEST['client']);
|
||||
$client_id = pg_escape_string($database, $_REQUEST['client']);
|
||||
|
||||
$result = pg_fetch_row(pg_query($database, " select identifier, client, last_name, first_name, date_of_creation, value, trusted, users from view_client where users=$po_user[id] and identifier=$client_id"));
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ include_once "include/calendar.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_CLIENT);
|
||||
|
||||
$event = isset($_REQUEST['event']) ? pg_escape_string($_REQUEST['event']) : FALSE;
|
||||
$event = isset($_REQUEST['event']) ? pg_escape_string($database, $_REQUEST['event']) : FALSE;
|
||||
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'view';
|
||||
$go = isset($_REQUEST['go']);
|
||||
|
||||
|
@ -67,13 +67,13 @@ if ($go) {
|
|||
break;
|
||||
case 'edit':
|
||||
case 'add':
|
||||
$client = pg_escape_string($_REQUEST['client']);
|
||||
$client = pg_escape_string($database, $_REQUEST['client']);
|
||||
if ($client != "null") $client = "'$client'";
|
||||
|
||||
$start_date = pg_escape_string($_REQUEST['start_date']);
|
||||
$end_date = pg_escape_string($_REQUEST['end_date']);
|
||||
$remark = pg_escape_string($_REQUEST['remark']);
|
||||
$location = pg_escape_string($_REQUEST['location']);
|
||||
$start_date = pg_escape_string($database, $_REQUEST['start_date']);
|
||||
$end_date = pg_escape_string($database, $_REQUEST['end_date']);
|
||||
$remark = pg_escape_string($database, $_REQUEST['remark']);
|
||||
$location = pg_escape_string($database, $_REQUEST['location']);
|
||||
|
||||
$year = (int)substr($start_date, 0, 4);
|
||||
$month = (int)substr($start_date, 5, 2);
|
||||
|
|
34
src/feed.php
34
src/feed.php
|
@ -58,17 +58,17 @@ $feedtype = isset($_REQUEST['type']) ? $_REQUEST['type'] : 'photos';
|
|||
switch ($feedtype) {
|
||||
case 'photos':
|
||||
{
|
||||
$offset = isset($_REQUEST['offset']) ? pg_escape_string($_REQUEST['offset']) : 0;
|
||||
$limit = isset($_REQUEST['limit']) ? pg_escape_string($_REQUEST['limit']) : 100;
|
||||
$order = isset($_REQUEST['orderby']) ? pg_escape_string($_REQUEST['orderby']) : 8;
|
||||
$size = isset($_REQUEST['size']) ? pg_escape_string($_REQUEST['size']) : 2;
|
||||
$offset = isset($_REQUEST['offset']) ? pg_escape_string($database, $_REQUEST['offset']) : 0;
|
||||
$limit = isset($_REQUEST['limit']) ? pg_escape_string($database, $_REQUEST['limit']) : 100;
|
||||
$order = isset($_REQUEST['orderby']) ? pg_escape_string($database, $_REQUEST['orderby']) : 8;
|
||||
$size = isset($_REQUEST['size']) ? pg_escape_string($database, $_REQUEST['size']) : 2;
|
||||
}
|
||||
$global_args = array();
|
||||
$global_args['size'] = $size;
|
||||
|
||||
switch ($_REQUEST['subtype']) {
|
||||
case 'user':
|
||||
$user_id = pg_escape_string($_REQUEST['id']);
|
||||
$user_id = pg_escape_string($database, $_REQUEST['id']);
|
||||
|
||||
$rss->title = $site_title . " : " . disp_user_string($database, $user_id, FALSE);
|
||||
$rss->description = $rss->title;
|
||||
|
@ -81,7 +81,7 @@ case 'photos':
|
|||
break;
|
||||
|
||||
case 'folder':
|
||||
$folder_id = pg_escape_string($_REQUEST['id']);
|
||||
$folder_id = pg_escape_string($database, $_REQUEST['id']);
|
||||
|
||||
$path_to_folder = get_path_to($database, 'folder', $folder_id, FALSE);
|
||||
|
||||
|
@ -97,7 +97,7 @@ case 'photos':
|
|||
break;
|
||||
|
||||
case 'album':
|
||||
$album_id = pg_escape_string($_REQUEST['id']);
|
||||
$album_id = pg_escape_string($database, $_REQUEST['id']);
|
||||
|
||||
$path_to_album = get_path_to($database, 'album', $album_id, FALSE);
|
||||
|
||||
|
@ -179,9 +179,9 @@ case 'photos':
|
|||
break;
|
||||
case 'folder':
|
||||
{
|
||||
$offset = isset($_REQUEST['offset']) ? pg_escape_string($_REQUEST['offset']) : 0;
|
||||
$limit = isset($_REQUEST['limit']) ? pg_escape_string($_REQUEST['limit']) : 25;
|
||||
$order = isset($_REQUEST['orderby']) ? pg_escape_string($_REQUEST['orderby']) : 2;
|
||||
$offset = isset($_REQUEST['offset']) ? pg_escape_string($database, $_REQUEST['offset']) : 0;
|
||||
$limit = isset($_REQUEST['limit']) ? pg_escape_string($database, $_REQUEST['limit']) : 25;
|
||||
$order = isset($_REQUEST['orderby']) ? pg_escape_string($database, $_REQUEST['orderby']) : 2;
|
||||
}
|
||||
|
||||
$sql_query_order_by_string = $folder_order_by_string[$order][0];
|
||||
|
@ -204,7 +204,7 @@ case 'folder':
|
|||
|
||||
break;
|
||||
case 'user':
|
||||
$user_id = pg_escape_string($_REQUEST['id']);
|
||||
$user_id = pg_escape_string($database, $_REQUEST['id']);
|
||||
|
||||
$rss->title = $site_title . " : " . disp_user_string($database, $user_id, FALSE);
|
||||
$rss->description = $rss->title;
|
||||
|
@ -214,7 +214,7 @@ case 'folder':
|
|||
|
||||
break;
|
||||
default:
|
||||
$folder_id = pg_escape_string($_REQUEST['id']);
|
||||
$folder_id = pg_escape_string($database, $_REQUEST['id']);
|
||||
|
||||
$path_to_folder = get_path_to($database, 'folder', $folder_id, FALSE);
|
||||
|
||||
|
@ -274,9 +274,9 @@ case 'folder':
|
|||
break;
|
||||
case 'album':
|
||||
{
|
||||
$offset = isset($_REQUEST['offset']) ? pg_escape_string($_REQUEST['offset']) : 0;
|
||||
$limit = isset($_REQUEST['limit']) ? pg_escape_string($_REQUEST['limit']) : 25;
|
||||
$order = isset($_REQUEST['orderby']) ? pg_escape_string($_REQUEST['orderby']) : 2;
|
||||
$offset = isset($_REQUEST['offset']) ? pg_escape_string($database, $_REQUEST['offset']) : 0;
|
||||
$limit = isset($_REQUEST['limit']) ? pg_escape_string($database, $_REQUEST['limit']) : 25;
|
||||
$order = isset($_REQUEST['orderby']) ? pg_escape_string($database, $_REQUEST['orderby']) : 2;
|
||||
}
|
||||
|
||||
$sql_query_order_by_string = $folder_order_by_string[$order][0];
|
||||
|
@ -299,7 +299,7 @@ case 'album':
|
|||
|
||||
break;
|
||||
case 'user':
|
||||
$user_id = pg_escape_string($_REQUEST['id']);
|
||||
$user_id = pg_escape_string($database, $_REQUEST['id']);
|
||||
|
||||
$rss->title = $site_title . " : " . disp_user_string($database, $user_id, FALSE);
|
||||
$rss->description = $rss->title;
|
||||
|
@ -309,7 +309,7 @@ case 'album':
|
|||
|
||||
break;
|
||||
default:
|
||||
$album_id = pg_escape_string($_REQUEST['id']);
|
||||
$album_id = pg_escape_string($database, $_REQUEST['id']);
|
||||
|
||||
$path_to_album = get_path_to($database, 'album', $album_id, FALSE);
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ include_once "include/site.php";
|
|||
|
||||
function add_film($database, $user_id, $film_type_id, $film_manufacturer_id,
|
||||
$film_model, $film_iso, $film_format_id, $film_access_rights) {
|
||||
$film_model = pg_escape_string($film_model);
|
||||
$film_model = pg_escape_string($database, $film_model);
|
||||
$result = TRUE;
|
||||
|
||||
pg_query($database, "begin");
|
||||
|
@ -51,12 +51,12 @@ $database = site_prolog(PO_USER_TYPE_USER);
|
|||
|
||||
add_film($database,
|
||||
$po_user['id'],
|
||||
pg_escape_string($_REQUEST['film_type_id']),
|
||||
pg_escape_string($_REQUEST['film_manufacturer_id']),
|
||||
pg_escape_string($_REQUEST['film_model']),
|
||||
pg_escape_string($_REQUEST['film_iso']),
|
||||
pg_escape_string($_REQUEST['film_format_id']),
|
||||
pg_escape_string($_REQUEST['film_access_rights']));
|
||||
pg_escape_string($database, $_REQUEST['film_type_id']),
|
||||
pg_escape_string($database, $_REQUEST['film_manufacturer_id']),
|
||||
pg_escape_string($database, $_REQUEST['film_model']),
|
||||
pg_escape_string($database, $_REQUEST['film_iso']),
|
||||
pg_escape_string($database, $_REQUEST['film_format_id']),
|
||||
pg_escape_string($database, $_REQUEST['film_access_rights']));
|
||||
|
||||
site_epilog($database);
|
||||
header("Location: my.profile.php?selector=".$profile_data['film']['idx']);
|
||||
|
|
|
@ -26,7 +26,7 @@ $type = 'film';
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$manufacturer_filter = pg_escape_string(isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
|
||||
$manufacturer_filter = pg_escape_string($database, isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
|
||||
|
||||
$manufacturer = get_generic_query_all($database, "select identifier, name from manufacturer order by name", 'manuf_all');
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ $type = 'film';
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$film_id = pg_escape_string($_REQUEST['item']);
|
||||
$film_id = pg_escape_string($database, $_REQUEST['item']);
|
||||
$number_of_references = pg_fetch_row(pg_query($database, "select number_of_film_references($film_id)"));
|
||||
|
||||
/* Ensure the user owns it !*/
|
||||
|
|
|
@ -63,7 +63,7 @@ function update_film($database, $user_id, $film_id, $film_type_id, $film_manufac
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$film_id = pg_escape_string($_REQUEST['item_id']);
|
||||
$film_id = pg_escape_string($database, $_REQUEST['item_id']);
|
||||
|
||||
/* Ensure the user owns it !*/
|
||||
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {
|
||||
|
@ -77,12 +77,12 @@ if ($po_user['type'] != PO_USER_TYPE_ADMIN) {
|
|||
|
||||
update_film($database, $po_user['id'],
|
||||
$film_id,
|
||||
pg_escape_string($_REQUEST['film_type_id']),
|
||||
pg_escape_string($_REQUEST['film_manufacturer_id']),
|
||||
pg_escape_string($_REQUEST['film_model']),
|
||||
pg_escape_string($_REQUEST['film_iso']),
|
||||
pg_escape_string($_REQUEST['film_format_id']),
|
||||
pg_escape_string($_REQUEST['film_access_rights']));
|
||||
pg_escape_string($database, $_REQUEST['film_type_id']),
|
||||
pg_escape_string($database, $_REQUEST['film_manufacturer_id']),
|
||||
pg_escape_string($database, $_REQUEST['film_model']),
|
||||
pg_escape_string($database, $_REQUEST['film_iso']),
|
||||
pg_escape_string($database, $_REQUEST['film_format_id']),
|
||||
pg_escape_string($database, $_REQUEST['film_access_rights']));
|
||||
|
||||
site_epilog($database);
|
||||
header("Location: my.profile.php?selector=".$profile_data['film']['idx']);
|
||||
|
|
|
@ -26,8 +26,8 @@ $type = 'film';
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$manufacturer_filter = pg_escape_string(isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
|
||||
$film_id = pg_escape_string($_REQUEST['item']);
|
||||
$manufacturer_filter = pg_escape_string($database, isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
|
||||
$film_id = pg_escape_string($database, $_REQUEST['item']);
|
||||
|
||||
/* Ensure the user owns it !*/
|
||||
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {
|
||||
|
|
|
@ -22,7 +22,7 @@ include_once "include/site.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$parent_folder = pg_escape_string($_REQUEST['parent']);
|
||||
$parent_folder = pg_escape_string($database, $_REQUEST['parent']);
|
||||
|
||||
if ($parent_folder != "null") {
|
||||
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {
|
||||
|
|
|
@ -24,7 +24,7 @@ include_once "include/contacts.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$folder_parent = pg_escape_string($_REQUEST['parent']);
|
||||
$folder_parent = pg_escape_string($database, $_REQUEST['parent']);
|
||||
$folder_all = get_users_folder($database);
|
||||
if ($folder_parent) {
|
||||
$folder_data = pg_fetch_row(pg_query($database, "select caption from folder where identifier='$folder_parent'"));
|
||||
|
|
|
@ -26,10 +26,10 @@ $return_path = isset($_REQUEST['return']) ? $_REQUEST['return'] : "";
|
|||
$database = site_prolog();
|
||||
$owner_id = isset($_REQUEST['user']) ? $_REQUEST['user'] : 0;
|
||||
|
||||
$destination_folder = pg_escape_string(isset($_REQUEST['destination_folder']) ? $_REQUEST['destination_folder'] : "");
|
||||
$destination_album = pg_escape_string(isset($_REQUEST['destination_album'])? $_REQUEST['destination_album'] : "");
|
||||
$source_folder = pg_escape_string(isset($_REQUEST['source_folder']) ? $_REQUEST['source_folder'] : "");
|
||||
$source_album = pg_escape_string(isset($_REQUEST['source_album']) ? $_REQUEST['source_album'] : "");
|
||||
$destination_folder = pg_escape_string($database, isset($_REQUEST['destination_folder']) ? $_REQUEST['destination_folder'] : "");
|
||||
$destination_album = pg_escape_string($database, isset($_REQUEST['destination_album'])? $_REQUEST['destination_album'] : "");
|
||||
$source_folder = pg_escape_string($database, isset($_REQUEST['source_folder']) ? $_REQUEST['source_folder'] : "");
|
||||
$source_album = pg_escape_string($database, isset($_REQUEST['source_album']) ? $_REQUEST['source_album'] : "");
|
||||
|
||||
$goto_f_request = isset($_REQUEST['go_to_f']);
|
||||
$goto_a_request = isset($_REQUEST['go_to_a']);
|
||||
|
@ -47,7 +47,7 @@ $add_photo_request = isset($_REQUEST['add_photos']);
|
|||
$empty_trash_request = isset($_REQUEST['empty_trash_req']);
|
||||
|
||||
$transform_request = isset($_REQUEST['rotate_req']);
|
||||
$transform = isset($_REQUEST['transform']) ? pg_escape_string($_REQUEST['transform']) : "";
|
||||
$transform = isset($_REQUEST['transform']) ? pg_escape_string($database, $_REQUEST['transform']) : "";
|
||||
|
||||
if (isset($_REQUEST['selection']) && is_array($_REQUEST['selection'])) {
|
||||
foreach ($_REQUEST['selection'] as $photo) {
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
include_once "include/config.php";
|
||||
include_once "include/site.php";
|
||||
|
||||
$folder_id = pg_escape_string($_REQUEST['folder']);
|
||||
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
|
||||
$parent_folder = $_REQUEST['parent'];
|
||||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
|
|
@ -23,7 +23,7 @@ include_once "include/site.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$folder_id = pg_escape_string($_REQUEST['folder']);
|
||||
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
|
||||
|
||||
$folder_data = pg_fetch_row(pg_query($database, "select caption, date_of_creation, access_rights, parent_folder, users from folder where folder.identifier='$folder_id'"));
|
||||
|
||||
|
|
|
@ -20,14 +20,14 @@
|
|||
include_once "include/config.php";
|
||||
include_once "include/site.php";
|
||||
|
||||
$folder_id = pg_escape_string($_REQUEST['folder']);
|
||||
$folder_name = pg_escape_string($_REQUEST['folder_caption']);
|
||||
$folder_description = pg_escape_string($_REQUEST['folder_description']);
|
||||
$folder_access_rights = pg_escape_string($_REQUEST['folder_access_rights']);
|
||||
$parent_folder = pg_escape_string($_REQUEST['parent']);
|
||||
$password = pg_escape_string($_REQUEST['password']);
|
||||
$event = pg_escape_string($_REQUEST['event']);
|
||||
$orderby = pg_escape_string($_REQUEST['order_by']);
|
||||
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
|
||||
$folder_name = pg_escape_string($database, $_REQUEST['folder_caption']);
|
||||
$folder_description = pg_escape_string($database, $_REQUEST['folder_description']);
|
||||
$folder_access_rights = pg_escape_string($database, $_REQUEST['folder_access_rights']);
|
||||
$parent_folder = pg_escape_string($database, $_REQUEST['parent']);
|
||||
$password = pg_escape_string($database, $_REQUEST['password']);
|
||||
$event = pg_escape_string($database, $_REQUEST['event']);
|
||||
$orderby = pg_escape_string($database, $_REQUEST['order_by']);
|
||||
$keep_thumb = $_REQUEST['keep_thumb'];
|
||||
|
||||
if ($event != "null") $event = "'$event'";
|
||||
|
|
|
@ -25,7 +25,7 @@ include_once "include/orderby.php";
|
|||
|
||||
$database = site_prolog(PO_USER_TYPE_USER);
|
||||
|
||||
$folder_id = pg_escape_string($_REQUEST['folder']);
|
||||
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
|
||||
|
||||
$folder_data = pg_fetch_row(pg_query($database, "select caption, date_of_creation, access_rights, parent_folder, description, users, password, event, thumb_ver, orderby from folder where identifier='$folder_id'"));
|
||||
|
||||
|
|
|
@ -22,8 +22,8 @@ include_once "include/common.php";
|
|||
include_once "include/site.php";
|
||||
include_once "include/orderby.php";
|
||||
|
||||
$folder_id = pg_escape_string($_REQUEST['folder']);
|
||||
$offset = pg_escape_string(isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
|
||||
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
|
||||
$offset = pg_escape_string($database, isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
|
||||
|
||||
if ($offset && !is_numeric($offset)) {
|
||||
$offset = 0;
|
||||
|
|
|
@ -22,9 +22,9 @@ include_once "include/config.php";
|
|||
include_once "include/calendar.php";
|
||||
include_once "include/site.php";
|
||||
|
||||
$photo_id = pg_escape_string(isset($_REQUEST['image']) ? $_REQUEST['image'] : FALSE);
|
||||
$image_size = pg_escape_string(isset($_REQUEST['size']) ? $_REQUEST['size'] : 1);
|
||||
$version = pg_escape_string(isset($_REQUEST['ver']) ? $_REQUEST['ver'] : FALSE);
|
||||
$photo_id = pg_escape_string($database, isset($_REQUEST['image']) ? $_REQUEST['image'] : FALSE);
|
||||
$image_size = pg_escape_string($database, isset($_REQUEST['size']) ? $_REQUEST['size'] : 1);
|
||||
$version = pg_escape_string($database, isset($_REQUEST['ver']) ? $_REQUEST['ver'] : FALSE);
|
||||
|
||||
$download = isset($_REQUEST['down']);
|
||||
|
||||
|
|
|
@ -213,21 +213,21 @@ function register_user($database, $username, $user_type, $password, $fn, $ln, $e
|
|||
global $po_options;
|
||||
|
||||
/* Required fields */
|
||||
$first_name = pg_escape_string($fn);
|
||||
$last_name = pg_escape_string($ln);
|
||||
$email = pg_escape_string($email);
|
||||
$first_name = pg_escape_string($database, $fn);
|
||||
$last_name = pg_escape_string($database, $ln);
|
||||
$email = pg_escape_string($database, $email);
|
||||
$lang = isset($_REQUEST['lang']) ? $_REQUEST['lang'] : $po_options['lang'];
|
||||
|
||||
/* Optional fields .. */
|
||||
$url = pg_escape_string($_REQUEST['url']);
|
||||
$phone = pg_escape_string($_REQUEST['phone']);
|
||||
$company = pg_escape_string($_REQUEST['company']);
|
||||
$address1 = pg_escape_string($_REQUEST['address1']);
|
||||
$address2 = pg_escape_string($_REQUEST['address2']);
|
||||
$city = pg_escape_string($_REQUEST['city']);
|
||||
$zipcode = pg_escape_string($_REQUEST['zipcode']);
|
||||
$state = pg_escape_string($_REQUEST['state']);
|
||||
$country = pg_escape_string($_REQUEST['country']);
|
||||
$url = pg_escape_string($database, $_REQUEST['url']);
|
||||
$phone = pg_escape_string($database, $_REQUEST['phone']);
|
||||
$company = pg_escape_string($database, $_REQUEST['company']);
|
||||
$address1 = pg_escape_string($database, $_REQUEST['address1']);
|
||||
$address2 = pg_escape_string($database, $_REQUEST['address2']);
|
||||
$city = pg_escape_string($database, $_REQUEST['city']);
|
||||
$zipcode = pg_escape_string($database, $_REQUEST['zipcode']);
|
||||
$state = pg_escape_string($database, $_REQUEST['state']);
|
||||
$country = pg_escape_string($database, $_REQUEST['country']);
|
||||
|
||||
pg_query($database, "begin");
|
||||
$new_user_id = pg_fetch_row(pg_query($database, "select nextval('users_id_sequence')"));
|
||||
|
@ -237,8 +237,8 @@ function register_user($database, $username, $user_type, $password, $fn, $ln, $e
|
|||
if (strlen($url) && (substr($url, 0, 7) != "http://"))
|
||||
$url = "http://".$url;
|
||||
|
||||
$password = pg_escape_string($auth_handle->passwd_transform($password, $username));
|
||||
$username = pg_escape_string($username);
|
||||
$password = pg_escape_string($database, $auth_handle->passwd_transform($password, $username));
|
||||
$username = pg_escape_string($database, $username);
|
||||
$result = pg_query($database, "insert into users (identifier, first_name, last_name, company, username, password, member_since, type, address1, address2, city, zipcode, state, country, phone, email, url)
|
||||
values ('$user_id', '$first_name', '$last_name', '$company', '$username', '$password', now(), $user_type, '$address1', '$address2', '$city', '$zipcode', $state, $country, '$phone', '$email', '$url')");
|
||||
|
||||
|
|
|
@ -47,8 +47,8 @@ class po_auth_flyspray_db {
|
|||
|
||||
function auth_user($username, $password) {
|
||||
$database = $this->handle;
|
||||
$password = pg_escape_string($this->passwd_transform($password, $username));
|
||||
$username = pg_escape_string($username);
|
||||
$password = pg_escape_string($database, $this->passwd_transform($password, $username));
|
||||
$username = pg_escape_string($database, $username);
|
||||
|
||||
$res = pg_query($database, "SELECT user_name FROM ".$this->dbprefix."users WHERE user_name='$username' and user_pass = '$password' and account_enabled > 0");
|
||||
|
||||
|
@ -78,7 +78,7 @@ class po_auth_flyspray_db {
|
|||
|
||||
*/
|
||||
function user_info($username) {
|
||||
$username = pg_escape_string($username);
|
||||
$username = pg_escape_string($database, $username);
|
||||
|
||||
$res = pg_fetch_assoc(pg_query($this->handle, "SELECT real_name, email_address as email, account_enabled, (select count(*) from ".$this->dbprefix."users_in_groups g where u.user_id = g.user_id and g.group_id = $this->admin_grp) as admin, (select count(*) from ".$this->dbprefix."users_in_groups g where u.user_id = g.user_id and g.group_id = $this->user_grp) as user FROM ".$this->dbprefix."users u
|
||||
WHERE u.user_name='$username' "));
|
||||
|
@ -114,10 +114,10 @@ class po_auth_flyspray_db {
|
|||
*/
|
||||
function change_pass($username, $old_password, $new_password) {
|
||||
$database = $this->handle;
|
||||
$username = pg_escape_string($username);
|
||||
$username = pg_escape_string($database, $username);
|
||||
|
||||
$new_password = pg_escape_string($this->passwd_transform($new_password, $username));
|
||||
$old_password = pg_escape_string($this->passwd_transform($old_password, $username));
|
||||
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
|
||||
$old_password = pg_escape_string($database, $this->passwd_transform($old_password, $username));
|
||||
|
||||
$res = pg_query($database, "update ".$this->dbprefix."users set user_pass = '$new_password' where user_name = '$username' and user_pass = '$old_password'");
|
||||
|
||||
|
@ -126,9 +126,9 @@ class po_auth_flyspray_db {
|
|||
|
||||
function force_change_pass($username, $new_password) {
|
||||
$database = $this->handle;
|
||||
$username = pg_escape_string($username);
|
||||
$username = pg_escape_string($database, $username);
|
||||
|
||||
$new_password = pg_escape_string($this->passwd_transform($new_password, $username));
|
||||
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
|
||||
|
||||
$res = pg_query($database, "update ".$this->dbprefix."users set user_pass = '$new_password' where user_name = '$username'");
|
||||
|
||||
|
|
|
@ -39,8 +39,8 @@ class po_auth_default_db {
|
|||
*/
|
||||
function auth_user($username, $password) {
|
||||
$database = $this->handle;
|
||||
$password = pg_escape_string($this->passwd_transform($password, $username));
|
||||
$username = pg_escape_string($username);
|
||||
$password = pg_escape_string($database, $this->passwd_transform($password, $username));
|
||||
$username = pg_escape_string($database, $username);
|
||||
|
||||
$res = pg_query($database, "SELECT username FROM users WHERE username='$username' and password = '$password' and type > ".PO_USER_TYPE_DISABLED);
|
||||
|
||||
|
@ -71,7 +71,7 @@ class po_auth_default_db {
|
|||
*/
|
||||
function user_info($username) {
|
||||
$database = $this->handle;
|
||||
$username = pg_escape_string($username);
|
||||
$username = pg_escape_string($database, $username);
|
||||
|
||||
$res = pg_fetch_assoc(pg_query($database, "SELECT first_name, last_name, email, type
|
||||
FROM view_contact_info
|
||||
|
@ -90,10 +90,10 @@ class po_auth_default_db {
|
|||
*/
|
||||
function change_pass($username, $old_password, $new_password) {
|
||||
$database = $this->handle;
|
||||
$username = pg_escape_string($username);
|
||||
$username = pg_escape_string($database, $username);
|
||||
|
||||
$new_password = pg_escape_string($this->passwd_transform($new_password, $username));
|
||||
$old_password = pg_escape_string($this->passwd_transform($old_password, $username));
|
||||
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
|
||||
$old_password = pg_escape_string($database, $this->passwd_transform($old_password, $username));
|
||||
|
||||
$res = pg_query($database, "update users set password = '$new_password' where username = '$username' and password = '$old_password'");
|
||||
|
||||
|
@ -102,9 +102,9 @@ class po_auth_default_db {
|
|||
|
||||
function force_change_pass($username, $new_password) {
|
||||
$database = $this->handle;
|
||||
$username |