slp
/
po
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[fix] PHP 8.1 warnings

Browse Source
master
Solomon Peachy 4 months ago
parent d79dc9b49f
commit e438d95292
85 changed files with 486 additions and 485 deletions
Show Stats Download Patch File Download Diff File

1
CHANGES
Unescape View File

@ -50,6 +50,7 @@ v2.38 (Unreleased)
[fix] Respect embedded (and non-sRGB) ICC profiles when printing
[misc] Have next/prev photo links remember display size
[fix] A few warnings triggered by sql query failures
[fix] PHP 8.1-related warnings
v2.37.1 (December 3, 2012)

2
src/admin.user.del.2.php
Unescape View File

@ -24,7 +24,7 @@ include_once "include/common.php";
$database = site_prolog(PO_USER_TYPE_ADMIN);
$user_id = pg_escape_string($_REQUEST['user']);
$user_id = pg_escape_string($database, $_REQUEST['user']);
/* First we nuke the user's photos and their associated records */
$result = nuke_photos($database, FALSE, $user_id);

26
src/admin.user.edit.2.php
Unescape View File

@ -26,19 +26,19 @@ include_once "include/common.php";
$database = site_prolog(PO_USER_TYPE_ADMIN);
$auth_handle = new $po_auth();
$user_id = pg_escape_string($_REQUEST['user']);
$type = pg_escape_string($_REQUEST['type']);
$email = pg_escape_string($_REQUEST['email']);
$username = pg_escape_string($_REQUEST['username']);
$hide = pg_escape_string($_REQUEST['hide']);
$bulk_upload_enable = pg_escape_string($_REQUEST['bulk_upload_enable']);
$local_print_enable = pg_escape_string($_REQUEST['local_print_enable']);
$quota_size = pg_escape_string($_REQUEST['quota_size']);
$quota_count = pg_escape_string($_REQUEST['quota_count']);
$show_ads = pg_escape_string($_REQUEST['show_ads']);
$local_path = pg_escape_string($_REQUEST['local_path']);
$password_1 = pg_escape_string($_REQUEST['password_1']);
$password_2 = pg_escape_string($_REQUEST['password_2']);
$user_id = pg_escape_string($database, $_REQUEST['user']);
$type = pg_escape_string($database, $_REQUEST['type']);
$email = pg_escape_string($database, $_REQUEST['email']);
$username = pg_escape_string($database, $_REQUEST['username']);
$hide = pg_escape_string($database, $_REQUEST['hide']);
$bulk_upload_enable = pg_escape_string($database, $_REQUEST['bulk_upload_enable']);
$local_print_enable = pg_escape_string($database, $_REQUEST['local_print_enable']);
$quota_size = pg_escape_string($database, $_REQUEST['quota_size']);
$quota_count = pg_escape_string($database, $_REQUEST['quota_count']);
$show_ads = pg_escape_string($database, $_REQUEST['show_ads']);
$local_path = pg_escape_string($database, $_REQUEST['local_path']);
$password_1 = pg_escape_string($database, $_REQUEST['password_1']);
$password_2 = pg_escape_string($database, $_REQUEST['password_2']);
$quota_size = $quota_size * 1048576;

6
src/admin.volume.edit.2.php
Unescape View File

@ -24,9 +24,9 @@ include_once "include/site.php";
$database = site_prolog(PO_USER_TYPE_ADMIN);
$volume = pg_escape_string($_REQUEST['volume']);
$new_volume = pg_escape_string($_REQUEST['new_volume']);
$current = pg_escape_string($_REQUEST['current']);
$volume = pg_escape_string($database, $_REQUEST['volume']);
$new_volume = pg_escape_string($database, $_REQUEST['new_volume']);
$current = pg_escape_string($database, $_REQUEST['current']);
$result = TRUE;

16
src/album.add.2.php
Unescape View File

@ -22,14 +22,14 @@ include_once "include/site.php";
$database = site_prolog(PO_USER_TYPE_CLIENT);
$album_caption = pg_escape_string($_REQUEST['album_caption']);
$album_description = pg_escape_string($_REQUEST['album_description']);
$album_access_rights = pg_escape_string($_REQUEST['album_access_rights']);
$parent_album = pg_escape_string($_REQUEST['parent']);
$password = pg_escape_string($_REQUEST['password']);
$spool_seed = pg_escape_string($_REQUEST['spool_seed']);
$orderby = pg_escape_string($_REQUEST['order_by']);
$event = pg_escape_string($_REQUEST['event']);
$album_caption = pg_escape_string($database, $_REQUEST['album_caption']);
$album_description = pg_escape_string($database, $_REQUEST['album_description']);
$album_access_rights = pg_escape_string($database, $_REQUEST['album_access_rights']);
$parent_album = pg_escape_string($database, $_REQUEST['parent']);
$password = pg_escape_string($database, $_REQUEST['password']);
$spool_seed = pg_escape_string($database, $_REQUEST['spool_seed']);
$orderby = pg_escape_string($database, $_REQUEST['order_by']);
$event = pg_escape_string($database, $_REQUEST['event']);
if ($event != "null") $event = "'$event'";
$go = TRUE;

2
src/album.add.php
Unescape View File

@ -24,7 +24,7 @@ include_once "include/contacts.php";
$database = site_prolog(PO_USER_TYPE_CLIENT);
$parent_album = pg_escape_string($_REQUEST['parent']);
$parent_album = pg_escape_string($database, $_REQUEST['parent']);
if ($parent_album)
$path_to_album = get_path_to_album($database, $parent_album);

2
src/album.del.2.php
Unescape View File

@ -20,7 +20,7 @@
include_once "include/config.php";
include_once "include/site.php";
$album_id = pg_escape_string($_REQUEST['album']);
$album_id = pg_escape_string($database, $_REQUEST['album']);
$database = site_prolog(PO_USER_TYPE_CLIENT);
$go = TRUE;

2
src/album.del.php
Unescape View File

@ -23,7 +23,7 @@ include_once "include/common.php";
$database = site_prolog(PO_USER_TYPE_CLIENT);
$album_id = pg_escape_string($_REQUEST['album']);
$album_id = pg_escape_string($database, $_REQUEST['album']);
$album_data = pg_fetch_row(pg_query($database, "
select album.identifier, caption, date_of_creation, access_rights, users, parent_album

16
src/album.edit.2.php
Unescape View File

@ -20,14 +20,14 @@
include_once "include/config.php";
include_once "include/site.php";
$album_id = pg_escape_string($_REQUEST['album']);
$album_name = pg_escape_string($_REQUEST['album_caption']);
$album_description = pg_escape_string($_REQUEST['album_description']);
$album_access_rights = pg_escape_string($_REQUEST['album_access_rights']);
$album_parent = pg_escape_string($_REQUEST['parent']);
$password = pg_escape_string($_REQUEST['password']);
$event = pg_escape_string($_REQUEST['event']);
$orderby = pg_escape_string($_REQUEST['order_by']);
$album_id = pg_escape_string($database, $_REQUEST['album']);
$album_name = pg_escape_string($database, $_REQUEST['album_caption']);
$album_description = pg_escape_string($database, $_REQUEST['album_description']);
$album_access_rights = pg_escape_string($database, $_REQUEST['album_access_rights']);
$album_parent = pg_escape_string($database, $_REQUEST['parent']);
$password = pg_escape_string($database, $_REQUEST['password']);
$event = pg_escape_string($database, $_REQUEST['event']);
$orderby = pg_escape_string($database, $_REQUEST['order_by']);
$keep_thumb = $_REQUEST['keep_thumb'];
if ($event != "null") $event = "'$event'";

2
src/album.edit.php
Unescape View File

@ -25,7 +25,7 @@ include_once "include/orderby.php";
$database = site_prolog(PO_USER_TYPE_CLIENT);
$album_id = pg_escape_string($_REQUEST['album']);
$album_id = pg_escape_string($database, $_REQUEST['album']);
$album_data = pg_fetch_row(pg_query($database, "select caption, date_of_creation, access_rights, description, parent_album, users, password, event, thumb_ver, orderby from album where identifier='$album_id'"));

4
src/album.php
Unescape View File

@ -22,8 +22,8 @@ include_once "include/common.php";
include_once "include/orderby.php";
include_once "include/site.php";
$album_id = pg_escape_string($_REQUEST['album']);
$offset = pg_escape_string(isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
$album_id = pg_escape_string($database, $_REQUEST['album']);
$offset = pg_escape_string($database, isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
if ($offset && !is_numeric($offset)) {
$offset = 0;

92
src/bulk.update.php
Unescape View File

@ -24,10 +24,10 @@ include_once "include/common.php";
include_once "include/site.php";
include_once "include/import.php";
$select_folder = pg_escape_string($_REQUEST['select_folder']);
$select_album = pg_escape_string($_REQUEST['select_album']);
$select_folder = pg_escape_string($database, $_REQUEST['select_folder']);
$select_album = pg_escape_string($database, $_REQUEST['select_album']);
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : FALSE;
$selection = pg_escape_string(isset($_REQUEST['selection']) ? $_REQUEST['selection'] : "");
$selection = pg_escape_string($database, isset($_REQUEST['selection']) ? $_REQUEST['selection'] : "");
$to_update = isset($_REQUEST['to_update']) ? $_REQUEST['to_update'] : array();
$recursive = isset($_REQUEST['recursive']);
$set_generate_images = $_REQUEST['set_generate_images'];
@ -56,55 +56,55 @@ $clear_equipment = array();
foreach ($to_update as $field) {
switch ($field) {
case 'set_title':
$set_title = pg_escape_string($_REQUEST['title']);
$set_title = pg_escape_string($database, $_REQUEST['title']);
$update_photo_sql .= " title = '$set_title', ";
break;
case 'set_author':
$set_author = pg_escape_string($_REQUEST['author']);
$set_author = pg_escape_string($database, $_REQUEST['author']);
$update_photo_sql .= " author = '$set_author', ";
break;
case 'set_headline':
$set_headline = pg_escape_string($_REQUEST['headline']);
$set_headline = pg_escape_string($database, $_REQUEST['headline']);
$update_photo_sql .= " headline = '$set_headline', ";
break;
case 'set_caption_writer':
$set_caption_writer = pg_escape_string($_REQUEST['caption_writer']);
$set_caption_writer = pg_escape_string($database, $_REQUEST['caption_writer']);
$update_photo_sql .= " caption_writer = '$set_caption_writer', ";
break;
case 'set_caption':
$set_caption = pg_escape_string($_REQUEST['caption']);
$set_caption = pg_escape_string($database, $_REQUEST['caption']);
$update_photo_sql .= " caption = '$set_caption', ";
break;
case 'set_category':
$set_category = pg_escape_string($_REQUEST['category']);
$set_category = pg_escape_string($database, $_REQUEST['category']);
$update_photo_sql .= " category = '$set_category', ";
break;
case 'set_supplemental_category':
$set_supplemental_category = pg_escape_string($_REQUEST['supplemental_category']);
$set_supplemental_category = pg_escape_string($database, $_REQUEST['supplemental_category']);
$update_photo_sql .= " supplemental_category = '$set_supplemental_category', ";
break;
case 'set_credit':
$set_credit = pg_escape_string($_REQUEST['credit']);
$set_credit = pg_escape_string($database, $_REQUEST['credit']);
$update_photo_sql .= " credit = '$set_credit', ";
break;
case 'set_copyright':
$set_copyright = pg_escape_string($_REQUEST['copyright']);
$set_copyright = pg_escape_string($database, $_REQUEST['copyright']);
$update_photo_sql .= " copyright_statement = '$set_copyright', ";
break;
case 'set_web_statement':
$set_web_statement = pg_escape_string($_REQUEST['web_statement']);
$set_web_statement = pg_escape_string($database, $_REQUEST['web_statement']);
$update_photo_sql .= " web_statement = '$set_web_statement', ";
break;
case 'set_instructions':
$set_instructions = pg_escape_string($_REQUEST['instructions']);
$set_instructions = pg_escape_string($database, $_REQUEST['instructions']);
$update_photo_sql .= " instructions = '$set_instructions', ";
break;
case 'set_source':
$set_source = pg_escape_string($_REQUEST['source']);
$set_source = pg_escape_string($database, $_REQUEST['source']);
$update_photo_sql .= " source = '$set_source', ";
break;
case 'set_transmission_reference':
$set_transmission_reference = pg_escape_string($_REQUEST['transmission_reference']);
$set_transmission_reference = pg_escape_string($database, $_REQUEST['transmission_reference']);
$update_photo_sql .= " transmission_reference = '$set_transmission_reference', ";
break;
case 'set_date_of_exposure':
@ -112,92 +112,92 @@ foreach ($to_update as $field) {
$update_photo_sql .= " date_of_exposure = $set_date_of_exposure, ";
break;
case 'set_location':
$set_location = pg_escape_string($_REQUEST['location']);
$set_location = pg_escape_string($database, $_REQUEST['location']);
$update_photo_sql .= " location = $set_location, ";
break;
case 'set_access_rights':
$set_access_rights = pg_escape_string($_REQUEST['access_rights']);
$set_access_rights = pg_escape_string($database, $_REQUEST['access_rights']);
$update_photo_sql .= " access_rights = $set_access_rights, ";
break;
case 'set_hide_original':
$set_hide_original = pg_escape_string($_REQUEST['hide_original']);
$set_hide_original = pg_escape_string($database, $_REQUEST['hide_original']);
$update_photo_sql .= " hide_original = '$set_hide_original', ";
break;
case 'set_store_url':
$set_store_url = pg_escape_string($_REQUEST['store_url']);
$set_store_url = pg_escape_string($database, $_REQUEST['store_url']);
$update_photo_sql .= " store_url = '$set_store_url', ";
break;
case 'set_remark':
$set_remark = pg_escape_string($_REQUEST['remark']);
$set_remark = pg_escape_string($database, $_REQUEST['remark']);
$update_photo_sql .= " comments = '$set_remark', ";
break;
case 'set_camera':
$set_camera = pg_escape_string($_REQUEST['camera']);
$set_camera = pg_escape_string($database, $_REQUEST['camera']);
$update_photo_tech_sql .= " camera = $set_camera, ";
break;
case 'set_camera_metering':
$set_camera_metering = pg_escape_string($_REQUEST['camera_metering']);
$set_camera_metering = pg_escape_string($database, $_REQUEST['camera_metering']);
$update_photo_tech_sql .= " camera_metering = $set_camera_metering, ";
break;
case 'set_camera_program':
$set_camera_program = pg_escape_string($_REQUEST['camera_program']);
$set_camera_program = pg_escape_string($database, $_REQUEST['camera_program']);
$update_photo_tech_sql .= " camera_program = $set_camera_program, ";
break;
case 'set_focal_length':
$set_focal_length = pg_escape_string($_REQUEST['focal_length']);
$set_focal_length = pg_escape_string($database, $_REQUEST['focal_length']);
$update_photo_tech_sql .= " focal_length = '$set_focal_length', ";
break;
case 'set_film':
$set_film = pg_escape_string($_REQUEST['film']);
$set_film = pg_escape_string($database, $_REQUEST['film']);
$update_photo_tech_sql .= " film = $set_film, ";
break;
case 'set_iso_override':
$set_iso_override = pg_escape_string($_REQUEST['iso_override']);
$set_iso_override = pg_escape_string($database, $_REQUEST['iso_override']);
$update_photo_tech_sql .= " iso_override = $set_iso_override, ";
break;
case 'set_aperture':
$set_aperture = pg_escape_string($_REQUEST['aperture']);
$set_aperture = pg_escape_string($database, $_REQUEST['aperture']);
$update_photo_tech_sql .= " aperture = '$set_aperture', ";
break;
case 'set_shutter':
$set_shutter = pg_escape_string($_REQUEST['shutter']);
$set_shutter = pg_escape_string($database, $_REQUEST['shutter']);
$update_photo_tech_sql .= " shutter = $set_shutter, ";
break;
case 'set_exp_comp':
$set_exp_comp = pg_escape_string($_REQUEST['exp_comp']);
$set_exp_comp = pg_escape_string($database, $_REQUEST['exp_comp']);
$update_photo_tech_sql .= " exposure_comp = $set_exp_comp, ";
break;
case 'set_exp_diff':
$set_exp_diff = pg_escape_string($_REQUEST['exp_diff']);
$set_exp_diff = pg_escape_string($database, $_REQUEST['exp_diff']);
$update_photo_tech_sql .= " ev_difference = $set_exp_diff, ";
break;
case 'set_flash_mode':
$set_flash_mode = pg_escape_string($_REQUEST['flash_mode']);
$set_flash_mode = pg_escape_string($database, $_REQUEST['flash_mode']);
$update_photo_tech_sql .= " flash_mode = $set_flash_mode, ";
break;
case 'set_flash_comp':
$set_flash_comp = pg_escape_string($_REQUEST['flash_comp']);
$set_flash_comp = pg_escape_string($database, $_REQUEST['flash_comp']);
$update_photo_tech_sql .= " flash_comp = $set_flash_comp, ";
break;
case 'set_scan_params':
$param = pg_escape_string($_REQUEST['scan_resolution']);
$param = pg_escape_string($database, $_REQUEST['scan_resolution']);
$update_photo_tech_sql .= " scan_resolution = $param, ";
$param = pg_escape_string($_REQUEST['scan_bitdepth']);
$param = pg_escape_string($database, $_REQUEST['scan_bitdepth']);
$update_photo_tech_sql .= " scan_bitdepth = $param, ";
$param = pg_escape_string($_REQUEST['scan_multiscan']);
$param = pg_escape_string($database, $_REQUEST['scan_multiscan']);
$update_photo_tech_sql .= " scan_multiscan = $param, ";
break;
case 'set_geo_location':
$pos = pg_escape_string(parse_latitude($_REQUEST['latitude']));
$pos = pg_escape_string($database, parse_latitude($_REQUEST['latitude']));
if ($pos == "") $pos = "null";
$update_photo_tech_sql .= " latitude = $pos, ";
$pos = pg_escape_string(parse_latitude($_REQUEST['longitude']));
$pos = pg_escape_string($database, parse_latitude($_REQUEST['longitude']));
if ($pos == "") $pos = "null";
$update_photo_tech_sql .= " longitude = $pos, ";
$pos = pg_escape_string($_REQUEST['altitude']);
$pos = pg_escape_string($database, $_REQUEST['altitude']);
if ($pos == "") $pos = "null";
$update_photo_tech_sql .= " altitude = $pos, ";
$pos = pg_escape_string($_REQUEST['direction']);
$pos = pg_escape_string($database, $_REQUEST['direction']);
if ($pos == "") $pos = "null";
$update_photo_tech_sql .= " direction = $pos, ";
break;
@ -302,8 +302,8 @@ if ($result && $update_photo_tech_sql != "") {
if ($result && $clear_equipment) {
foreach ($clear_equipment as $equip) {
$parts = explode(":", $equip);
$parts[0] = pg_escape_string($parts[0]);
$parts[1] = pg_escape_string($parts[1]);
$parts[0] = pg_escape_string($database, $parts[0]);
$parts[1] = pg_escape_string($database, $parts[1]);
$result = pg_query($database, "delete from photo_equipment where photo in (select p.identifier from photo p where $sql_selector) and equipment = $parts[0]");
}
@ -312,8 +312,8 @@ if ($result && $clear_equipment) {
if ($result && $set_equipment) {
foreach ($set_equipment as $equip) {
$parts = explode(":", $equip);
$parts[0] = pg_escape_string($parts[0]);
$parts[1] = pg_escape_string($parts[1]);
$parts[0] = pg_escape_string($database, $parts[0]);
$parts[1] = pg_escape_string($database, $parts[1]);
$result = pg_query($database, "insert into photo_equipment (photo, equipment, type) select p.identifier, $parts[0], $parts[1] from photo p where $sql_selector and not exists(select e.photo from photo_equipment e where e.photo = p.identifier and e.equipment = $parts[0])");
}
@ -325,7 +325,7 @@ if ($result) {
$keyword = strtolower(trim($keyword));
$keyword = trim($keyword);
if ($keyword == "") continue;
$keyword = pg_escape_string($keyword);
$keyword = pg_escape_string($database, $keyword);
$result = pg_query($database, "insert into photo_keywords (photo, keyword)
select p.identifier, '$keyword' from photo p where $sql_selector and not exists (select k.photo from photo_keywords k where k.photo = p.identifier and k.keyword = '$keyword')");
@ -337,7 +337,7 @@ if ($result) {
$keyword = strtolower(trim($keyword));
$keyword = trim($keyword);
if ($keyword == "") continue;
$keyword = pg_escape_string($keyword);
$keyword = pg_escape_string($database, $keyword);
$query = "delete from photo_keywords where keyword = '$keyword' and photo in (select p.identifier from photo p where $sql_selector)";

26
src/camera.add.2.php
Unescape View File

@ -32,9 +32,9 @@ function add_camera($database, $user_id,
$camera_date_of_purchase = check_date_validity($camera_purchase_timestamp);
$camera_model = pg_escape_string($camera_model);
$camera_variation = pg_escape_string($camera_variation);
$camera_serial_number = pg_escape_string($camera_serial_number);
$camera_model = pg_escape_string($database, $camera_model);
$camera_variation = pg_escape_string($database, $camera_variation);
$camera_serial_number = pg_escape_string($database, $camera_serial_number);
$result = TRUE;
@ -66,16 +66,16 @@ function add_camera($database, $user_id,
$database = site_prolog(PO_USER_TYPE_USER);
add_camera($database, $po_user['id'],
pg_escape_string($_REQUEST['type_id']),
pg_escape_string($_REQUEST['manufacturer_id']),
pg_escape_string($_REQUEST['model']),
pg_escape_string($_REQUEST['variation']),
pg_escape_string($_REQUEST['serial_number']),
pg_escape_string($_REQUEST['purchase_timestamp']),
pg_escape_string($_REQUEST['purchased_new']),
pg_escape_string($_REQUEST['access_rights']),
pg_escape_string($_REQUEST['icc_profile']),
pg_escape_string($_REQUEST['ignore_comment']));
pg_escape_string($database, $_REQUEST['type_id']),
pg_escape_string($database, $_REQUEST['manufacturer_id']),
pg_escape_string($database, $_REQUEST['model']),
pg_escape_string($database, $_REQUEST['variation']),
pg_escape_string($database, $_REQUEST['serial_number']),
pg_escape_string($database, $_REQUEST['purchase_timestamp']),
pg_escape_string($database, $_REQUEST['purchased_new']),
pg_escape_string($database, $_REQUEST['access_rights']),
pg_escape_string($database, $_REQUEST['icc_profile']),
pg_escape_string($database, $_REQUEST['ignore_comment']));
site_epilog($database);
header("Location: my.profile.php?selector=".$profile_data['camera']['idx']);
?>

2
src/camera.add.php
Unescape View File

@ -25,7 +25,7 @@ include_once "include/site.php";
$database = site_prolog(PO_USER_TYPE_USER);
$type = "camera";
$manufacturer_filter = pg_escape_string(isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
$manufacturer_filter = pg_escape_string($database, isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
$manufacturer = get_generic_query_all($database, "select identifier, name from manufacturer order by name", 'manuf_all');
switch ($manufacturer_filter) {

2
src/camera.del.php
Unescape View File

@ -24,7 +24,7 @@ include_once "include/common.php";
$database = site_prolog(PO_USER_TYPE_USER);
$camera_id = pg_escape_string($_REQUEST['item']);
$camera_id = pg_escape_string($database, $_REQUEST['item']);
$number_of_references = pg_fetch_row(pg_query($database, "select number_of_camera_references($camera_id)"));
/* Ensure the user owns it !*/

30
src/camera.edit.2.php
Unescape View File

@ -30,10 +30,10 @@ function update_camera($database, $user_id, $camera_id, $camera_type_id, $camera
$camera_date_of_purchase = check_date_validity($camera_purchase_timestamp);
$camera_model = pg_escape_string($camera_model);
$camera_variation = pg_escape_string($camera_variation);
$camera_serial_number = pg_escape_string($camera_serial_number);
$camera_ignore_comment = pg_escape_string($camera_ignore_comment);
$camera_model = pg_escape_string($database, $camera_model);
$camera_variation = pg_escape_string($database, $camera_variation);
$camera_serial_number = pg_escape_string($database, $camera_serial_number);
$camera_ignore_comment = pg_escape_string($database, $camera_ignore_comment);
$result = TRUE;
@ -95,17 +95,17 @@ function update_camera($database, $user_id, $camera_id, $camera_type_id, $camera
$database = site_prolog(PO_USER_TYPE_USER);
update_camera($database, $po_user['id'],
pg_escape_string($_REQUEST['item_id']),
pg_escape_string($_REQUEST['camera_type_id']),
pg_escape_string($_REQUEST['manufacturer_id']),
pg_escape_string($_REQUEST['camera_model']),
pg_escape_string($_REQUEST['camera_variation']),
pg_escape_string($_REQUEST['camera_serial_number']),
pg_escape_string($_REQUEST['camera_purchase_timestamp']),
pg_escape_string($_REQUEST['camera_purchased_new']),
pg_escape_string($_REQUEST['camera_access_rights']),
pg_escape_string($_REQUEST['camera_icc_profile']),
pg_escape_string($_REQUEST['camera_ignore_comment']));
pg_escape_string($database, $_REQUEST['item_id']),
pg_escape_string($database, $_REQUEST['camera_type_id']),
pg_escape_string($database, $_REQUEST['manufacturer_id']),
pg_escape_string($database, $_REQUEST['camera_model']),
pg_escape_string($database, $_REQUEST['camera_variation']),
pg_escape_string($database, $_REQUEST['camera_serial_number']),
pg_escape_string($database, $_REQUEST['camera_purchase_timestamp']),
pg_escape_string($database, $_REQUEST['camera_purchased_new']),
pg_escape_string($database, $_REQUEST['camera_access_rights']),
pg_escape_string($database, $_REQUEST['camera_icc_profile']),
pg_escape_string($database, $_REQUEST['camera_ignore_comment']));
site_epilog($database);

4
src/camera.edit.php
Unescape View File

@ -22,8 +22,8 @@ include_once "include/profile.php";
include_once "include/site.php";
include_once "include/common.php";
$manufacturer_filter = pg_escape_string(isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
$camera_id = pg_escape_string(array_key_exists('item', $_REQUEST) ? $_REQUEST['item'] : 0);
$manufacturer_filter = pg_escape_string($database, isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
$camera_id = pg_escape_string($database, array_key_exists('item', $_REQUEST) ? $_REQUEST['item'] : 0);
$database = site_prolog(PO_USER_TYPE_USER);
$type = 'camera';

2
src/client.del.2.php
Unescape View File

@ -22,7 +22,7 @@ include_once "include/site.php";
$database = site_prolog(PO_USER_TYPE_CLIENT);
$client_id = pg_escape_string($_REQUEST['client']);
$client_id = pg_escape_string($database, $_REQUEST['client']);
/* Ensure the user owns it !*/
if ($po_user['type'] < PO_USER_TYPE_USER) {

2
src/client.del.php
Unescape View File

@ -23,7 +23,7 @@ include_once "include/common.php";
$database = site_prolog(PO_USER_TYPE_USER);
$client_id = pg_escape_string($_REQUEST['client']);
$client_id = pg_escape_string($database, $_REQUEST['client']);
$result = pg_fetch_row(pg_query($database, "select identifier, client, last_name, first_name, date_of_creation, value, users from view_client where users=$po_user[id] and identifier=$client_id"));

6
src/client.edit.2.php
Unescape View File

@ -23,9 +23,9 @@ include_once "include/site.php";
$database = site_prolog(PO_USER_TYPE_USER);
$client_id = pg_escape_string($_REQUEST['client']);
$status = pg_escape_string($_REQUEST['status']);
$trusted = pg_escape_string($_REQUEST['trusted']);
$client_id = pg_escape_string($database, $_REQUEST['client']);
$status = pg_escape_string($database, $_REQUEST['status']);
$trusted = pg_escape_string($database, $_REQUEST['trusted']);
/* Ensure the user owns it !*/
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {

2
src/client.edit.php
Unescape View File

@ -23,7 +23,7 @@ include_once "include/common.php";
$database = site_prolog(PO_USER_TYPE_USER);
$client_id = pg_escape_string($_REQUEST['client']);
$client_id = pg_escape_string($database, $_REQUEST['client']);
$result = pg_fetch_row(pg_query($database, " select identifier, client, last_name, first_name, date_of_creation, value, trusted, users from view_client where users=$po_user[id] and identifier=$client_id"));

12
src/event.php
Unescape View File

@ -24,7 +24,7 @@ include_once "include/calendar.php";
$database = site_prolog(PO_USER_TYPE_CLIENT);
$event = isset($_REQUEST['event']) ? pg_escape_string($_REQUEST['event']) : FALSE;
$event = isset($_REQUEST['event']) ? pg_escape_string($database, $_REQUEST['event']) : FALSE;
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'view';
$go = isset($_REQUEST['go']);
@ -67,13 +67,13 @@ if ($go) {
break;
case 'edit':
case 'add':
$client = pg_escape_string($_REQUEST['client']);
$client = pg_escape_string($database, $_REQUEST['client']);
if ($client != "null") $client = "'$client'";
$start_date = pg_escape_string($_REQUEST['start_date']);
$end_date = pg_escape_string($_REQUEST['end_date']);
$remark = pg_escape_string($_REQUEST['remark']);
$location = pg_escape_string($_REQUEST['location']);
$start_date = pg_escape_string($database, $_REQUEST['start_date']);
$end_date = pg_escape_string($database, $_REQUEST['end_date']);
$remark = pg_escape_string($database, $_REQUEST['remark']);
$location = pg_escape_string($database, $_REQUEST['location']);
$year = (int)substr($start_date, 0, 4);
$month = (int)substr($start_date, 5, 2);

34
src/feed.php
Unescape View File

@ -58,17 +58,17 @@ $feedtype = isset($_REQUEST['type']) ? $_REQUEST['type'] : 'photos';
switch ($feedtype) {
case 'photos':
{
$offset = isset($_REQUEST['offset']) ? pg_escape_string($_REQUEST['offset']) : 0;
$limit = isset($_REQUEST['limit']) ? pg_escape_string($_REQUEST['limit']) : 100;
$order = isset($_REQUEST['orderby']) ? pg_escape_string($_REQUEST['orderby']) : 8;
$size = isset($_REQUEST['size']) ? pg_escape_string($_REQUEST['size']) : 2;
$offset = isset($_REQUEST['offset']) ? pg_escape_string($database, $_REQUEST['offset']) : 0;
$limit = isset($_REQUEST['limit']) ? pg_escape_string($database, $_REQUEST['limit']) : 100;
$order = isset($_REQUEST['orderby']) ? pg_escape_string($database, $_REQUEST['orderby']) : 8;
$size = isset($_REQUEST['size']) ? pg_escape_string($database, $_REQUEST['size']) : 2;
}
$global_args = array();
$global_args['size'] = $size;
switch ($_REQUEST['subtype']) {
case 'user':
$user_id = pg_escape_string($_REQUEST['id']);
$user_id = pg_escape_string($database, $_REQUEST['id']);
$rss->title = $site_title . " : " . disp_user_string($database, $user_id, FALSE);
$rss->description = $rss->title;
@ -81,7 +81,7 @@ case 'photos':
break;
case 'folder':
$folder_id = pg_escape_string($_REQUEST['id']);
$folder_id = pg_escape_string($database, $_REQUEST['id']);
$path_to_folder = get_path_to($database, 'folder', $folder_id, FALSE);
@ -97,7 +97,7 @@ case 'photos':
break;
case 'album':
$album_id = pg_escape_string($_REQUEST['id']);
$album_id = pg_escape_string($database, $_REQUEST['id']);
$path_to_album = get_path_to($database, 'album', $album_id, FALSE);
@ -179,9 +179,9 @@ case 'photos':
break;
case 'folder':
{
$offset = isset($_REQUEST['offset']) ? pg_escape_string($_REQUEST['offset']) : 0;
$limit = isset($_REQUEST['limit']) ? pg_escape_string($_REQUEST['limit']) : 25;
$order = isset($_REQUEST['orderby']) ? pg_escape_string($_REQUEST['orderby']) : 2;
$offset = isset($_REQUEST['offset']) ? pg_escape_string($database, $_REQUEST['offset']) : 0;
$limit = isset($_REQUEST['limit']) ? pg_escape_string($database, $_REQUEST['limit']) : 25;
$order = isset($_REQUEST['orderby']) ? pg_escape_string($database, $_REQUEST['orderby']) : 2;
}
$sql_query_order_by_string = $folder_order_by_string[$order][0];
@ -204,7 +204,7 @@ case 'folder':
break;
case 'user':
$user_id = pg_escape_string($_REQUEST['id']);
$user_id = pg_escape_string($database, $_REQUEST['id']);
$rss->title = $site_title . " : " . disp_user_string($database, $user_id, FALSE);
$rss->description = $rss->title;
@ -214,7 +214,7 @@ case 'folder':
break;
default:
$folder_id = pg_escape_string($_REQUEST['id']);
$folder_id = pg_escape_string($database, $_REQUEST['id']);
$path_to_folder = get_path_to($database, 'folder', $folder_id, FALSE);
@ -274,9 +274,9 @@ case 'folder':
break;
case 'album':
{
$offset = isset($_REQUEST['offset']) ? pg_escape_string($_REQUEST['offset']) : 0;
$limit = isset($_REQUEST['limit']) ? pg_escape_string($_REQUEST['limit']) : 25;
$order = isset($_REQUEST['orderby']) ? pg_escape_string($_REQUEST['orderby']) : 2;
$offset = isset($_REQUEST['offset']) ? pg_escape_string($database, $_REQUEST['offset']) : 0;
$limit = isset($_REQUEST['limit']) ? pg_escape_string($database, $_REQUEST['limit']) : 25;
$order = isset($_REQUEST['orderby']) ? pg_escape_string($database, $_REQUEST['orderby']) : 2;
}
$sql_query_order_by_string = $folder_order_by_string[$order][0];
@ -299,7 +299,7 @@ case 'album':
break;
case 'user':
$user_id = pg_escape_string($_REQUEST['id']);
$user_id = pg_escape_string($database, $_REQUEST['id']);
$rss->title = $site_title . " : " . disp_user_string($database, $user_id, FALSE);
$rss->description = $rss->title;
@ -309,7 +309,7 @@ case 'album':
break;
default:
$album_id = pg_escape_string($_REQUEST['id']);
$album_id = pg_escape_string($database, $_REQUEST['id']);
$path_to_album = get_path_to($database, 'album', $album_id, FALSE);

14
src/film.add.2.php
Unescape View File

@ -25,7 +25,7 @@ include_once "include/site.php";
function add_film($database, $user_id, $film_type_id, $film_manufacturer_id,
$film_model, $film_iso, $film_format_id, $film_access_rights) {
$film_model = pg_escape_string($film_model);
$film_model = pg_escape_string($database, $film_model);
$result = TRUE;
pg_query($database, "begin");
@ -51,12 +51,12 @@ $database = site_prolog(PO_USER_TYPE_USER);
add_film($database,
$po_user['id'],
pg_escape_string($_REQUEST['film_type_id']),
pg_escape_string($_REQUEST['film_manufacturer_id']),
pg_escape_string($_REQUEST['film_model']),
pg_escape_string($_REQUEST['film_iso']),
pg_escape_string($_REQUEST['film_format_id']),
pg_escape_string($_REQUEST['film_access_rights']));
pg_escape_string($database, $_REQUEST['film_type_id']),
pg_escape_string($database, $_REQUEST['film_manufacturer_id']),
pg_escape_string($database, $_REQUEST['film_model']),
pg_escape_string($database, $_REQUEST['film_iso']),
pg_escape_string($database, $_REQUEST['film_format_id']),
pg_escape_string($database, $_REQUEST['film_access_rights']));
site_epilog($database);
header("Location: my.profile.php?selector=".$profile_data['film']['idx']);

2
src/film.add.php
Unescape View File

@ -26,7 +26,7 @@ $type = 'film';
$database = site_prolog(PO_USER_TYPE_USER);
$manufacturer_filter = pg_escape_string(isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
$manufacturer_filter = pg_escape_string($database, isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
$manufacturer = get_generic_query_all($database, "select identifier, name from manufacturer order by name", 'manuf_all');

2
src/film.del.php
Unescape View File

@ -26,7 +26,7 @@ $type = 'film';
$database = site_prolog(PO_USER_TYPE_USER);
$film_id = pg_escape_string($_REQUEST['item']);
$film_id = pg_escape_string($database, $_REQUEST['item']);
$number_of_references = pg_fetch_row(pg_query($database, "select number_of_film_references($film_id)"));
/* Ensure the user owns it !*/

14
src/film.edit.2.php
Unescape View File

@ -63,7 +63,7 @@ function update_film($database, $user_id, $film_id, $film_type_id, $film_manufac
$database = site_prolog(PO_USER_TYPE_USER);
$film_id = pg_escape_string($_REQUEST['item_id']);
$film_id = pg_escape_string($database, $_REQUEST['item_id']);
/* Ensure the user owns it !*/
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {
@ -77,12 +77,12 @@ if ($po_user['type'] != PO_USER_TYPE_ADMIN) {
update_film($database, $po_user['id'],
$film_id,
pg_escape_string($_REQUEST['film_type_id']),
pg_escape_string($_REQUEST['film_manufacturer_id']),
pg_escape_string($_REQUEST['film_model']),
pg_escape_string($_REQUEST['film_iso']),
pg_escape_string($_REQUEST['film_format_id']),
pg_escape_string($_REQUEST['film_access_rights']));
pg_escape_string($database, $_REQUEST['film_type_id']),
pg_escape_string($database, $_REQUEST['film_manufacturer_id']),
pg_escape_string($database, $_REQUEST['film_model']),
pg_escape_string($database, $_REQUEST['film_iso']),
pg_escape_string($database, $_REQUEST['film_format_id']),
pg_escape_string($database, $_REQUEST['film_access_rights']));
site_epilog($database);
header("Location: my.profile.php?selector=".$profile_data['film']['idx']);

4
src/film.edit.php
Unescape View File

@ -26,8 +26,8 @@ $type = 'film';
$database = site_prolog(PO_USER_TYPE_USER);
$manufacturer_filter = pg_escape_string(isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
$film_id = pg_escape_string($_REQUEST['item']);
$manufacturer_filter = pg_escape_string($database, isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "");
$film_id = pg_escape_string($database, $_REQUEST['item']);
/* Ensure the user owns it !*/
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {

2
src/folder.add.2.php
Unescape View File

@ -22,7 +22,7 @@ include_once "include/site.php";
$database = site_prolog(PO_USER_TYPE_USER);
$parent_folder = pg_escape_string($_REQUEST['parent']);
$parent_folder = pg_escape_string($database, $_REQUEST['parent']);
if ($parent_folder != "null") {
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {

2
src/folder.add.php
Unescape View File

@ -24,7 +24,7 @@ include_once "include/contacts.php";
$database = site_prolog(PO_USER_TYPE_USER);
$folder_parent = pg_escape_string($_REQUEST['parent']);
$folder_parent = pg_escape_string($database, $_REQUEST['parent']);
$folder_all = get_users_folder($database);
if ($folder_parent) {
$folder_data = pg_fetch_row(pg_query($database, "select caption from folder where identifier='$folder_parent'"));

10
src/folder.content.php
Unescape View File

@ -26,10 +26,10 @@ $return_path = isset($_REQUEST['return']) ? $_REQUEST['return'] : "";
$database = site_prolog();
$owner_id = isset($_REQUEST['user']) ? $_REQUEST['user'] : 0;
$destination_folder = pg_escape_string(isset($_REQUEST['destination_folder']) ? $_REQUEST['destination_folder'] : "");
$destination_album = pg_escape_string(isset($_REQUEST['destination_album'])? $_REQUEST['destination_album'] : "");
$source_folder = pg_escape_string(isset($_REQUEST['source_folder']) ? $_REQUEST['source_folder'] : "");
$source_album = pg_escape_string(isset($_REQUEST['source_album']) ? $_REQUEST['source_album'] : "");
$destination_folder = pg_escape_string($database, isset($_REQUEST['destination_folder']) ? $_REQUEST['destination_folder'] : "");
$destination_album = pg_escape_string($database, isset($_REQUEST['destination_album'])? $_REQUEST['destination_album'] : "");
$source_folder = pg_escape_string($database, isset($_REQUEST['source_folder']) ? $_REQUEST['source_folder'] : "");
$source_album = pg_escape_string($database, isset($_REQUEST['source_album']) ? $_REQUEST['source_album'] : "");
$goto_f_request = isset($_REQUEST['go_to_f']);
$goto_a_request = isset($_REQUEST['go_to_a']);
@ -47,7 +47,7 @@ $add_photo_request = isset($_REQUEST['add_photos']);
$empty_trash_request = isset($_REQUEST['empty_trash_req']);
$transform_request = isset($_REQUEST['rotate_req']);
$transform = isset($_REQUEST['transform']) ? pg_escape_string($_REQUEST['transform']) : "";
$transform = isset($_REQUEST['transform']) ? pg_escape_string($database, $_REQUEST['transform']) : "";
if (isset($_REQUEST['selection']) && is_array($_REQUEST['selection'])) {
foreach ($_REQUEST['selection'] as $photo) {

2
src/folder.del.2.php
Unescape View File

@ -20,7 +20,7 @@
include_once "include/config.php";
include_once "include/site.php";
$folder_id = pg_escape_string($_REQUEST['folder']);
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
$parent_folder = $_REQUEST['parent'];
$database = site_prolog(PO_USER_TYPE_USER);

2
src/folder.del.php
Unescape View File

@ -23,7 +23,7 @@ include_once "include/site.php";
$database = site_prolog(PO_USER_TYPE_USER);
$folder_id = pg_escape_string($_REQUEST['folder']);
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
$folder_data = pg_fetch_row(pg_query($database, "select caption, date_of_creation, access_rights, parent_folder, users from folder where folder.identifier='$folder_id'"));

16
src/folder.edit.2.php
Unescape View File

@ -20,14 +20,14 @@
include_once "include/config.php";
include_once "include/site.php";
$folder_id = pg_escape_string($_REQUEST['folder']);
$folder_name = pg_escape_string($_REQUEST['folder_caption']);
$folder_description = pg_escape_string($_REQUEST['folder_description']);
$folder_access_rights = pg_escape_string($_REQUEST['folder_access_rights']);
$parent_folder = pg_escape_string($_REQUEST['parent']);
$password = pg_escape_string($_REQUEST['password']);
$event = pg_escape_string($_REQUEST['event']);
$orderby = pg_escape_string($_REQUEST['order_by']);
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
$folder_name = pg_escape_string($database, $_REQUEST['folder_caption']);
$folder_description = pg_escape_string($database, $_REQUEST['folder_description']);
$folder_access_rights = pg_escape_string($database, $_REQUEST['folder_access_rights']);
$parent_folder = pg_escape_string($database, $_REQUEST['parent']);
$password = pg_escape_string($database, $_REQUEST['password']);
$event = pg_escape_string($database, $_REQUEST['event']);
$orderby = pg_escape_string($database, $_REQUEST['order_by']);
$keep_thumb = $_REQUEST['keep_thumb'];
if ($event != "null") $event = "'$event'";

2
src/folder.edit.php
Unescape View File

@ -25,7 +25,7 @@ include_once "include/orderby.php";
$database = site_prolog(PO_USER_TYPE_USER);
$folder_id = pg_escape_string($_REQUEST['folder']);
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
$folder_data = pg_fetch_row(pg_query($database, "select caption, date_of_creation, access_rights, parent_folder, description, users, password, event, thumb_ver, orderby from folder where identifier='$folder_id'"));

4
src/folder.php
Unescape View File

@ -22,8 +22,8 @@ include_once "include/common.php";
include_once "include/site.php";
include_once "include/orderby.php";
$folder_id = pg_escape_string($_REQUEST['folder']);
$offset = pg_escape_string(isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
$folder_id = pg_escape_string($database, $_REQUEST['folder']);
$offset = pg_escape_string($database, isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
if ($offset && !is_numeric($offset)) {
$offset = 0;

6
src/image.display.php
Unescape View File

@ -22,9 +22,9 @@ include_once "include/config.php";
include_once "include/calendar.php";
include_once "include/site.php";
$photo_id = pg_escape_string(isset($_REQUEST['image']) ? $_REQUEST['image'] : FALSE);
$image_size = pg_escape_string(isset($_REQUEST['size']) ? $_REQUEST['size'] : 1);
$version = pg_escape_string(isset($_REQUEST['ver']) ? $_REQUEST['ver'] : FALSE);
$photo_id = pg_escape_string($database, isset($_REQUEST['image']) ? $_REQUEST['image'] : FALSE);
$image_size = pg_escape_string($database, isset($_REQUEST['size']) ? $_REQUEST['size'] : 1);
$version = pg_escape_string($database, isset($_REQUEST['ver']) ? $_REQUEST['ver'] : FALSE);
$download = isset($_REQUEST['down']);

28
src/include/admin.php
Unescape View File

@ -213,21 +213,21 @@ function register_user($database, $username, $user_type, $password, $fn, $ln, $e
global $po_options;
/* Required fields */
$first_name = pg_escape_string($fn);
$last_name = pg_escape_string($ln);
$email = pg_escape_string($email);
$first_name = pg_escape_string($database, $fn);
$last_name = pg_escape_string($database, $ln);
$email = pg_escape_string($database, $email);
$lang = isset($_REQUEST['lang']) ? $_REQUEST['lang'] : $po_options['lang'];
/* Optional fields .. */
$url = pg_escape_string($_REQUEST['url']);
$phone = pg_escape_string($_REQUEST['phone']);
$company = pg_escape_string($_REQUEST['company']);
$address1 = pg_escape_string($_REQUEST['address1']);
$address2 = pg_escape_string($_REQUEST['address2']);
$city = pg_escape_string($_REQUEST['city']);
$zipcode = pg_escape_string($_REQUEST['zipcode']);
$state = pg_escape_string($_REQUEST['state']);
$country = pg_escape_string($_REQUEST['country']);
$url = pg_escape_string($database, $_REQUEST['url']);
$phone = pg_escape_string($database, $_REQUEST['phone']);
$company = pg_escape_string($database, $_REQUEST['company']);
$address1 = pg_escape_string($database, $_REQUEST['address1']);
$address2 = pg_escape_string($database, $_REQUEST['address2']);
$city = pg_escape_string($database, $_REQUEST['city']);
$zipcode = pg_escape_string($database, $_REQUEST['zipcode']);
$state = pg_escape_string($database, $_REQUEST['state']);
$country = pg_escape_string($database, $_REQUEST['country']);
pg_query($database, "begin");
$new_user_id = pg_fetch_row(pg_query($database, "select nextval('users_id_sequence')"));
@ -237,8 +237,8 @@ function register_user($database, $username, $user_type, $password, $fn, $ln, $e
if (strlen($url) && (substr($url, 0, 7) != "http://"))
$url = "http://".$url;
$password = pg_escape_string($auth_handle->passwd_transform($password, $username));
$username = pg_escape_string($username);
$password = pg_escape_string($database, $auth_handle->passwd_transform($password, $username));
$username = pg_escape_string($database, $username);
$result = pg_query($database, "insert into users (identifier, first_name, last_name, company, username, password, member_since, type, address1, address2, city, zipcode, state, country, phone, email, url)
values ('$user_id', '$first_name', '$last_name', '$company', '$username', '$password', now(), $user_type, '$address1', '$address2', '$city', '$zipcode', $state, $country, '$phone', '$email', '$url')");

16
src/include/auth-flyspray.php
Unescape View File

@ -47,8 +47,8 @@ class po_auth_flyspray_db {
function auth_user($username, $password) {
$database = $this->handle;
$password = pg_escape_string($this->passwd_transform($password, $username));
$username = pg_escape_string($username);
$password = pg_escape_string($database, $this->passwd_transform($password, $username));
$username = pg_escape_string($database, $username);
$res = pg_query($database, "SELECT user_name FROM ".$this->dbprefix."users WHERE user_name='$username' and user_pass = '$password' and account_enabled > 0");
@ -78,7 +78,7 @@ class po_auth_flyspray_db {
*/
function user_info($username) {
$username = pg_escape_string($username);
$username = pg_escape_string($database, $username);
$res = pg_fetch_assoc(pg_query($this->handle, "SELECT real_name, email_address as email, account_enabled, (select count(*) from ".$this->dbprefix."users_in_groups g where u.user_id = g.user_id and g.group_id = $this->admin_grp) as admin, (select count(*) from ".$this->dbprefix."users_in_groups g where u.user_id = g.user_id and g.group_id = $this->user_grp) as user FROM ".$this->dbprefix."users u
WHERE u.user_name='$username' "));
@ -114,10 +114,10 @@ class po_auth_flyspray_db {
*/
function change_pass($username, $old_password, $new_password) {
$database = $this->handle;
$username = pg_escape_string($username);
$username = pg_escape_string($database, $username);
$new_password = pg_escape_string($this->passwd_transform($new_password, $username));
$old_password = pg_escape_string($this->passwd_transform($old_password, $username));
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
$old_password = pg_escape_string($database, $this->passwd_transform($old_password, $username));
$res = pg_query($database, "update ".$this->dbprefix."users set user_pass = '$new_password' where user_name = '$username' and user_pass = '$old_password'");
@ -126,9 +126,9 @@ class po_auth_flyspray_db {
function force_change_pass($username, $new_password) {
$database = $this->handle;
$username = pg_escape_string($username);
$username = pg_escape_string($database, $username);
$new_password = pg_escape_string($this->passwd_transform($new_password, $username));
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
$res = pg_query($database, "update ".$this->dbprefix."users set user_pass = '$new_password' where user_name = '$username'");

18
src/include/auth.php
Unescape View File

@ -39,8 +39,8 @@ class po_auth_default_db {
*/
function auth_user($username, $password) {
$database = $this->handle;
$password = pg_escape_string($this->passwd_transform($password, $username));
$username = pg_escape_string($username);
$password = pg_escape_string($database, $this->passwd_transform($password, $username));
$username = pg_escape_string($database, $username);
$res = pg_query($database, "SELECT username FROM users WHERE username='$username' and password = '$password' and type > ".PO_USER_TYPE_DISABLED);
@ -71,7 +71,7 @@ class po_auth_default_db {
*/
function user_info($username) {
$database = $this->handle;
$username = pg_escape_string($username);
$username = pg_escape_string($database, $username);
$res = pg_fetch_assoc(pg_query($database, "SELECT first_name, last_name, email, type
FROM view_contact_info
@ -90,10 +90,10 @@ class po_auth_default_db {
*/
function change_pass($username, $old_password, $new_password) {
$database = $this->handle;
$username = pg_escape_string($username);
$username = pg_escape_string($database, $username);
$new_password = pg_escape_string($this->passwd_transform($new_password, $username));
$old_password = pg_escape_string($this->passwd_transform($old_password, $username));
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
$old_password = pg_escape_string($database, $this->passwd_transform($old_password, $username));
$res = pg_query($database, "update users set password = '$new_password' where username = '$username' and password = '$old_password'");
@ -102,9 +102,9 @@ class po_auth_default_db {
function force_change_pass($username, $new_password) {
$database = $this->handle;
$username = pg_escape_string($username);
$username = pg_escape_string($database, $username);
$new_password = pg_escape_string($this->passwd_transform($new_password, $username));
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
$res = pg_query($database, "update users set password = '$new_password' where username = '$username'");
@ -115,7 +115,7 @@ class po_auth_default_db {
/* Returns TRUE if the user is allowed to register. */
function can_register($username) {
$database = $this->handle;
$username = pg_escape_string($username);
$username = pg_escape_string($database, $username);
/* Make sure there's no existing username */
$res = pg_query($database, "select identifier from users where username = '$username'");

16
src/include/common.php
Unescape View File

@ -1943,12 +1943,12 @@ function add_folder($database, $userid, $parent, $access_rights, $name, $descr,
global $strings;
global $memcache;
$name = pg_escape_string($name);
$descr = pg_escape_string($descr);
$password = pg_escape_string($password);
$access_rights = pg_escape_string($access_rights);
$event = pg_escape_string($event);
$orderby = pg_escape_string($orderby);
$name = pg_escape_string($database, $name);
$descr = pg_escape_string($database, $descr);
$password = pg_escape_string($database, $password);
$access_rights = pg_escape_string($database, $access_rights);
$event = pg_escape_string($database, $event);
$orderby = pg_escape_string($database, $orderby);
if ($event != "null") $client = "'$event'";
@ -2409,8 +2409,8 @@ function store_user_pref($database, $userid, $key, $value) {
global $po_options_default;
global $strings;
$key2 = pg_escape_string($key);
$value2 = pg_escape_string($value);
$key2 = pg_escape_string($database, $key);
$value2 = pg_escape_string($database, $value);
pg_query($database, "begin");
$result = pg_query($database, "DELETE FROM user_preferences WHERE owner = $userid AND key = '$key2'");

2
src/include/exif.php
Unescape View File

@ -257,7 +257,7 @@ function photo_parse_exif($database, $index, $user_id, $image_data, &$output) {
/* Process the raw data */
foreach ($exif_data as $key => $value) {
$ignore_row = FALSE;
$value = pg_escape_string($value);
$value = pg_escape_string($database, $value);
switch ($key) {
case "Artist":

14
src/include/import.php
Unescape View File

@ -322,7 +322,7 @@ function photo_import_worker($database, $userid = FALSE, $background = TRUE) {
if ($background) {
$po_user = $image_data['po_user'];
$output = pg_escape_string($output);
$output = pg_escape_string($database, $output);
$foo = pg_query($database, "insert into import_results(users, log_data) values ($po_user[id], '$output')");
} else {
print $output;
@ -516,7 +516,7 @@ function photo_import_single($database, $index, &$image_data, &$output) {
} else {
$key = array(1);
}
$original_name = pg_escape_string($original_name);
$original_name = pg_escape_string($database, $original_name);
$comment = $image_data['file'][$index]['remark'];
$orientation = orientation_id_from_string($database, $image_data['file'][$index]["orientation"]);
$query = "insert into photo_version(identifier, key, photo, master, original_image_name, comment, colorspace, orientation)
@ -537,7 +537,7 @@ function photo_import_single($database, $index, &$image_data, &$output) {
$keyword = trim($keyword, ','); /* Trailing commas */
$keyword = trim($keyword);
if ($keyword == "") continue;
$keyword = pg_escape_string($keyword);
$keyword = pg_escape_string($database, $keyword);
$query = "insert into photo_keywords (photo, keyword)
values ($photo_id, '$keyword')";
@ -573,8 +573,8 @@ function photo_import_single($database, $index, &$image_data, &$output) {
if (!$master_photo_id && $result && $image_data['equipment']) {
foreach ($image_data['equipment'] as $equip) {
$parts = explode(":", $equip);
$parts[0] = pg_escape_string($parts[0]);
$parts[1] = pg_escape_string($parts[1]);
$parts[0] = pg_escape_string($database, $parts[0]);
$parts[1] = pg_escape_string($database, $parts[1]);
if ($result) {
$query = "insert into photo_equipment (photo, equipment, type) VALUES ($photo_id, $parts[0], $parts[1])";
$result = pg_query($database, $query);
@ -1319,8 +1319,8 @@ function import_file($database, $file_name, $base_path, $version_id,
if (!$watermark)
$watermark = 'null';
$params = pg_escape_string($params);
$comments = pg_escape_string($comments);
$params = pg_escape_string($database, $params);
$comments = pg_escape_string($database, $comments);
$sha1sum = sha1_file($file_name);
if ($size_code < 0) {

2
src/include/iptc.php
Unescape View File

@ -254,7 +254,7 @@ function photo_parse_iptc($database, $index, $user_id, $image_data, &$output) {
/* Populate IPTC data */
$iptc_data = $image_data['exiftool_data_IPTC'];
foreach ($iptc_data as $key => $value) {
$value = pg_escape_string($value);
$value = pg_escape_string($database, $value);
$image_data["iptc"] .= "<key>$key</key><value>$value</value>";
switch ($key) {
case "Caption-Abstract":

6
src/include/mail.php
Unescape View File

@ -35,9 +35,9 @@ function send_login_information($database, $email, $password, $username, $auth_h
$new_passwords = TRUE;
}
$email = pg_escape_string($email);
$password = pg_escape_string($password);
$username = pg_escape_string($username);
$email = pg_escape_string($database, $email);
$password = pg_escape_string($database, $password);
$username = pg_escape_string($database, $username);
if ($username != '')
$extra = "and (username = '$username' or email = '$username')";

2
src/include/print.printer.php
Unescape View File

@ -237,7 +237,7 @@ function photo_print_worker($database, $userid = FALSE, $background = TRUE) {
if ($background) {
$po_user = $single['user'];
$output = pg_escape_string($output);
$output = pg_escape_string($database, $output);
$foo = pg_query($database, "insert into print_results(users, log_data) values ($po_user[id], '$output')");
} else {
print $output;

4
src/include/profile.php
Unescape View File

@ -345,8 +345,8 @@ function old_profile_del_item ($database, $type, $identifier)
global $po_user;
global $strings;
$type = pg_escape_string($type);
$identifer = pg_escape_string($identifier);
$type = pg_escape_string($database, $type);
$identifer = pg_escape_string($database, $identifier);
$type_to_remove = FALSE;

2
src/include/rdf.php
Unescape View File

@ -63,7 +63,7 @@ function photo_parse_rdf($database, $index, $user_id, $image_data, &$output) {
/* Populate RDF data */
$rdf_data = $image_data['exiftool_data_XMP'];
foreach ($rdf_data as $key => $value) {
$value = pg_escape_string($value);
$value = pg_escape_string($database, $value);
$image_data["rdf"] .= "<key>$key</key><value>$value</value>";
switch ($key) {
case "Creator": // and 'Owner' too

2
src/include/search.php
Unescape View File

@ -79,7 +79,7 @@ function validate_search_string($search_string) {
function prepare_keyword($keyword, $enable_stemming) {
global $forbidden_keywords;
$keyword = pg_escape_string($keyword);
$keyword = pg_escape_string($database, $keyword);
if (is_numeric($keyword))
return " = '".$keyword."'";

74
src/include/site.php
Unescape View File

@ -24,7 +24,7 @@ include_once "vars.php";
/* Simple database connection wrapper */
function po_dbconnect() {
global $db_dsn;
$database = pg_pconnect($db_dsn); /* Persistent */
if ($database)
pg_set_client_encoding($database, 'UTF-8');
@ -68,9 +68,9 @@ function site_prolog($min_type = PO_USER_TYPE_DISABLED) {
}
/* Start up session */
if ($po_session_handler != "")
if ($po_session_handler != "")
ini_set("session.save_handler", $po_session_handler);
if ($po_session_path != "")
if ($po_session_path != "")
ini_set("session.save_path", $po_session_path);
if ($po_session_lifetime) {
ini_set("session.cache_expire", $po_session_lifetime / 60);
@ -96,21 +96,21 @@ function site_prolog($min_type = PO_USER_TYPE_DISABLED) {
/* And then set up option data */
if (isset($_SESSION['po_options'])) {
$options = $_SESSION['po_options'];
foreach ($options as $key => $value) {
$po_options[$key] = $options[$key];
}
}
/* Periodically refresh our cached credentials & preferences */
if (($po_user['id'] != 0) &&
if (($po_user['id'] != 0) &&
($po_user['last_updated'] + $default_cred_timeout) < time()) {
/* Update preferences and credentials */
refresh_user_prefs($database);
}
$tmp = array_merge($po_user['passwords'], $po_options['passwords']);
$passwords = pg_escape_string(implode("," , $tmp));
$passwords = pg_escape_string($database, implode("," , $tmp));
deal_with_global_stuff($database);
@ -132,9 +132,9 @@ function site_prolog($min_type = PO_USER_TYPE_DISABLED) {
if (($min_type == PO_USER_TYPE_DISABLED) && !$po_user['type']) {
session_start();
setcookie(session_name(), '', time()-3600, $po_cookie_path);
session_destroy();
session_destroy();
}
/* Ensure user has minimum permissions for this page */
if ($po_user['type'] < $min_type) {
switch ($min_type) {
@ -183,7 +183,7 @@ function site_prolog($min_type = PO_USER_TYPE_DISABLED) {
/* Set the umask */
umask(0077); /* owner access only */
return $database;
}