Skip to content
Snippets Groups Projects
Commit 181446bc authored by root's avatar root Committed by agata
Browse files

modifiche che permettono il funzionamento di nextgen-gallery

parent cf4fd01b
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
wp-content/db.php
+ 6
0
View file @ 181446bc
...@@ -313,6 +313,12 @@ class hyperdb extends wpdb { ...@@ -313,6 +313,12 @@ class hyperdb extends wpdb {
. ')\W([\w-]+)\W/is', $q, $maybe) ) . ')\W([\w-]+)\W/is', $q, $maybe) )
return $maybe[1]; return $maybe[1];
// SHOW TABLES LIKE (used in some plugins)
if ( preg_match('/^\s*'
. 'SHOW\s+TABLES\s+LIKE\s+'
. '\W(\w+)\W/is', $q, $maybe) )
return $maybe[1];
// Big pattern for the rest of the table-related queries in MySQL 5.0 // Big pattern for the rest of the table-related queries in MySQL 5.0
if ( preg_match('/^\s*(?:' if ( preg_match('/^\s*(?:'
. '(?:EXPLAIN\s+(?:EXTENDED\s+)?)?SELECT.*?\s+FROM' . '(?:EXPLAIN\s+(?:EXTENDED\s+)?)?SELECT.*?\s+FROM'
......
wp-content/plugins/nextgen-gallery/admin/functions.php
+ 36
9
View file @ 181446bc
<?php <?php
if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You are not allowed to call this page directly.'); } if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You are not allowed to call this page directly.'); }
// Temporary file reservoir, which should exist and be property of www-data. Needed to bypass open_basedir
define('NEXTGEN_TMP_FILES', '/opt/noblogs/tmp/');
/** /**
* nggAdmin - Class for admin operation * nggAdmin - Class for admin operation
* *
...@@ -844,7 +845,16 @@ class nggAdmin{ ...@@ -844,7 +845,16 @@ class nggAdmin{
return false; return false;
} else { } else {
if (!is_dir(NEXTGEN_TMP_FILES) || !is_writable(NEXTGEN_TMP_FILES)) {
nggGallery::show_error('the temporary files directory is not set; contact your system administrator');
return false;
}
$newTmpFile = NEXTGEN_TMP_FILES . basename($_FILES['zipfile']['tmp_name']);
if (!@move_uploaded_file($_FILES['zipfile']['tmp_name'], $newTmpFile)) {
nggGallery::show_error('could not move the uploaded file to the correct destination');
return false;
}
$_FILES['zipfile']['tmp_name'] = $newTmpFile;
$temp_zipfile = $_FILES['zipfile']['tmp_name']; $temp_zipfile = $_FILES['zipfile']['tmp_name'];
$filename = $_FILES['zipfile']['name']; $filename = $_FILES['zipfile']['name'];
...@@ -871,6 +881,7 @@ class nggAdmin{ ...@@ -871,6 +881,7 @@ class nggAdmin{
if ( empty($foldername) ) { if ( empty($foldername) ) {
nggGallery::show_error( __('Could not get a valid foldername', 'nggallery') ); nggGallery::show_error( __('Could not get a valid foldername', 'nggallery') );
@unlink($temp_zipfile); // del temp file
return false; return false;
} }
...@@ -883,10 +894,12 @@ class nggAdmin{ ...@@ -883,10 +894,12 @@ class nggAdmin{
if (!wp_mkdir_p ($newfolder)) { if (!wp_mkdir_p ($newfolder)) {
$message = sprintf(__('Unable to create directory %s. Is its parent directory writable by the server?', 'nggallery'), $newfolder); $message = sprintf(__('Unable to create directory %s. Is its parent directory writable by the server?', 'nggallery'), $newfolder);
nggGallery::show_error($message); nggGallery::show_error($message);
@unlink($temp_zipfile); // del temp file
return false; return false;
} }
if (!wp_mkdir_p ($newfolder . '/thumbs')) { if (!wp_mkdir_p ($newfolder . '/thumbs')) {
nggGallery::show_error(__('Unable to create directory ', 'nggallery') . $newfolder . '/thumbs !'); nggGallery::show_error(__('Unable to create directory ', 'nggallery') . $newfolder . '/thumbs !');
@unlink($temp_zipfile); // del temp file
return false; return false;
} }
} }
...@@ -949,8 +962,17 @@ class nggAdmin{ ...@@ -949,8 +962,17 @@ class nggAdmin{
// look only for uploded files // look only for uploded files
if ($imagefiles['error'][$key] == 0) { if ($imagefiles['error'][$key] == 0) {
if (!is_dir(NEXTGEN_TMP_FILES)) {
nggGallery::show_error('Temporary upload directory not defined, contact your system administrator');
return;
}
$newFile = NEXTGEN_TMP_FILES . basename($imagefiles['tmp_name'][$key]);
if (!@move_uploaded_file($imagefiles['tmp_name'][$key], $newFile)) {
nggGallery::show_error('<strong>' . $imagefiles['name'][$key] . ' </strong>' . __('could not copy to temporary directory','nggallery'));
continue;
}
$temp_file = $imagefiles['tmp_name'][$key]; $temp_file = $newFile;
//clean filename and extract extension //clean filename and extract extension
$filepart = nggGallery::fileinfo( $imagefiles['name'][$key] ); $filepart = nggGallery::fileinfo( $imagefiles['name'][$key] );
...@@ -960,6 +982,7 @@ class nggAdmin{ ...@@ -960,6 +982,7 @@ class nggAdmin{
$ext = array('jpg', 'png', 'gif'); $ext = array('jpg', 'png', 'gif');
if ( !in_array($filepart['extension'], $ext) || !@getimagesize($temp_file) ){ if ( !in_array($filepart['extension'], $ext) || !@getimagesize($temp_file) ){
nggGallery::show_error('<strong>' . $imagefiles['name'][$key] . ' </strong>' . __('is no valid image file!','nggallery')); nggGallery::show_error('<strong>' . $imagefiles['name'][$key] . ' </strong>' . __('is no valid image file!','nggallery'));
@unlink($temp_file);
continue; continue;
} }
...@@ -975,24 +998,27 @@ class nggAdmin{ ...@@ -975,24 +998,27 @@ class nggAdmin{
if ( !is_writeable($gallery->abspath) ) { if ( !is_writeable($gallery->abspath) ) {
$message = sprintf(__('Unable to write to directory %s. Is this directory writable by the server?', 'nggallery'), $gallery->abspath); $message = sprintf(__('Unable to write to directory %s. Is this directory writable by the server?', 'nggallery'), $gallery->abspath);
nggGallery::show_error($message); nggGallery::show_error($message);
@unlink($temp_file);
return; return;
} }
// save temp file to gallery // save temp file to gallery
if ( !@move_uploaded_file($temp_file, $dest_file) ){ if ( !@rename($temp_file, $dest_file) ){
nggGallery::show_error(__('Error, the file could not be moved to : ','nggallery') . $dest_file); nggGallery::show_error(__('Error, the file could not be moved to : ','nggallery') . $dest_file);
nggAdmin::check_safemode( $gallery->abspath ); nggAdmin::check_safemode( $gallery->abspath );
@unlink($temp_file);
continue; continue;
} }
if ( !nggAdmin::chmod($dest_file) ) { if ( !nggAdmin::chmod($dest_file) ) {
nggGallery::show_error(__('Error, the file permissions could not be set','nggallery')); nggGallery::show_error(__('Error, the file permissions could not be set','nggallery'));
@unlink($temp_file);
continue; continue;
} }
// add to imagelist & dirlist // add to imagelist & dirlist
$imageslist[] = $filename; $imageslist[] = $filename;
$dirlist[] = $filename; $dirlist[] = $filename;
@unlink($temp_file);
} }
} }
} }
...@@ -1042,6 +1068,7 @@ class nggAdmin{ ...@@ -1042,6 +1068,7 @@ class nggAdmin{
$filepart = nggGallery::fileinfo( $_FILES['Filedata']['name'] ); $filepart = nggGallery::fileinfo( $_FILES['Filedata']['name'] );
$filename = $filepart['basename']; $filename = $filepart['basename'];
$gallerypath = $wpdb->get_var("SELECT path FROM $wpdb->nggallery WHERE gid = '$galleryID' ");
// check for allowed extension // check for allowed extension
$ext = array('jpg', 'png', 'gif'); $ext = array('jpg', 'png', 'gif');
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment