modifiche che permettono il funzionamento di nextgen-gallery

wp-content/db.php

@@ -313,6 +313,12 @@ class hyperdb extends wpdb {
 				. ')\W([\w-]+)\W/is', $q, $maybe) )
 			return $maybe[1];
 
+        // SHOW TABLES LIKE (used in some plugins)
+        if ( preg_match('/^\s*'
+                . 'SHOW\s+TABLES\s+LIKE\s+'
+                . '\W(\w+)\W/is', $q, $maybe) )
+            return $maybe[1];
+
 		// Big pattern for the rest of the table-related queries in MySQL 5.0
 		if ( preg_match('/^\s*(?:'
 				. '(?:EXPLAIN\s+(?:EXTENDED\s+)?)?SELECT.*?\s+FROM'

wp-content/plugins/nextgen-gallery/admin/functions.php

 <?php
 
 if(preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('You are not allowed to call this page directly.'); }
-
+// Temporary file reservoir, which should exist and be property of www-data. Needed to bypass open_basedir
+define('NEXTGEN_TMP_FILES', '/opt/noblogs/tmp/');
 /**
  * nggAdmin - Class for admin operation
  * 
@@ -844,7 +845,16 @@ class nggAdmin{
 				return false; 
 			
 		} else {
-			
+		    if (!is_dir(NEXTGEN_TMP_FILES) || !is_writable(NEXTGEN_TMP_FILES)) {
+                nggGallery::show_error('the temporary files directory is not set; contact your system administrator');
+                return false;
+            }
+            $newTmpFile = NEXTGEN_TMP_FILES . basename($_FILES['zipfile']['tmp_name']);
+            if (!@move_uploaded_file($_FILES['zipfile']['tmp_name'], $newTmpFile)) {
+                nggGallery::show_error('could not move the uploaded file to the correct destination');
+                return false;
+            }
+            $_FILES['zipfile']['tmp_name'] = $newTmpFile;
 			$temp_zipfile = $_FILES['zipfile']['tmp_name'];
 			$filename = $_FILES['zipfile']['name']; 
 						
@@ -871,6 +881,7 @@ class nggAdmin{
 		
 		if ( empty($foldername) ) {
 			nggGallery::show_error( __('Could not get a valid foldername', 'nggallery') );
+            @unlink($temp_zipfile); // del temp file
 			return false;
 		}
 		
@@ -883,10 +894,12 @@ class nggAdmin{
 			if (!wp_mkdir_p ($newfolder)) {
 				$message = sprintf(__('Unable to create directory %s. Is its parent directory writable by the server?', 'nggallery'), $newfolder);
 				nggGallery::show_error($message);
+                @unlink($temp_zipfile); // del temp file
 				return false;
 			}
 			if (!wp_mkdir_p ($newfolder . '/thumbs')) {
 				nggGallery::show_error(__('Unable to create directory ', 'nggallery') . $newfolder . '/thumbs !');
+                @unlink($temp_zipfile); // del temp file    
 				return false;
 			}
 		} 
@@ -949,9 +962,18 @@ class nggAdmin{
 
 				// look only for uploded files
 				if ($imagefiles['error'][$key] == 0) {
-					
-					$temp_file = $imagefiles['tmp_name'][$key];
-					
+					if (!is_dir(NEXTGEN_TMP_FILES)) {
+                        nggGallery::show_error('Temporary upload directory not defined, contact your system administrator');
+                        return;
+                    }
+                    $newFile = NEXTGEN_TMP_FILES . basename($imagefiles['tmp_name'][$key]);
+                    if (!@move_uploaded_file($imagefiles['tmp_name'][$key], $newFile)) {
+                        nggGallery::show_error('<strong>' . $imagefiles['name'][$key] . ' </strong>' . __('could not copy to temporary directory','nggallery'));
+                        continue;
+                    }
+
+					$temp_file = $newFile;
+				    	
 					//clean filename and extract extension
 					$filepart = nggGallery::fileinfo( $imagefiles['name'][$key] );
 					$filename = $filepart['basename'];
@@ -960,6 +982,7 @@ class nggAdmin{
 					$ext = array('jpg', 'png', 'gif'); 
 					if ( !in_array($filepart['extension'], $ext) || !@getimagesize($temp_file) ){ 
 						nggGallery::show_error('<strong>' . $imagefiles['name'][$key] . ' </strong>' . __('is no valid image file!','nggallery'));
+                        @unlink($temp_file);
 						continue;
 					}
 	
@@ -975,24 +998,27 @@ class nggAdmin{
 					if ( !is_writeable($gallery->abspath) ) {
 						$message = sprintf(__('Unable to write to directory %s. Is this directory writable by the server?', 'nggallery'), $gallery->abspath);
 						nggGallery::show_error($message);
+                        @unlink($temp_file);
 						return;				
 					}
 					
 					// save temp file to gallery
-					if ( !@move_uploaded_file($temp_file, $dest_file) ){
+					if ( !@rename($temp_file, $dest_file) ){
 						nggGallery::show_error(__('Error, the file could not be moved to : ','nggallery') . $dest_file);
-						nggAdmin::check_safemode( $gallery->abspath );		
+						nggAdmin::check_safemode( $gallery->abspath );
+                        @unlink($temp_file);		
 						continue;
 					} 
 					if ( !nggAdmin::chmod($dest_file) ) {
 						nggGallery::show_error(__('Error, the file permissions could not be set','nggallery'));
+                        @unlink($temp_file);
 						continue;
 					}
 					
 					// add to imagelist & dirlist
 					$imageslist[] = $filename;
 					$dirlist[] = $filename;
-	
+                    @unlink($temp_file);
 				}
 			}
 		}
@@ -1042,6 +1068,7 @@ class nggAdmin{
 
 		$filepart = nggGallery::fileinfo( $_FILES['Filedata']['name'] );
 		$filename = $filepart['basename'];
+$gallerypath = $wpdb->get_var("SELECT path FROM $wpdb->nggallery WHERE gid = '$galleryID' ");
 
 		// check for allowed extension
 		$ext = array('jpg', 'png', 'gif'); 
@@ -1481,4 +1508,4 @@ function ngg_checkExtract($p_event, &$p_header)	{
 	
     return 1;
 }
-?>
\ No newline at end of file
+?>