Package: piwigo Version: 2.1.2-2 Severity: important Tags: patch Hi,
Sorry, last patch I posted here does not work on sqlite and postgresql database. There is a specific function used in this apps for doing escape: pwg_db_real_escape_string() . I post-back a new patch. (see patch in attachment) Regards, Thomas PIERSON
--- a/piwigo/web/admin/include/functions_upload.inc.php 2010-10-07 02:40:51.886961921 +0200
+++ b/piwigo/web/admin/include/functions_upload.inc.php 2010-10-07 22:58:10.000000000 +0200
@@ -103,7 +103,7 @@
// database registration
$insert = array(
- 'file' => isset($original_filename) ? $original_filename : basename($file_path),
+ 'file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)),
'date_available' => $dbnow,
'tn_ext' => 'jpg',
'path' => preg_replace('#^'.preg_quote(PHPWG_ROOT_PATH).'#', '', $file_path),
\ No newline at end of file
signature.asc
Description: This is a digitally signed message part.

