Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Recognize title, keywords and caption in xp_publish.php  (Read 8991 times)

0 Members and 1 Guest are viewing this topic.

ZZamboni

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 4
Recognize title, keywords and caption in xp_publish.php
« on: July 31, 2005, 10:30:45 pm »

Hi,

It would be nice if xp_publish.php would accept the title, keywords and description as submitted through its interface. Although WinXP does not provide these items, the interface can be used by other programs that do provide that data (e.g. my CopperExport iPhoto plugin - http://www.zzamboni.org/copperexport/), so it can be generally useful.

For cpg141beta, the changes are really simple, and do not affect uploading from WinXP:

Code: [Select]
--- xp_publish.php.141  Sun Jul 24 22:27:42 2005
+++ xp_publish.php      Sun Jul 24 22:32:52 2005
@@ -676,7 +676,7 @@
         $category = FIRST_USER_CAT + USER_ID;
     }
 
-    $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($_POST['new_alb_name']) . "', 'NO',  '0')";
+    $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos, description) VALUES ('$category', '" . addslashes($_POST['new_alb_name']) . "', 'NO',  '0', '" . addslashes($_POST['new_alb_description']) . "')";
     cpg_db_query($query);
 
     $params = array('{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $_POST['new_alb_name']),
@@ -702,9 +702,9 @@
     if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
 
     $album = (int)$_GET['album'];
-    $title = '';
-    $caption = '';
-    $keywords = '';
+    $title = addslashes($_POST['title']);
+    $caption = addslashes($_POST['caption']);
+    $keywords = addslashes($_POST['keywords']);
     $user1 = '';
     $user2 = '';
     $user3 = '';

Thanks.
« Last Edit: July 31, 2005, 11:04:15 pm by GauGau »
Logged
Pages: [1]   Go Up
 

Page created in 0.024 seconds with 19 queries.