Use GBK charset only on older MySQL versions to avoid SQL injections (Issue #55)

This commit is contained in:
Tobias Reich 2014-01-26 14:39:47 +01:00
parent c4845b50a3
commit 76163e8c99
2 changed files with 5 additions and 3 deletions

View File

@ -25,8 +25,8 @@ function dbConnect() {
if (!$database->query("SELECT * FROM lychee_photos, lychee_albums, lychee_settings;"))
if (!createTables($database)) exit('Error: Could not create tables!');
// Avoid sql injection
$database->set_charset('GBK');
// Avoid sql injection on older MySQL versions
if ($database->server_version<50500) $database->set_charset('GBK');
return $database;

View File

@ -56,10 +56,12 @@ if (substr(sprintf('%o', @fileperms('../uploads/import/')), -4)!='0777') $error
if (substr(sprintf('%o', @fileperms('../uploads/')), -4)!='0777') $error .= ('Error 503: Wrong permissions for \'uploads/\' (777 required)' . PHP_EOL);
if (substr(sprintf('%o', @fileperms('../php/')), -4)!='0777') $error .= ('Error 504: Wrong permissions for \'php/\' (777 required)' . PHP_EOL);
if ($error=='') echo('Lychee is ready. Lets rock!' . PHP_EOL); else echo $error;
if ($error=='') echo('Lychee is ready. Lets rock!' . PHP_EOL . PHP_EOL); else echo $error;
// Check php.ini Settings
if (ini_get('max_execution_time')<200&&ini_set('upload_max_filesize', '20M')!==true) echo('Warning: You may experience problems when uploading a large amount of photos. Take a look in the FAQ for details.' . PHP_EOL);
// Check mysql version
if ($database->server_version<50800) echo('Warning: Lychee uses the GBK charset to avoid sql injections on your MySQL version. Please update to MySQL 5.5 or higher to enable UTF-8 support.' . PHP_EOL);
?>