General Support: Bugfix + new feature added

Dear dev,

I've made 2 modifications to the source code:

1) When edititing an album in the adminpanel where the category name contains a quote you get SQL errors because the category name has been SmartStripSlashes() for the rename, but after that it hasn't been addslashed() for the proceeding queries.

2) I imported a lot of photo's containing valid EXIF information, but with a file-created-time of now() because they we're copied. The EXIF information contains the DateTaken field, so I've modified the add_picture() function to touch() the image file with EXIF's DateTaken when it is imported so that it gets to original timestamp again.


Here are the modifications:


joost:/var/www/ploggerb3/admin$ diff plog-admin-functions.php my-admin-functions.php
115a116,122
> // [ joost: update the creation time of the image according to the exif ]
> if (strtotime($exif['date_taken']) > 0) {
> touch($final_fqfn, strtotime($exif['date_taken']));
> }
> // [ /joost ]
>
>
600a608,614
> // joost
> // because $source_collection_name has been 'SmartStripSlashed' the query in the while loop
> // will have 'sql injection errors' when $source_collection_name contains a single quote '
> // e.g. SET path = 'johns's fotos' WHERE id = '10';
> $source_collection_name = mysql_real_escape_string($source_collection_name);
> // end joost
>


Best regards,
Joost