Changeset 11614


Ignore:
Timestamp:
07/04/11 08:16:38 (8 years ago)
Author:
icy
Message:

Merge branch 'master' into svn

Location:
extensions/Icy_Picture_Modify
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • extensions/Icy_Picture_Modify/icy_picture_modify.php

    r11612 r11614  
    3030global $template, $conf, $user, $page, $lang, $cache; 
    3131 
    32 // redirect users to the index page or category page if 'image_id' isn't provided 
    33 if (!isset($_GET['image_id'])) 
    34 { 
    35   if (isset($_GET['cat_id'])) 
    36   { 
    37     redirect_http(get_root_url().'?/category/'.$_GET['cat_id']); 
    38   } 
    39   else 
    40   { 
    41     redirect_http(make_index_url()); 
    42   } 
    43 } 
    44  
    45 check_input_parameter('cat_id', $_GET, false, PATTERN_ID); 
    46 check_input_parameter('image_id', $_GET, false, PATTERN_ID); 
    47  
    48 // make sure the image is editable by current user 
    49 if (!icy_check_image_owner($_GET['image_id'], $user['id'])) 
    50 { 
    51   $url = make_picture_url( 
    52       array( 
    53         'image_id' => $_GET['image_id'], 
    54         'cat_id' => $_GET['cat_id'], 
    55       ) 
    56     ); 
    57   redirect_http($url); 
    58 } 
    59  
    6032// <admin.php> 
    6133$page['errors'] = array(); 
    6234$page['infos']  = array(); 
    6335$page['warnings']  = array(); 
    64  
     36// </admin.php> 
     37 
     38// +-----------------------------------------------------------------------+ 
     39// |                             check permission                          | 
     40// +-----------------------------------------------------------------------+ 
     41 
     42// redirect users to the index page or category page if 'image_id' isn't provided 
     43if (!isset($_GET['image_id'])) 
     44{ 
     45  if (isset($_GET['cat_id'])) 
     46  { 
     47    redirect_http(get_root_url().'?/category/'.$_GET['cat_id']); 
     48  } 
     49  else 
     50  { 
     51    // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied')); 
     52    redirect_http(make_index_url()); 
     53  } 
     54} 
     55 
     56check_input_parameter('cat_id', $_GET, false, PATTERN_ID); 
     57check_input_parameter('image_id', $_GET, false, PATTERN_ID); 
     58 
     59// Simplify redirect to administrator page if current user == admin 
     60// FIXME: when a non-existent image_id is provided, the original code 
     61// FIXME: picture_modify doesn't work well. It should deny to modify 
     62// FIXME: such picture. 
     63if (is_admin()) 
     64{ 
     65  if (icy_does_image_exist($_GET['image_id'])) 
     66  { 
     67    $url = get_root_url().'admin.php?page=picture_modify'; 
     68    $url.= '&amp;image_id='.$_GET['image_id']; 
     69    $url.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : ''; 
     70    redirect_http($url); 
     71  } 
     72  else 
     73  { 
     74    bad_request('invalid picture identifier'); 
     75  } 
     76} 
     77elseif (!icy_check_image_owner($_GET['image_id'], $user['id'])) 
     78{ 
     79  $url = make_picture_url( 
     80      array( 
     81        'image_id' => $_GET['image_id'], 
     82        'cat_id' => isset($_GET['cat_id']) ? $_GET['cat_id'] : "" 
     83      ) 
     84    ); 
     85  // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied')); 
     86  redirect_http($url); 
     87} 
     88 
     89// Update the page sessions 
    6590if (isset($_SESSION['page_infos'])) 
    6691{ 
     
    6893  unset($_SESSION['page_infos']); 
    6994} 
    70 // </admin.php> 
     95 
    7196 
    7297// +-----------------------------------------------------------------------+ 
  • extensions/Icy_Picture_Modify/include/functions_icy_picture_modify.inc.php

    r11610 r11614  
    3333  if (!preg_match(PATTERN_ID, $image_id)) 
    3434  { 
    35     fatal_error('[Hacking attempt] the input parameter "'.$image_id.'" is not valid'); 
     35    bad_request('invalid picture identifier'); 
    3636  } 
    3737  if (!preg_match(PATTERN_ID, $user_id)) 
    3838  { 
    39     fatal_error('[Hacking attempt] the input parameter "'.$user_id.'" is not valid'); 
     39    bad_request('invalid category identifier'); 
    4040  } 
    4141 
     
    5151  return ($count > 0 ? true: false); 
    5252} 
     53 
     54/* 
     55 * Check if an image does exist 
     56 * @return bool 
     57 * @author icy 
     58 * 
     59*/ 
     60function icy_does_image_exist($image_id) 
     61{ 
     62  if (!preg_match(PATTERN_ID, $image_id)) 
     63  { 
     64    bad_request('invalid picture identifier'); 
     65  } 
     66  $query = ' 
     67SELECT COUNT(id) 
     68  FROM '.IMAGES_TABLE.' 
     69  WHERE id = '.$image_id.' 
     70;'; 
     71  list($count) = pwg_db_fetch_row(pwg_query($query)); 
     72  return ($count > 0 ? true: false); 
     73} 
    5374?> 
  • extensions/Icy_Picture_Modify/main.inc.php

    r11613 r11614  
    22/* 
    33Plugin Name: Icy Modify Picture 
    4 Version: 1.0.1 
    5 Description: Allow users to modify users they uploaded 
     4Version: 1.0.2 
     5Description: Allow users to modify pictures they uploaded 
    66Plugin URI: http://piwigo.org/ext/extension_view.php?eid=563 
    77Author: icy 
Note: See TracChangeset for help on using the changeset viewer.