Changeset 11614 for extensions/Icy_Picture_Modify
- Timestamp:
- Jul 4, 2011, 8:16:38 AM (13 years ago)
- Location:
- extensions/Icy_Picture_Modify
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Icy_Picture_Modify/icy_picture_modify.php
r11612 r11614 30 30 global $template, $conf, $user, $page, $lang, $cache; 31 31 32 // redirect users to the index page or category page if 'image_id' isn't provided33 if (!isset($_GET['image_id']))34 {35 if (isset($_GET['cat_id']))36 {37 redirect_http(get_root_url().'?/category/'.$_GET['cat_id']);38 }39 else40 {41 redirect_http(make_index_url());42 }43 }44 45 check_input_parameter('cat_id', $_GET, false, PATTERN_ID);46 check_input_parameter('image_id', $_GET, false, PATTERN_ID);47 48 // make sure the image is editable by current user49 if (!icy_check_image_owner($_GET['image_id'], $user['id']))50 {51 $url = make_picture_url(52 array(53 'image_id' => $_GET['image_id'],54 'cat_id' => $_GET['cat_id'],55 )56 );57 redirect_http($url);58 }59 60 32 // <admin.php> 61 33 $page['errors'] = array(); 62 34 $page['infos'] = array(); 63 35 $page['warnings'] = array(); 64 36 // </admin.php> 37 38 // +-----------------------------------------------------------------------+ 39 // | check permission | 40 // +-----------------------------------------------------------------------+ 41 42 // redirect users to the index page or category page if 'image_id' isn't provided 43 if (!isset($_GET['image_id'])) 44 { 45 if (isset($_GET['cat_id'])) 46 { 47 redirect_http(get_root_url().'?/category/'.$_GET['cat_id']); 48 } 49 else 50 { 51 // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied')); 52 redirect_http(make_index_url()); 53 } 54 } 55 56 check_input_parameter('cat_id', $_GET, false, PATTERN_ID); 57 check_input_parameter('image_id', $_GET, false, PATTERN_ID); 58 59 // Simplify redirect to administrator page if current user == admin 60 // FIXME: when a non-existent image_id is provided, the original code 61 // FIXME: picture_modify doesn't work well. It should deny to modify 62 // FIXME: such picture. 63 if (is_admin()) 64 { 65 if (icy_does_image_exist($_GET['image_id'])) 66 { 67 $url = get_root_url().'admin.php?page=picture_modify'; 68 $url.= '&image_id='.$_GET['image_id']; 69 $url.= isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : ''; 70 redirect_http($url); 71 } 72 else 73 { 74 bad_request('invalid picture identifier'); 75 } 76 } 77 elseif (!icy_check_image_owner($_GET['image_id'], $user['id'])) 78 { 79 $url = make_picture_url( 80 array( 81 'image_id' => $_GET['image_id'], 82 'cat_id' => isset($_GET['cat_id']) ? $_GET['cat_id'] : "" 83 ) 84 ); 85 // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied')); 86 redirect_http($url); 87 } 88 89 // Update the page sessions 65 90 if (isset($_SESSION['page_infos'])) 66 91 { … … 68 93 unset($_SESSION['page_infos']); 69 94 } 70 // </admin.php> 95 71 96 72 97 // +-----------------------------------------------------------------------+ -
extensions/Icy_Picture_Modify/include/functions_icy_picture_modify.inc.php
r11610 r11614 33 33 if (!preg_match(PATTERN_ID, $image_id)) 34 34 { 35 fatal_error('[Hacking attempt] the input parameter "'.$image_id.'" is not valid');35 bad_request('invalid picture identifier'); 36 36 } 37 37 if (!preg_match(PATTERN_ID, $user_id)) 38 38 { 39 fatal_error('[Hacking attempt] the input parameter "'.$user_id.'" is not valid');39 bad_request('invalid category identifier'); 40 40 } 41 41 … … 51 51 return ($count > 0 ? true: false); 52 52 } 53 54 /* 55 * Check if an image does exist 56 * @return bool 57 * @author icy 58 * 59 */ 60 function icy_does_image_exist($image_id) 61 { 62 if (!preg_match(PATTERN_ID, $image_id)) 63 { 64 bad_request('invalid picture identifier'); 65 } 66 $query = ' 67 SELECT COUNT(id) 68 FROM '.IMAGES_TABLE.' 69 WHERE id = '.$image_id.' 70 ;'; 71 list($count) = pwg_db_fetch_row(pwg_query($query)); 72 return ($count > 0 ? true: false); 73 } 53 74 ?> -
extensions/Icy_Picture_Modify/main.inc.php
r11613 r11614 2 2 /* 3 3 Plugin Name: Icy Modify Picture 4 Version: 1.0. 15 Description: Allow users to modify users they uploaded4 Version: 1.0.2 5 Description: Allow users to modify pictures they uploaded 6 6 Plugin URI: http://piwigo.org/ext/extension_view.php?eid=563 7 7 Author: icy
Note: See TracChangeset
for help on using the changeset viewer.