Ignore:
Timestamp:
07/04/11 08:16:38 (9 years ago)
Author:
icy
Message:

Merge branch 'master' into svn

File:
1 edited

Legend:

Unmodified
Added
Removed
  • extensions/Icy_Picture_Modify/icy_picture_modify.php

    r11612 r11614  
    3030global $template, $conf, $user, $page, $lang, $cache; 
    3131 
    32 // redirect users to the index page or category page if 'image_id' isn't provided 
    33 if (!isset($_GET['image_id'])) 
    34 { 
    35   if (isset($_GET['cat_id'])) 
    36   { 
    37     redirect_http(get_root_url().'?/category/'.$_GET['cat_id']); 
    38   } 
    39   else 
    40   { 
    41     redirect_http(make_index_url()); 
    42   } 
    43 } 
    44  
    45 check_input_parameter('cat_id', $_GET, false, PATTERN_ID); 
    46 check_input_parameter('image_id', $_GET, false, PATTERN_ID); 
    47  
    48 // make sure the image is editable by current user 
    49 if (!icy_check_image_owner($_GET['image_id'], $user['id'])) 
    50 { 
    51   $url = make_picture_url( 
    52       array( 
    53         'image_id' => $_GET['image_id'], 
    54         'cat_id' => $_GET['cat_id'], 
    55       ) 
    56     ); 
    57   redirect_http($url); 
    58 } 
    59  
    6032// <admin.php> 
    6133$page['errors'] = array(); 
    6234$page['infos']  = array(); 
    6335$page['warnings']  = array(); 
    64  
     36// </admin.php> 
     37 
     38// +-----------------------------------------------------------------------+ 
     39// |                             check permission                          | 
     40// +-----------------------------------------------------------------------+ 
     41 
     42// redirect users to the index page or category page if 'image_id' isn't provided 
     43if (!isset($_GET['image_id'])) 
     44{ 
     45  if (isset($_GET['cat_id'])) 
     46  { 
     47    redirect_http(get_root_url().'?/category/'.$_GET['cat_id']); 
     48  } 
     49  else 
     50  { 
     51    // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied')); 
     52    redirect_http(make_index_url()); 
     53  } 
     54} 
     55 
     56check_input_parameter('cat_id', $_GET, false, PATTERN_ID); 
     57check_input_parameter('image_id', $_GET, false, PATTERN_ID); 
     58 
     59// Simplify redirect to administrator page if current user == admin 
     60// FIXME: when a non-existent image_id is provided, the original code 
     61// FIXME: picture_modify doesn't work well. It should deny to modify 
     62// FIXME: such picture. 
     63if (is_admin()) 
     64{ 
     65  if (icy_does_image_exist($_GET['image_id'])) 
     66  { 
     67    $url = get_root_url().'admin.php?page=picture_modify'; 
     68    $url.= '&amp;image_id='.$_GET['image_id']; 
     69    $url.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : ''; 
     70    redirect_http($url); 
     71  } 
     72  else 
     73  { 
     74    bad_request('invalid picture identifier'); 
     75  } 
     76} 
     77elseif (!icy_check_image_owner($_GET['image_id'], $user['id'])) 
     78{ 
     79  $url = make_picture_url( 
     80      array( 
     81        'image_id' => $_GET['image_id'], 
     82        'cat_id' => isset($_GET['cat_id']) ? $_GET['cat_id'] : "" 
     83      ) 
     84    ); 
     85  // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied')); 
     86  redirect_http($url); 
     87} 
     88 
     89// Update the page sessions 
    6590if (isset($_SESSION['page_infos'])) 
    6691{ 
     
    6893  unset($_SESSION['page_infos']); 
    6994} 
    70 // </admin.php> 
     95 
    7196 
    7297// +-----------------------------------------------------------------------+ 
Note: See TracChangeset for help on using the changeset viewer.