Changeset 23085 for extensions/community/admin_permissions.php
- Timestamp:
- Jun 7, 2013, 2:41:14 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/community/admin_permissions.php
r23037 r23085 51 51 if (isset($_POST['submit_add'])) 52 52 { 53 // echo '<pre>'; print_r($_POST); echo '</pre>'; 53 54 if (!in_array($_POST['who'], array_keys($who_options))) 54 55 { … … 81 82 { 82 83 check_input_parameter('storage', $_POST, false, PATTERN_ID); 84 } 85 86 // it is already blocked by Javascript, but an extra check is usefull 87 if ('any_visitor' == $_POST['who'] and -1 == $_POST['category']) 88 { 89 die('hacking attempt: invalid "where" option for this user'); 90 } 91 92 if (-1 == $_POST['category']) 93 { 94 unset($_POST['recursive']); 95 unset($_POST['create_subcategories']); 83 96 } 84 97 … … 89 102 'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null, 90 103 'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null, 104 'user_album' => boolean_to_string(-1 == $_POST['category']), 91 105 'recursive' => isset($_POST['recursive']) ? 'true' : 'false', 92 106 'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false', … … 107 121 AND group_id '.(isset($insert['group_id']) ? '= '.$insert['group_id'] : 'is null').' 108 122 AND category_id '.(isset($insert['category_id']) ? '= '.$insert['category_id'] : 'is null').' 123 AND user_album = \''.$insert['user_album'].'\' 109 124 ;'; 110 125 $result = pwg_query($query); … … 231 246 'user_options_selected' => $row['user_id'], 232 247 'group_options_selected' => $row['group_id'], 248 'whole_gallery_selected' => empty($row['category_id']) and !get_boolean($row['user_album']), 249 'user_album_selected' => get_boolean($row['user_album']), 233 250 'recursive' => get_boolean($row['recursive']), 234 251 'create_subcategories' => get_boolean($row['create_subcategories']), … … 244 261 $template->assign( 245 262 array( 263 'whole_gallery_selected' => !$conf['community']['user_albums'], 264 'user_album_selected' => $conf['community']['user_albums'], 246 265 'moderated' => true, 247 266 'nb_photos' => -1, … … 310 329 array( 311 330 'F_ADD_ACTION' => COMMUNITY_BASE_URL.'-'.$page['tab'], 331 'community_conf' => $conf['community'], 312 332 ) 313 333 ); … … 418 438 foreach ($permissions as $permission) 419 439 { 420 $where = l10n('The whole gallery'); 421 if (isset($permission['category_id'])) 422 { 423 $where = $name_of_category[ $permission['category_id'] ]; 440 $where = l10n('User album only'); 441 if (!get_boolean($permission['user_album'])) 442 { 443 $where = l10n('The whole gallery'); 444 if (isset($permission['category_id'])) 445 { 446 $where = $name_of_category[ $permission['category_id'] ]; 447 } 424 448 } 425 449
Note: See TracChangeset
for help on using the changeset viewer.