Changeset 2430
- Timestamp:
- Jul 12, 2008, 2:33:12 AM (16 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
-
include/section_init.inc.php (modified) (2 diffs)
-
picture.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/section_init.inc.php
r2424 r2430 94 94 { 95 95 $page['image_id'] = $token; 96 if ($page['image_id']==0) 97 { 98 bad_request('invalid picture identifier'); 99 } 96 100 } 97 101 else … … 526 530 and !isset($page['image_id']) ) 527 531 { 528 if ( !empty($page['items']) ) 529 { 530 $query = ' 531 SELECT id,file 532 FROM '.IMAGES_TABLE .' 533 WHERE file LIKE "' . $page['image_file'] . '.%" ESCAPE "|"'; 534 if ( count($page['items']) < 500) 535 {// for very large item sets do not add IN - because slow 536 $query .= ' 537 AND id IN ('.implode(',',$page['items']).') 538 LIMIT 0,1'; 539 } 540 $result = pwg_query($query); 541 switch (mysql_num_rows($result)) 542 { 543 case 0: break; 544 case 1: 545 list($page['image_id'], $page['image_file']) = mysql_fetch_row($result); 546 break; 547 default: // more than 1 file name match 548 while ($row = mysql_fetch_row($result) ) 549 { 550 if ( in_array($row[0], $page['items']) ) 551 { 552 list($page['image_id'], $page['image_file']) = $row; 553 break; 554 } 555 } 556 } 557 } 558 if ( !isset($page['image_id']) ) 559 { 560 $page['image_id'] = -1; // will fail in picture.php 561 } 532 $page['image_id'] = 0; // more work in picture.php 562 533 } 563 534 -
trunk/picture.php
r2413 r2430 42 42 if ( !isset($page['rank_of'][$page['image_id']]) ) 43 43 { 44 page_not_found( 45 'The requested image does not belong to this image set', 46 duplicate_index_url() 47 ); 44 $query = ' 45 SELECT id, file, level 46 FROM '.IMAGES_TABLE.' 47 WHERE '; 48 if ($page['image_id']>0) 49 { 50 $query .= 'id = '.$page['image_id']; 51 } 52 else 53 {// url given by file name 54 assert( !empty($page['image_file']) ); 55 $query .= 'file LIKE "' . $page['image_file'] . '.%" ESCAPE "|" LIMIT 1'; 56 } 57 if ( ! ( $row = mysql_fetch_array(pwg_query($query)) ) ) 58 {// element does not exist 59 page_not_found( 'The requested image does not exist', 60 duplicate_index_url() 61 ); 62 } 63 if ($row['level']>$user['level']) 64 { 65 access_denied(); 66 } 67 list($page['image_id'], $page['image_file']) = $row; 68 if ( !isset($page['rank_of'][$page['image_id']]) ) 69 {// the image can still be non accessible (filter/cat perm) and/or not in the set 70 global $filter; 71 if ( !empty($filter['visible_images']) and 72 !in_array($page['image_id'], explode(',',$filter['visible_images']) ) ) 73 { 74 page_not_found( 'The requested image is filtered', 75 duplicate_index_url() 76 ); 77 } 78 if ('categories'==$page['section'] and !isset($page['category']) ) 79 {// flat view - all items 80 access_denied(); 81 } 82 else 83 {// try to see if we can access it differently 84 $query = ' 85 SELECT id 86 FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id 87 WHERE id='.$page['image_id'] 88 . get_sql_condition_FandF( 89 array('forbidden_categories' => 'category_id'), 90 " AND" 91 ).' 92 LIMIT 1'; 93 if ( mysql_num_rows( pwg_query($query) ) == 0 ) 94 { 95 access_denied(); 96 } 97 else 98 { 99 if ('best_rated'==$page['section']) 100 { 101 $page['rank_of'][$page['image_id']] = count($page['items']); 102 array_push($page['items'], $page['image_id'] ); 103 } 104 else 105 { 106 $url = make_picture_url( 107 array( 108 'image_id' => $page['image_id'], 109 'image_file' => $page['image_file'], 110 'section' => 'categories', 111 'flat' => true, 112 ) 113 ); 114 set_status_header( 'recent_pics'==$page['section'] ? 301 : 302); 115 redirect_http( $url ); 116 } 117 } 118 } 119 } 48 120 } 49 121
Note: See TracChangeset
for help on using the changeset viewer.
