Context Navigation

source: trunk/admin/picture_modify.php @ 28678

Last change on this file since 28678 was 28678, checked in by plg, 10 years ago
bug 3089: prevent SQL injection on photo edition
Property svn:eol-style set to `LF`
File size: 11.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2014 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if(!defined("PHPWG_ROOT_PATH"))
25	{
26	die('Hacking attempt!');
27	}
28
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31	// +-----------------------------------------------------------------------+
32	// \| Check Access and exit when user status is not ok \|
33	// +-----------------------------------------------------------------------+
34	check_status(ACCESS_ADMINISTRATOR);
35
36	check_input_parameter('image_id', $_GET, false, PATTERN_ID);
37	check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
38
39	// represent
40	$query = '
41	SELECT id
42	FROM '.CATEGORIES_TABLE.'
43	WHERE representative_picture_id = '.$_GET['image_id'].'
44	;';
45	$represented_albums = query2array($query, null, 'id');
46
47	// +-----------------------------------------------------------------------+
48	// \| delete photo \|
49	// +-----------------------------------------------------------------------+
50
51	if (isset($_GET['delete']))
52	{
53	check_pwg_token();
54
55	delete_elements(array($_GET['image_id']), true);
56	invalidate_user_cache();
57
58	// where to redirect the user now?
59	//
60	// 1. if a category is available in the URL, use it
61	// 2. else use the first reachable linked category
62	// 3. redirect to gallery root
63
64	if (isset($_GET['cat_id']) and !empty($_GET['cat_id']))
65	{
66	redirect(
67	make_index_url(
68	array(
69	'category' => get_cat_info($_GET['cat_id'])
70	)
71	)
72	);
73	}
74
75	$query = '
76	SELECT category_id
77	FROM '.IMAGE_CATEGORY_TABLE.'
78	WHERE image_id = '.$_GET['image_id'].'
79	;';
80
81	$authorizeds = array_diff(
82	array_from_query($query, 'category_id'),
83	explode(',', calculate_permissions($user['id'], $user['status']))
84	);
85
86	foreach ($authorizeds as $category_id)
87	{
88	redirect(
89	make_index_url(
90	array(
91	'category' => get_cat_info($category_id)
92	)
93	)
94	);
95	}
96
97	redirect(make_index_url());
98	}
99
100	// +-----------------------------------------------------------------------+
101	// \| synchronize metadata \|
102	// +-----------------------------------------------------------------------+
103
104	if (isset($_GET['sync_metadata']))
105	{
106	sync_metadata(array( intval($_GET['image_id'])));
107	$page['infos'][] = l10n('Metadata synchronized from file');
108	}
109
110	//--------------------------------------------------------- update informations
111	if (isset($_POST['submit']))
112	{
113	$data = array();
114	$data['id'] = $_GET['image_id'];
115	$data['name'] = $_POST['name'];
116	$data['author'] = $_POST['author'];
117	$data['level'] = $_POST['level'];
118
119	if ($conf['allow_html_descriptions'])
120	{
121	$data['comment'] = @$_POST['description'];
122	}
123	else
124	{
125	$data['comment'] = strip_tags(@$_POST['description']);
126	}
127
128	if (!empty($_POST['date_creation']))
129	{
130	$data['date_creation'] = $_POST['date_creation'];
131	}
132	else
133	{
134	$data['date_creation'] = null;
135	}
136
137	$data = trigger_change('picture_modify_before_update', $data);
138
139	single_update(
140	IMAGES_TABLE,
141	$data,
142	array('id' => $data['id'])
143	);
144
145	// time to deal with tags
146	$tag_ids = array();
147	if (!empty($_POST['tags']))
148	{
149	$tag_ids = get_tag_ids($_POST['tags']);
150	}
151	set_tags($tag_ids, $_GET['image_id']);
152
153	// association to albums
154	if (!isset($_POST['associate']))
155	{
156	$_POST['associate'] = array();
157	}
158	check_input_parameter('associate', $_POST, true, PATTERN_ID);
159	move_images_to_categories(array($_GET['image_id']), $_POST['associate']);
160
161	invalidate_user_cache();
162
163	// thumbnail for albums
164	if (!isset($_POST['represent']))
165	{
166	$_POST['represent'] = array();
167	}
168	check_input_parameter('represent', $_POST, true, PATTERN_ID);
169
170	$no_longer_thumbnail_for = array_diff($represented_albums, $_POST['represent']);
171	if (count($no_longer_thumbnail_for) > 0)
172	{
173	set_random_representant($no_longer_thumbnail_for);
174	}
175
176	$new_thumbnail_for = array_diff($_POST['represent'], $represented_albums);
177	if (count($new_thumbnail_for) > 0)
178	{
179	$query = '
180	UPDATE '.CATEGORIES_TABLE.'
181	SET representative_picture_id = '.$_GET['image_id'].'
182	WHERE id IN ('.implode(',', $new_thumbnail_for).')
183	;';
184	pwg_query($query);
185	}
186
187	$represented_albums = $_POST['represent'];
188
189	$page['infos'][] = l10n('Photo informations updated');
190	}
191
192	// tags
193	$query = '
194	SELECT
195	id,
196	name
197	FROM '.IMAGE_TAG_TABLE.' AS it
198	JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id
199	WHERE image_id = '.$_GET['image_id'].'
200	;';
201	$tag_selection = get_taglist($query);
202
203	// retrieving direct information about picture
204	$query = '
205	SELECT *
206	FROM '.IMAGES_TABLE.'
207	WHERE id = '.$_GET['image_id'].'
208	;';
209	$row = pwg_db_fetch_assoc(pwg_query($query));
210
211	$storage_category_id = null;
212	if (!empty($row['storage_category_id']))
213	{
214	$storage_category_id = $row['storage_category_id'];
215	}
216
217	$image_file = $row['file'];
218
219	// +-----------------------------------------------------------------------+
220	// \| template init \|
221	// +-----------------------------------------------------------------------+
222
223	$template->set_filenames(
224	array(
225	'picture_modify' => 'picture_modify.tpl'
226	)
227	);
228
229	$admin_url_start = $admin_photo_base_url.'-properties';
230	$admin_url_start.= isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : '';
231
232	$template->assign(
233	array(
234	'tag_selection' => $tag_selection,
235	'U_SYNC' => $admin_url_start.'&sync_metadata=1',
236	'U_DELETE' => $admin_url_start.'&delete=1&pwg_token='.get_pwg_token(),
237
238	'PATH'=>$row['path'],
239
240	'TN_SRC' => DerivativeImage::thumb_url($row),
241
242	'NAME' =>
243	isset($_POST['name']) ?
244	stripslashes($_POST['name']) : @$row['name'],
245
246	'TITLE' => render_element_name($row),
247
248	'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
249
250	'FILESIZE' => @$row['filesize'].' KB',
251
252	'REGISTRATION_DATE' => format_date($row['date_available']),
253
254	'AUTHOR' => htmlspecialchars(
255	isset($_POST['author'])
256	? stripslashes($_POST['author'])
257	: @$row['author']
258	),
259
260	'DATE_CREATION' => $row['date_creation'],
261
262	'DESCRIPTION' =>
263	htmlspecialchars( isset($_POST['description']) ?
264	stripslashes($_POST['description']) : @$row['comment'] ),
265
266	'F_ACTION' =>
267	get_root_url().'admin.php'
268	.get_query_string_diff(array('sync_metadata'))
269	)
270	);
271
272	$added_by = 'N/A';
273	$query = '
274	SELECT '.$conf['user_fields']['username'].' AS username
275	FROM '.USERS_TABLE.'
276	WHERE '.$conf['user_fields']['id'].' = '.$row['added_by'].'
277	;';
278	$result = pwg_query($query);
279	while ($user_row = pwg_db_fetch_assoc($result))
280	{
281	$row['added_by'] = $user_row['username'];
282	}
283
284	$intro_vars = array(
285	'file' => l10n('Original file : %s', $row['file']),
286	'add_date' => l10n('Posted %s on %s', time_since($row['date_available'], 'year'), format_date($row['date_available'], false, false)),
287	'added_by' => l10n('Added by %s', $row['added_by']),
288	'size' => $row['width'].'×'.$row['height'].' pixels, '.sprintf('%.2f', $row['filesize']/1024).'MB',
289	'stats' => l10n('Visited %d times', $row['hit']),
290	'id' => l10n('Numeric identifier : %d', $row['id']),
291	);
292
293	if ($conf['rate'] and !empty($row['rating_score']))
294	{
295	$query = '
296	SELECT
297	COUNT(*)
298	FROM '.RATE_TABLE.'
299	WHERE element_id = '.$_GET['image_id'].'
300	;';
301	list($row['nb_rates']) = pwg_db_fetch_row(pwg_query($query));
302
303	$intro_vars['stats'].= ', '.sprintf(l10n('Rated %d times, score : %.2f'), $row['nb_rates'], $row['rating_score']);
304	}
305
306	$template->assign('INTRO', $intro_vars);
307
308
309	if (in_array(get_extension($row['path']),$conf['picture_ext']))
310	{
311	$template->assign('U_COI', get_root_url().'admin.php?page=picture_coi&image_id='.$_GET['image_id']);
312	}
313
314	// image level options
315	$selected_level = isset($_POST['level']) ? $_POST['level'] : $row['level'];
316	$template->assign(
317	array(
318	'level_options'=> get_privacy_level_options(),
319	'level_options_selected' => array($selected_level)
320	)
321	);
322
323	// categories
324	$query = '
325	SELECT category_id, uppercats
326	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
327	INNER JOIN '.CATEGORIES_TABLE.' AS c
328	ON c.id = ic.category_id
329	WHERE image_id = '.$_GET['image_id'].'
330	;';
331	$result = pwg_query($query);
332
333	while ($row = pwg_db_fetch_assoc($result))
334	{
335	$name =
336	get_cat_display_name_cache(
337	$row['uppercats'],
338	get_root_url().'admin.php?page=album-'
339	);
340
341	if ($row['category_id'] == $storage_category_id)
342	{
343	$template->assign('STORAGE_CATEGORY', $name);
344	}
345	else
346	{
347	$template->append('related_categories', $name);
348	}
349	}
350
351	// jump to link
352	//
353	// 1. find all linked categories that are reachable for the current user.
354	// 2. if a category is available in the URL, use it if reachable
355	// 3. if URL category not available or reachable, use the first reachable
356	// linked category
357	// 4. if no category reachable, no jumpto link
358
359	$query = '
360	SELECT category_id
361	FROM '.IMAGE_CATEGORY_TABLE.'
362	WHERE image_id = '.$_GET['image_id'].'
363	;';
364
365	$authorizeds = array_diff(
366	array_from_query($query, 'category_id'),
367	explode(
368	',',
369	calculate_permissions($user['id'], $user['status'])
370	)
371	);
372
373	if (isset($_GET['cat_id'])
374	and in_array($_GET['cat_id'], $authorizeds))
375	{
376	$url_img = make_picture_url(
377	array(
378	'image_id' => $_GET['image_id'],
379	'image_file' => $image_file,
380	'category' => $cache['cat_names'][ $_GET['cat_id'] ],
381	)
382	);
383	}
384	else
385	{
386	foreach ($authorizeds as $category)
387	{
388	$url_img = make_picture_url(
389	array(
390	'image_id' => $_GET['image_id'],
391	'image_file' => $image_file,
392	'category' => $cache['cat_names'][ $category ],
393	)
394	);
395	break;
396	}
397	}
398
399	if (isset($url_img))
400	{
401	$template->assign( 'U_JUMPTO', $url_img );
402	}
403
404	// associate to albums
405	$query = '
406	SELECT id
407	FROM '.CATEGORIES_TABLE.'
408	INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
409	WHERE image_id = '.$_GET['image_id'].'
410	;';
411	$associated_albums = query2array($query, null, 'id');
412
413	$template->assign(array(
414	'associated_albums' => $associated_albums,
415	'represented_albums' => $represented_albums,
416	'STORAGE_ALBUM' => $storage_category_id,
417	'CACHE_KEYS' => get_admin_client_cache_keys(array('tags', 'categories')),
418	));
419
420	trigger_notify('loc_end_picture_modify');
421
422	//----------------------------------------------------------- sending html code
423
424	$template->assign_var_from_handle('ADMIN_CONTENT', 'picture_modify');
425	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: