Changeset 11614


Ignore:
Timestamp:
Jul 4, 2011, 8:16:38 AM (9 years ago)
Author:
icy
Message:

Merge branch 'master' into svn

Location:
extensions/Icy_Picture_Modify
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • extensions/Icy_Picture_Modify/icy_picture_modify.php

    r11612 r11614  
    3030global $template, $conf, $user, $page, $lang, $cache;
    3131
    32 // redirect users to the index page or category page if 'image_id' isn't provided
    33 if (!isset($_GET['image_id']))
    34 {
    35   if (isset($_GET['cat_id']))
    36   {
    37     redirect_http(get_root_url().'?/category/'.$_GET['cat_id']);
    38   }
    39   else
    40   {
    41     redirect_http(make_index_url());
    42   }
    43 }
    44 
    45 check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
    46 check_input_parameter('image_id', $_GET, false, PATTERN_ID);
    47 
    48 // make sure the image is editable by current user
    49 if (!icy_check_image_owner($_GET['image_id'], $user['id']))
    50 {
    51   $url = make_picture_url(
    52       array(
    53         'image_id' => $_GET['image_id'],
    54         'cat_id' => $_GET['cat_id'],
    55       )
    56     );
    57   redirect_http($url);
    58 }
    59 
    6032// <admin.php>
    6133$page['errors'] = array();
    6234$page['infos']  = array();
    6335$page['warnings']  = array();
    64 
     36// </admin.php>
     37
     38// +-----------------------------------------------------------------------+
     39// |                             check permission                          |
     40// +-----------------------------------------------------------------------+
     41
     42// redirect users to the index page or category page if 'image_id' isn't provided
     43if (!isset($_GET['image_id']))
     44{
     45  if (isset($_GET['cat_id']))
     46  {
     47    redirect_http(get_root_url().'?/category/'.$_GET['cat_id']);
     48  }
     49  else
     50  {
     51    // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
     52    redirect_http(make_index_url());
     53  }
     54}
     55
     56check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
     57check_input_parameter('image_id', $_GET, false, PATTERN_ID);
     58
     59// Simplify redirect to administrator page if current user == admin
     60// FIXME: when a non-existent image_id is provided, the original code
     61// FIXME: picture_modify doesn't work well. It should deny to modify
     62// FIXME: such picture.
     63if (is_admin())
     64{
     65  if (icy_does_image_exist($_GET['image_id']))
     66  {
     67    $url = get_root_url().'admin.php?page=picture_modify';
     68    $url.= '&amp;image_id='.$_GET['image_id'];
     69    $url.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
     70    redirect_http($url);
     71  }
     72  else
     73  {
     74    bad_request('invalid picture identifier');
     75  }
     76}
     77elseif (!icy_check_image_owner($_GET['image_id'], $user['id']))
     78{
     79  $url = make_picture_url(
     80      array(
     81        'image_id' => $_GET['image_id'],
     82        'cat_id' => isset($_GET['cat_id']) ? $_GET['cat_id'] : ""
     83      )
     84    );
     85  // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
     86  redirect_http($url);
     87}
     88
     89// Update the page sessions
    6590if (isset($_SESSION['page_infos']))
    6691{
     
    6893  unset($_SESSION['page_infos']);
    6994}
    70 // </admin.php>
     95
    7196
    7297// +-----------------------------------------------------------------------+
  • extensions/Icy_Picture_Modify/include/functions_icy_picture_modify.inc.php

    r11610 r11614  
    3333  if (!preg_match(PATTERN_ID, $image_id))
    3434  {
    35     fatal_error('[Hacking attempt] the input parameter "'.$image_id.'" is not valid');
     35    bad_request('invalid picture identifier');
    3636  }
    3737  if (!preg_match(PATTERN_ID, $user_id))
    3838  {
    39     fatal_error('[Hacking attempt] the input parameter "'.$user_id.'" is not valid');
     39    bad_request('invalid category identifier');
    4040  }
    4141
     
    5151  return ($count > 0 ? true: false);
    5252}
     53
     54/*
     55 * Check if an image does exist
     56 * @return bool
     57 * @author icy
     58 *
     59*/
     60function icy_does_image_exist($image_id)
     61{
     62  if (!preg_match(PATTERN_ID, $image_id))
     63  {
     64    bad_request('invalid picture identifier');
     65  }
     66  $query = '
     67SELECT COUNT(id)
     68  FROM '.IMAGES_TABLE.'
     69  WHERE id = '.$image_id.'
     70;';
     71  list($count) = pwg_db_fetch_row(pwg_query($query));
     72  return ($count > 0 ? true: false);
     73}
    5374?>
  • extensions/Icy_Picture_Modify/main.inc.php

    r11613 r11614  
    22/*
    33Plugin Name: Icy Modify Picture
    4 Version: 1.0.1
    5 Description: Allow users to modify users they uploaded
     4Version: 1.0.2
     5Description: Allow users to modify pictures they uploaded
    66Plugin URI: http://piwigo.org/ext/extension_view.php?eid=563
    77Author: icy
Note: See TracChangeset for help on using the changeset viewer.