Context Navigation

Changeset 84

Timestamp:

Sep 9, 2003, 8:36:25 PM (21 years ago)

Author:

z0rglub

Message:

Security improve : you can't display a picture in a category it doesn't
belong to

File:

-                      r78
+                      r84
 //-------------------------------------------------------------- initialization
 initialize_category( 'picture' );
-$cat_directory = $page['cat_dir']; // by default
 //------------------------------------- main picture information initialization
 $query = 'SELECT id,date_available,comment,hit,keywords';
 …
 $query.= ';';
 $result = mysql_query( $query );
+// if this image_id doesn't correspond to this category, an error message is
+// displayed, and execution is stopped
+if ( mysql_num_rows( $result ) == 0 )
+{
+  echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
+  echo '<a href="'.add_session_id( './category.php' ).'">';
+  echo $lang['thumbnails'].'</a></div>';
+  exit();
+}
 $row = mysql_fetch_array( $result );
 $page['id']             = $row['id'];

Note: See TracChangeset for help on using the changeset viewer.