Hello/Hi/Greetings,

i am rewriting an existing plugin called Color Palette, new name will be Color Search.
i stumbled on a security risk that i would like to address properly.

this plugin searches for pictures by color. colors are extracted as indexes and stored for each pictures, in a table referencing 16 indexes and the imageId.

If you did not guessed it already, the issue is in the search function by color. how do you prevent the user to see pictures they are not supposed to? what is the best practice?

the SQL code i discovered is this one:

  $query = '
SELECT 1 as i, pal.image_id as pal_image_id
  FROM '. COLOR_PALETTE_TABLE .' pal
  INNER JOIN '. IMAGES_TABLE .' img ON img.id = pal.image_id
  INNER JOIN '. IMAGE_CATEGORY_TABLE .' cat ON img.id = cat.image_id
  WHERE '. (implode(' OR ', $colorPredicates)) .'
    AND cat.category_id NOT IN ('. $forbidden_categories .')
    AND img.level <= '. intval($user['level']) .'
  GROUP BY pal.image_id
  HAVING SUM(i) = '. count($colorPredicates) .'
;';

As you can see, the only 2 part security related are cat.category_id and $user['level']
Is this sufficient moving forward? Is it best practice to let plugins dig into the image database and let them decide about the security themselves? I'd rather not have to do that to be honest.

thanks for any insight
Piwigo URL: https://piwigo.derewonko.com