- bug 600: Page not found after a strong rating revise (and extended to most cases when the image is not in the requested section)

git-svn-id: http://piwigo.org/svn/trunk@2430 68402e56-0260-453c-a942-63ccdbb3a9ee
author: rvelices <rv-github@modusoptimus.com> 2008-07-12 00:33:12 +0000
committer: rvelices <rv-github@modusoptimus.com> 2008-07-12 00:33:12 +0000
commit: 2c08827ea0017b06d47323c98b2e1c28d7a3ebb8 (patch)
tree: 074c03652d766d83b49afa2179fa68f81b59a945
parent: e2ee204c128717069c84437e0aa75bf14b6b352a (diff)
2 files changed, 81 insertions, 38 deletions
diff --git a/include/section_init.inc.php b/include/section_init.inc.php
index 305025ff3..d8b2f62c2 100644
--- a/include/section_init.inc.php
+++ b/include/section_init.inc.php
@@ -93,6 +93,10 @@ if (script_basename() == 'picture') // basename without file extention
   if ( is_numeric($token) )
   {
     $page['image_id'] = $token;
+    if ($page['image_id']==0)
+    {
+      bad_request('invalid picture identifier');
+    }
   }
   else
   {
@@ -525,40 +529,7 @@ if (isset($page['chronology_field']))
 if (script_basename() == 'picture'
     and !isset($page['image_id']) )
 {
-  if ( !empty($page['items']) )
-  {
-    $query = '
-SELECT id,file
-  FROM '.IMAGES_TABLE .'
-  WHERE file LIKE "' . $page['image_file'] . '.%" ESCAPE "|"';
-    if ( count($page['items']) < 500)
-    {// for very large item sets do not add IN - because slow
-      $query .= '
-  AND id IN ('.implode(',',$page['items']).')
-  LIMIT 0,1';
-    }
-    $result = pwg_query($query);
-    switch (mysql_num_rows($result))
-    {
-      case 0: break;
-      case 1:
-        list($page['image_id'], $page['image_file']) = mysql_fetch_row($result);
-        break;
-      default: // more than 1 file name match
-        while ($row = mysql_fetch_row($result) )
-        {
-          if ( in_array($row[0], $page['items']) )
-          {
-            list($page['image_id'], $page['image_file']) = $row;
-            break;
-          }
-        }
-    }
-  }
-  if ( !isset($page['image_id']) )
-  {
-    $page['image_id'] = -1; // will fail in picture.php
-  }
+  $page['image_id'] = 0; // more work in picture.php
 }
 
 // add meta robots noindex, nofollow to avoid unnecesary robot crawls
diff --git a/picture.php b/picture.php
index 84dd43c04..d4cde5ed7 100644
--- a/picture.php
+++ b/picture.php
@@ -41,10 +41,82 @@ $page['rank_of'] = array_flip($page['items']);
 // displayed, and execution is stopped
 if ( !isset($page['rank_of'][$page['image_id']]) )
 {
-  page_not_found(
-    'The requested image does not belong to this image set',
-    duplicate_index_url()
-    );
+  $query = '
+SELECT id, file, level 
+  FROM '.IMAGES_TABLE.'
+  WHERE ';
+  if ($page['image_id']>0)
+  {
+    $query .= 'id = '.$page['image_id'];
+  }
+  else
+  {// url given by file name
+    assert( !empty($page['image_file']) );
+    $query .= 'file LIKE "' . $page['image_file'] . '.%" ESCAPE "|" LIMIT 1';
+  }
+  if ( ! ( $row = mysql_fetch_array(pwg_query($query)) ) )
+  {// element does not exist
+    page_not_found( 'The requested image does not exist',
+      duplicate_index_url()
+      );
+  }
+  if ($row['level']>$user['level'])
+  {
+    access_denied();
+  }
+  list($page['image_id'], $page['image_file']) =  $row;
+  if ( !isset($page['rank_of'][$page['image_id']]) )
+  {// the image can still be non accessible (filter/cat perm) and/or not in the set
+    global $filter;
+    if ( !empty($filter['visible_images']) and 
+      !in_array($page['image_id'], explode(',',$filter['visible_images']) ) )
+    {
+      page_not_found( 'The requested image is filtered',
+          duplicate_index_url()
+        );
+    }
+    if ('categories'==$page['section'] and !isset($page['category']) )
+    {// flat view - all items
+      access_denied();
+    }
+    else
+    {// try to see if we can access it differently
+      $query = '
+SELECT id
+  FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
+  WHERE id='.$page['image_id']
+        . get_sql_condition_FandF(
+            array('forbidden_categories' => 'category_id'),
+            " AND"
+          ).'
+  LIMIT 1';
+      if ( mysql_num_rows( pwg_query($query) ) == 0 )
+      {
+        access_denied();
+      }
+      else
+      {
+        if ('best_rated'==$page['section'])
+        {
+          $page['rank_of'][$page['image_id']] = count($page['items']);
+          array_push($page['items'], $page['image_id'] );
+        }
+        else
+        {
+          $url = make_picture_url(
+              array(
+                'image_id' => $page['image_id'],
+                'image_file' => $page['image_file'],
+                'section' => 'categories',
+                'flat' => true,
+              )
+            );
+          set_status_header( 'recent_pics'==$page['section'] ? 301 : 302);
+          redirect_http( $url );
+        }
+      }
+    }
+  }
 }
 
 // There is cookie, so we must handle it at the beginning
author	rvelices <rv-github@modusoptimus.com>	2008-07-12 00:33:12 +0000
committer	rvelices <rv-github@modusoptimus.com>	2008-07-12 00:33:12 +0000
commit	2c08827ea0017b06d47323c98b2e1c28d7a3ebb8 (patch)
tree	074c03652d766d83b49afa2179fa68f81b59a945
parent	e2ee204c128717069c84437e0aa75bf14b6b352a (diff)