- bug 110 fixed : "return to element view from element edition fails

  depending on permissions". Correction is partial for branch 1.4 : a linked
  category is randomly chosen but if no linked category is authorized for
  the admin user, then the link is to the storage category (which can be
  forbidden).


git-svn-id: http://piwigo.org/svn/branches/branch-1_4@782 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 27 insertions, 1 deletions

diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index fc2e2eb51..fffb6ff5c 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -159,7 +159,33 @@ else
 $thumbnail_url = get_thumbnail_src($row['path'], @$row['tn_ext']);
 
 $url_img = PHPWG_ROOT_PATH.'picture.php?image_id='.$_GET['image_id'];
-$url_img .= '&cat='.$row['storage_category_id'];
+
+$query = '
+SELECT category_id
+  FROM '.IMAGE_CATEGORY_TABLE.'
+  WHERE image_id = '.$_GET['image_id'];
+
+if (isset($user['forbidden_categories'])
+    and !empty($user['forbidden_categories']))
+{
+  $query.= '
+    AND category_id NOT IN ('.$user['forbidden_categories'].')';
+}
+$query.= '
+  ORDER BY RAND()
+;';
+$result = pwg_query($query);
+
+if (mysql_num_rows($result) > 0)
+{
+  list($category_id) = mysql_fetch_array($result);
+  $url_img .= '&cat='.$category_id;
+}
+else
+{
+  $url_img .= '&cat='.$row['storage_category_id'];
+}
+
 $date = isset($_POST['date_creation']) && empty($errors)
 ?$_POST['date_creation']:date_convert_back(@$row['date_creation']);