- bug 133 corrected : Deleting user favorites is too restrictive. Instead of

  deleting a favorite because it belongs to at least one forbidden category,
  a favorite is deleted if it belongs to no authorized category (which was
  the expected behaviour).


git-svn-id: http://piwigo.org/svn/branches/branch-1_4@807 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 23 insertions, 7 deletions

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 999ef95af..9832c017f 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -233,26 +233,42 @@ function check_user_favorites()
   {
     return;
   }
-  
+
+  // retrieving images allowed : belonging to at least one authorized
+  // category
   $query = '
-SELECT f.image_id
+SELECT DISTINCT f.image_id
   FROM '.FAVORITES_TABLE.' AS f INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic
     ON f.image_id = ic.image_id
   WHERE f.user_id = '.$user['id'].'
-    AND ic.category_id IN ('.$user['forbidden_categories'].')
+    AND ic.category_id NOT IN ('.$user['forbidden_categories'].')
+;';
+  $result = pwg_query($query);
+  $authorizeds = array();
+  while ($row = mysql_fetch_array($result))
+  {
+    array_push($authorizeds, $row['image_id']);
+  }
+
+  $query = '
+SELECT image_id
+  FROM '.FAVORITES_TABLE.'
+  WHERE user_id = '.$user['id'].'
 ;';
   $result = pwg_query($query);
-  $elements = array();
+  $favorites = array();
   while ($row = mysql_fetch_array($result))
   {
-    array_push($elements, $row['image_id']);
+    array_push($favorites, $row['image_id']);
   }
 
-  if (count($elements) > 0)
+  $to_deletes = array_diff($favorites, $authorizeds);
+
+  if (count($to_deletes) > 0)
   {
     $query = '
 DELETE FROM '.FAVORITES_TABLE.'
-  WHERE image_id IN ('.implode(',', $elements).')
+  WHERE image_id IN ('.implode(',', $to_deletes).')
     AND user_id = '.$user['id'].'
 ;';
     pwg_query($query);