diff options
| author | rub <rub@piwigo.org> | 2006-10-21 12:28:07 +0000 |
|---|---|---|
| committer | rub <rub@piwigo.org> | 2006-10-21 12:28:07 +0000 |
| commit | 258fa3b40c0c60adad284ad3bc09ed33c5dc53a1 (patch) | |
| tree | 71616e49e713f5fb26038343c80a3c7b89b2fa06 /admin/picture_modify.php | |
| parent | eaacbc7b2d224524eac6def04e9b721949afd4b8 (diff) | |
Resolved Issue ID 0000356:
o Increase security on adviser mode
First modifications of n modifications.
All the others modifications will be done on BSF branch.
Merge branch-1_6 1568:1570 into BSF
git-svn-id: http://piwigo.org/svn/trunk@1571 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
| -rw-r--r-- | admin/picture_modify.php | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/admin/picture_modify.php b/admin/picture_modify.php index 130a43931..291d41bd0 100644 --- a/admin/picture_modify.php +++ b/admin/picture_modify.php @@ -70,7 +70,7 @@ if (isset($_POST['date_creation_action']) } } -if (isset($_POST['submit']) and count($page['errors']) == 0) +if (isset($_POST['submit']) and count($page['errors']) == 0 and !is_adviser()) { $data = array(); $data{'id'} = $_GET['image_id']; @@ -119,7 +119,9 @@ if (isset($_POST['submit']) and count($page['errors']) == 0) // associate the element to other categories than its storage category if (isset($_POST['associate']) and isset($_POST['cat_dissociated']) - and count($_POST['cat_dissociated']) > 0) + and count($_POST['cat_dissociated']) > 0 + and !is_adviser() + ) { associate_images_to_categories( array($_GET['image_id']), @@ -129,7 +131,9 @@ if (isset($_POST['associate']) // dissociate the element from categories (but not from its storage category) if (isset($_POST['dissociate']) and isset($_POST['cat_associated']) - and count($_POST['cat_associated']) > 0) + and count($_POST['cat_associated']) > 0 + and !is_adviser() + ) { $query = ' DELETE FROM '.IMAGE_CATEGORY_TABLE.' @@ -143,7 +147,9 @@ DELETE FROM '.IMAGE_CATEGORY_TABLE.' // elect the element to represent the given categories if (isset($_POST['elect']) and isset($_POST['cat_dismissed']) - and count($_POST['cat_dismissed']) > 0) + and count($_POST['cat_dismissed']) > 0 + and !is_adviser() + ) { $datas = array(); foreach ($_POST['cat_dismissed'] as $category_id) @@ -159,7 +165,9 @@ if (isset($_POST['elect']) // dismiss the element as representant of the given categories if (isset($_POST['dismiss']) and isset($_POST['cat_elected']) - and count($_POST['cat_elected']) > 0) + and count($_POST['cat_elected']) > 0 + and !is_adviser() + ) { set_random_representant($_POST['cat_elected']); } |