diff options
author | rub <rub@piwigo.org> | 2006-10-21 12:07:00 +0000 |
---|---|---|
committer | rub <rub@piwigo.org> | 2006-10-21 12:07:00 +0000 |
commit | bc7b43345722917274a352dde49895e909fec6aa (patch) | |
tree | b0f86667d1aa9f10b0d1e98103d51f9b6e58e1a0 /admin/picture_modify.php | |
parent | 60866f64c883091a7264299e3094c2ce733bfe91 (diff) |
Resolved Issue ID 0000356:
o Increase security on adviser mode
First modifications of n modifications.
All the others modifications will be done on BSF branch.
Merge branch-1_6 1558:1559 into BSF
git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1569 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/picture_modify.php')
-rw-r--r-- | admin/picture_modify.php | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/admin/picture_modify.php b/admin/picture_modify.php index 130a43931..291d41bd0 100644 --- a/admin/picture_modify.php +++ b/admin/picture_modify.php @@ -70,7 +70,7 @@ if (isset($_POST['date_creation_action']) } } -if (isset($_POST['submit']) and count($page['errors']) == 0) +if (isset($_POST['submit']) and count($page['errors']) == 0 and !is_adviser()) { $data = array(); $data{'id'} = $_GET['image_id']; @@ -119,7 +119,9 @@ if (isset($_POST['submit']) and count($page['errors']) == 0) // associate the element to other categories than its storage category if (isset($_POST['associate']) and isset($_POST['cat_dissociated']) - and count($_POST['cat_dissociated']) > 0) + and count($_POST['cat_dissociated']) > 0 + and !is_adviser() + ) { associate_images_to_categories( array($_GET['image_id']), @@ -129,7 +131,9 @@ if (isset($_POST['associate']) // dissociate the element from categories (but not from its storage category) if (isset($_POST['dissociate']) and isset($_POST['cat_associated']) - and count($_POST['cat_associated']) > 0) + and count($_POST['cat_associated']) > 0 + and !is_adviser() + ) { $query = ' DELETE FROM '.IMAGE_CATEGORY_TABLE.' @@ -143,7 +147,9 @@ DELETE FROM '.IMAGE_CATEGORY_TABLE.' // elect the element to represent the given categories if (isset($_POST['elect']) and isset($_POST['cat_dismissed']) - and count($_POST['cat_dismissed']) > 0) + and count($_POST['cat_dismissed']) > 0 + and !is_adviser() + ) { $datas = array(); foreach ($_POST['cat_dismissed'] as $category_id) @@ -159,7 +165,9 @@ if (isset($_POST['elect']) // dismiss the element as representant of the given categories if (isset($_POST['dismiss']) and isset($_POST['cat_elected']) - and count($_POST['cat_elected']) > 0) + and count($_POST['cat_elected']) > 0 + and !is_adviser() + ) { set_random_representant($_POST['cat_elected']); } |