aboutsummaryrefslogtreecommitdiffstats
path: root/admin/picture_modify.php
diff options
context:
space:
mode:
authorrub <rub@piwigo.org>2006-10-21 12:07:00 +0000
committerrub <rub@piwigo.org>2006-10-21 12:07:00 +0000
commitbc7b43345722917274a352dde49895e909fec6aa (patch)
treeb0f86667d1aa9f10b0d1e98103d51f9b6e58e1a0 /admin/picture_modify.php
parent60866f64c883091a7264299e3094c2ce733bfe91 (diff)
Resolved Issue ID 0000356:
o Increase security on adviser mode First modifications of n modifications. All the others modifications will be done on BSF branch. Merge branch-1_6 1558:1559 into BSF git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1569 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/picture_modify.php')
-rw-r--r--admin/picture_modify.php18
1 files changed, 13 insertions, 5 deletions
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index 130a43931..291d41bd0 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -70,7 +70,7 @@ if (isset($_POST['date_creation_action'])
}
}
-if (isset($_POST['submit']) and count($page['errors']) == 0)
+if (isset($_POST['submit']) and count($page['errors']) == 0 and !is_adviser())
{
$data = array();
$data{'id'} = $_GET['image_id'];
@@ -119,7 +119,9 @@ if (isset($_POST['submit']) and count($page['errors']) == 0)
// associate the element to other categories than its storage category
if (isset($_POST['associate'])
and isset($_POST['cat_dissociated'])
- and count($_POST['cat_dissociated']) > 0)
+ and count($_POST['cat_dissociated']) > 0
+ and !is_adviser()
+ )
{
associate_images_to_categories(
array($_GET['image_id']),
@@ -129,7 +131,9 @@ if (isset($_POST['associate'])
// dissociate the element from categories (but not from its storage category)
if (isset($_POST['dissociate'])
and isset($_POST['cat_associated'])
- and count($_POST['cat_associated']) > 0)
+ and count($_POST['cat_associated']) > 0
+ and !is_adviser()
+ )
{
$query = '
DELETE FROM '.IMAGE_CATEGORY_TABLE.'
@@ -143,7 +147,9 @@ DELETE FROM '.IMAGE_CATEGORY_TABLE.'
// elect the element to represent the given categories
if (isset($_POST['elect'])
and isset($_POST['cat_dismissed'])
- and count($_POST['cat_dismissed']) > 0)
+ and count($_POST['cat_dismissed']) > 0
+ and !is_adviser()
+ )
{
$datas = array();
foreach ($_POST['cat_dismissed'] as $category_id)
@@ -159,7 +165,9 @@ if (isset($_POST['elect'])
// dismiss the element as representant of the given categories
if (isset($_POST['dismiss'])
and isset($_POST['cat_elected'])
- and count($_POST['cat_elected']) > 0)
+ and count($_POST['cat_elected']) > 0
+ and !is_adviser()
+ )
{
set_random_representant($_POST['cat_elected']);
}