diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-07-12 00:33:12 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-07-12 00:33:12 +0000 |
commit | 2c08827ea0017b06d47323c98b2e1c28d7a3ebb8 (patch) | |
tree | 074c03652d766d83b49afa2179fa68f81b59a945 /picture.php | |
parent | e2ee204c128717069c84437e0aa75bf14b6b352a (diff) |
- bug 600: Page not found after a strong rating revise (and extended to most cases when the image is not in the requested section)
git-svn-id: http://piwigo.org/svn/trunk@2430 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | picture.php | 80 |
1 files changed, 76 insertions, 4 deletions
diff --git a/picture.php b/picture.php index 84dd43c04..d4cde5ed7 100644 --- a/picture.php +++ b/picture.php @@ -41,10 +41,82 @@ $page['rank_of'] = array_flip($page['items']); // displayed, and execution is stopped if ( !isset($page['rank_of'][$page['image_id']]) ) { - page_not_found( - 'The requested image does not belong to this image set', - duplicate_index_url() - ); + $query = ' +SELECT id, file, level + FROM '.IMAGES_TABLE.' + WHERE '; + if ($page['image_id']>0) + { + $query .= 'id = '.$page['image_id']; + } + else + {// url given by file name + assert( !empty($page['image_file']) ); + $query .= 'file LIKE "' . $page['image_file'] . '.%" ESCAPE "|" LIMIT 1'; + } + if ( ! ( $row = mysql_fetch_array(pwg_query($query)) ) ) + {// element does not exist + page_not_found( 'The requested image does not exist', + duplicate_index_url() + ); + } + if ($row['level']>$user['level']) + { + access_denied(); + } + list($page['image_id'], $page['image_file']) = $row; + if ( !isset($page['rank_of'][$page['image_id']]) ) + {// the image can still be non accessible (filter/cat perm) and/or not in the set + global $filter; + if ( !empty($filter['visible_images']) and + !in_array($page['image_id'], explode(',',$filter['visible_images']) ) ) + { + page_not_found( 'The requested image is filtered', + duplicate_index_url() + ); + } + if ('categories'==$page['section'] and !isset($page['category']) ) + {// flat view - all items + access_denied(); + } + else + {// try to see if we can access it differently + $query = ' +SELECT id + FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id + WHERE id='.$page['image_id'] + . get_sql_condition_FandF( + array('forbidden_categories' => 'category_id'), + " AND" + ).' + LIMIT 1'; + if ( mysql_num_rows( pwg_query($query) ) == 0 ) + { + access_denied(); + } + else + { + if ('best_rated'==$page['section']) + { + $page['rank_of'][$page['image_id']] = count($page['items']); + array_push($page['items'], $page['image_id'] ); + } + else + { + $url = make_picture_url( + array( + 'image_id' => $page['image_id'], + 'image_file' => $page['image_file'], + 'section' => 'categories', + 'flat' => true, + ) + ); + set_status_header( 'recent_pics'==$page['section'] ? 301 : 302); + redirect_http( $url ); + } + } + } + } } // There is cookie, so we must handle it at the beginning |