diff options
Diffstat (limited to '')
-rw-r--r-- | action.php | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/action.php b/action.php index 586d730a3..73ac6d72b 100644 --- a/action.php +++ b/action.php @@ -61,17 +61,17 @@ function do_error( $code, $str ) } -if ( !isset($_GET['id']) or !is_numeric($_GET['id']) +if (!isset($_GET['id']) + or !is_numeric($_GET['id']) or !isset($_GET['part']) or !in_array($_GET['part'], array('t','e','i','h') ) ) { do_error(400, 'Invalid request - id/part'); } -$id = $_GET['id']; $query = ' SELECT * FROM '. IMAGES_TABLE.' - WHERE id='.$id.' + WHERE id='.$_GET['id'].' ;'; $result = pwg_query($query); @@ -84,11 +84,14 @@ if ( empty($element_info) ) // $filter['visible_categories'] and $filter['visible_images'] // are not used because it's not necessary (filter <> restriction) $query=' -SELECT id FROM '.CATEGORIES_TABLE.' - INNER JOIN '.IMAGE_CATEGORY_TABLE.' - ON category_id=id - WHERE image_id='.$id.' -'.get_sql_condition_FandF(array('forbidden_categories' => 'category_id'), 'AND').' +SELECT id + FROM '.CATEGORIES_TABLE.' + INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id + WHERE image_id = '.$_GET['id'].' +'.get_sql_condition_FandF( + array('forbidden_categories' => 'category_id'), + ' AND' + ).' LIMIT 1 ;'; if ( mysql_num_rows(pwg_query($query))<1 ) @@ -123,6 +126,11 @@ if ( empty($file) ) do_error(404, 'Requested file not found'); } +if ($_GET['part'] == 'h') { + $is_high = true; + pwg_log($_GET['id'], $is_high); +} + $http_headers = array(); $ctype = null; |