aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin/cat_list.php2
-rw-r--r--admin/configuration.php26
-rw-r--r--admin/picture_modify.php28
-rw-r--r--admin/update.php56
4 files changed, 104 insertions, 8 deletions
diff --git a/admin/cat_list.php b/admin/cat_list.php
index b5b4a6852..55d34ff18 100644
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@@ -329,7 +329,7 @@ else
$template->assign_vars(array(
'CATEGORIES_NAV'=>$navigation,
'NEXT_RANK'=>$next_rank,
- 'F_ACTION'=>$form_action,
+ 'F_ACTION'=>add_session_id($form_action),
'L_ADD_VIRTUAL'=>$lang['cat_add'],
'L_SUBMIT'=>$lang['submit'],
diff --git a/admin/configuration.php b/admin/configuration.php
index 9b3ca801a..35e92c5b9 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -66,12 +66,8 @@ if (isset($_POST['submit']))
{
array_push($errors, $lang['conf_prefix_thumbnail_error']);
}
- // mail must be formatted as follows : name@server.com
- $pattern = '/^[\w-]+(\.[\w-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$/';
- if (!preg_match($pattern, $_POST['mail_webmaster']))
- {
- array_push($errors, $lang['conf_mail_webmaster_error']);
- }
+ // as webmaster mail address shown on the website, it can be obfuscated
+ // and no comply with normal mail address pattern
break;
}
case 'comments' :
@@ -94,6 +90,22 @@ if (isset($_POST['submit']))
{
array_push($errors, $lang['periods_error']);
}
+ // maxwidth
+ if (isset($_POST['default_maxwidth'])
+ and !empty($_POST['default_maxwidth'])
+ and (!preg_match($int_pattern, $_POST['default_maxwidth'])
+ or $_POST['default_maxwidth'] < 50))
+ {
+ array_push($errors, $lang['maxwidth_error']);
+ }
+ // maxheight
+ if (isset($_POST['default_maxheight'])
+ and !empty($_POST['default_maxheight'])
+ and (!preg_match($int_pattern, $_POST['default_maxheight'])
+ or $_POST['default_maxheight'] < 50))
+ {
+ array_push($errors, $lang['maxheight_error']);
+ }
break;
}
case 'upload' :
@@ -255,6 +267,8 @@ switch ($page['section'])
'CONF_STYLE_SELECT'=>style_select($conf['default_template'], 'default_template'),
'CONF_RECENT'=>$conf['recent_period'],
'NB_COMMENTS_PAGE'=>$conf['nb_comment_page'],
+ 'MAXWIDTH'=>$conf['default_maxwidth'],
+ 'MAXHEIGHT'=>$conf['default_maxheight'],
'EXPAND_YES'=>$expand_yes,
'EXPAND_NO'=>$expand_no,
'SHOW_COMMENTS_YES'=>$show_yes,
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index fc2e2eb51..fffb6ff5c 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -159,7 +159,33 @@ else
$thumbnail_url = get_thumbnail_src($row['path'], @$row['tn_ext']);
$url_img = PHPWG_ROOT_PATH.'picture.php?image_id='.$_GET['image_id'];
-$url_img .= '&amp;cat='.$row['storage_category_id'];
+
+$query = '
+SELECT category_id
+ FROM '.IMAGE_CATEGORY_TABLE.'
+ WHERE image_id = '.$_GET['image_id'];
+
+if (isset($user['forbidden_categories'])
+ and !empty($user['forbidden_categories']))
+{
+ $query.= '
+ AND category_id NOT IN ('.$user['forbidden_categories'].')';
+}
+$query.= '
+ ORDER BY RAND()
+;';
+$result = pwg_query($query);
+
+if (mysql_num_rows($result) > 0)
+{
+ list($category_id) = mysql_fetch_array($result);
+ $url_img .= '&amp;cat='.$category_id;
+}
+else
+{
+ $url_img .= '&amp;cat='.$row['storage_category_id'];
+}
+
$date = isset($_POST['date_creation']) && empty($errors)
?$_POST['date_creation']:date_convert_back(@$row['date_creation']);
diff --git a/admin/update.php b/admin/update.php
index 56843d21a..59e748198 100644
--- a/admin/update.php
+++ b/admin/update.php
@@ -453,6 +453,62 @@ SELECT IF(MAX(id)+1 IS NULL, 1, MAX(id)+1) AS next_element_id
echo '<!-- scanning files : ';
echo get_elapsed_time($start_files, get_moment());
echo ' -->'."\n";
+
+ // retrieving informations given by uploaders
+ if (!$simulate)
+ {
+ $query = '
+SELECT id,file,storage_category_id,infos
+ FROM '.WAITING_TABLE.'
+ WHERE storage_category_id IN (
+'.wordwrap(implode(', ', $cat_ids), 80, "\n").')
+ AND validated = \'true\'
+;';
+ $result = pwg_query($query);
+
+ $datas = array();
+ $fields =
+ array(
+ 'primary' => array('id'),
+ 'update' => array('date_creation', 'author', 'name', 'comment')
+ );
+
+ $waiting_to_delete = array();
+
+ while ($row = mysql_fetch_array($result))
+ {
+ $data = array();
+
+ $query = '
+SELECT id
+ FROM '.IMAGES_TABLE.'
+ WHERE storage_category_id = \''.$row['storage_category_id'].'\'
+ AND file = \''.$row['file'].'\'
+;';
+ list($data['id']) = mysql_fetch_array(pwg_query($query));
+
+ foreach ($fields['update'] as $field)
+ {
+ $data[$field] = getAttribute($row['infos'], $field);
+ }
+
+ array_push($datas, $data);
+ array_push($waiting_to_delete, $row['id']);
+ }
+
+ if (count($datas) > 0)
+ {
+ mass_updates(IMAGES_TABLE, $fields, $datas);
+
+ // delete now useless waiting elements
+ $query = '
+DELETE
+ FROM '.WAITING_TABLE.'
+ WHERE id IN ('.implode(',', $waiting_to_delete).')
+;';
+ pwg_query($query);
+ }
+ }
}
// +-----------------------------------------------------------------------+
// | template initialization |