4 files changed, 104 insertions, 8 deletions

diff --git a/admin/cat_list.php b/admin/cat_list.php
index b5b4a6852..55d34ff18 100644
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@@ -329,7 +329,7 @@ else
 $template->assign_vars(array(
   'CATEGORIES_NAV'=>$navigation,
   'NEXT_RANK'=>$next_rank,
-  'F_ACTION'=>$form_action,
+  'F_ACTION'=>add_session_id($form_action),
   
   'L_ADD_VIRTUAL'=>$lang['cat_add'],
   'L_SUBMIT'=>$lang['submit'],
diff --git a/admin/configuration.php b/admin/configuration.php
index 9b3ca801a..35e92c5b9 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -66,12 +66,8 @@ if (isset($_POST['submit']))
       {
         array_push($errors, $lang['conf_prefix_thumbnail_error']);
       }
-      // mail must be formatted as follows : name@server.com
-      $pattern = '/^[\w-]+(\.[\w-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$/';
-      if (!preg_match($pattern, $_POST['mail_webmaster']))
-      {
-        array_push($errors, $lang['conf_mail_webmaster_error']);
-      }
+      // as webmaster mail address shown on the website, it can be obfuscated
+      // and no comply with normal mail address pattern
       break;
     }
     case 'comments' :
@@ -94,6 +90,22 @@ if (isset($_POST['submit']))
       {
         array_push($errors, $lang['periods_error']);
       }
+      // maxwidth
+      if (isset($_POST['default_maxwidth'])
+          and !empty($_POST['default_maxwidth'])
+          and (!preg_match($int_pattern, $_POST['default_maxwidth'])
+               or $_POST['default_maxwidth'] < 50))
+      {
+        array_push($errors, $lang['maxwidth_error']);
+      }
+      // maxheight
+      if (isset($_POST['default_maxheight'])
+          and !empty($_POST['default_maxheight'])
+          and (!preg_match($int_pattern, $_POST['default_maxheight'])
+               or $_POST['default_maxheight'] < 50))
+      {
+        array_push($errors, $lang['maxheight_error']);
+      }
       break;
     }
     case 'upload' :
@@ -255,6 +267,8 @@ switch ($page['section'])
         'CONF_STYLE_SELECT'=>style_select($conf['default_template'], 'default_template'),
         'CONF_RECENT'=>$conf['recent_period'],
         'NB_COMMENTS_PAGE'=>$conf['nb_comment_page'],
+        'MAXWIDTH'=>$conf['default_maxwidth'],
+        'MAXHEIGHT'=>$conf['default_maxheight'],
         'EXPAND_YES'=>$expand_yes,
         'EXPAND_NO'=>$expand_no,
         'SHOW_COMMENTS_YES'=>$show_yes,
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index fc2e2eb51..fffb6ff5c 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -159,7 +159,33 @@ else
 $thumbnail_url = get_thumbnail_src($row['path'], @$row['tn_ext']);
 
 $url_img = PHPWG_ROOT_PATH.'picture.php?image_id='.$_GET['image_id'];
-$url_img .= '&amp;cat='.$row['storage_category_id'];
+
+$query = '
+SELECT category_id
+  FROM '.IMAGE_CATEGORY_TABLE.'
+  WHERE image_id = '.$_GET['image_id'];
+
+if (isset($user['forbidden_categories'])
+    and !empty($user['forbidden_categories']))
+{
+  $query.= '
+    AND category_id NOT IN ('.$user['forbidden_categories'].')';
+}
+$query.= '
+  ORDER BY RAND()
+;';
+$result = pwg_query($query);
+
+if (mysql_num_rows($result) > 0)
+{
+  list($category_id) = mysql_fetch_array($result);
+  $url_img .= '&amp;cat='.$category_id;
+}
+else
+{
+  $url_img .= '&amp;cat='.$row['storage_category_id'];
+}
+
 $date = isset($_POST['date_creation']) && empty($errors)
 ?$_POST['date_creation']:date_convert_back(@$row['date_creation']);
 
diff --git a/admin/update.php b/admin/update.php
index 56843d21a..59e748198 100644
--- a/admin/update.php
+++ b/admin/update.php
@@ -453,6 +453,62 @@ SELECT IF(MAX(id)+1 IS NULL, 1, MAX(id)+1) AS next_element_id
   echo '<!-- scanning files : ';
   echo get_elapsed_time($start_files, get_moment());
   echo ' -->'."\n";
+
+  // retrieving informations given by uploaders
+  if (!$simulate)
+  {
+    $query = '
+SELECT id,file,storage_category_id,infos
+  FROM '.WAITING_TABLE.'
+  WHERE storage_category_id IN (
+'.wordwrap(implode(', ', $cat_ids), 80, "\n").')
+    AND validated = \'true\'
+;';
+    $result = pwg_query($query);
+  
+    $datas = array();
+    $fields =
+      array(
+        'primary' => array('id'),
+        'update'  => array('date_creation', 'author', 'name', 'comment')
+        );
+
+    $waiting_to_delete = array();
+    
+    while ($row = mysql_fetch_array($result))
+    {
+      $data = array();
+      
+      $query = '
+SELECT id
+  FROM '.IMAGES_TABLE.'
+  WHERE storage_category_id = \''.$row['storage_category_id'].'\'
+    AND file = \''.$row['file'].'\'
+;';
+      list($data['id']) = mysql_fetch_array(pwg_query($query));
+
+      foreach ($fields['update'] as $field)
+      {
+        $data[$field] = getAttribute($row['infos'], $field);
+      }
+      
+      array_push($datas, $data);
+      array_push($waiting_to_delete, $row['id']);
+    }
+
+    if (count($datas) > 0)
+    {
+      mass_updates(IMAGES_TABLE, $fields, $datas);
+
+      // delete now useless waiting elements
+      $query = '
+DELETE
+  FROM '.WAITING_TABLE.'
+  WHERE id IN ('.implode(',', $waiting_to_delete).')
+;';
+      pwg_query($query);
+    }
+  }
 }
 // +-----------------------------------------------------------------------+
 // |                        template initialization                        |