aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/section_init.inc.php39
1 files changed, 5 insertions, 34 deletions
diff --git a/include/section_init.inc.php b/include/section_init.inc.php
index 305025ff3..d8b2f62c2 100644
--- a/include/section_init.inc.php
+++ b/include/section_init.inc.php
@@ -93,6 +93,10 @@ if (script_basename() == 'picture') // basename without file extention
if ( is_numeric($token) )
{
$page['image_id'] = $token;
+ if ($page['image_id']==0)
+ {
+ bad_request('invalid picture identifier');
+ }
}
else
{
@@ -525,40 +529,7 @@ if (isset($page['chronology_field']))
if (script_basename() == 'picture'
and !isset($page['image_id']) )
{
- if ( !empty($page['items']) )
- {
- $query = '
-SELECT id,file
- FROM '.IMAGES_TABLE .'
- WHERE file LIKE "' . $page['image_file'] . '.%" ESCAPE "|"';
- if ( count($page['items']) < 500)
- {// for very large item sets do not add IN - because slow
- $query .= '
- AND id IN ('.implode(',',$page['items']).')
- LIMIT 0,1';
- }
- $result = pwg_query($query);
- switch (mysql_num_rows($result))
- {
- case 0: break;
- case 1:
- list($page['image_id'], $page['image_file']) = mysql_fetch_row($result);
- break;
- default: // more than 1 file name match
- while ($row = mysql_fetch_row($result) )
- {
- if ( in_array($row[0], $page['items']) )
- {
- list($page['image_id'], $page['image_file']) = $row;
- break;
- }
- }
- }
- }
- if ( !isset($page['image_id']) )
- {
- $page['image_id'] = -1; // will fail in picture.php
- }
+ $page['image_id'] = 0; // more work in picture.php
}
// add meta robots noindex, nofollow to avoid unnecesary robot crawls