diff options
Diffstat (limited to 'picture.php')
-rw-r--r-- | picture.php | 47 |
1 files changed, 29 insertions, 18 deletions
diff --git a/picture.php b/picture.php index 5009e101a..b59cb1a87 100644 --- a/picture.php +++ b/picture.php @@ -82,7 +82,7 @@ while ($row = mysql_fetch_array($result)) if (!$belongs) { echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; - echo '<a href="'.PHPWG_ROOT_PATH.'category.php'.'">'; + echo '<a href="'.add_session_id( PHPWG_ROOT_PATH.'category.php' ).'">'; echo $lang['thumbnails'].'</a></div>'; exit(); } @@ -329,17 +329,18 @@ if ( isset( $_GET['add_fav'] ) ) { // there is no favorite picture anymore we redirect the user to the // category page - redirect($url_up); + $url = add_session_id($url_up); + redirect($url); } else if (!$has_prev) { $url = str_replace( '&', '&', $picture['next']['url'] ); - redirect( $url ); + $url = add_session_id( $url, true); } else { $url = str_replace('&', '&', $picture['prev']['url'] ); - redirect( $url ); + $url = add_session_id( $url, true); } redirect( $url ); } @@ -532,12 +533,12 @@ $template->assign_vars(array( 'L_UP_HINT' => $lang['home_hint'], 'L_UP_ALT' => $lang['home'], - 'U_HOME' => (PHPWG_ROOT_PATH.'category.php'), - 'U_UP' => $url_up, - 'U_METADATA' => $url_metadata, - 'U_ADMIN' => $url_admin, - 'U_SLIDESHOW'=> $url_slide, - 'U_ADD_COMMENT' => str_replace( '&', '&', $_SERVER['REQUEST_URI'] ) + 'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'), + 'U_UP' => add_session_id($url_up), + 'U_METADATA' => add_session_id($url_metadata), + 'U_ADMIN' => add_session_id($url_admin), + 'U_SLIDESHOW'=> add_session_id($url_slide), + 'U_ADD_COMMENT' => add_session_id(str_replace( '&', '&', $_SERVER['REQUEST_URI'] )) ) ); @@ -594,8 +595,10 @@ if ('admin' == $user['status']) 'caddie', array( 'URL' => + add_session_id( PHPWG_ROOT_PATH.'picture.php' .get_query_string_diff(array('caddie')).'&caddie=1') + ) ); } @@ -653,7 +656,7 @@ if ($has_prev) array( 'TITLE_IMG' => $picture['prev']['name'], 'IMG' => $picture['prev']['thumbnail'], - 'U_IMG' => $picture['prev']['url'] + 'U_IMG' => add_session_id($picture['prev']['url']) )); } @@ -664,7 +667,7 @@ if ($has_next) array( 'TITLE_IMG' => $picture['next']['name'], 'IMG' => $picture['next']['thumbnail'], - 'U_IMG' => $picture['next']['url'] + 'U_IMG' => add_session_id($picture['next']['url']) )); } @@ -687,9 +690,11 @@ if (!empty($picture['current']['author'])) { $infos['INFO_AUTHOR'] = '<a href="'. + add_session_id( PHPWG_ROOT_PATH.'category.php?cat=search'. '&search=author:'.$picture['current']['author'] - .'">'.$picture['current']['author'].'</a>'; + ). + '">'.$picture['current']['author'].'</a>'; } else { @@ -701,9 +706,11 @@ if (!empty($picture['current']['date_creation'])) { $infos['INFO_CREATION_DATE'] = '<a href="'. + add_session_id( PHPWG_ROOT_PATH.'category.php?cat=search'. '&search=date_creation:'.$picture['current']['date_creation'] - .'">'.format_date($picture['current']['date_creation']).'</a>'; + ). + '">'.format_date($picture['current']['date_creation']).'</a>'; } else { @@ -713,10 +720,12 @@ else // date of availability $infos['INFO_AVAILABILITY_DATE'] = '<a href="'. + add_session_id( PHPWG_ROOT_PATH.'category.php?cat=search'. '&search=date_available:'. substr($picture['current']['date_available'], 0, 10) - .'">'. + ). + '">'. format_date($picture['current']['date_available'], 'mysql_datetime'). '</a>'; @@ -765,8 +774,10 @@ if (!empty($picture['current']['keywords'])) preg_replace( '/([^,]+)/', '<a href="'. + add_session_id( PHPWG_ROOT_PATH.'category.php?cat=search&search=keywords:$1' - .'">$1</a>', + ). + '">$1</a>', $picture['current']['keywords'] ); } @@ -890,7 +901,7 @@ if ( isset( $_GET['slideshow'] ) ) if ( !is_numeric( $_GET['slideshow'] ) ) $_GET['slideshow'] = $conf['slideshow_period']; $template->assign_block_vars('stop_slideshow', array( - 'U_SLIDESHOW'=>$picture['current']['url'] + 'U_SLIDESHOW'=>add_session_id( $picture['current']['url'] ) )); } @@ -1043,7 +1054,7 @@ if ($page['show_comments']) { $template->assign_block_vars( 'comments.comment.delete', - array('U_COMMENT_DELETE'=> $url.'&del='.$row['id'] + array('U_COMMENT_DELETE'=>add_session_id( $url.'&del='.$row['id']) )); } } |