fixes #584, better check and error for image_id on edition

admin/include/functions.php

@@ -3050,3 +3050,36 @@ function number_format_human_readable($numbers)
 
   return number_format($numbers, 1).$readable[$index];
 }
+
+/**
+ * Get infos related to an image
+ *
+ * @since 2.9
+ * @param int $image_id
+ * @param bool $die_on_missing
+ */
+function get_image_infos($image_id, $die_on_missing=false)
+{
+  if (!is_numeric($image_id))
+  {
+    fatal_error('['.__FUNCTION__.'] invalid image identifier '.htmlentities($image_id));
+  }
+
+  $query = '
+SELECT *
+  FROM '.IMAGES_TABLE.'
+  WHERE id = '.$image_id.'
+;';
+  $images = query2array($query);
+  if (count($images) == 0)
+  {
+    if ($die_on_missing)
+    {
+      fatal_error("photo ".$image_id." does not exist");
+    }
+
+    return null;
+  }
+
+  return $images[0];
+}

admin/photo.php

@@ -37,6 +37,9 @@ check_input_parameter('image_id', $_GET, false, PATTERN_ID);
 
 $admin_photo_base_url = get_root_url().'admin.php?page=photo-'.$_GET['image_id'];
 
+// retrieving direct information about picture
+$page['image'] = get_image_infos($_GET['image_id'], true);
+
 if (isset($_GET['cat_id']))
 {
   $query = '

admin/picture_modify.php

@@ -36,6 +36,14 @@ check_status(ACCESS_ADMINISTRATOR);
 check_input_parameter('image_id', $_GET, false, PATTERN_ID);
 check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
 
+// retrieving direct information about picture. This may have been already
+// done on admin/photo.php but this page can also be accessed without
+// photo.php as proxy.
+if (!isset($page['image']))
+{
+  $page['image'] = get_image_infos($_GET['image_id'], true);
+}
+
 // represent
 $query = '
 SELECT id
@@ -200,14 +208,7 @@ SELECT
 ;';
 $tag_selection = get_taglist($query);
 
-// retrieving direct information about picture
-$query = '
-SELECT *
-  FROM '.IMAGES_TABLE.'
-  WHERE id = '.$_GET['image_id'].'
-;';
-$row = pwg_db_fetch_assoc(pwg_query($query));
-
+$row = $page['image'];
 $storage_category_id = null;
 if (!empty($row['storage_category_id']))
 {