From 42d56b658db3a4001f630c81814d773620769b31 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Wed, 21 Dec 2016 14:01:54 +0100
Subject: [PATCH] fixes #584, better check and error for image_id on edition

---
 admin/include/functions.php | 33 +++++++++++++++++++++++++++++++++
 admin/photo.php             |  3 +++
 admin/picture_modify.php    | 17 +++++++++--------
 3 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/admin/include/functions.php b/admin/include/functions.php
index 9d35ebecd..5766197b7 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -3050,3 +3050,36 @@ function number_format_human_readable($numbers)
 
   return number_format($numbers, 1).$readable[$index];
 }
+
+/**
+ * Get infos related to an image
+ *
+ * @since 2.9
+ * @param int $image_id
+ * @param bool $die_on_missing
+ */
+function get_image_infos($image_id, $die_on_missing=false)
+{
+  if (!is_numeric($image_id))
+  {
+    fatal_error('['.__FUNCTION__.'] invalid image identifier '.htmlentities($image_id));
+  }
+
+  $query = '
+SELECT *
+  FROM '.IMAGES_TABLE.'
+  WHERE id = '.$image_id.'
+;';
+  $images = query2array($query);
+  if (count($images) == 0)
+  {
+    if ($die_on_missing)
+    {
+      fatal_error("photo ".$image_id." does not exist");
+    }
+
+    return null;
+  }
+
+  return $images[0];
+}
diff --git a/admin/photo.php b/admin/photo.php
index c1d0687a9..33d765ece 100644
--- a/admin/photo.php
+++ b/admin/photo.php
@@ -37,6 +37,9 @@ check_input_parameter('image_id', $_GET, false, PATTERN_ID);
 
 $admin_photo_base_url = get_root_url().'admin.php?page=photo-'.$_GET['image_id'];
 
+// retrieving direct information about picture
+$page['image'] = get_image_infos($_GET['image_id'], true);
+
 if (isset($_GET['cat_id']))
 {
   $query = '
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index af5231ff6..24cdc22d4 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -36,6 +36,14 @@ check_status(ACCESS_ADMINISTRATOR);
 check_input_parameter('image_id', $_GET, false, PATTERN_ID);
 check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
 
+// retrieving direct information about picture. This may have been already
+// done on admin/photo.php but this page can also be accessed without
+// photo.php as proxy.
+if (!isset($page['image']))
+{
+  $page['image'] = get_image_infos($_GET['image_id'], true);
+}
+
 // represent
 $query = '
 SELECT id
@@ -200,14 +208,7 @@ SELECT
 ;';
 $tag_selection = get_taglist($query);
 
-// retrieving direct information about picture
-$query = '
-SELECT *
-  FROM '.IMAGES_TABLE.'
-  WHERE id = '.$_GET['image_id'].'
-;';
-$row = pwg_db_fetch_assoc(pwg_query($query));
-
+$row = $page['image'];
 $storage_category_id = null;
 if (!empty($row['storage_category_id']))
 {