iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

issue #2386 simplify/secure additional filters

Browse Source
This commit is contained in:
plegall
2025-08-12 16:20:25 +02:00
parent 09a03d9818
commit b8fcc216b8
1 changed files with 29 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
admin/user_activity.php
View File

@@ -16,8 +16,13 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+ // +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok | // | Check Access and exit when user status is not ok |
// +-----------------------------------------------------------------------+ // +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR); check_status(ACCESS_ADMINISTRATOR);
check_input_parameter('photo', $_GET, false, PATTERN_ID);
check_input_parameter('album', $_GET, false, PATTERN_ID);
check_input_parameter('group', $_GET, false, PATTERN_ID);
// +-----------------------------------------------------------------------+ // +-----------------------------------------------------------------------+
// | tabs | // | tabs |
// +-----------------------------------------------------------------------+ // +-----------------------------------------------------------------------+
@@ -172,41 +177,35 @@ $additional_filt_type = false;
$additional_filt_name = null; $additional_filt_name = null;
$additional_filt_value = null; $additional_filt_value = null;
if(isset($_GET['photo'])) $additional_filters = array(
{ 'photo' => IMAGES_TABLE,
$query = ' 'album' => CATEGORIES_TABLE,
SELECT 'group' => GROUPS_TABLE,
name );
FROM '.IMAGES_TABLE.'
WHERE id = '.$_GET['photo'].';';
$additional_filt_type = 'photo'; foreach ($additional_filters as $filter_key => $filter_table)
$additional_filt_name = query2array($query)[0]['name'];
$additional_filt_value = $_GET['photo'];
}
else if (isset($_GET['album']))
{ {
$query = ' if (isset($_GET[$filter_key]))
SELECT {
$query = '
SELECT
name name
FROM '.CATEGORIES_TABLE.' FROM '.$filter_table.'
WHERE id = '.$_GET['album'].';'; WHERE id = '.$_GET[$filter_key].'
;';
$rows = query2array($query);
$additional_filt_type = 'album'; if (count($rows) == 0)
$additional_filt_name = query2array($query)[0]['name']; {
$additional_filt_value = $_GET['album']; fatal_error($filter_key.' #'.$_GET[$filter_key].' does not exist');
} }
else if (isset($_GET['group']))
{
$query = '
SELECT
name
FROM '.GROUPS_TABLE.'
WHERE id = '.$_GET['group'].';';
$additional_filt_type = 'group'; $additional_filt_type = $filter_key;
$additional_filt_name = query2array($query)[0]['name']; $additional_filt_name = $rows[0]['name'];
$additional_filt_value = $_GET['group']; $additional_filt_value = $_GET[$filter_key];
break;
}
} }
$template->assign('ADDITIONAL_FILT', array( $template->assign('ADDITIONAL_FILT', array(