iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

issue #2386 simplify/secure additional filters

Browse Source
This commit is contained in:
plegall
2025-08-12 16:20:25 +02:00
parent 09a03d9818
commit b8fcc216b8
1 changed files with 29 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
admin/user_activity.php
View File

@@ -16,8 +16,13 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok |
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
check_input_parameter('photo', $_GET, false, PATTERN_ID);
check_input_parameter('album', $_GET, false, PATTERN_ID);
check_input_parameter('group', $_GET, false, PATTERN_ID);
// +-----------------------------------------------------------------------+
// | tabs |
// +-----------------------------------------------------------------------+
@@ -172,41 +177,35 @@ $additional_filt_type = false;
$additional_filt_name = null;
$additional_filt_value = null;
if(isset($_GET['photo']))
{
$query = '
SELECT
name
FROM '.IMAGES_TABLE.'
WHERE id = '.$_GET['photo'].';';
$additional_filters = array(
'photo' => IMAGES_TABLE,
'album' => CATEGORIES_TABLE,
'group' => GROUPS_TABLE,
);
$additional_filt_type = 'photo';
$additional_filt_name = query2array($query)[0]['name'];
$additional_filt_value = $_GET['photo'];
}
else if (isset($_GET['album']))
foreach ($additional_filters as $filter_key => $filter_table)
{
if (isset($_GET[$filter_key]))
{
$query = '
SELECT
SELECT
name
FROM '.CATEGORIES_TABLE.'
WHERE id = '.$_GET['album'].';';
FROM '.$filter_table.'
WHERE id = '.$_GET[$filter_key].'
;';
$rows = query2array($query);
$additional_filt_type = 'album';
$additional_filt_name = query2array($query)[0]['name'];
$additional_filt_value = $_GET['album'];
}
else if (isset($_GET['group']))
{
$query = '
SELECT
name
FROM '.GROUPS_TABLE.'
WHERE id = '.$_GET['group'].';';
if (count($rows) == 0)
{
fatal_error($filter_key.' #'.$_GET[$filter_key].' does not exist');
}
$additional_filt_type = 'group';
$additional_filt_name = query2array($query)[0]['name'];
$additional_filt_value = $_GET['group'];
$additional_filt_type = $filter_key;
$additional_filt_name = $rows[0]['name'];
$additional_filt_value = $_GET[$filter_key];
break;
}
}
$template->assign('ADDITIONAL_FILT', array(