From e85ecfe2528bebbf871240e033ddda0c8f76505f Mon Sep 17 00:00:00 2001
From: Perrom <p.romplouf@gmail.com>
Date: Thu, 3 Jul 2025 15:11:29 +0200
Subject: [PATCH] security improvement and code refactorization

---
 admin/configuration.php                       |  26 ++---
 .../default/template/configuration_search.tpl | 104 +++++++++++++++---
 include/functions_search.inc.php              |  39 ++++---
 include/search_filters.inc.php                |  32 +++---
 search.php                                    |  30 ++++-
 themes/default/js/mcs.js                      |  90 ++++++++-------
 .../template/include/search_filters.inc.tpl   |  26 ++---
 7 files changed, 232 insertions(+), 115 deletions(-)

diff --git a/admin/configuration.php b/admin/configuration.php
index 96ded653d..32ff2d9b6 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -113,19 +113,19 @@ $display_info_checkboxes = array(
   );
 
 $filters_names_checkboxes = array(
-  "words",
-  "tags",
-  "post_date",
-  "creation_date",
-  "album",
-  "author",
-  "added_by",
-  "file_type",
-  "ratio",
-  "rating",
-  "file_size",
-  "height",
-  "width"
+  'words',
+  'tags',
+  'post_date',
+  'creation_date',
+  'album',
+  'author',
+  'added_by',
+  'file_type',
+  'ratio',
+  'rating',
+  'file_size',
+  'height',
+  'width'
 );
 
 // image order management
diff --git a/admin/themes/default/template/configuration_search.tpl b/admin/themes/default/template/configuration_search.tpl
index ed698cb9e..cacc5760f 100644
--- a/admin/themes/default/template/configuration_search.tpl
+++ b/admin/themes/default/template/configuration_search.tpl
@@ -2,7 +2,22 @@
 
 {footer_script}
 
-filters_names = ["words","tags","post_date","creation_date","album","author","added_by","file_type","ratio","rating","file_size","height","width"];
+filters_names = 
+[
+  'words',
+  'tags',
+  'post_date',
+  'creation_date',
+  'album',
+  'author',
+  'added_by',
+  'file_type',
+  'ratio',
+  'rating',
+  'file_size',
+  'height',
+  'width'
+];
 
 for(const filter_name of filters_names){
   if(!$("input#"+filter_name+"Filters").is(':checked')){
@@ -66,7 +81,14 @@ for(const filter_name of filters_names){
       <li class="filters-grid">
         <label class="font-checkbox">
           <span class="icon-check"></span>
-          <input type="checkbox" class="filters-icon-check" name="filters_views_box[{$filter_name}]" id="{$filter_name}Filters" {if ($search.filters_views.$filter_name.access != "nobody" and !($filter_name == "rating" and !$SHOW_FILTER_RATINGS))}checked="checked"{/if} {if ($filter_name == "rating" and !$SHOW_FILTER_RATINGS)}disabled{/if}>
+          <input type="checkbox" class="filters-icon-check" name="filters_views_box[{$filter_name}]" id="{$filter_name}Filters" 
+          {if ($search.filters_views.$filter_name.access != 'nobody' and !($filter_name == 'rating' and !$SHOW_FILTER_RATINGS))}
+            checked="checked"
+          {/if} 
+          {if ($filter_name == 'rating' and !$SHOW_FILTER_RATINGS)}
+            disabled
+          {/if}
+          >
           {ucfirst(str_replace('_', ' ', $filter_name))|translate}
         </label>
         <div class='select-views-arrow icon-down-open' id="{$filter_name}Arrow"> </div>
@@ -95,55 +117,107 @@ for(const filter_name of filters_names){
 
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options gallery-icon-search">{'Words'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[words][default]" id="default_words" {if ($search.filters_views.words.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[words][default]" id="default_words" 
+      {if ($search.filters_views.words.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options gallery-icon-tag">{'Tags'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[tags][default]" id="default_tags" {if ($search.filters_views.tags.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[tags][default]" id="default_tags" 
+      {if ($search.filters_views.tags.default)}
+        checked="checked"
+        {/if} 
+        hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options gallery-icon-calendar-plus">{'Post date'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[post_date][default]" id="default_post_date" {if ($search.filters_views.post_date.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[post_date][default]" id="default_post_date" 
+      {if ($search.filters_views.post_date.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options gallery-icon-calendar">{'Creation date'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[creation_date][default]" id="default_creation_date" {if ($search.filters_views.creation_date.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[creation_date][default]" id="default_creation_date" 
+      {if ($search.filters_views.creation_date.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options gallery-icon-album">{'Album'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[album][default]" id="default_album" {if ($search.filters_views.album.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[album][default]" id="default_album" 
+      {if ($search.filters_views.album.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options gallery-icon-user-edit">{'Author'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[author][default]" id="default_author" {if ($search.filters_views.author.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[author][default]" id="default_author" 
+      {if ($search.filters_views.author.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options icon-user-1">{'Added by'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[added_by][default]" id="default_added_by" {if ($search.filters_views.added_by.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[added_by][default]" id="default_added_by" 
+      {if ($search.filters_views.added_by.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options icon-file-image">{'File type'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[file_type][default]" id="default_file_type" {if ($search.filters_views.file_type.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[file_type][default]" id="default_file_type" 
+      {if ($search.filters_views.file_type.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options icon-crop">{'Ratio'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[ratio][default]" id="default_ratio" {if ($search.filters_views.ratio.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[ratio][default]" id="default_ratio" 
+      {if ($search.filters_views.ratio.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options icon-star">{'Rating'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[rating][default]" id="default_rating" {if ($search.filters_views.rating.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[rating][default]" id="default_rating" 
+      {if ($search.filters_views.rating.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options icon-hdd">{'Filesize'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[file_size][default]" id="default_file_size" {if ($search.filters_views.file_size.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[file_size][default]" id="default_file_size" 
+      {if ($search.filters_views.file_size.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options gallery-icon-height">{'Height'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[height][default]" id="default_height" {if ($search.filters_views.height.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[height][default]" id="default_height" 
+      {if ($search.filters_views.height.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
     <label class="filter-manager-options-container">
       <span class="mcs-icon-options gallery-icon-width">{'Width'|translate}</span>
-      <input type="checkbox" class="filter-manager-options-check" name="filters_views[width][default]" id="default_width" {if ($search.filters_views.width.default)}checked="checked"{/if} hidden/>
+      <input type="checkbox" class="filter-manager-options-check" name="filters_views[width][default]" id="default_width" 
+      {if ($search.filters_views.width.default)}
+        checked="checked"
+      {/if} 
+      hidden/>
     </label>
 
   </fieldset>
diff --git a/include/functions_search.inc.php b/include/functions_search.inc.php
index 67d8d875e..8c485005a 100644
--- a/include/functions_search.inc.php
+++ b/include/functions_search.inc.php
@@ -120,11 +120,24 @@ function get_regular_search_results($search, $images_where='')
   $image_ids_for_filter = array();
 
   $display_filters = unserialize($conf["filters_views"]);
+  foreach($display_filters as $filt_name => $filt_conf){
+    if(isset($filt_conf['access']))
+    {
+      if ($filt_conf['access'] == 'everybody' or ($filt_conf['access'] == 'admins-only' and is_admin()) or ($filt_conf['access'] == 'registered-users' and is_classic_user()))
+      {
+        $display_filters[$filt_name]['access'] = true;
+      }
+      else
+      {
+        $display_filters[$filt_name]['access'] = false;
+      }
+    }
+  }
 
   //
   // allwords
   //
-  if (isset($search['fields']['allwords']) and !empty($search['fields']['allwords']['words']) and count($search['fields']['allwords']['fields']) > 0 and ($display_filters["words"]["access"] == "everybody" or ($display_filters["words"]["access"] == "admins-only" and is_admin()) or ($display_filters["words"]["access"] == "registered-users" and is_classic_user())))
+  if (isset($search['fields']['allwords']) and !empty($search['fields']['allwords']['words']) and count($search['fields']['allwords']['fields']) > 0 and $display_filters['words']['access'])
   {
     $has_filters_filled = true;
 
@@ -305,7 +318,7 @@ SELECT
   //
   // author
   //
-  if (isset($search['fields']['author']) and count($search['fields']['author']['words']) > 0)
+  if (isset($search['fields']['author']) and count($search['fields']['author']['words']) > 0 and $display_filters['author']['access'])
   {
     $has_filters_filled = true;
 
@@ -329,7 +342,7 @@ SELECT
   //
   // filetypes
   //
-  if (!empty($search['fields']['filetypes']['data']))
+  if (!empty($search['fields']['filetypes']['data']) and $display_filters['file_type']['access'])
   {
     $has_filters_filled = true;
 
@@ -353,7 +366,7 @@ SELECT
   //
   // added_by
   //
-  if (!empty($search['fields']['added_by']['data']))
+  if (!empty($search['fields']['added_by']['data']) and $display_filters['added_by']['access'])
   {
     $has_filters_filled = true;
 
@@ -371,7 +384,7 @@ SELECT
   //
   // cat
   //
-  if (isset($search['fields']['cat']) and !empty($search['fields']['cat']['words']))
+  if (isset($search['fields']['cat']) and !empty($search['fields']['cat']['words']) and $display_filters['album']['access'])
   {
     $has_filters_filled = true;
 
@@ -405,7 +418,7 @@ SELECT
   //
   // date_posted
   //
-  if (!empty($search['fields']['date_posted']['preset']))
+  if (!empty($search['fields']['date_posted']['preset']) and $display_filters['post_date']['access'])
   {
 
     $has_filters_filled = true;
@@ -487,7 +500,7 @@ SELECT
   //
   // date_created
   //
-  if (!empty($search['fields']['date_created']['preset']))
+  if (!empty($search['fields']['date_created']['preset']) and $display_filters['creation_date']['access'])
   {
 
     $has_filters_filled = true;
@@ -569,7 +582,7 @@ SELECT
   //
   // ratios
   //
-  if (!empty($search['fields']['ratios']['data']))
+  if (!empty($search['fields']['ratios']['data']) and $display_filters['ratio']['access'])
   {
     $has_filters_filled = true;
 
@@ -600,7 +613,7 @@ SELECT
   //
   // ratings
   //
-  if ($conf['rate'] and !empty($search['fields']['ratings']['data']))
+  if ($conf['rate'] and !empty($search['fields']['ratings']['data']) and $display_filters['rating']['access'])
   {
     $has_filters_filled = true;
 
@@ -631,7 +644,7 @@ SELECT
   //
   // filesize
   //
-  if (!empty($search['fields']['filesize_min']['data']) and !empty($search['fields']['filesize_max']['data']))
+  if (!empty($search['fields']['filesize_min']['data']) and !empty($search['fields']['filesize_max']['data']) and $display_filters['file_size']['access'])
   {
     $has_filters_filled = true;
 
@@ -651,7 +664,7 @@ SELECT
   //
   // height
   //
-  if (!empty($search['fields']['height_min']['data']) and !empty($search['fields']['height_max']['data']))
+  if (!empty($search['fields']['height_min']['data']) and !empty($search['fields']['height_max']['data']) and $display_filters['height']['access'])
   {
     $has_filters_filled = true;
 
@@ -669,7 +682,7 @@ SELECT
   //
   // width
   //
-  if (!empty($search['fields']['width_min']['data']) and !empty($search['fields']['width_max']['data']))
+  if (!empty($search['fields']['width_min']['data']) and !empty($search['fields']['width_max']['data']) and $display_filters['width']['access'])
   {
     $has_filters_filled = true;
 
@@ -687,7 +700,7 @@ SELECT
   //
   // tags
   //
-  if (isset($search['fields']['tags']) and !empty($search['fields']['tags']['words']))
+  if (isset($search['fields']['tags']) and !empty($search['fields']['tags']['words']) and $display_filters['tags']['access'])
   {
     $has_filters_filled = true;
 
diff --git a/include/search_filters.inc.php b/include/search_filters.inc.php
index 4d17ab480..56ecd17a9 100644
--- a/include/search_filters.inc.php
+++ b/include/search_filters.inc.php
@@ -45,12 +45,12 @@ if ('search' == $page['section'] and isset($page['search_details']))
 
   if (isset($my_search['fields']['allwords']))
   {
-    $my_search['fields']['allwords']["access"] = $filters_views["words"]["access"];
+    $my_search['fields']['allwords']['access'] = $filters_views['words']['access'];
   }
 
   if (isset($my_search['fields']['tags']))
   {
-    $my_search['fields']['tags']["access"] = $filters_views["tags"]["access"];
+    $my_search['fields']['tags']['access'] = $filters_views['tags']['access'];
     $filter_tags = array();
 
     // TODO calling get_available_tags(), with lots of photos/albums/tags may cost time,
@@ -88,7 +88,7 @@ if ('search' == $page['section'] and isset($page['search_details']))
 
   if (isset($my_search['fields']['author']))
   {
-    $my_search['fields']['author']["access"] = $filters_views["author"]["access"];
+    $my_search['fields']['author']['access'] = $filters_views['author']['access'];
     $filter_clause = get_clause_for_filter('author');
 
     $query = '
@@ -130,7 +130,7 @@ SELECT
 
   if (isset($my_search['fields']['date_posted']))
   {
-    $my_search['fields']['date_posted']["access"] = $filters_views["post_date"]["access"];
+    $my_search['fields']['date_posted']['access'] = $filters_views['post_date']['access'];
     $filter_clause = get_clause_for_filter('date_posted');
     $cache_key = $persistent_cache->make_key('filter_date_posted'.$user['id'].$user['cache_update_time']);
     $set_persistent_cache = !preg_match('/^image_id IN/', $filter_clause) and !$persistent_cache->get($cache_key, $date_posted);
@@ -233,7 +233,7 @@ SELECT
 
   if (isset($my_search['fields']['date_created']))
   {
-    $my_search['fields']['date_created']["access"] = $filters_views["creation_date"]["access"];
+    $my_search['fields']['date_created']['access'] = $filters_views['creation_date']['access'];
     $filter_clause = get_clause_for_filter('date_created');
     $cache_key = $persistent_cache->make_key('filter_date_created'.$user['id'].$user['cache_update_time']);
     $set_persistent_cache = !preg_match('/^image_id IN/', $filter_clause) and !$persistent_cache->get($cache_key, $date_created);
@@ -339,7 +339,7 @@ SELECT
 
   if (isset($my_search['fields']['added_by']))
   {
-    $my_search['fields']['added_by']["access"] = $filters_views["added_by"]["access"];
+    $my_search['fields']['added_by']['access'] = $filters_views['added_by']['access'];
     $filter_clause = get_clause_for_filter('added_by');
 
     $query = '
@@ -403,7 +403,7 @@ SELECT
 
   if (isset($my_search['fields']['cat']))
   {
-    $my_search['fields']['cat']["access"] = $filters_views["album"]["access"];
+    $my_search['fields']['cat']['access'] = $filters_views['album']['access'];
     
     if (!empty($my_search['fields']['cat']['words']))
     {
@@ -439,7 +439,7 @@ SELECT
 
   if (isset($my_search['fields']['filetypes']))
   {
-    $my_search['fields']['filetypes']["access"] = $filters_views["file_type"]["access"];
+    $my_search['fields']['filetypes']['access'] = $filters_views['file_type']['access'];
     $filter_clause = get_clause_for_filter('filetypes');
 
     // get all file extensions for this user in the gallery, whatever the current filters
@@ -495,7 +495,7 @@ SELECT
     
     if (isset($my_search['fields']['ratings']))
     {
-      $my_search['fields']['ratings']["access"] = $filters_views["rating"]["access"];
+      $my_search['fields']['ratings']['access'] = $filters_views['rating']['access'];
       $filter_clause = get_clause_for_filter('ratings');
 
       $cache_key = $persistent_cache->make_key('filter_ratings'.$user['id'].$user['cache_update_time']);
@@ -558,8 +558,8 @@ SELECT
   // For filesize
   if (isset($my_search['fields']['filesize_min']) && isset($my_search['fields']['filesize_max']))
   {
-    $my_search['fields']['filesize_min']["access"] = $filters_views["file_size"]["access"];
-    $my_search['fields']['filesize_max']["access"] = $filters_views["file_size"]["access"];
+    $my_search['fields']['filesize_min']['access'] = $filters_views['file_size']['access'];
+    $my_search['fields']['filesize_max']['access'] = $filters_views['file_size']['access'];
     $filter_clause = get_clause_for_filter('filesize');
 
     $filesizes = array();
@@ -607,7 +607,7 @@ SELECT
   
   if (isset($my_search['fields']['ratios']))
   {
-    $my_search['fields']['ratios']["access"] = $filters_views["ratio"]["access"];
+    $my_search['fields']['ratios']['access'] = $filters_views['ratio']['access'];
     $filter_clause = get_clause_for_filter('ratios');
 
     $cache_key = $persistent_cache->make_key('filter_ratios'.$user['id'].$user['cache_update_time']);
@@ -677,8 +677,8 @@ SELECT
 
   if (isset($my_search['fields']['height_min']) and isset($my_search['fields']['height_max']))
   {
-    $my_search['fields']['height_min']["access"] = $filters_views["height"]["access"];
-    $my_search['fields']['height_max']["access"] = $filters_views["height"]["access"];
+    $my_search['fields']['height_min']['access'] = $filters_views['height']['access'];
+    $my_search['fields']['height_max']['access'] = $filters_views['height']['access'];
     $filter_clause = get_clause_for_filter('height');
 
     $query = '
@@ -726,8 +726,8 @@ SELECT
 
   if (isset($my_search['fields']['width_min']) and isset($my_search['fields']['width_max']))
   {
-    $my_search['fields']['width_min']["access"] = $filters_views["width"]["access"];
-    $my_search['fields']['width_max']["access"] = $filters_views["width"]["access"];
+    $my_search['fields']['width_min']['access'] = $filters_views['width']['access'];
+    $my_search['fields']['width_max']['access'] = $filters_views['width']['access'];
     $filter_clause = get_clause_for_filter('width');
 
     $query = '
diff --git a/search.php b/search.php
index 6fa152a6d..a8ac83474 100644
--- a/search.php
+++ b/search.php
@@ -32,19 +32,37 @@ $search = array(
 //import the conf for the filters
 $filters_conf = unserialize($conf['filters_views']);
 //change the name of the keys so that they can be used with this part of the program
-$filters_conf = array_combine(array("allwords", "tags", "date_posted", "date_created", "cat", "author", "added_by", "filetypes", "ratios", "ratings", "filesize", "height", "width", "last_filters_conf"), $filters_conf);
+$filters_conf = array_combine
+(
+  array('allwords',
+  'tags',
+  'date_posted',
+  'date_created',
+  'cat',
+  'author',
+  'added_by',
+  'filetypes',
+  'ratios',
+  'ratings',
+  'filesize',
+  'height',
+  'width',
+  'last_filters_conf'
+  ),
+  $filters_conf
+);
 
 //get all default filters
 $default_fields = array();
 foreach($filters_conf as $filt_name => $filt_conf){
-  if(isset($filt_conf["default"])){
-    if($filt_conf["default"] == true){
+  if(isset($filt_conf['default'])){
+    if($filt_conf['default'] == true){
       $default_fields[] = $filt_name;
     }
   }
 }
 
-if (is_a_guest() or is_generic() or $filters_conf["last_filters_conf"]==false)
+if (is_a_guest() or is_generic() or $filters_conf['last_filters_conf']==false)
 {
   $fields = $default_fields;
 }
@@ -149,7 +167,7 @@ foreach (array('added_by', 'filetypes', 'ratios', 'ratings') as $field)
 {
   if (in_array($field, $fields))
   {
-    $search['fields'][$field]["data"] = array();
+    $search['fields'][$field]['data'] = array();
   }
 }
 
@@ -166,7 +184,7 @@ foreach (array('filesize_min', 'filesize_max', 'width_min', 'width_max', 'height
 {
   if (in_array($field, $fields))
   {
-    $search['fields'][$field]["data"] = '';
+    $search['fields'][$field]['data'] = '';
   }
 }
 
diff --git a/themes/default/js/mcs.js b/themes/default/js/mcs.js
index 0c30c5113..b471390fa 100644
--- a/themes/default/js/mcs.js
+++ b/themes/default/js/mcs.js
@@ -22,10 +22,22 @@ $(document).ready(function () {
   });
 
   global_params.search_id = search_id;
+  filt_perms = {};
 
   if (!global_params.fields) {
     global_params.fields = {};
   }
+  else{
+    for(var filter_name in global_params.fields){
+      if (global_params.fields[filter_name]['access'] == 'everybody' || (global_params.fields[filter_name]['access'] == 'admins-only' && user_rank == 'admin') || (global_params.fields[filter_name]['access'] == 'registered-users' && user_rank == 'user'))
+      {
+        filt_perms[filter_name] = true;
+      }
+      else{
+        filt_perms[filter_name] = false;
+      }
+    }
+  }
 
   // Declare params sent to pwg.images.filteredSearch.update
   // PS for performSearch()
@@ -36,7 +48,7 @@ $(document).ready(function () {
   filters_to_remove = [];
 
   // Setup word filter
-  if (global_params.fields.allwords  && (global_params.fields.allwords.access == "everybody" || (global_params.fields.allwords.access == "admins-only" && user_rank == "admin") || (global_params.fields.allwords.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.allwords  && filt_perms['allwords']) {
     $(".filter-word").css("display", "flex");
     $(".filter-manager-controller.word").prop("checked", true);
 
@@ -79,10 +91,10 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.allwords);
   }
 
-  else if (global_params.fields.allwords  && !(global_params.fields.allwords.access == "everybody" || (global_params.fields.allwords.access == "admins-only" && user_rank == "admin") || (global_params.fields.allwords.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.allwords  && !(filt_perms['allwords']))
   {
     updateFilters('word', 'del');
-    filters_to_remove.push("allwords");
+    filters_to_remove.push('allwords');
   }
 
   //Hide filter spinner
@@ -97,7 +109,7 @@ $(document).ready(function () {
     });
   });
   
-  if (global_params.fields.tags && (global_params.fields.tags.access == "everybody" || (global_params.fields.tags.access == "admins-only" && user_rank == "admin") || (global_params.fields.tags.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.tags && filt_perms['tags']) {
     $(".filter-tag").css("display", "flex");
     $(".filter-manager-controller.tags").prop("checked", true);
     $(".filter-tag-form .search-params input[value=" + global_params.fields.tags.mode + "]").prop("checked", true);
@@ -124,14 +136,14 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.tags);
   }
 
-  else if (global_params.fields.tags && !(global_params.fields.tags.access == "everybody" || (global_params.fields.tags.access == "admins-only" && user_rank == "admin") || (global_params.fields.tags.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.tags && !(filt_perms['tags']))
   {
     updateFilters('tag', 'del');
-    filters_to_remove.push("tags");
+    filters_to_remove.push('tags');
   }
 
   // Setup Date post filter
-  if (global_params.fields.date_posted && (global_params.fields.date_posted.access == "everybody" || (global_params.fields.date_posted.access == "admins-only" && user_rank == "admin") || (global_params.fields.date_posted.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.date_posted && filt_perms['date_posted']) {
 
     $(".filter-date_posted").css("display", "flex");
     $(".filter-manager-controller.date_posted").prop("checked", true);
@@ -241,15 +253,15 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.date_posted_custom);
   }
 
-  else if (global_params.fields.date_posted && !(global_params.fields.date_posted.access == "everybody" || (global_params.fields.date_posted.access == "admins-only" && user_rank == "admin") || (global_params.fields.date_posted.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.date_posted && !(filt_perms['date_posted']))
   {
     updateFilters('date_posted', 'del');
-    filters_to_remove.push("date_posted");
+    filters_to_remove.push('date_posted');
   }
 
   // Setup Date creation filter
 
-  if (global_params.fields.date_created && (global_params.fields.date_created.access == "everybody" || (global_params.fields.date_created.access == "admins-only" && user_rank == "admin") || (global_params.fields.date_created.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.date_created && filt_perms['date_created']) {
     $(".filter-date_created").css("display", "flex");
     $(".filter-manager-controller.date_created").prop("checked", true);
 
@@ -357,14 +369,14 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.date_created_custom);
   }
 
-  else if (global_params.fields.date_created && !(global_params.fields.date_created.access == "everybody" || (global_params.fields.date_created.access == "admins-only" && user_rank == "admin") || (global_params.fields.date_created.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.date_created && !(filt_perms['date_created']))
   {
     updateFilters('date_created', 'del');
-    filters_to_remove.push("date_created");
+    filters_to_remove.push('date_created');
   }
 
   // Setup album filter
-  if (global_params.fields.cat && (global_params.fields.cat.access == "everybody" || (global_params.fields.cat.access == "admins-only" && user_rank == "admin") || (global_params.fields.cat.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.cat && filt_perms['cat']) {
     $(".filter-album").css("display", "flex");
     $(".filter-manager-controller.album").prop("checked", true);
   
@@ -416,10 +428,10 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.categories);
   }
 
-  else if (global_params.fields.cat && !(global_params.fields.cat.access == "everybody" || (global_params.fields.cat.access == "admins-only" && user_rank == "admin") || (global_params.fields.cat.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.cat && !(filt_perms['cat']))
   {
     updateFilters('album', 'del');
-    filters_to_remove.push("cat");
+    filters_to_remove.push('cat');
   }
   
   // Setup author filter
@@ -429,7 +441,7 @@ $(document).ready(function () {
       maxOptions:$(this).find("option").length,
       items: global_params.fields.author ? global_params.fields.author.words : null,
     });
-    if (global_params.fields.author && (global_params.fields.author.access == "everybody" || (global_params.fields.author.access == "admins-only" && user_rank == "admin") || (global_params.fields.author.access == "registered-users" && user_rank == "user"))) {
+    if (global_params.fields.author && filt_perms['author']) {
       $(".filter-authors").css("display", "flex");
       $(".filter-manager-controller.author").prop("checked", true);
 
@@ -454,15 +466,15 @@ $(document).ready(function () {
       empty_filters_list.push(PS_params.authors);
     }
 
-    else if (global_params.fields.author && !(global_params.fields.author.access == "everybody" || (global_params.fields.author.access == "admins-only" && user_rank == "admin") || (global_params.fields.author.access == "registered-users" && user_rank == "user")))
+    else if (global_params.fields.author && !(filt_perms['author']))
     {
       updateFilters('author', 'del');
-      filters_to_remove.push("author");
+      filters_to_remove.push('author');
     }
   });
 
   // Setup added_by filter
-  if (global_params.fields.added_by && (global_params.fields.added_by.access == "everybody" || (global_params.fields.added_by.access == "admins-only" && user_rank == "admin") || (global_params.fields.added_by.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.added_by && filt_perms['added_by']) {
     $(".filter-added_by").css("display", "flex");
     $(".filter-manager-controller.added_by").prop("checked", true);
 
@@ -496,14 +508,14 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.added_by);
   }
 
-  else if (global_params.fields.added_by && !(global_params.fields.added_by.access == "everybody" || (global_params.fields.added_by.access == "admins-only" && user_rank == "admin") || (global_params.fields.added_by.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.added_by && !(filt_perms['added_by']))
   {
     updateFilters('added_by', 'del');
-    filters_to_remove.push("added_by");
+    filters_to_remove.push('added_by');
   }
 
   // Setup filetypes filter
-  if (global_params.fields.filetypes && (global_params.fields.filetypes.access == "everybody" || (global_params.fields.filetypes.access == "admins-only" && user_rank == "admin") || (global_params.fields.filetypes.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.filetypes && filt_perms['filetypes']) {
     $(".filter-filetypes").css("display", "flex");
     $(".filter-manager-controller.filetypes").prop("checked", true);
 
@@ -534,14 +546,14 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.filetypes);
   }
 
-  else if (global_params.fields.filetypes && !(global_params.fields.filetypes.access == "everybody" || (global_params.fields.filetypes.access == "admins-only" && user_rank == "admin") || (global_params.fields.filetypes.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.filetypes && !(filt_perms['filetypes']))
   {
     updateFilters('filetypes', 'del');
-    filters_to_remove.push("filetypes");
+    filters_to_remove.push('filetypes');
   }
 
   // Setup Ratio filter
-  if (global_params.fields.ratios && (global_params.fields.ratios.access == "everybody" || (global_params.fields.ratios.access == "admins-only" && user_rank == "admin") || (global_params.fields.ratios.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.ratios && filt_perms['ratios']) {
     $(".filter-ratios").css("display", "flex");
     $(".filter-manager-controller.ratios").prop("checked", true);
 
@@ -572,14 +584,14 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.ratios);
   }
 
-  else if (global_params.fields.ratios && !(global_params.fields.ratios.access == "everybody" || (global_params.fields.ratios.access == "admins-only" && user_rank == "admin") || (global_params.fields.ratios.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.ratios && !(filt_perms['ratios']))
   {
     updateFilters('ratios', 'del');
-    filters_to_remove.push("ratios");
+    filters_to_remove.push('ratios');
   }
 
   // Setup rating filter
-  if (global_params.fields.ratings && show_filter_ratings && (global_params.fields.ratings.access == "everybody" || (global_params.fields.ratings.access == "admins-only" && user_rank == "admin") || (global_params.fields.ratings.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.ratings && show_filter_ratings && filt_perms['ratings']) {
 
     $(".filter-ratings").css("display", "flex");
     $(".filter-manager-controller.ratings").prop("checked", true);
@@ -626,14 +638,14 @@ $(document).ready(function () {
 
     empty_filters_list.push(PS_params.ratings);
   }
-  else if (global_params.fields.ratings && (!show_filter_ratings || global_params.fields.ratings && !(global_params.fields.ratings.access == "everybody" || (global_params.fields.ratings.access == "admins-only" && user_rank == "admin") || (global_params.fields.ratings.access == "registered-users" && user_rank == "user"))))
+  else if (global_params.fields.ratings && (!show_filter_ratings || global_params.fields.ratings && !(filt_perms['ratings'])))
   {
     updateFilters('ratings', 'del');
-    filters_to_remove.push("ratings");
+    filters_to_remove.push('ratings');
   }
 
   // Setup filesize filter
-  if (global_params.fields.filesize_min != null && global_params.fields.filesize_max != null && (global_params.fields.filesize_min.access == "everybody" || (global_params.fields.filesize_min.access == "admins-only" && user_rank == "admin") || (global_params.fields.filesize_min.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.filesize_min != null && global_params.fields.filesize_max != null && filt_perms['filesize_min']) {
 
     $(".filter-filesize").css("display", "flex");
     $(".filter-manager-controller.filesize").prop("checked", true);
@@ -676,14 +688,14 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.filesize_max);
   }
 
-  else if (global_params.fields.filesize_min != null && global_params.fields.filesize_max != null && !(global_params.fields.filesize_min.access == "everybody" || (global_params.fields.filesize_min.access == "admins-only" && user_rank == "admin") || (global_params.fields.filesize_min.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.filesize_min != null && global_params.fields.filesize_max != null && !(filt_perms['filesize_min']))
   {
     updateFilters('filesize', 'del');
-    filters_to_remove.push("filesize");
+    filters_to_remove.push('filesize');
   }
 
   // Setup Height filter
-  if (global_params.fields.height_min != null && global_params.fields.height_max != null && (global_params.fields.height_min.access == "everybody" || (global_params.fields.height_min.access == "admins-only" && user_rank == "admin") || (global_params.fields.height_min.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.height_min != null && global_params.fields.height_max != null && filt_perms['height_min']) {
     $(".filter-height").css("display", "flex");
     $(".filter-manager-controller.height").prop("checked", true);
     $(".filter.filter-height .slider-info").html(sprintf(sliders.heights.text,sliders.heights.selected.min,sliders.heights.selected.max));
@@ -716,14 +728,14 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.height_max);
   }
 
-  else if (global_params.fields.height_min != null && global_params.fields.height_max != null && !(global_params.fields.height_min.access == "everybody" || (global_params.fields.height_min.access == "admins-only" && user_rank == "admin") || (global_params.fields.height_min.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.height_min != null && global_params.fields.height_max != null && !(filt_perms['height_min']))
   {
     updateFilters('height', 'del');
-    filters_to_remove.push("height");
+    filters_to_remove.push('height');
   }
 
   // Setup Width filter
-  if (global_params.fields.width_min != null && global_params.fields.width_max != null && (global_params.fields.width_min.access == "everybody" || (global_params.fields.width_min.access == "admins-only" && user_rank == "admin") || (global_params.fields.width_min.access == "registered-users" && user_rank == "user"))) {
+  if (global_params.fields.width_min != null && global_params.fields.width_max != null && filt_perms['width_min']) {
     $(".filter-width").css("display", "flex");
     $(".filter-manager-controller.width").prop("checked", true);
     $(".filter.filter-width .slider-info").html(sprintf(sliders.widths.text,sliders.widths.selected.min,sliders.widths.selected.max));
@@ -756,10 +768,10 @@ $(document).ready(function () {
     empty_filters_list.push(PS_params.width_max);
   }
 
-  else if (global_params.fields.width_min != null && global_params.fields.width_max != null && !(global_params.fields.width_min.access == "everybody" || (global_params.fields.width_min.access == "admins-only" && user_rank == "admin") || (global_params.fields.width_min.access == "registered-users" && user_rank == "user")))
+  else if (global_params.fields.width_min != null && global_params.fields.width_max != null && !(filt_perms['width_min']))
   {
     updateFilters('width', 'del');
-    filters_to_remove.push("width");
+    filters_to_remove.push('width');
   }
 
   if(filters_to_remove.length > 0){
diff --git a/themes/default/template/include/search_filters.inc.tpl b/themes/default/template/include/search_filters.inc.tpl
index aad13dd3b..5eeb49575 100644
--- a/themes/default/template/include/search_filters.inc.tpl
+++ b/themes/default/template/include/search_filters.inc.tpl
@@ -109,81 +109,81 @@ const prefix_icon = 'gallery-icon-';
       <div class="mcs-popin-title">{'Choose filters'|@translate}</div>
 
       <div class="filter-manager-controller-container">
-        {if $display_filter.words.access == "everybody" or ($display_filter.words.access == "admins-only" and is_admin()) or ($display_filter.words.access == "registered-users" and is_classic_user())}
+        {if $display_filter.words.access == 'everybody' or ($display_filter.words.access == 'admins-only' and is_admin()) or ($display_filter.words.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='word' class="filter-manager-controller word" type="checkbox"/>
           <span class="mcs-icon gallery-icon-search">{'Search for words'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.tags.access == "everybody" or ($display_filter.tags.access == "admins-only" and is_admin()) or ($display_filter.tags.access == "registered-users" and is_classic_user())}
+        {if $display_filter.tags.access == 'everybody' or ($display_filter.tags.access == 'admins-only' and is_admin()) or ($display_filter.tags.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='tag' class="filter-manager-controller tags" type="checkbox"/>
           <span class="mcs-icon gallery-icon-tag">{'Tag'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.post_date.access == "everybody" or ($display_filter.post_date.access == "admins-only" and is_admin()) or ($display_filter.post_date.access == "registered-users" and is_classic_user())}
+        {if $display_filter.post_date.access == 'everybody' or ($display_filter.post_date.access == 'admins-only' and is_admin()) or ($display_filter.post_date.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='date_posted' class="filter-manager-controller date_posted" type="checkbox"/>
           <span class="mcs-icon gallery-icon-calendar-plus">{'Post date'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.creation_date.access == "everybody" or ($display_filter.creation_date.access == "admins-only" and is_admin()) or ($display_filter.creation_date.access == "registered-users" and is_classic_user())}
+        {if $display_filter.creation_date.access == 'everybody' or ($display_filter.creation_date.access == 'admins-only' and is_admin()) or ($display_filter.creation_date.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='date_created' class="filter-manager-controller date_created" type="checkbox"/>
           <span class="mcs-icon gallery-icon-calendar">{'Creation date'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.album.access == "everybody" or ($display_filter.album.access == "admins-only" and is_admin()) or ($display_filter.album.access == "registered-users" and is_classic_user())}
+        {if $display_filter.album.access == 'everybody' or ($display_filter.album.access == 'admins-only' and is_admin()) or ($display_filter.album.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='album' class="filter-manager-controller album" type="checkbox"/>
           <span class="mcs-icon gallery-icon-album">{'Album'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.author.access == "everybody" or ($display_filter.author.access == "admins-only" and is_admin()) or ($display_filter.author.access == "registered-users" and is_classic_user())}
+        {if $display_filter.author.access == 'everybody' or ($display_filter.author.access == 'admins-only' and is_admin()) or ($display_filter.author.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='authors' class="filter-manager-controller author" type="checkbox"/>
           <span class="mcs-icon gallery-icon-user-edit">{'Author'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.added_by.access == "everybody" or ($display_filter.added_by.access == "admins-only" and is_admin()) or ($display_filter.added_by.access == "registered-users" and is_classic_user())}
+        {if $display_filter.added_by.access == 'everybody' or ($display_filter.added_by.access == 'admins-only' and is_admin()) or ($display_filter.added_by.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='added_by' class="filter-manager-controller added_by" type="checkbox"/>
           <span class="mcs-icon gallery-icon-user">{'Added by'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.file_type.access == "everybody" or ($display_filter.file_type.access == "admins-only" and is_admin()) or ($display_filter.file_type.access == "registered-users" and is_classic_user())}
+        {if $display_filter.file_type.access == 'everybody' or ($display_filter.file_type.access == 'admins-only' and is_admin()) or ($display_filter.file_type.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='filetypes' class="filter-manager-controller filetypes" type="checkbox"/>
           <span class="mcs-icon gallery-icon-file-image">{'File type'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.ratio.access == "everybody" or ($display_filter.ratio.access == "admins-only" and is_admin()) or ($display_filter.ratio.access == "registered-users" and is_classic_user())}
+        {if $display_filter.ratio.access == 'everybody' or ($display_filter.ratio.access == 'admins-only' and is_admin()) or ($display_filter.ratio.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='ratios' class="filter-manager-controller ratios" type="checkbox"/>
           <span class="mcs-icon gallery-icon-crop">{'Ratio'|@translate}</span>
         </label>
         {/if}
 {if $SHOW_FILTER_RATINGS and isset($SHOW_FILTER_RATINGS)}
-  {if $display_filter.rating.access == "everybody" or ($display_filter.rating.access == "admins-only" and is_admin()) or ($display_filter.rating.access == "registered-users" and is_classic_user())}
+  {if $display_filter.rating.access == 'everybody' or ($display_filter.rating.access == 'admins-only' and is_admin()) or ($display_filter.rating.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='ratings' class="filter-manager-controller ratings" type="checkbox"/>
           <span class="mcs-icon gallery-icon-star-1">{'Rating'|@translate}</span>
         </label>
   {/if}  
 {/if}
-        {if $display_filter.file_size.access == "everybody" or ($display_filter.file_size.access == "admins-only" and is_admin()) or ($display_filter.file_size.access == "registered-users" and is_classic_user())}
+        {if $display_filter.file_size.access == 'everybody' or ($display_filter.file_size.access == 'admins-only' and is_admin()) or ($display_filter.file_size.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='filesize' class="filter-manager-controller filesize" type="checkbox"/>
           <span class="mcs-icon gallery-icon-hdd">{'Filesize'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.height.access == "everybody" or ($display_filter.height.access == "admins-only" and is_admin()) or ($display_filter.height.access == "registered-users" and is_classic_user())}
+        {if $display_filter.height.access == 'everybody' or ($display_filter.height.access == 'admins-only' and is_admin()) or ($display_filter.height.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='height' class="filter-manager-controller height" type="checkbox"/>
           <span class="mcs-icon gallery-icon-height">{'Height'|@translate}</span>
         </label>
         {/if}
-        {if $display_filter.width.access == "everybody" or ($display_filter.width.access == "admins-only" and is_admin()) or ($display_filter.width.access == "registered-users" and is_classic_user())}
+        {if $display_filter.width.access == 'everybody' or ($display_filter.width.access == 'admins-only' and is_admin()) or ($display_filter.width.access == 'registered-users' and is_classic_user())}
         <label>
           <input data-wid='width' class="filter-manager-controller width" type="checkbox"/>
           <span class="mcs-icon gallery-icon-width">{'Width'|@translate}</span>