SQL: Better sanity checking and SQL generation for image display
This commit is contained in:
parent
0f34f2340a
commit
396ea6c6b9
|
@ -30,21 +30,29 @@ $download = isset($_REQUEST['down']);
|
|||
|
||||
$photo_sel = "";
|
||||
|
||||
if (!$photo_id) {
|
||||
if (!$version) {
|
||||
/* Sanity check Photo ID -- REQUIRED argument */
|
||||
if (!$photo_id || !is_numeric($photo_id)) {
|
||||
header("HTTP/1.1 404 Not found");
|
||||
exit();
|
||||
}
|
||||
} else {
|
||||
if (is_numeric($photo_id))
|
||||
$photo_sel = "and photo.identifier = '$photo_id'";
|
||||
else
|
||||
$photo_sel = "and false is true";
|
||||
}
|
||||
}
|
||||
/* Sanity check Photo Version -- OPTIONAL argument */
|
||||
if ($version && !is_numeric($version)) {
|
||||
header("HTTP/1.1 404 Not found");
|
||||
exit();
|
||||
}
|
||||
/* Sanity check Image Size -- OPTIONAL argument */
|
||||
if ($image_size && !is_numeric($image_size)) {
|
||||
header("HTTP/1.1 404 Not found");
|
||||
exit();
|
||||
}
|
||||
|
||||
/* Figure out SQL based on image */
|
||||
$photo_sel = " photo.identifier = '$photo_id' ";
|
||||
$photo_sel .= $version ? " and photo_version.identifier='$version' " : " and photo_version.master='t' ";
|
||||
|
||||
/* Translate image sizes */
|
||||
switch ($image_size) {
|
||||
case '':
|
||||
case FALSE:
|
||||
$image_size = 1;
|
||||
break;
|
||||
case 3:
|
||||
|
@ -60,15 +68,13 @@ ini_set('zlib.output_compression', 'Off');
|
|||
$database = site_prolog();
|
||||
$cache_ctrl = FALSE;
|
||||
|
||||
$version_selector = $version ? "photo_version.identifier=$version" : "photo_version.master='t'";
|
||||
|
||||
$photo_data = pg_fetch_assoc(pg_query($database, "
|
||||
select users, access_rights, hide_original, original_image_name,
|
||||
get_image_path(photo_version.identifier, $image_size) as path,
|
||||
can_access_photo(photo.identifier, $po_user[id], '{".$passwords."}') as ok
|
||||
from photo left join photo_version on photo.identifier = photo_version.photo
|
||||
where $version_selector
|
||||
$photo_sel"));
|
||||
where $photo_sel"));
|
||||
if (!$photo_data) {
|
||||
header("HTTP/1.1 404 Not found");
|
||||
site_epilog($database);
|
||||
|
|
Loading…
Reference in New Issue