[Fix] image display with only a version id is legal.
This commit is contained in:
parent
84ff4a019e
commit
f6ac3d4561
|
@ -30,20 +30,23 @@ $download = isset($_REQUEST['down']);
|
|||
|
||||
$photo_sel = "";
|
||||
|
||||
/* Sanity check Photo ID -- REQUIRED argument */
|
||||
if (!$photo_id || !is_numeric($photo_id)) {
|
||||
header("HTTP/1.1 404 Not found");
|
||||
exit();
|
||||
}
|
||||
/* Sanity check Photo Version -- OPTIONAL argument */
|
||||
if ($version && !is_numeric($version)) {
|
||||
/* We must have one or both of Photo ID and Photo Version */
|
||||
$has_photo = $has_ver = FALSE;
|
||||
if ($photo_id && is_numeric($photo_id)) {
|
||||
$has_photo = TRUE;
|
||||
}
|
||||
if ($version && is_numeric($version)) {
|
||||
$has_ver = TRUE;
|
||||
}
|
||||
if (!$has_photo && !$has_ver) {
|
||||
header("HTTP/1.1 404 Not found");
|
||||
exit();
|
||||
}
|
||||
|
||||
/* Sanity check Image Size -- OPTIONAL argument */
|
||||
if ($image_size && !is_numeric($image_size)) {
|
||||
header("HTTP/1.1 404 Not found");
|
||||
exit();
|
||||
exit();
|
||||
}
|
||||
|
||||
/* Translate image sizes */
|
||||
|
@ -66,15 +69,20 @@ $database = site_prolog();
|
|||
$cache_ctrl = FALSE;
|
||||
|
||||
/* Figure out SQL based on image */
|
||||
$photo_sel = " photo.identifier = '$photo_id' ";
|
||||
$photo_sel .= $version ? " and photo_version.identifier='$version' " : " and photo_version.master='t' ";
|
||||
if ($has_photo) {
|
||||
$photo_sel .= " photo.identifier = '$photo_id' ";
|
||||
$photo_sel .= $has_ver ? " and photo_version.identifier='$version' " : " and photo_version.master='t' ";
|
||||
} elseif ($has_ver) {
|
||||
$photo_sel .= " photo_version.identifier='$version' ";
|
||||
$photo_sel .= " and photo.identifier = photo_version.photo ";
|
||||
}
|
||||
$photo_sel .= " and size = '$image_size' ";
|
||||
|
||||
$photo_data = pg_fetch_assoc(pg_query($database, "
|
||||
select users, access_rights, hide_original, original_image_name,
|
||||
created, filesize, path,
|
||||
can_access_photo(photo.identifier, $po_user[id], '{".$passwords."}') as ok
|
||||
from photo
|
||||
from photo
|
||||
right join photo_version on photo.identifier = photo_version.photo
|
||||
right join files on photo_version.identifier = files.version
|
||||
where $photo_sel"));
|
||||
|
|
Loading…
Reference in New Issue