See
http://forum.coppermine-gallery.net/index.php/topic,56992.0.htmlCode in question is index.php
if ($subcat['thumb'] > 0) {
$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$subcat['thumb']}'" . $pic_filter;
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$picture = mysql_fetch_array($result);
mysql_free_result($result);
$pic_url = get_pic_url($picture, 'thumb');
if (!is_image($picture['filename'])) {
$image_info = getimagesize(urldecode($pic_url));
$picture['pwidth'] = $image_info[0];
$picture['pheight'] = $image_info[1];
}
$image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size']);
$user_thumb = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"\" />";
$user_thumb = "<a href=\"index.php?cat={$subcat['cid']}\">" . $user_thumb . "</a>";
}
} else {
$user_thumb = "";
}
That mysql_num_rows() check needs an else for the case of the category thumbnail failing the permission check added by $pic_filter. As it is now $user_thumb is kept around from the previous loop, and gets also indented each time.
I'm not sure if the real bug is being able to select such a thumbnail in the first place, but that's not readily fixable since permissions can of course be changed after the cat thumb is set.
I think we should either display no thumbnail or use the 'private icon', same as for albums.
