Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: $CONFIG['users_can_edit_pics'] still valid? picEditor.php  (Read 5603 times)

0 Members and 1 Guest are viewing this topic.

the_todd

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 42
    • JoomBla!
$CONFIG['users_can_edit_pics'] still valid? picEditor.php
« on: July 12, 2005, 12:45:58 am »

picEditor.php line 80:
Code: [Select]
if (!(GALLERY_ADMIN_MODE || $CURRENT_PIC['category'] == FIRST_USER_CAT + USER_ID || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC['owner_id'] == USER_ID)) || !USER_ID) {cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);};
is $CONFIG['users_can_edit_pics'] still valid?, On my gallery this is barring me from editing pics because it is set to 0, by default I believe, but there is nowhere that I see in the gallery config to set "users can edit pics" to yes. Seems like it should go under the category: Files and thumbnails advanced settings.

Also, there is no 'category' column in the cpg140_ pictures talbe to make $CURRENT_PIC['category'] in this query in the same spot as above.
Code: [Select]
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = '$pid'");
        $CURRENT_PIC = mysql_fetch_array($result);
if (!(GALLERY_ADMIN_MODE || $CURRENT_PIC['category'] == FIRST_USER_CAT + USER_ID || ($CURRENT_PIC['owner_id'] == USER_ID)) || !USER_ID) {cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);};
~Todd
« Last Edit: September 12, 2005, 08:54:51 am by TranzNDance »
Logged

Nibbler

  • Guest
Re: $CONFIG['users_can_edit_pics'] still valid? picEditor.php
« Reply #1 on: July 12, 2005, 12:56:02 am »

Look it up in the lang file

Code: [Select]
array('Allow users to retain control over their pics in public galleries', 'users_can_edit_pics',
I'll take a look at that code, thanks.
Logged

the_todd

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 42
    • JoomBla!
Re: $CONFIG['users_can_edit_pics'] still valid? picEditor.php
« Reply #2 on: July 12, 2005, 04:35:03 am »

Thanks I should have thought to look there. Anyways, there still remains the issue with the unnecessary
Code: [Select]
$CURRENT_PIC['category'] == FIRST_USER_CAT + USER_ID in the if since it doesn't exist.

Todd
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: $CONFIG['users_can_edit_pics'] still valid? picEditor.php
« Reply #3 on: July 31, 2005, 03:38:02 pm »

[moderation]
bumping this unresolved thread to the top...
Logged

omniscientdeveloper

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 901
Re: $CONFIG['users_can_edit_pics'] still valid? picEditor.php
« Reply #4 on: September 12, 2005, 06:34:26 am »

*BUMP*
Logged

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: $CONFIG['users_can_edit_pics'] still valid? picEditor.php
« Reply #5 on: September 12, 2005, 08:46:48 am »

@Todd - thanks for bringing this to our notice

Removed
Code: [Select]
$CURRENT_PIC['category'] == FIRST_USER_CAT + USER_ID from picEditor.php and committed to CVS.

Aditya
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 19 queries.