Advanced search  


cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.

Pages: [1]   Go Down

Author Topic: FORBIDDEN_SET $visibility  (Read 2421 times)

0 Members and 1 Guest are viewing this topic.


  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
FORBIDDEN_SET $visibility
« on: September 26, 2005, 03:10:54 pm »

Hi devs, I'm again trying to mod something.. however this time I'm somehow lost cause either I'm to stupid to get it or there's just redundant code... if I just don't get it I'll have some heavy problems with the privacy settings

So after long talking here my lil question... why is this code in index
Code: [Select]
if ($visibility == '0' || $visibility == (FIRST_USER_CAT + USER_ID) || in_array($visibility, $USER_DATA['groups']) || $USER_DATA['can_see_all_albums'] || $CONFIG['allow_private_albums']==0) {
If I don't have private albums... no problem at all... this doesn't change anything.
If I do have them, then in get_private_album_set() FORBIDDEN_SET defines what pics to get from the picture table... and all private stuff that the user isn't allowed to see won't get pulled. So the above mentioned if clause in index is doing nothing at all... ???? Or am I wrong here
I've added above each visibility=0 just to check what's happening. So far I couldn't see any drawbacks.

ahmm.. edit... I'm talking about all 4 occurances of that code
Pages: [1]   Go Up

Page created in 0.016 seconds with 20 queries.