Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: non-admin-approved images showing up in albums with keywords set  (Read 3378 times)

0 Members and 1 Guest are viewing this topic.

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray

Ambiguous order of operations in an sql clause were allowing non-admin-approved images to be shown in albums that had a keyword set.

Problem SQL example:
Code: [Select]
SELECT pid, filepath, filename, url_prefix, filesize, pwidth, pheight, ctime, aid, keywords, title, caption,hits,owner_id,owner_name from cpg140_pictures WHERE (aid='3'  ) OR (keywords like '%Everybody%'  ) AND approved='YES'  ORDER BY filename ASC  LIMIT 0 ,12

Fixed SQL example:
Code: [Select]
SELECT pid, filepath, filename, url_prefix, filesize, pwidth, pheight, ctime, aid, keywords, title, caption,hits,owner_id,owner_name from cpg140_pictures WHERE ((aid='3'  ) OR (keywords like '%Everybody%'  )) AND approved='YES'  ORDER BY filename ASC  LIMIT 0 ,12

fix committed.
Logged

Titooy

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Posts: 736
    • under construction...
Re: non-admin-approved images showing up in albums with keywords set
« Reply #1 on: January 17, 2006, 05:21:07 pm »

This is certainly related : the picture count in the categories list and the overal stats includes non-admin-approved images. While it's shown correctly on the album's picture count.
Logged
Pages: [1]   Go Up
 

Page created in 0.016 seconds with 18 queries.