4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
February 09, 2010, 02:20:13 PM

Login with username, password and session length
Search:     Advanced search
[2009-05-13] 4images 1.7.7 released
[2008-07-23] In memory of manurom
[2009-06-15] 1.7-1.7.7 Security fix in includes/functions.php
Translate this page with google
=>
 Translate this page with Google =>
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 / 1.7.1] Download images that not allowed to be viewed		 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 / 1.7.1] Download images that not allowed to be viewed  (Read 12138 times)
V@no
Don't tell me what to do and I won't say where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 16729

Thank You
-Given: 13
-Receive: 81

mmm PHP...


View Profile WWW
« on: November 12, 2005, 08:43:39 PM »
This fix will fix a bug that allow visitors download images even these which they are not allowed to view. Also will fix proper redirection to the details page for the clients with blocked referer page.

In download.php find:
Code:  [Select]  [Expand]  [Hide line numbers]
1
          WHERE image_active = 1 AND image_id IN ($image_id_sql) AND cat_id NOT IN (".get_auth_cat_sql("auth_download", "NOTIN").")";

Replace it with:
Code:  [Select]  [Expand]  [Hide line numbers]
1
          WHERE image_active = 1 AND image_id IN ($image_id_sql) AND cat_id NOT IN (".get_auth_cat_sql("auth_viewimage", "NOTIN").", ".get_auth_cat_sql("auth_viewcat", "NOTIN").get_auth_cat_sql("auth_download", "NOTIN").")";

Then find:
Code:  [Select]  [Expand]  [Hide line numbers]
1
2
3
4
  if (!check_permission("auth_download", $image_row['cat_id']) || !$image_row) {
    header("Location: ".$site_sess->url($url, "&"));
    exit;
  }

Replace it with:
Code:  [Select]  [Expand]  [Hide line numbers]
1
2
3
4
5
6
7
8
9
10
11
12
13
  if (!$image_row || !check_permission("auth_viewcat", $image_row['cat_id']) || !check_permission("auth_viewimage", $image_row['cat_id'])) {
    header("Location: ".$site_sess->url($url, "&"));
    exit;
  }
  else
  {
    if (!check_permission("auth_download", $image_row['cat_id']))
    {
//      header("Location: ".$site_sess->url($url, "&"));
      header("Location: ".$site_sess->url(ROOT_PATH."details.php?image_id=".$image_id, "&"));
      exit;
    }
  }
Logged
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
8o8o8.com
Newbie
*
Offline Offline

Posts: 10

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #1 on: June 20, 2006, 09:52:38 AM »
thankx
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
piqs.de - Fotocommunity & lizenzfreie Fotos