4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: V@no on November 12, 2005, 08:43:39 PM

Title: [1.7 / 1.7.1] Download images that not allowed to be viewed
Post by: V@no on November 12, 2005, 08:43:39 PM

This fix will fix a bug that allow visitors download images even these which they are not allowed to view. Also will fix proper redirection to the details page for the clients with blocked referer page.

In download.php find:

Code: [Select]

          WHERE image_active = 1 AND image_id IN ($image_id_sql) AND cat_id NOT IN (".get_auth_cat_sql("auth_download", "NOTIN").")";
Replace it with:

Code: [Select]

          WHERE image_active = 1 AND image_id IN ($image_id_sql) AND cat_id NOT IN (".get_auth_cat_sql("auth_viewimage", "NOTIN").", ".get_auth_cat_sql("auth_viewcat", "NOTIN").get_auth_cat_sql("auth_download", "NOTIN").")";
Then find:

Code: [Select]

  if (!check_permission("auth_download", $image_row['cat_id']) || !$image_row) {
    header("Location: ".$site_sess->url($url, "&"));
    exit;
  }
Replace it with:

Code: [Select]

  if (!$image_row || !check_permission("auth_viewcat", $image_row['cat_id']) || !check_permission("auth_viewimage", $image_row['cat_id'])) {
    header("Location: ".$site_sess->url($url, "&"));
    exit;
  }
  else
  {
    if (!check_permission("auth_download", $image_row['cat_id']))
    {
//      header("Location: ".$site_sess->url($url, "&"));
      header("Location: ".$site_sess->url(ROOT_PATH."details.php?image_id=".$image_id, "&"));
      exit;
    }
  }

Title: Re: [1.7 / 1.7.1] Download images that not allowed to be viewed
Post by: 8o8o8.com on June 20, 2006, 09:52:38 AM

thankx