Users able to delete own pictures Users able to delete own pictures
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Users able to delete own pictures

Started by MerNion, November 26, 2011, 08:38:56 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

MerNion

November 26, 2011, 08:38:56 PM
Even though i have "Allow users to retain control over their pics in public galleries" NOT checked, a user is able to navigate to:
http://www.air-born.gr/gallery/editpics.php?album=XX&start=0&count=25 and if he has uploaded any pictures to that album, they show up and he can delete it, reset view count, reset votes and delete comments..

I didn't find any direct link or way to go to editpics.php but if you just paste the url with the correct album id, then it appears you have access to it..

This doesn't happen for some older pictures i have uploaded to another album.. If i use album=1, then i get "Information Album is empty" even though i do have also uploaded pictures to that album.. For all other albums i seem to be able to do anything i want with the pictures..

Why might this be happening?
Thanks

ΑndrĂ©

#1
November 28, 2011, 04:27:11 PM
Quote from: MerNion on November 26, 2011, 08:38:56 PM
If i use album=1, then i get "Information Album is empty" even though i do have also uploaded pictures to that album
For regular users editpics.php lists only files uploaded by this user. Does that album contain pictures upload by the affected user?


Quote from: MerNion on November 26, 2011, 08:38:56 PM
Why might this be happening?
Has to be reviewed.
Print
Go Up Pages1
User actions