non-admin-approved images showing up in albums with keywords set non-admin-approved images showing up in albums with keywords set
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

non-admin-approved images showing up in albums with keywords set

Started by donnoman, November 25, 2005, 12:52:37 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

donnoman

November 25, 2005, 12:52:37 AM
Ambiguous order of operations in an sql clause were allowing non-admin-approved images to be shown in albums that had a keyword set.

Problem SQL example:
Code Select

SELECT pid, filepath, filename, url_prefix, filesize, pwidth, pheight, ctime, aid, keywords, title, caption,hits,owner_id,owner_name from cpg140_pictures WHERE (aid='3'  ) OR (keywords like '%Everybody%'  ) AND approved='YES'  ORDER BY filename ASC  LIMIT 0 ,12


Fixed SQL example:
Code Select

SELECT pid, filepath, filename, url_prefix, filesize, pwidth, pheight, ctime, aid, keywords, title, caption,hits,owner_id,owner_name from cpg140_pictures WHERE ((aid='3'  ) OR (keywords like '%Everybody%'  )) AND approved='YES'  ORDER BY filename ASC  LIMIT 0 ,12


fix committed.

Titooy

#1
January 17, 2006, 05:21:07 PM
This is certainly related : the picture count in the categories list and the overal stats includes non-admin-approved images. While it's shown correctly on the album's picture count.
Print
Go Up Pages1
User actions