[Fixed]: Selecting private pics as a category thumbnail. [Fixed]: Selecting private pics as a category thumbnail.
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Fixed]: Selecting private pics as a category thumbnail.

Started by Nibbler, February 04, 2009, 11:42:21 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Nibbler

See http://forum.coppermine-gallery.net/index.php/topic,56992.0.html

Code in question is index.php


                if ($subcat['thumb'] > 0) {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$subcat['thumb']}'" . $pic_filter;
                    $result = cpg_db_query($sql);
                    if (mysql_num_rows($result)) {
                        $picture = mysql_fetch_array($result);
                        mysql_free_result($result);
                        $pic_url = get_pic_url($picture, 'thumb');
                        if (!is_image($picture['filename'])) {
                            $image_info = getimagesize(urldecode($pic_url));
                            $picture['pwidth'] = $image_info[0];
                            $picture['pheight'] = $image_info[1];
                        }
                        $image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size']);
                        $user_thumb = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"\" />";
                        $user_thumb = "<a href=\"index.php?cat={$subcat['cid']}\">" . $user_thumb . "</a>";
                    }
                } else {
                    $user_thumb = "";
                }


That mysql_num_rows() check needs an else for the case of the category thumbnail failing the permission check added by $pic_filter. As it is now $user_thumb is kept around from the previous loop, and gets also indented each time.

I'm not sure if the real bug is being able to select such a thumbnail in the first place, but that's not readily fixable since permissions can of course be changed after the cat thumb is set.

I think we should either display no thumbnail or use the 'private icon', same as for albums.

Joachim Müller

Quote from: Nibbler on February 04, 2009, 11:42:21 PM
I think we should either display no thumbnail or use the 'private icon', same as for albums.
I vote for option 1.