[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS Update: gleipnir
- To: cvs@lists.cleannorth.org
- Subject: CVS Update: gleipnir
- From: Dan Brosemer <odin@cleannorth.org>
- Date: Sun, 17 Aug 2008 14:39:21 -0400 (EDT)
- List-help: <mailto:cvs-request@lists.cleannorth.org?subject=help>
- List-post: <mailto:cvs@lists.cleannorth.org>
- List-subscribe: <mailto:cvs-request@lists.cleannorth.org?subject=subscribe>
- List-unsubscribe: <mailto:cvs-request@lists.cleannorth.org?subject=unsubscribe>
- Resent-date: Sun, 17 Aug 2008 14:39:25 -0400 (EDT)
- Resent-from: cvs@lists.cleannorth.org
- Resent-message-id: <8fAMrC.A.R-H.zBHqIB@skroob.cleannorth.org>
- Resent-sender: cvs-request@lists.cleannorth.org
Log Message:
-----------
Add group check on delete
Modified Files:
--------------
gleipnir/public_html/gallery:
picture.pl
Revision Data
-------------
Index: picture.pl
===================================================================
RCS file: /cvs/gleipnir/public_html/gallery/picture.pl,v
retrieving revision 1.6
retrieving revision 1.7
diff -Lpublic_html/gallery/picture.pl -Lpublic_html/gallery/picture.pl -u -r1.6 -r1.7
--- public_html/gallery/picture.pl
+++ public_html/gallery/picture.pl
@@ -113,13 +113,15 @@
my $pictureid = $cgi->param('id')||($ENV{PATH_INFO} =~ m%/(\d+)\.(jpg|png|jpeg)$%i)[0];
my $SQL = <<EOT;
-select gallery from gallery_picture
+select gp.gallery, g.gid from gallery_picture gp left join gallery g
+on gp.gallery = g.galleryid
where pictureid = ?
EOT
my $cursor = $dbh->prepare($SQL);
$cursor->execute($pictureid);
- my $gallery = $cursor->fetchrow;
+ my ($gallery, $gid) = $cursor->fetchrow;
+ return $gleipnir->error('403') if defined($gid) and !$gleipnir->ingroup($gid);
$SQL = <<EOT;
delete from gallery_picture
- Prev by Date: CVS Update: svartalfheim.net
- Next by Date: CVS Update: gleipnir
- Previous by thread: CVS Update: gleipnir
- Next by thread: CVS Update: gleipnir
- Index(es):