james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Extra checking for the user being an admin before allowing image replacement.

Browse Source 
Also removed some duplicated code for efficiency.
This commit is contained in:
green-ponies (jgen) 2011-08-30 13:57:14 -04:00
parent 17999cade8
commit c44ed439f8
2 changed files with 52 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ext/image/theme.php
View File

@ -28,7 +28,7 @@ class ImageIOTheme {
"; ";
} }
if($config->get_bool("upload_replace")) { if($config->get_bool("upload_replace") && $user->is_admin()) {
$html .= " $html .= "
".make_form(make_link("image_admin/replace"))." ".make_form(make_link("image_admin/replace"))."
<input type='hidden' name='image_id' value='$i_image_id' /> <input type='hidden' name='image_id' value='$i_image_id' />

36
ext/upload/main.php
View File

@ -77,6 +77,13 @@ class Upload implements Extension {
if (!$config->get_bool("upload_replace")) { if (!$config->get_bool("upload_replace")) {
throw new UploadException("Upload Replacing Images is not enabled."); throw new UploadException("Upload Replacing Images is not enabled.");
} }
// check if the user is an administrator and can upload files.
if (!$user->is_admin() && !$this->can_upload($user)) {
$this->theme->display_permission_denied($page);
}
else
{
if($is_full) { if($is_full) {
throw new UploadException("Can not replace Image: disk nearly full"); throw new UploadException("Can not replace Image: disk nearly full");
} }
@ -85,7 +92,6 @@ class Upload implements Extension {
if (empty($image_id)) { if (empty($image_id)) {
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null; $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
} }
if (empty($image_id)) { if (empty($image_id)) {
throw new UploadException("Can not replace Image: No valid Image ID given."); throw new UploadException("Can not replace Image: No valid Image ID given.");
} }
@ -100,7 +106,7 @@ class Upload implements Extension {
if (count($_FILES) > 1) { if (count($_FILES) > 1) {
throw new UploadException("Can not upload more than one image for replacing."); throw new UploadException("Can not upload more than one image for replacing.");
} }
if($this->can_upload($user)) {
if (count($_FILES)) { if (count($_FILES)) {
foreach($_FILES as $file) { foreach($_FILES as $file) {
$ok = $this->try_upload($file, $tags, $source, $image_id); $ok = $this->try_upload($file, $tags, $source, $image_id);
@ -114,36 +120,30 @@ class Upload implements Extension {
} }
} }
} }
$this->theme->display_upload_status($page, $ok); $this->theme->display_upload_status($page, $ok);
} else {
$this->theme->display_permission_denied($page);
}
} }
else if(!empty($_GET['url'])) else if(!empty($_GET['url']))
{ {
if($this->can_upload($user)) {
$url = $_GET['url']; $url = $_GET['url'];
$ok = $this->try_transload($url, $tags, $url, $image_id); $ok = $this->try_transload($url, $tags, $url, $image_id);
$this->theme->display_upload_status($page, $ok); $this->theme->display_upload_status($page, $ok);
} }
else {
$this->theme->display_permission_denied($page);
}
}
else else
{ {
$this->theme->display_replace_page($page, $image_id); $this->theme->display_replace_page($page, $image_id);
} }
} // END of if admin / can_upload
} }
else if ($event->page_matches("upload")) else if ($event->page_matches("upload"))
{ {
if(!$this->can_upload($user)) {
$this->theme->display_permission_denied($page);
} else {
/* Regular Upload Image */ /* Regular Upload Image */
if(count($_FILES) + count($_POST) > 0) if(count($_FILES) + count($_POST) > 0)
{ {
$tags = Tag::explode($_POST['tags']); $tags = Tag::explode($_POST['tags']);
$source = isset($_POST['source']) ? $_POST['source'] : null; $source = isset($_POST['source']) ? $_POST['source'] : null;
if($this->can_upload($user)) {
$ok = true; $ok = true;
foreach($_FILES as $file) { foreach($_FILES as $file) {
$ok = $ok & $this->try_upload($file, $tags, $source); $ok = $ok & $this->try_upload($file, $tags, $source);
@ -156,13 +156,8 @@ class Upload implements Extension {
$this->theme->display_upload_status($page, $ok); $this->theme->display_upload_status($page, $ok);
} }
else {
$this->theme->display_permission_denied($page);
}
}
else if(!empty($_GET['url'])) else if(!empty($_GET['url']))
{ {
if($this->can_upload($user)) {
$url = $_GET['url']; $url = $_GET['url'];
$tags = array('tagme'); $tags = array('tagme');
if(!empty($_GET['tags']) && $_GET['tags'] != "null") { if(!empty($_GET['tags']) && $_GET['tags'] != "null") {
@ -171,18 +166,15 @@ class Upload implements Extension {
$ok = $this->try_transload($url, $tags, $url); $ok = $this->try_transload($url, $tags, $url);
$this->theme->display_upload_status($page, $ok); $this->theme->display_upload_status($page, $ok);
} }
else {
$this->theme->display_permission_denied($page);
}
}
else else
{ {
if(!$is_full) { if(!$is_full) {
$this->theme->display_page($page); $this->theme->display_page($page);
} }
} }
} // END of if can_upload
} }
} } // END of if PageRequestEvent
if($event instanceof SetupBuildingEvent) { if($event instanceof SetupBuildingEvent) {
$tes = array(); $tes = array();