Added check in upload wizard to prevent folders from being added to one of their children or to themselves (fatal error: maximum execution time of 600 seconds exceeded anyone?)
<?php
/*
* Snapr
* Version 0.1 beta 1
* Copyright (C) 2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
##
## GALLERY NAMESPACE HANDLER
##
$plugins->attachHook('page_not_found', 'gallery_namespace_handler($this);');
function gallery_namespace_handler(&$page)
{
global $db, $session, $paths, $template, $plugins; // Common objects
if ( $page->namespace != 'Gallery' )
return false;
if ( $page->page_id == 'Root' )
{
page_Special_Gallery();
return true;
}
if ( preg_match('/^[0-9]+$/', $page->page_id) )
{
$img_id = intval($page->page_id);
if ( !$img_id )
return false;
$q = $db->sql_query('SELECT img_id, img_title, img_desc, print_sizes, img_time_upload, img_time_mod, folder_parent FROM '.table_prefix.'gallery WHERE img_id=' . $img_id . ';');
if ( !$q )
$db->_die();
}
else
{
// Ech... he sent us a string... parse it and see what we get
if ( strstr($page->page_id, '/') )
{
$folders = explode('/', $page->page_id);
}
else
{
$folders = array($page->page_id);
}
foreach ( $folders as $i => $_crap )
{
$folder =& $folders[$i];
$folder = dirtify_page_id($folder);
$folder = str_replace('_', ' ', $folder);
}
unset($folder);
$folders = array_reverse($folders);
// This is one of the best MySQL tricks on the market. We're going to reverse-travel a folder path using LEFT JOIN and the incredible power of metacoded SQL
$sql = 'SELECT g0.img_id, g0.img_title, g0.img_desc, g0.print_sizes, g0.img_time_upload, g0.img_time_mod, g0.folder_parent FROM '.table_prefix.'gallery AS g0';
$where = "\n " . 'WHERE g0.img_title=\'' . $db->escape($folders[0]) . '\'';
foreach ( $folders as $i => $folder )
{
if ( $i == 0 )
continue;
$i_dec = $i - 1;
$folder = $db->escape($folder);
$sql .= "\n LEFT JOIN ".table_prefix."gallery AS g{$i}\n ON ( g{$i}.img_id=g{$i_dec}.folder_parent AND g{$i}.img_title='$folder' )";
$where .= "\n ".'AND g'.$i.'.img_id IS NOT NULL';
}
$where .= "\n AND g{$i}.folder_parent IS NULL";
$sql .= $where . ';';
if ( !$db->sql_query($sql) )
{
$db->_die('The image metadata could not be loaded.');
}
// Now that the folder data is no longer needed, we can fool around with it a little
$folders = $page->page_id;
if ( !strstr($folders, '/') )
{
$hier = '/';
}
else
{
$hier = preg_replace('/\/([^\/]+)$/', '/', $folders);
$hier = sanitize_page_id($hier);
}
}
if ( $db->numrows() < 1 )
{
// Image not found - show custom error message
$template->header();
echo '<h3>There is no image in the gallery with this ID.</h3>';
echo '<p>You have requested an image that couldn\'t be looked up. Please check the URL and try again, or visit the <a href="' . makeUrlNS('Special', 'Gallery') . '">Gallery index</a>.</p>';
$template->footer();
return false;
}
$row = $db->fetchrow();
$db->free_result();
$img_id = $row['img_id'];
if ( !$row['folder_parent'] )
$row['folder_parent'] = ' IS NULL';
else
$row['folder_parent'] = '=' . $row['folder_parent'];
// Fetch image parent properties
$q = $db->sql_query('SELECT img_id, img_title FROM '.table_prefix.'gallery WHERE folder_parent' . $row['folder_parent'] . ' AND is_folder!=1 ORDER BY img_title ASC;');
if ( !$q )
$db->_die();
$folder_total = $db->numrows();
$folder_this = 0;
$prev = false;
$next = false;
$next_title = '';
$prev_title = '';
$i = 0;
while ( $r = $db->fetchrow() )
{
$i++;
if ( $i == $folder_total && $r['img_id'] == $img_id )
{
$folder_this = $i;
$next = false;
}
else if ( $i < $folder_total && $r['img_id'] == $img_id )
{
$folder_this = $i;
$next = true;
}
else
{
if ( $next )
{
$next = $r['img_id'];
$next_title = $r['img_title'];
break;
}
$prev = $r['img_id'];
$prev_title = $r['img_title'];
}
}
if ( $next )
{
$next_sanitized = sanitize_page_id($next_title);
$next_url = ( isset($hier) ) ? makeUrlNS('Gallery', $hier . $next_sanitized ) : makeUrlNS('Gallery', $next);
}
if ( $prev )
{
$prev_sanitized = sanitize_page_id($prev_title);
$prev_url = ( isset($hier) ) ? makeUrlNS('Gallery', $hier . $prev_sanitized ) : makeUrlNS('Gallery', $prev);
}
$db->free_result();
$template->tpl_strings['PAGE_NAME'] = 'Gallery image: ' . htmlspecialchars($row['img_title']);
$title_spacey = strtolower(htmlspecialchars($row['img_title']));
$perms = $session->fetch_page_acl(strval($img_id), 'Gallery');
$template->header();
$img_id = intval($img_id);
$bc_folders = gallery_imgid_to_folder($img_id);
$bc_folders = array_reverse($bc_folders);
$bc_url = '';
$breadcrumbs = array();
$breadcrumbs[] = '<a href="' . makeUrlNS('Special', 'Gallery') . '">Gallery index</a>';
foreach ( $bc_folders as $folder )
{
$bc_url .= '/' . dirtify_page_id($folder);
$breadcrumbs[] = '<a href="' . makeUrlNS('Special', 'Gallery' . $bc_url, false, true) . '">' . htmlspecialchars($folder) . '</a>';
}
$breadcrumbs[] = htmlspecialchars($row['img_title']);
// From here, this breadcrumb stuff is a piece of... sourdough French bread :-) *smacks lips*
echo '<div class="tblholder" style="padding: 4px; margin-bottom: 7px;">';
// The actual breadcrumbs
echo '<b><small>' . implode(' » ', $breadcrumbs) . '</small></b>';
echo '</div>';
echo '<div style="text-align: center; margin: 10px auto; border: 1px solid #DDDDDD; padding: 7px 10px; display: table;">';
$img_url = makeUrlNS('Special', 'GalleryFetcher/preview/' . $img_id);
$img_href = makeUrlNS('Special', 'GalleryFetcher/full/' . $img_id);
if ( $perms->get_permissions('gal_full_res') )
{
echo '<a href="' . $img_href . '" title="Click to view this image at full resolution, right click to save image" onclick="window.open(this.href, \'\', \'toolbar=no,address=no,menus=no,status=no,scrollbars=yes\'); return false;">';
}
echo '<img alt="Image preview (640px max width)" src="' . $img_url . '" style="border-width: 0; margin-bottom: 5px; display: block;" />';
if ( $perms->get_permissions('gal_full_res') )
{
echo '</a>';
}
echo '<table border="0" width="100%"><tr><td style="text-align: left; width: 24px;">';
// Prev button
if ( $prev )
echo '<a href="' . $prev_url . '"><img style="border-width: 0px;" alt="< Previous" src="' . scriptPath . '/plugins/gallery/prev.gif" /></a>';
//echo '</td><td style="text-align: left;">';
// if ( $prev )
// echo '<a href="' . $prev_url . '">previous image</a>';
echo '</td><td style="text-align: center; letter-spacing: 5px;">';
// Image title
echo $title_spacey;
echo '</td><td style="text-align: right; width: 24px;">';
// Next button
if ( $next )
// echo '<a href="' . $next_url . '">next image</a>';
//echo '</td><td style="text-align: right;">';
if ( $next )
echo '<a href="' . $next_url . '"><img style="border-width: 0px;" alt="< Previous" src="' . scriptPath . '/plugins/gallery/next.gif" /></a>';
echo '</td></tr>';
echo '<tr><td colspan="3">' . "image $folder_this of $folder_total" . '</td></tr>';
echo '</table>';
echo '</div>';
if ( $session->user_level >= USER_LEVEL_ADMIN )
{
echo '<div style="float: right;">[ <a href="' . makeUrlNS('Special', 'GalleryUpload', 'edit_img=' . $img_id, true) . '">edit image</a> ]</div>';
}
if ( !empty($row['img_desc']) )
{
echo '<h2>Image description</h2>';
$desc = RenderMan::render($row['img_desc']);
echo $desc;
}
echo '<div class="tblholder" style="font-size: smaller; display: table;' . ( empty($row['img_desc']) ? '' : 'margin: 0 auto;' ) . '">
<table border="0" cellspacing="1" cellpadding="3">';
// By the time I got to this point, it was 1:32AM (I was on vacation) and my 5-hour playlist on my iPod had been around about 3 times today.
// So I'm glad this is like the last thing on the list tonight.
echo '<tr><th colspan="2">Image details</th></tr>';
echo '<tr><td class="row2">Uploaded:</td><td class="row1">' . date('F d, Y h:i a', $row['img_time_upload']) . '</td></tr>';
echo '<tr><td class="row2">Last modified:</td><td class="row1">' . date('F d, Y h:i a', $row['img_time_mod']) . '</td></tr>';
echo '</table></div>';
$template->footer();
}
?>