$ft_mime = serendipity_guessMime($f[1]);
$fdim = serendipity_getimagesize($ffull, $ft_mime);
- $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images
- WHERE name = '" . serendipity_db_escape_string($fbase) . "'
- " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . "
- AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'", true, 'assoc');
+ $cond = array(
+ 'and' => "WHERE name = '" . serendipity_db_escape_string($fbase) . "'
+ " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . "
+ AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'"
+ );
+ serendipity_ACL_SQL($cond, false, 'directory');
+
+ $rs = serendipity_db_query("SELECT *
+ FROM {$serendipity['dbPrefix']}images AS i
+ {$cond['joins']}
+
+ {$cond['and']}", true, 'assoc');
if (is_array($rs)) {
$update = array();
$checkfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $rs['path'] . $rs['name'] . '.' . $rs['thumbnail_name'] . '.' . $rs['extension'];
projects / s9y.git / commitdiff