From: garvinhicking Date: Wed, 8 Feb 2006 16:54:52 +0000 (+0000) Subject: apply permission check for synching X-Git-Tag: 1.0~102 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=73696adc7c26dc67498a6a1c87d762f21fc9cdae;p=s9y.git apply permission check for synching --- diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php index 6861a4e..a957ffc 100644 --- a/include/functions_images.inc.php +++ b/include/functions_images.inc.php @@ -885,10 +885,18 @@ function serendipity_syncThumbs() { $ft_mime = serendipity_guessMime($f[1]); $fdim = serendipity_getimagesize($ffull, $ft_mime); - $rs = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images - WHERE name = '" . serendipity_db_escape_string($fbase) . "' - " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . " - AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'", true, 'assoc'); + $cond = array( + 'and' => "WHERE name = '" . serendipity_db_escape_string($fbase) . "' + " . ($fdir != '' ? "AND path = '" . serendipity_db_escape_string($fdir) . "'" : '') . " + AND mime = '" . serendipity_db_escape_string($fdim['mime']) . "'" + ); + serendipity_ACL_SQL($cond, false, 'directory'); + + $rs = serendipity_db_query("SELECT * + FROM {$serendipity['dbPrefix']}images AS i + {$cond['joins']} + + {$cond['and']}", true, 'assoc'); if (is_array($rs)) { $update = array(); $checkfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $rs['path'] . $rs['name'] . '.' . $rs['thumbnail_name'] . '.' . $rs['extension'];