From a07057fc6d3f68c20f8f15c3573e74d2514ba8b6 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Tue, 1 Sep 2009 11:37:42 +0000 Subject: made sure all the actions are using the appropriate gatekeeper --- actions/addalbum.php | 4 ++-- actions/delete.php | 6 +++--- actions/download.php | 1 + actions/edit.php | 4 ++-- actions/edit_multi.php | 4 ++-- actions/settings.php | 2 +- actions/upgrade.php | 2 ++ actions/upload.php | 3 +++ 8 files changed, 16 insertions(+), 10 deletions(-) diff --git a/actions/addalbum.php b/actions/addalbum.php index b53cf9692..ffc7ec9c7 100644 --- a/actions/addalbum.php +++ b/actions/addalbum.php @@ -4,8 +4,8 @@ * */ - // Make sure we're logged in (send us to the front page if not) - if (!isloggedin()) forward(); + // Make sure we're logged in + gatekeeper(); // Get input data $title = get_input('tidypicstitle'); diff --git a/actions/delete.php b/actions/delete.php index 3deb69c5b..498c991c7 100644 --- a/actions/delete.php +++ b/actions/delete.php @@ -5,10 +5,10 @@ * */ - $forward_url = 'pg/photos/world'; // by default forward to world photos + // must be logged in + gatekeeper(); - //if not logged in, see world pictures instead - if (!isloggedin()) forward($forward_url); + $forward_url = 'pg/photos/world'; // by default forward to world photos $guid = (int) get_input('guid'); diff --git a/actions/download.php b/actions/download.php index 2736e5438..0f9835e11 100644 --- a/actions/download.php +++ b/actions/download.php @@ -2,6 +2,7 @@ /** * Tidypics Download File Action * + * do not call this directly - call through action handler */ global $CONFIG; diff --git a/actions/edit.php b/actions/edit.php index f5c66a1d8..e8f2e3aca 100644 --- a/actions/edit.php +++ b/actions/edit.php @@ -5,8 +5,8 @@ * */ - // Make sure we're logged in (send us to the front page if not) - if (!isloggedin()) forward(); + // Make sure we're logged in + gatekeeper(); // Get input data $guid = (int) get_input('guid'); // guid of image or album diff --git a/actions/edit_multi.php b/actions/edit_multi.php index 7c03244a5..08947f1a4 100644 --- a/actions/edit_multi.php +++ b/actions/edit_multi.php @@ -4,8 +4,8 @@ * */ - // Make sure we're logged in (send us to the front page if not) - if (!isloggedin()) forward(); + // Make sure we're logged in + gatekeeper(); // Get input data $title_array = get_input('title'); diff --git a/actions/settings.php b/actions/settings.php index ae74b8945..6b115b049 100644 --- a/actions/settings.php +++ b/actions/settings.php @@ -6,7 +6,7 @@ global $CONFIG; - gatekeeper(); + admin_gatekeeper(); action_gatekeeper(); diff --git a/actions/upgrade.php b/actions/upgrade.php index 0ff04dadf..cb200380a 100644 --- a/actions/upgrade.php +++ b/actions/upgrade.php @@ -8,6 +8,8 @@ include_once dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"; + admin_gatekeeper(); + $result = true; // add image class diff --git a/actions/upload.php b/actions/upload.php index 70480a498..f330cf782 100644 --- a/actions/upload.php +++ b/actions/upload.php @@ -9,6 +9,9 @@ include dirname(dirname(__FILE__)) . "/lib/resize.php"; include dirname(dirname(__FILE__)) . "/lib/exif.php"; + // Make sure we're logged in + gatekeeper(); + // Get common variables $access_id = (int) get_input("access_id"); $container_guid = (int) get_input('container_guid', 0); -- cgit v1.2.3