EditAsset: some hardening; deduplicate redirect code

controllers/EditAsset.php

@@ -30,7 +30,13 @@ class EditAsset extends HTMLController
 			header('Location: ' . $redirectUrl);
 			exit;
 		}
-		else if ((isset($_REQUEST['inc_prio']) || isset($_REQUEST['dec_prio'])) && Session::validateSession('get'))
+		else
+		{
+			$isPrioChange = isset($_REQUEST['inc_prio']) || isset($_REQUEST['dec_prio']);
+			$isCoverChange = isset($_REQUEST['album_cover'], $_REQUEST['in']);
+			$madeChanges = false;
+
+			if ($user->isAdmin() && $isPrioChange && Session::validateSession('get'))
 			{
 				if (isset($_REQUEST['inc_prio']))
 					$priority = $asset->priority + 1;
@@ -39,24 +45,24 @@ class EditAsset extends HTMLController
 
 				$asset->priority = max(0, min(100, $priority));
 				$asset->save();
+				$madeChanges = true;
+			}
+			elseif ($user->isAdmin() && $isCoverChange && Session::validateSession('get'))
+			{
+				$tag = Tag::fromId($_REQUEST['in']);
+				$tag->id_asset_thumb = $asset->getId();
+				$tag->save();
+				$madeChanges = true;
+			}
 
+			if ($madeChanges)
+			{
 				if (isset($_SERVER['HTTP_REFERER']))
 					header('Location: ' . $_SERVER['HTTP_REFERER']);
 				else
 					header('Location: ' . BASEURL . '/' . $asset->getSubdir());
 				exit;
 			}
-		else if (isset($_REQUEST['album_cover'], $_REQUEST['in']) && Session::validateSession('get'))
-		{
-			$tag = Tag::fromId($_REQUEST['in']);
-			$tag->id_asset_thumb = $asset->getId();
-			$tag->save();
-
-			if (isset($_SERVER['HTTP_REFERER']))
-				header('Location: ' . $_SERVER['HTTP_REFERER']);
-			else
-				header('Location: ' . BASEURL . '/' . $asset->getSubdir());
-			exit;
 		}
 
 		// Get a list of available photo albums