EditAsset: some hardening; deduplicate redirect code

This commit is contained in:
Aaron van Geffen 2024-01-18 13:40:17 +01:00
parent a21bf7432e
commit ead97369f7

View File

@ -30,7 +30,13 @@ class EditAsset extends HTMLController
header('Location: ' . $redirectUrl);
exit;
}
else if ((isset($_REQUEST['inc_prio']) || isset($_REQUEST['dec_prio'])) && Session::validateSession('get'))
else
{
$isPrioChange = isset($_REQUEST['inc_prio']) || isset($_REQUEST['dec_prio']);
$isCoverChange = isset($_REQUEST['album_cover'], $_REQUEST['in']);
$madeChanges = false;
if ($user->isAdmin() && $isPrioChange && Session::validateSession('get'))
{
if (isset($_REQUEST['inc_prio']))
$priority = $asset->priority + 1;
@ -39,24 +45,24 @@ class EditAsset extends HTMLController
$asset->priority = max(0, min(100, $priority));
$asset->save();
$madeChanges = true;
}
elseif ($user->isAdmin() && $isCoverChange && Session::validateSession('get'))
{
$tag = Tag::fromId($_REQUEST['in']);
$tag->id_asset_thumb = $asset->getId();
$tag->save();
$madeChanges = true;
}
if ($madeChanges)
{
if (isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER']);
else
header('Location: ' . BASEURL . '/' . $asset->getSubdir());
exit;
}
else if (isset($_REQUEST['album_cover'], $_REQUEST['in']) && Session::validateSession('get'))
{
$tag = Tag::fromId($_REQUEST['in']);
$tag->id_asset_thumb = $asset->getId();
$tag->save();
if (isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER']);
else
header('Location: ' . BASEURL . '/' . $asset->getSubdir());
exit;
}
// Get a list of available photo albums