A while ago I posted a bug viewtopic.php?f=1&t=14419 when the random preview feature would show unauthorized pictures from protected sub-categories.
That is kind of fixed, but now (Phoca Gallery 3.1.0, Joomla 1.7.2), in those circumstances when in the old version the unauthorized image would be shown, sometimes the standard folder image is shown instead even if there were sub-categories with sufficient view levels.
This is because the function PhocaGalleryImageFront::getRandomCategory() does not check for access levels and can return a unauthorized sub-category which is only checked afterwards.
I propose this little fix:
file: \administrator\components\com_phocagallery\libraries\phocagallery\image\imagefront.php
line: 475
Code: Select all
function getRandomCategory($parentid, $ordering = ' ORDER BY RAND()') {
$db =& JFactory::getDBO();
$groups = JFactory::getUser()->getAuthorisedViewLevels();
if (count($groups)) {
$access = ' AND a.access IN(' . implode(',', $groups) . ')';
} else {
$access = '';
}
$query = 'SELECT a.id, a.extid' .
' FROM #__phocagallery_categories AS a' .
' WHERE a.parent_id = '.(int) $parentid.
' AND a.published = 1 ' . $access .
$ordering;
$db->setQuery($query);
$images = $db->loadObjectList();
return $images;
}
Simon
