- Status New
- Task Type Bug Report
- Category Backend / Core
- Assigned To No-one
- Operating System All
- Severity Medium
- Priority Very Low
- Reported Version 2.37
- Due in Version Undecided
FS#440 - Possible to set an album/folder's parent to itself.
We need to enforce that rule to prevent the DB from going nuts.
Either via SQL:
1) Trigger to test that parent != id
2) the (folders|albums)_and_sub(folders|albums) function needs to abort if it sees it
or in PHP:
3) Test the values in the php pages [[ (album|folder).(add|edit).2.php ]] and kick back an error.
I don't think there's another way to mangle things.
This can result in a DoS.