Changeset 1852 for trunk/include/ws_functions.inc.php

Timestamp:

02/23/07 14:18:34 (6 years ago)

Author:

rvelices

Message:

Plugins:

• display author and and author url (if present) on plugin admin page
• uniformized versions/authors... for all plugins in svn
• security fix (html escape name, version, uri, author... to avoid javascript injection which could automatically simulate click on Install)
• added confirmation for install/uninstall plugins

Web services:

• web service explorer now caches method details in order to avoid unnecessary web calls
• web service explorer can now send parameters as arrays
• web service explorer uses now prototype.js version 1.5
• small improvements

- added and use function bad_request (sends http status code 400)

Files:

• trunk/include/ws_functions.inc.php (modified) (6 diffs)

trunk/include/ws_functions.inc.php

@@ -270 +270 @@
 function ws_getVersion($params, &$service)
 {
-//  TODO = Version availability is under control of $conf['show_version']
-  return PHPWG_VERSION;
+  global $conf;
+  if ($conf['show_version'])
+    return PHPWG_VERSION;
+  else
+    return new PwgError(403, 'Forbidden');
 }
 
@@ -337 +340 @@
 
     $order_by = ws_std_image_sql_order($params, 'i.');
-    if (empty($order_by))
-    {// TODO check for category order by (image_order)
-      $order_by = $conf['order_by'];
-    }
-    else
-    {
-      $order_by = 'ORDER BY '.$order_by;
-    }
+    if ( empty($order_by)
+          and count($params['cat_id'])==1
+          and isset($cats[ $params['cat_id'][0] ]['image_order'])
+        )
+    {
+      $order_by = $cats[ $params['cat_id'][0] ]['image_order'];
+    }
+    $order_by = empty($order_by) ? $conf['order_by'] : 'ORDER BY '.$order_by;
+
     $query = '
 SELECT i.*, GROUP_CONCAT(category_id) cat_ids
@@ -500 +504 @@
 function ws_images_addComment($params, &$service)
 {
+  if (!$service->isPost())
+  {
+    return new PwgError(405, "This method requires HTTP POST");
+  }
   $params['image_id'] = (int)$params['image_id'];
   $query = '
@@ -580 +588 @@
   if ($image_row==null)
   {
-    return new PwgError(999, "image_id not found");
+    return new PwgError(404, "image_id not found");
   }
   $image_row = array_merge( $image_row, ws_std_get_urls($image_row) );
@@ -860 +868 @@
   if (!$service->isPost())
   {
-    return new PwgError(400, "This method requires POST");
+    return new PwgError(405, "This method requires HTTP POST");
   }
   if (try_log_user($params['username'], $params['password'],false))
@@ -943 +951 @@
   @include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
   global $conf;
-
+  
   // first build all the tag_ids we are interested in
-  $tag_ids = array();
-  $tags = get_available_tags();
+  $params['tag_id'] = array_map( 'intval',$params['tag_id'] );
+  $tags = find_tags($params['tag_id'], $params['tag_url_name'], $params['tag_name']);
   $tags_by_id = array();
-  for( $i=0; $i<count($tags); $i++ )
-  {
-    $tags[$i]['id']=(int)$tags[$i]['id'];
-  }
   foreach( $tags as $tag )
   {
+    $tags['id'] = (int)$tag['id'];
     $tags_by_id[ $tag['id'] ] = $tag;
-    if (
-        in_array($tag['name'], $params['tag_name'])
-      or
-        in_array($tag['url_name'], $params['tag_url_name'])
-      or
-        in_array($tag['id'], $params['tag_id'])
-       )
-    {
-      $tag_ids[] = $tag['id'];
-    }
   }
   unset($tags);
-
-  $tag_ids = array_unique( $tag_ids );
+  $tag_ids = array_keys($tags_by_id);
+
 
   $image_ids = array();