Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1849

Timestamp:

Feb 22, 2007, 2:12:32 AM (17 years ago)

Author:

rvelices

Message:

user comments are not saved in the database with htmlspecialchars anymore
web service: added the possibility to enter a user comment using the service...
new comment functions from picture_comment.inc.php

Location:

Files:

: 2 added
: 6 edited

comments.php (modified) (1 diff)
include/common.inc.php (modified) (1 diff)
include/functions_comment.inc.php (added)
include/picture_comment.inc.php (modified) (4 diffs)
include/ws_functions.inc.php (modified) (7 diffs)
install/db/53-database.php (added)
tools/ws.htm (modified) (14 diffs)
ws.php (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/comments.php

-                      r1814
+                      r1849
 if (isset($_GET['keyword']) and !empty($_GET['keyword']))
+{
-  // fors some odd reason comment content is htmlspecialchars in the database
-  $keyword = addslashes(
-      htmlspecialchars( stripslashes($_GET['keyword']), ENT_QUOTES)
-    );
   $page['where_clauses'][] =
     '('.

trunk/include/common.inc.php

r1750	r1849
255	255
256	256	// default event handlers
	257	add_event_handler('render_comment_content', 'htmlspecialchars');
257	258	add_event_handler('render_comment_content', 'parse_comment_content');
258	259	trigger_action('init');

trunk/include/picture_comment.inc.php

-                      r1819
+                      r1849
 // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
-// | branch        : BSF (Best So Far)
 // | file          : $Id$
 // | last update   : $Date$
 …
  */
-//returns string action to perform on a new comment: validate, moderate, reject
-function user_comment_check($action, $comment, $picture)
+{
-  global $conf,$user;
-  if ($action=='reject')
-    return $action;
-  $my_action = $conf['comment_spam_reject'] ? 'reject':'moderate';
-  if ($action==$my_action)
-    return $action;
-  // we do here only BASIC spam check (plugins can do more)
-  if ( !$user['is_the_guest'] )
-    return $action;
-  $link_count = preg_match_all( '/https?:\/\//',
-    $comment['content'], $matches);
-  if ( $link_count>$conf['comment_spam_max_links'] )
-    return $my_action;
-  if ( isset($comment['ip']) and $conf['comment_spam_check_ip'] )
+  {
-    $rev_ip = implode( '.', array_reverse( explode('.',$comment['ip']) ) );
-    $lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
-    $res = gethostbyname( $lookup );
-    if ( $lookup != $res )
-      return $my_action;
+  }
-  return $action;
+}
-add_event_handler('user_comment_check', 'user_comment_check',
-  EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
 // the picture is commentable if it belongs at least to one category which
 // is commentable
 …
     die ('Session expired');
+  }
+  if (!$conf['comments_validation'] or is_admin())
+  $comm = array(
+    'author' => trim( stripslashes(@$_POST['author']) ),
+    'content' => trim( stripslashes($_POST['content']) ),
+    'image_id' => $page['image_id'],
+   );
+  include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+  $comment_action = insert_user_comment(
+      $comm, @$_POST['key'], $page['image_id'], $infos
+    );
+  switch ($comment_action)
+  {
+    $comment_action='validate'; //one of validate, moderate, reject
+  }
+  else
+  {
+    $comment_action='moderate'; //one of validate, moderate, reject
+    case 'moderate':
+      array_push( $infos, $lang['comment_to_validate'] );
+    case 'validate':
+      array_push( $infos, $lang['comment_added']);
+      break;
+    case 'reject':
+      set_status_header(403);
+      array_push($infos, l10n('comment_not_added') );
+      break;
+    default:
+      trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
+  }
+  $_POST['content'] = trim( stripslashes($_POST['content']) );
+  if ( $user['is_the_guest'] )
+  foreach ($infos as $info)
+  {
+    $author = empty($_POST['author'])?'guest':$_POST['author'];
+    // if a guest try to use the name of an already existing user, he must be
+    // rejected
+    if ( $author != 'guest' )
+    {
+      $query = 'SELECT COUNT(*) AS user_exists';
+      $query.= ' FROM '.USERS_TABLE;
+      $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
+      $query.= ';';
+      $row = mysql_fetch_assoc( pwg_query( $query ) );
+      if ( $row['user_exists'] == 1 )
+      {
+        $template->assign_block_vars(
+          'information',
+          array('INFORMATION'=>$lang['comment_user_exists']));
+        $comment_action='reject';
+      }
+    }
+  }
+  else
+  {
+    $author = $user['username'];
+  }
+  $comm = array(
+    'author' => $author,
+    'content' => $_POST['content'],
+    'image_id' => $page['image_id'],
+    'ip' => $_SERVER['REMOTE_ADDR'],
+    'agent' => $_SERVER['HTTP_USER_AGENT']
+   );
+  if ($comment_action!='reject' and empty($comm['content']) )
+  { // empty comment content
+    $comment_action='reject';
+  }
+  $key = explode(':', @$_POST['key']);
+  if ( count($key)!=2
+        or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
+        or $key[0]<time()-3600 // 60 minutes expiration
+        or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1]
+      )
+  {
+    $comment_action='reject';
+  }
+  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
+  { // anti-flood system
+    $reference_date = time() - $conf['anti-flood_time'];
+    $query = 'SELECT id FROM '.COMMENTS_TABLE;
+    $query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
+    $query.= " AND author = '".$comm['author']."'";
+    $query.= ';';
+    if ( mysql_num_rows( pwg_query( $query ) ) > 0 )
+    {
+      $template->assign_block_vars(
+    $template->assign_block_vars(
         'information',
+        array('INFORMATION'=>$lang['comment_anti-flood']));
+      $comment_action='reject';
+    }
+  }
+  // perform more spam check
+  $comment_action = trigger_event('user_comment_check',
+      $comment_action, $comm, $picture['current']
+    );
+  if ( $comment_action!='reject' )
+  {
+    list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
+    $data = $comm;
+    $data['date'] = $dbnow;
+    $data['content'] = addslashes(
+        // this htmlpsecialchars is not good here
+        htmlspecialchars($comm['content'],ENT_QUOTES)
+        array( 'INFORMATION'=>$info )
       );
-    if ($comment_action=='validate')
+    {
-      $data['validated'] = 'true';
-      $data['validation_date'] = $dbnow;
+    }
-    else
+    {
-      $data['validated'] = 'false';
+    }
-    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
-    $fields = array('author', 'date', 'image_id', 'content', 'validated',
-                    'validation_date');
-    mass_inserts(COMMENTS_TABLE, $fields, array($data));
-    $comm['id'] = mysql_insert_id();
-    // information message
-    $message = $lang['comment_added'];
-    if ($comment_action!='validate')
+    {
-      $message.= '<br />'.$lang['comment_to_validate'];
+    }
-    $template->assign_block_vars('information',
-                                 array('INFORMATION'=>$message));
-    if ( ($comment_action=='validate' and $conf['email_admin_on_comment'])
-      or $conf['email_admin_on_comment_validation'] )
+    {
-      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
-      $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
-      $content =
-        'Author: '.$comm['author']."\n"
-        .'Comment: '.$comm['content']."\n"
-        .'IP: '.$comm['ip']."\n"
-        .'Browser: '.$comm['agent']."\n\n"
-        .'Delete: '.$del_url."\n";
-      if ($comment_action!='validate')
+      {
-        $content .=
-          'Validate: '.get_absolute_root_url()
-          .'comments.php?validate='.$comm['id'];
+      }
-      pwg_mail
+      (
-        format_email('administrators', get_webmaster_mail_address()),
-        array
+        (
-          'subject' => 'PWG comment by '.$comm['author'],
-          'content' => $content,
-          'Bcc' => get_administrators_email()
+        )
-      );
+    }
+  }
-  else
+  {
-    set_status_header(403);
-    $template->assign_block_vars('information',
-          array('INFORMATION'=>l10n('comment_not_added') )
-        );
+  }
 …
       or ($user['is_the_guest'] and $conf['comments_forall']))
+  {
     $key = time();
     $key .= ':'.hash_hmac('md5', $key, $conf['secret_key']);
+    include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+    $key = get_comment_post_key($page['image_id']);
     $content = '';
     if ('reject'===@$comment_action)

trunk/include/ws_functions.inc.php

-                      r1845
+                      r1849
+{
   global $conf, $calling_partner_id;
+  if ( !$conf['ws_access_control']
+       or strpos($methodName,'reflection.')===0 )
+  if ( strpos($methodName,'reflection.')===0 )
+  { // OK for reflection
+    return $res;
+  }
+  if ( !is_autorize_status(ACCESS_GUEST) and
+      strpos($methodName,'pwg.session.')!==0 )
+  {
+    return new PwgError(401, 'Access denied');
+  }
+  if ( !$conf['ws_access_control'] )
+  {
     return $res; // No controls are requested
 …
  * returns detailed information for an element (web service method)
  */
+function ws_images_addComment($params, &$service)
+{
+  $params['image_id'] = (int)$params['image_id'];
+  $query = '
+SELECT DISTINCT image_id
+  FROM '.IMAGE_CATEGORY_TABLE.' INNER JOIN '.CATEGORIES_TABLE.' ON category_id=id
+  WHERE commentable="true"
+    AND image_id='.$params['image_id'].
+    get_sql_condition_FandF(
+      array(
+        'forbidden_categories' => 'id',
+        'visible_categories' => 'id',
+        'visible_images' => 'image_id'
+      ),
+      ' AND'
+    );
+  if ( !mysql_num_rows( pwg_query( $query ) ) )
+  {
+    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
+  }
+  include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+  $comm = array(
+    'author' => trim( stripslashes($params['author']) ),
+    'content' => trim( stripslashes($params['content']) ),
+    'image_id' => $params['image_id'],
+   );
+  include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+  $comment_action = insert_user_comment(
+      $comm, $params['key'], $infos
+    );
+  switch ($comment_action)
+  {
+    case 'reject':
+      array_push($infos, l10n('comment_not_added') );
+      return new PwgError(403, implode("\n", $infos) );
+    case 'validate':
+    case 'moderate':
+      $ret = array(
+          'id' => $comm['id'],
+          'validation' => $comment_action=='validate',
+        );
+      return new PwgNamedStruct(
+          'comment',
+          $ret,
+          null, array()
+        );
+    default:
+      return new PwgError(500, "Unknown comment action ".$comment_action );
+  }
+}
+/**
+ * returns detailed information for an element (web service method)
+ */
 function ws_images_getInfo($params, &$service)
+{
   @include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
   global $user;
+  global $user, $conf;
   $params['image_id'] = (int)$params['image_id'];
   if ( $params['image_id']<=0 )
 …
   //-------------------------------------------------------- related categories
   $query = '
 SELECT c.id,c.name,c.uppercats,c.global_rank
+SELECT id,name,uppercats,global_rank,commentable
   FROM '.IMAGE_CATEGORY_TABLE.'
     INNER JOIN '.CATEGORIES_TABLE.' c ON category_id = id
+    INNER JOIN '.CATEGORIES_TABLE.' ON category_id = id
   WHERE image_id = '.$image_row['id'].'
     AND category_id NOT IN ('.$user['forbidden_categories'].')
 ;';
   $result = pwg_query($query);
+  $is_commentable = false;
   $related_categories = array();
   while ($row = mysql_fetch_assoc($result))
+  {
+    if ($row['commentable']=='true')
+    {
+      $is_commentable = true;
+    }
+    unset($row['commentable']);
     $row['url'] = make_index_url(
         array(
 …
+          )
       );
+    $row['id']=(int)$row['id'];
     array_push($related_categories, $row);
+  }
 …
       );
     unset($tag['counter']);
+    $tag['id']=(int)$tag['id'];
     $related_tags[$i]=$tag;
+  }
-  //---------------------------------------------------------- related comments
-  $query = '
-SELECT COUNT(id) nb_comments
-  FROM '.COMMENTS_TABLE.'
-  WHERE image_id = '.$image_row['id'];
-  list($nb_comments) = array_from_query($query, 'nb_comments');
-  $query = '
-SELECT id, date, author, content
-  FROM '.COMMENTS_TABLE.'
-  WHERE image_id = '.$image_row['id'].'
-    AND validated="true"';
-  $query .= '
-  ORDER BY date DESC
-  LIMIT 0, 5';
-  $result = pwg_query($query);
-  $related_comments = array();
-  while ($row = mysql_fetch_assoc($result))
+  {
-    array_push($related_comments, $row);
+  }
   //------------------------------------------------------------- related rates
   $query = '
 …
   WHERE element_id = '.$image_row['id'].'
 ;';
+  $row = mysql_fetch_assoc(pwg_query($query));
+  $rating = mysql_fetch_assoc(pwg_query($query));
+  $rating['count'] = (int)$rating['count'];
+  //---------------------------------------------------------- related comments
+  $related_comments = array();
+  $where_comments = 'image_id = '.$image_row['id'];
+  if ( !is_admin() )
+  {
+    $where_comments .= '
+    AND validated="true"';
+  }
+  $query = '
+SELECT COUNT(id) nb_comments
+  FROM '.COMMENTS_TABLE.'
+  WHERE '.$where_comments;
+  list($nb_comments) = array_from_query($query, 'nb_comments');
+  $nb_comments = (int)$nb_comments;
+  if ( $nb_comments>0 and $params['comments_per_page']>0 )
+  {
+    $query = '
+SELECT id, date, author, content
+  FROM '.COMMENTS_TABLE.'
+  WHERE '.$where_comments.'
+  ORDER BY date
+  LIMIT '.$params['comments_per_page']*(int)$params['comments_page'].
+    ','.$params['comments_per_page'];
+    $result = pwg_query($query);
+    while ($row = mysql_fetch_assoc($result))
+    {
+      $row['id']=(int)$row['id'];
+      array_push($related_comments, $row);
+    }
+  }
+  $comment_post_data = null;
+  if ($is_commentable and
+      (!$user['is_the_guest']
+        or ($user['is_the_guest'] and $conf['comments_forall'] )
+      )
+      )
+  {
+    include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+    $comment_post_data['author'] = $user['username'];
+    $comment_post_data['key'] = get_comment_post_key($params['image_id']);
+  }
   $ret = $image_row;
+  $ret['rates'] = array( WS_XML_ATTRIBUTES => $row );
+  foreach ( array('id','width','height','hit','filesize') as $k )
+  {
+    if (isset($ret[$k]))
+    {
+      $ret[$k] = (int)$ret[$k];
+    }
+  }
+  foreach ( array('path', 'storage_category_id') as $k )
+  {
+    unset($ret[$k]);
+  }
+  $ret['rates'] = array( WS_XML_ATTRIBUTES => $rating );
   $ret['categories'] = new PwgNamedArray($related_categories, 'category', array('id','url', 'page_url') );
   $ret['tags'] = new PwgNamedArray($related_tags, 'tag', array('id','url_name','url','page_url') );
+  if ( isset($comment_post_data) )
+  {
+    $ret['comment_post'] = array( WS_XML_ATTRIBUTES => $comment_post_data );
+  }
   $ret['comments'] = array(
+     WS_XML_ATTRIBUTES => array('nb_comments' => $nb_comments),
+     WS_XML_CONTENT => new PwgNamedArray($related_comments, 'comment', array('id') )
+      );
+  unset($ret['path']);
+  unset($ret['storage_category_id']);
+     WS_XML_ATTRIBUTES =>
+        array(
+          'page' => $params['comments_page'],
+          'per_page' => $params['comments_per_page'],
+          'count' => count($related_comments),
+          'nb_comments' => $nb_comments,
+        ),
+     WS_XML_CONTENT => new PwgNamedArray($related_comments, 'comment', array('id','date') )
+      );
   return new PwgNamedStruct('image',$ret, null, array('name','comment') );
 …
 function ws_session_getStatus($params, &$service)
+{
   global $user;
+  global $user, $lang_info;
   $res = array();
   $res['username'] = $user['is_the_guest'] ? 'guest' : $user['username'];
+  $res['status'] = $user['status'];
+  foreach ( array('status', 'template', 'theme', 'language') as $k )
+  {
+    $res[$k] = $user[$k];
+  }
+  foreach ( array('charset') as $k )
+  {
+    $res[$k] = $lang_info[$k];
+  }
   return $res;
+}

trunk/tools/ws.htm

-                      r1698
+                      r1849
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head>
 …
 var gServiceUrl;
+var gCurrentMethodParams;
 Ajax.Responders.register({
 …
   gServiceUrl = $F('ws_url');
+  gCurrentMethodParams = null;
   try {
 …
   setVisibility("methodDetailWrapper", "hidden");
   setVisibility("methodWrapper", "visible");
+  gCurrentMethodParams = null;
   try {
 …
                 methodParamsElt.tBodies[0].deleteRow(methodParamsElt.tBodies[0].rows.length-1);
+        if (result.params && result.params.length>0)
+        {
+                for (var i=0; i<result.params.length; i++)
+                {
+                        var row = methodParamsElt.tBodies[0].insertRow(-1);
+                        var isOptional = result.params[i].optional;
+                        var defaultValue = result.params[i].defaultValue == null ? '' : result.params[i].defaultValue;
+                        row.insertCell(0).innerHTML = result.params[i].name;
+                        row.insertCell(1).innerHTML = (isOptional ? 'optional':'required');
+                        row.insertCell(2).innerHTML = '<input id="methodParameterSend_'+i+'" type="checkbox" '+(isOptional ? '':'checked="checked"')+'/>';
+                        row.insertCell(3).innerHTML = '<input id="methodParameterName_'+i+'" type="hidden" value="'+result.params[i].name+'"/>'
+          +'<input id="methodParameterValue_'+i+'"" value="'+defaultValue+'" style="width:99%" onchange="$(\'methodParameterSend_'+i+'\').checked=true;"/>';
+                }
+        if (result.params)
+  {
+    gCurrentMethodParams = result.params;
+    if (result.params.length>0)
+          {
+                for (var i=0; i<result.params.length; i++)
+                {
+                        var row = methodParamsElt.tBodies[0].insertRow(-1);
+                        var isOptional = result.params[i].optional;
+                        var defaultValue = result.params[i].defaultValue == null ? '' : result.params[i].defaultValue;
+                        row.insertCell(0).innerHTML = result.params[i].name;
+                        row.insertCell(1).innerHTML = (isOptional ? 'optional':'required');
+                        row.insertCell(2).innerHTML = '<input id="methodParameterSend_'+i+'" type="checkbox" '+(isOptional ? '':'checked="checked"')+'/>';
+                        row.insertCell(3).innerHTML = '<input id="methodParameterValue_'+i+'"" value="'+defaultValue+'" style="width:99%" onchange="$(\'methodParameterSend_'+i+'\').checked=true;"/>';
+                }
+        }
+        }
         setElementText("methodDescription", result.description);
 …
+}
 function pwgInvokeMethod()
+function pwgInvokeMethod( newWindow )
+{
         var method = document.getElementById('methodName').innerHTML;
 …
+  {
     reqUrl += "&method="+method;
+    var i=0;
+    do
+    for ( var i=0; i<gCurrentMethodParams.length; i++)
+    {
-      var elt = document.getElementById('methodParameterName_'+i);
-      if (!elt) break;
       if (document.getElementById('methodParameterSend_'+i).checked)
+        reqUrl += '&'+elt.value+'='+$F('methodParameterValue_'+i);
+      i++;
+        reqUrl += '&'+gCurrentMethodParams[i].name+'='+$F('methodParameterValue_'+i);
+    }
+    while (1);
+    document.getElementById("invokeFrame").src = reqUrl;
+    if ( !newWindow )
+      document.getElementById("invokeFrame").src = reqUrl;
+    else
+      window.open(reqUrl);
+  }
   else
 …
     form.action = reqUrl;
     var t = '<input type="hidden" name="'+'method'+'" value="'+method+'"/>';
+    var i=0;
+    do
+    for ( var i=0; i<gCurrentMethodParams.length; i++)
+    {
-      var elt = document.getElementById('methodParameterName_'+i);
-      if (!elt) break;
       if (document.getElementById('methodParameterSend_'+i).checked)
+        t += '<input type="hidden" name="'+elt.value+'" value="'+$F('methodParameterValue_'+i)+'"/>';
+      i++;
+        t += '<input type="hidden" name="'+gCurrentMethodParams[i].name+'" value="'+$F('methodParameterValue_'+i)+'"/>';
+    }
-    while (1);
     form.innerHTML = t;
+    if ( !newWindow )
+      form.target = "invokeFrame";
+    else
+      form.target = "_blank";
     form.submit();
+  }
 …
 <style>
 #methodListWrapper {
   width: 16em;
+  width: 13em;
   float: left;
   display: inline;
 …
 #methodList {
+  padding-left: 15px;
+  padding-left: 10px;
+  margin-left: 15px;
+}
 #methodWrapper {
   margin-left: 16.5em;
+  margin-left: 14em;
   visibility: hidden;
+}
 …
 #methodParams {
   border-collapse: collapse;
+}
+  font-size: small;
+}
+#methodParams input {
+  font-size: 90%;
+  border: 1px solid black;
+  text-indent: 2px;
+}
+a {
+  color: #02f;
+  background-color: white;
+  text-decoration: underline;
+}
+a:hover {
+  color: white;
+  background-color: #02f;
+  text-decoration: none;
+  cursor:pointer;
+}
 </style>
 …
 <div>
 <div id="methodListWrapper">Methods
+<div id="methodListWrapper"><h2>Methods</h2>
   <ul id="methodList">
     <li><a href="#" onclick="return pwgSelectMethod(this.innerHTML)">getVersion</a></li>
 …
   <h2 id="methodName"></h2>
   <div id="methodDetailWrapper">
+    <div id="methodDescription"></div>
     <table>
+      <tr>
+        <td>Request format:</td>
+        <td>
+          <select id="requestFormat">
+            <option value="get" selected="selected">GET</option>
+            <option value="post">POST</option>
+          </select>
+        </td>
+      </tr>
+      <tr>
+        <td>Response format:</td>
+        <td>
+          <select id="responseFormat">
+            <option value="rest" selected="selected">REST (xml)</option>
+            <option value="json">JSON</option>
+            <option value="php">PHP serial</option>
+            <option value="xmlrpc">XML RPC</option>
+          </select>
+        </td>
+      </tr>
+    <tr style="vertical-align:top">
+    <td>
+      <div id="methodDescription"></div>
+      <table>
+        <tr>
+          <td>Request format:</td>
+          <td>
+            <select id="requestFormat">
+              <option value="get" selected="selected">GET</option>
+              <option value="post">POST</option>
+            </select>
+          </td>
+        </tr>
+        <tr>
+          <td>Response format:</td>
+          <td>
+            <select id="responseFormat">
+              <option value="rest" selected="selected">REST (xml)</option>
+              <option value="json">JSON</option>
+              <option value="php">PHP serial</option>
+              <option value="xmlrpc">XML RPC</option>
+            </select>
+          </td>
+        </tr>
+      </table>
+      <p>
+        <a href="#" onclick="return pwgInvokeMethod(false)">Invoke</a>
+        <a href="#" onclick="return pwgInvokeMethod(true)">Invoke (new Window)</a>
+      </p>
+    </td>
+    <td>
+      <table id="methodParams"  border="1" cellspacing="0" cellpadding="2px">
+        <thead>
+          <tr>
+            <td style="width:150px">Parameter</td>
+            <td>Optional</td>
+            <td>Send</td>
+            <td style="width:160px">Value</td>
+          </tr>
+        </thead>
+        <tbody>
+        </tbody>
+      </table>
+    </td>
+    </tr>
     </table>
+    <div id="methodParamsWrapper">
+    <table id="methodParams"  border="1" cellspacing="0" cellpadding="2px">
+      <thead>
+        <tr>
+          <td style="width:150px">Parameter</td>
+          <td>Optional</td>
+          <td>Send</td>
+          <td style="width:160px">Value</td>
+        </tr>
+      </thead>
+      <tbody>
+      </tbody>
+    </table>
+    </div>
+    <a href="#" onclick="return pwgInvokeMethod()">Invoke</a>
+                <div style="display:none">
+                <div style="display:none;">
                         <!-- hiddenForm for POST -->
                         <form method="post" action="" target="invokeFrame" id="invokeForm">
 …
                 </div>
     <iframe width="100%" height="400px" id="invokeFrame" name="invokeFrame"></iframe>
+    <iframe width="100%" height="400px" id="invokeFrame" name="invokeFrame" style="clear:both"></iframe>
   </div> <!-- methodDetailWrapper -->
 </div> <!-- methodWrapper -->

trunk/ws.php

-                      r1837
+                      r1849
 // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
 // +-----------------------------------------------------------------------+
-// | branch        : BSF (Best So Far)
 // | file          : $Id$
 // | last update   : $Date$
 …
+{
   include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php');
   global $conf;
+  global $conf, $user;
   $service = &$arr[0];
   $service->addMethod('pwg.getVersion', 'ws_getVersion', null,
 …
       'retrieves a list of categories' );
+  $service->addMethod('pwg.images.addComment', 'ws_images_addComment',
+      array(
+        'image_id' => array(),
+        'author' => array( 'default' => $user['is_the_guest']? 'guest':$user['username']),
+        'content' => array(),
+        'key' => array(),
+      ),
+      'add a comment to an image' );
   $service->addMethod('pwg.images.getInfo', 'ws_images_getInfo',
+      array('image_id'),
+      array(
+        'image_id' => array(),
+        'comments_page' => array('default'=>0 ),
+        'comments_per_page' => array(
+              'default' => $conf['nb_comment_page'],
+              'maxValue' => 2*$conf['nb_comment_page'],
+            ),
+      ),
       'retrieves information about the given photo' );

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: