Changeset 25077 for trunk/include/ws_functions.inc.php
- Timestamp:
- Oct 22, 2013, 2:58:58 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/ws_functions.inc.php
r25019 r25077 227 227 } 228 228 229 if ( ($max_urls = intval($params['max_urls'])) <= 0) 230 { 231 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid max_urls"); 232 } 233 229 $max_urls = $params['max_urls']; 234 230 list($max_id, $image_count) = pwg_db_fetch_row( pwg_query('SELECT MAX(id)+1, COUNT(*) FROM '.IMAGES_TABLE) ); 235 231 … … 309 305 { 310 306 global $conf; 311 if ($conf['show_version'] or is_admin() ) 307 if ( $conf['show_version'] or is_admin() ) 308 { 312 309 return PHPWG_VERSION; 310 } 313 311 else 312 { 314 313 return new PwgError(403, 'Forbidden'); 314 } 315 315 } 316 316 … … 387 387 { 388 388 return new PwgError(401, 'Access denied'); 389 }390 $params['image_id'] = array_map( 'intval',$params['image_id'] );391 if ( empty($params['image_id']) )392 {393 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");394 389 } 395 390 global $user; … … 428 423 foreach($params['cat_id'] as $cat_id) 429 424 { 430 $cat_id = (int)$cat_id;431 if ($cat_id<=0)432 continue;433 425 if ($params['recursive']) 434 426 { … … 961 953 return new PwgError(405, "This method requires HTTP POST"); 962 954 } 963 $params['image_id'] = (int)$params['image_id']; 955 964 956 $query = ' 965 957 SELECT DISTINCT image_id … … 1015 1007 { 1016 1008 global $user, $conf; 1017 $params['image_id'] = (int)$params['image_id'];1018 if ( $params['image_id']<=0 )1019 {1020 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");1021 }1022 1009 1023 1010 $query=' … … 1029 1016 ).' 1030 1017 LIMIT 1'; 1031 1032 $image_row = pwg_db_fetch_assoc(pwg_query($query));1033 if ( $image_row==null)1018 $result = pwg_query($query); 1019 1020 if (pwg_db_num_rows($resul) == 0) 1034 1021 { 1035 1022 return new PwgError(404, "image_id not found"); 1036 1023 } 1024 1025 $image_row = pwg_db_fetch_assoc($result); 1037 1026 $image_row = array_merge( $image_row, ws_std_get_urls($image_row) ); 1038 1027 … … 1203 1192 function ws_images_Rate($params, $service) 1204 1193 { 1205 $image_id = (int)$params['image_id'];1206 1194 $query = ' 1207 1195 SELECT DISTINCT id FROM '.IMAGES_TABLE.' 1208 1196 INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id 1209 WHERE id='.$ image_id1197 WHERE id='.$params['image_id'] 1210 1198 .get_sql_condition_FandF( 1211 1199 array( … … 1222 1210 $rate = (int)$params['rate']; 1223 1211 include_once(PHPWG_ROOT_PATH.'include/functions_rate.inc.php'); 1224 $res = rate_picture( $ image_id, $rate );1212 $res = rate_picture( $params['image_id'], $rate ); 1225 1213 if ($res==false) 1226 1214 { … … 1256 1244 implode(' AND ', $where_clauses) 1257 1245 ); 1258 1259 $params['per_page'] = (int)$params['per_page'];1260 $params['page'] = (int)$params['page'];1261 1246 1262 1247 $image_ids = array_slice( … … 1318 1303 return new PwgError(405, "This method requires HTTP POST"); 1319 1304 } 1320 $params['image_id'] = array_map( 'intval',$params['image_id'] );1321 if ( empty($params['image_id']) )1322 {1323 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");1324 }1325 1305 global $conf; 1326 if ( !in_array( (int)$params['level'], $conf['available_permission_levels']) )1306 if ( !in_array($params['level'], $conf['available_permission_levels']) ) 1327 1307 { 1328 1308 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid level"); … … 1355 1335 } 1356 1336 1357 // is the image_id valid?1358 $params['image_id'] = (int)$params['image_id'];1359 if ($params['image_id'] <= 0)1360 {1361 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");1362 }1363 1364 // is the category valid?1365 $params['category_id'] = (int)$params['category_id'];1366 if ($params['category_id'] <= 0)1367 {1368 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");1369 }1370 1371 // is the rank valid?1372 $params['rank'] = (int)$params['rank'];1373 if ($params['rank'] <= 0)1374 {1375 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid rank");1376 }1377 1378 1337 // does the image really exist? 1379 1338 $query=' 1380 SELECT 1381 * 1339 SELECT COUNT(*) 1382 1340 FROM '.IMAGES_TABLE.' 1383 1341 WHERE id = '.$params['image_id'].' 1384 1342 ;'; 1385 1343 1386 $image_row = pwg_db_fetch_assoc(pwg_query($query));1387 if ($ image_row == null)1344 list($count) = pwg_db_fetch_row(pwg_query($query)); 1345 if ($count == 0) 1388 1346 { 1389 1347 return new PwgError(404, "image_id not found"); … … 1392 1350 // is the image associated to this category? 1393 1351 $query = ' 1394 SELECT 1395 image_id, 1396 category_id, 1397 rank 1352 SELECT COUNT(*) 1398 1353 FROM '.IMAGE_CATEGORY_TABLE.' 1399 1354 WHERE image_id = '.$params['image_id'].' 1400 1355 AND category_id = '.$params['category_id'].' 1401 1356 ;'; 1402 $category_row = pwg_db_fetch_assoc(pwg_query($query));1403 if ($c ategory_row == null)1357 list($count) = pwg_db_fetch_row(pwg_query($query)); 1358 if ($count == 0) 1404 1359 { 1405 1360 return new PwgError(404, "This image is not associated to this category"); … … 1625 1580 { 1626 1581 return new PwgError(401, 'Access denied'); 1627 }1628 1629 $params['image_id'] = (int)$params['image_id'];1630 if ($params['image_id'] <= 0)1631 {1632 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");1633 1582 } 1634 1583 … … 1647 1596 WHERE id = '.$params['image_id'].' 1648 1597 ;'; 1649 $ image = pwg_db_fetch_assoc(pwg_query($query));1650 1651 if ( $image == null)1598 $result = pwg_query($query); 1599 1600 if (pwg_db_num_rows($result) == 0) 1652 1601 { 1653 1602 return new PwgError(404, "image_id not found"); 1654 1603 } 1604 1605 $image = pwg_db_fetch_assoc($result); 1655 1606 1656 1607 // since Piwigo 2.4 and derivatives, we do not take the imported "thumb" … … 1727 1678 } 1728 1679 1729 $params['image_id'] = (int)$params['image_id'];1730 1680 if ($params['image_id'] > 0) 1731 1681 { 1732 1682 $query=' 1733 SELECT *1683 SELECT COUNT(*) 1734 1684 FROM '.IMAGES_TABLE.' 1735 1685 WHERE id = '.$params['image_id'].' 1736 1686 ;'; 1737 1687 1738 $image_row = pwg_db_fetch_assoc(pwg_query($query));1739 if ($ image_row == null)1688 list($count) = pwg_db_fetch_row(pwg_query($query)); 1689 if ($count == 0) 1740 1690 { 1741 1691 return new PwgError(404, "image_id not found"); … … 1756 1706 1757 1707 $query = ' 1758 SELECT 1759 COUNT(*) AS counter 1708 SELECT COUNT(*) 1760 1709 FROM '.IMAGES_TABLE.' 1761 1710 WHERE '.$where_clause.' … … 1880 1829 if (!isset($_FILES['image'])) 1881 1830 { 1882 return new PwgError(405, "The image (file) parameter is missing"); 1883 } 1884 1885 $params['image_id'] = (int)$params['image_id']; 1831 return new PwgError(405, "The image (file) is missing"); 1832 } 1833 1886 1834 if ($params['image_id'] > 0) 1887 1835 { 1888 1836 $query=' 1889 SELECT *1837 SELECT COUNT(*) 1890 1838 FROM '.IMAGES_TABLE.' 1891 1839 WHERE id = '.$params['image_id'].' 1892 1840 ;'; 1893 1841 1894 $image_row = pwg_db_fetch_assoc(pwg_query($query));1895 if ($ image_row == null)1842 list($count) = pwg_db_fetch_row(pwg_query($query)); 1843 if ($count == 0) 1896 1844 { 1897 1845 return new PwgError(404, "image_id not found"); 1898 1846 } 1899 }1900 1901 // category1902 $params['category'] = (int)$params['category'];1903 if ($params['category'] <= 0 and $params['image_id'] <= 0)1904 {1905 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");1906 1847 } 1907 1848 … … 1911 1852 $_FILES['image']['tmp_name'], 1912 1853 $_FILES['image']['name'], 1913 $params['category'] > 0 ? array($params['category']) : null,1854 $params['category'], 1914 1855 8, 1915 1856 $params['image_id'] > 0 ? $params['image_id'] : null … … 1932 1873 } 1933 1874 1934 if (count( array_keys($update)) > 0)1875 if (count($update) > 0) 1935 1876 { 1936 1877 $update['id'] = $image_id; … … 1939 1880 IMAGES_TABLE, 1940 1881 $update, 1941 array('id' ,$update['id'])1882 array('id' => $update['id']) 1942 1883 ); 1943 1884 } … … 1970 1911 $url_params = array('image_id' => $image_id); 1971 1912 1972 if ( $params['category'] > 0)1913 if (!empty($params['category'])) 1973 1914 { 1974 1915 $query = ' 1975 1916 SELECT id, name, permalink 1976 1917 FROM '.CATEGORIES_TABLE.' 1977 WHERE id = '.$params['category'] .'1918 WHERE id = '.$params['category'][0].' 1978 1919 ;'; 1979 1920 $result = pwg_query($query); … … 2010 1951 } 2011 1952 2012 $user_id = (int)$params['user_id'];2013 if ($user_id<=0)2014 {2015 return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid user_id');2016 }2017 2018 1953 $query = ' 2019 1954 DELETE FROM '.RATE_TABLE.' 2020 WHERE user_id='.$ user_id;1955 WHERE user_id='.$params['user_id']; 2021 1956 2022 1957 if (!empty($params['anonymous_id'])) … … 2145 2080 2146 2081 // first build all the tag_ids we are interested in 2147 $params['tag_id'] = array_map( 'intval',$params['tag_id'] );2148 2082 $tags = find_tags($params['tag_id'], $params['tag_url_name'], $params['tag_name']); 2149 2083 $tags_by_id = array(); … … 2169 2103 2170 2104 $count_set = count($image_ids); 2171 $params['per_page'] = (int)$params['per_page'];2172 $params['page'] = (int)$params['page'];2173 2105 $image_ids = array_slice($image_ids, $params['per_page']*$params['page'], $params['per_page'] ); 2174 2106 … … 2273 2205 } 2274 2206 2275 if (!empty($params['visible']) and in_array($params['visible'], array('true','false')))2276 {2277 $options['visible'] = get_boolean($params['visible']);2278 }2279 2280 if (!empty($params['commentable']) and in_array($params['commentable'], array('true','false')) )2281 {2282 $options['commentable'] = get_boolean($params['commentable']);2283 }2284 2285 2207 if (!empty($params['comment'])) 2286 2208 { … … 2368 2290 } 2369 2291 } 2370 2371 if ('filename' == $conf['uniqueness_mode']) 2292 else if ('filename' == $conf['uniqueness_mode']) 2372 2293 { 2373 2294 // search among photos the list of photos already added, based on … … 2420 2341 // high_sum 2421 2342 2422 $params['image_id'] = (int)$params['image_id'];2423 if ($params['image_id'] <= 0)2424 {2425 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");2426 }2427 2428 2343 $query = ' 2429 2344 SELECT … … 2490 2405 } 2491 2406 2492 $params['image_id'] = (int)$params['image_id'];2493 if ($params['image_id'] <= 0)2494 {2495 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");2496 }2497 2498 2407 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 2499 2408 … … 2503 2412 WHERE id = '.$params['image_id'].' 2504 2413 ;'; 2505 2506 $image_row = pwg_db_fetch_assoc(pwg_query($query));2507 if ( $image_row == null)2414 $result = pwg_query($query); 2415 2416 if (pwg_db_num_rows($result) == 0) 2508 2417 { 2509 2418 return new PwgError(404, "image_id not found"); 2510 2419 } 2420 2421 $image_row = pwg_db_fetch_assoc($result); 2511 2422 2512 2423 // database registration … … 2565 2476 IMAGES_TABLE, 2566 2477 $update, 2567 array('id' ,$update['id'])2478 array('id' => $update['id']) 2568 2479 ); 2569 2480 } … … 2634 2545 } 2635 2546 2636 if ( empty($params['pwg_token']) orget_pwg_token() != $params['pwg_token'])2547 if (get_pwg_token() != $params['pwg_token']) 2637 2548 { 2638 2549 return new PwgError(403, 'Invalid security token'); 2639 2550 } 2640 2551 2641 $params['image_id'] = preg_split( 2642 '/[\s,;\|]/', 2643 $params['image_id'], 2644 -1, 2645 PREG_SPLIT_NO_EMPTY 2646 ); 2552 if (!is_array($params['image_id'])) 2553 { 2554 $params['image_id'] = preg_split( 2555 '/[\s,;\|]/', 2556 $params['image_id'], 2557 -1, 2558 PREG_SPLIT_NO_EMPTY 2559 ); 2560 } 2647 2561 $params['image_id'] = array_map('intval', $params['image_id']); 2648 2562 … … 2827 2741 // comment 2828 2742 2829 $params['category_id'] = (int)$params['category_id'];2830 if ($params['category_id'] <= 0)2831 {2832 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");2833 }2834 2835 2743 // database registration 2836 2744 $update = array( … … 2858 2766 CATEGORIES_TABLE, 2859 2767 $update, 2860 array('id' ,$update['id'])2768 array('id' => $update['id']) 2861 2769 ); 2862 2770 } … … 2880 2788 // image_id 2881 2789 2882 $params['category_id'] = (int)$params['category_id'];2883 if ($params['category_id'] <= 0)2884 {2885 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");2886 }2887 2888 2790 // does the category really exist? 2889 2791 $query=' 2890 SELECT 2891 * 2792 SELECT COUNT(*) 2892 2793 FROM '.CATEGORIES_TABLE.' 2893 2794 WHERE id = '.$params['category_id'].' 2894 2795 ;'; 2895 $row = pwg_db_fetch_assoc(pwg_query($query));2896 if ($ row == null)2796 list($count) = pwg_db_fetch_row(pwg_query($query)); 2797 if ($count == 0) 2897 2798 { 2898 2799 return new PwgError(404, "category_id not found"); 2899 }2900 2901 $params['image_id'] = (int)$params['image_id'];2902 if ($params['image_id'] <= 0)2903 {2904 return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");2905 2800 } 2906 2801 2907 2802 // does the image really exist? 2908 2803 $query=' 2909 SELECT 2910 * 2804 SELECT COUNT(*) 2911 2805 FROM '.IMAGES_TABLE.' 2912 2806 WHERE id = '.$params['image_id'].' 2913 2807 ;'; 2914 2808 2915 $row = pwg_db_fetch_assoc(pwg_query($query));2916 if ($ row == null)2809 list($count) = pwg_db_fetch_row(pwg_query($query)); 2810 if ($count == 0) 2917 2811 { 2918 2812 return new PwgError(404, "image_id not found"); … … 2948 2842 } 2949 2843 2950 if ( empty($params['pwg_token']) orget_pwg_token() != $params['pwg_token'])2844 if (get_pwg_token() != $params['pwg_token']) 2951 2845 { 2952 2846 return new PwgError(403, 'Invalid security token'); … … 2964 2858 } 2965 2859 2966 $params['category_id'] = preg_split( 2967 '/[\s,;\|]/', 2968 $params['category_id'], 2969 -1, 2970 PREG_SPLIT_NO_EMPTY 2971 ); 2860 if (!is_array($params['category_id'])) 2861 { 2862 $params['category_id'] = preg_split( 2863 '/[\s,;\|]/', 2864 $params['category_id'], 2865 -1, 2866 PREG_SPLIT_NO_EMPTY 2867 ); 2868 } 2972 2869 $params['category_id'] = array_map('intval', $params['category_id']); 2973 2870 … … 3017 2914 } 3018 2915 3019 if ( empty($params['pwg_token']) orget_pwg_token() != $params['pwg_token'])2916 if (get_pwg_token() != $params['pwg_token']) 3020 2917 { 3021 2918 return new PwgError(403, 'Invalid security token'); 3022 2919 } 3023 2920 3024 $params['category_id'] = preg_split( 3025 '/[\s,;\|]/', 3026 $params['category_id'], 3027 -1, 3028 PREG_SPLIT_NO_EMPTY 3029 ); 2921 if (!is_array($params['category_id'])) 2922 { 2923 $params['category_id'] = preg_split( 2924 '/[\s,;\|]/', 2925 $params['category_id'], 2926 -1, 2927 PREG_SPLIT_NO_EMPTY 2928 ); 2929 } 3030 2930 $params['category_id'] = array_map('intval', $params['category_id']); 3031 2931 … … 3096 2996 // does this parent exists? This check should be made in the 3097 2997 // move_categories function, not here 3098 //3099 2998 // 0 as parent means "move categories at gallery root" 3100 if (!is_numeric($params['parent']))3101 {3102 return new PwgError(403, 'Invalid parent input parameter');3103 }3104 3105 2999 if (0 != $params['parent']) { 3106 $params['parent'] = intval($params['parent']);3107 3000 $subcat_ids = get_subcat_ids(array($params['parent'])); 3108 3001 if (count($subcat_ids) == 0) … … 3207 3100 } 3208 3101 3209 if ( empty($params['pwg_token']) orget_pwg_token() != $params['pwg_token'])3102 if (get_pwg_token() != $params['pwg_token']) 3210 3103 { 3211 3104 return new PwgError(403, 'Invalid security token'); … … 3241 3134 } 3242 3135 3243 if ( empty($params['pwg_token']) orget_pwg_token() != $params['pwg_token'])3136 if (get_pwg_token() != $params['pwg_token']) 3244 3137 { 3245 3138 return new PwgError(403, 'Invalid security token'); … … 3272 3165 } 3273 3166 3274 if ( empty($params['pwg_token']) orget_pwg_token() != $params['pwg_token'])3167 if (get_pwg_token() != $params['pwg_token']) 3275 3168 { 3276 3169 return new PwgError(403, 'Invalid security token'); 3277 3170 } 3278 3171 3279 if ( empty($params['type']) or!in_array($params['type'], array('plugins', 'themes', 'languages')))3172 if (!in_array($params['type'], array('plugins', 'themes', 'languages'))) 3280 3173 { 3281 3174 return new PwgError(403, "invalid extension type"); 3282 }3283 3284 if (empty($params['id']) or empty($params['revision']))3285 {3286 return new PwgError(null, 'Wrong parameters');3287 3175 } 3288 3176 … … 3367 3255 } 3368 3256 3369 if ( empty($params['pwg_token']) orget_pwg_token() != $params['pwg_token'])3257 if (get_pwg_token() != $params['pwg_token']) 3370 3258 { 3371 3259 return new PwgError(403, 'Invalid security token');
Note: See TracChangeset
for help on using the changeset viewer.