Changeset 25077 for trunk/include/ws_functions.inc.php

Timestamp:

Oct 22, 2013, 2:58:58 PM (11 years ago)

Author:

mistic100

Message:

feature:2982 API: add high-level type check
introduces some constants fro bool, int, float, positive and notnull parameters
types are tested in PwgServer::invoke and no in each method
+ some optimizations + update methods descriptions

File:

• trunk/include/ws_functions.inc.php (modified) (43 diffs)

trunk/include/ws_functions.inc.php

@@ -227 +227 @@
   }
 
-  if ( ($max_urls = intval($params['max_urls'])) <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid max_urls");
-  }
-
+  $max_urls = $params['max_urls'];
   list($max_id, $image_count) = pwg_db_fetch_row( pwg_query('SELECT MAX(id)+1, COUNT(*) FROM '.IMAGES_TABLE) );
 
@@ -309 +305 @@
 {
   global $conf;
-  if ($conf['show_version'] or is_admin() )
+  if ( $conf['show_version'] or is_admin() )
+  {
     return PHPWG_VERSION;
+  }
   else
+  {
     return new PwgError(403, 'Forbidden');
+  }
 }
 
@@ -387 +387 @@
   {
     return new PwgError(401, 'Access denied');
-  }
-  $params['image_id'] = array_map( 'intval',$params['image_id'] );
-  if ( empty($params['image_id']) )
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
   }
   global $user;
@@ -428 +423 @@
   foreach($params['cat_id'] as $cat_id)
   {
-    $cat_id = (int)$cat_id;
-    if ($cat_id<=0)
-      continue;
     if ($params['recursive'])
     {
@@ -961 +953 @@
     return new PwgError(405, "This method requires HTTP POST");
   }
-  $params['image_id'] = (int)$params['image_id'];
+
   $query = '
 SELECT DISTINCT image_id
@@ -1015 +1007 @@
 {
   global $user, $conf;
-  $params['image_id'] = (int)$params['image_id'];
-  if ( $params['image_id']<=0 )
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
-  }
 
   $query='
@@ -1029 +1016 @@
     ).'
 LIMIT 1';
-
-  $image_row = pwg_db_fetch_assoc(pwg_query($query));
-  if ($image_row==null)
+  $result = pwg_query($query);
+  
+  if (pwg_db_num_rows($resul) == 0)
   {
     return new PwgError(404, "image_id not found");
   }
+  
+  $image_row = pwg_db_fetch_assoc($result);
   $image_row = array_merge( $image_row, ws_std_get_urls($image_row) );
 
@@ -1203 +1192 @@
 function ws_images_Rate($params, $service)
 {
-  $image_id = (int)$params['image_id'];
   $query = '
 SELECT DISTINCT id FROM '.IMAGES_TABLE.'
   INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
-  WHERE id='.$image_id
+  WHERE id='.$params['image_id']
   .get_sql_condition_FandF(
     array(
@@ -1222 +1210 @@
   $rate = (int)$params['rate'];
   include_once(PHPWG_ROOT_PATH.'include/functions_rate.inc.php');
-  $res = rate_picture( $image_id, $rate );
+  $res = rate_picture( $params['image_id'], $rate );
   if ($res==false)
   {
@@ -1256 +1244 @@
       implode(' AND ', $where_clauses)
     );
-
-  $params['per_page'] = (int)$params['per_page'];
-  $params['page'] = (int)$params['page'];
 
   $image_ids = array_slice(
@@ -1318 +1303 @@
     return new PwgError(405, "This method requires HTTP POST");
   }
-  $params['image_id'] = array_map( 'intval',$params['image_id'] );
-  if ( empty($params['image_id']) )
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
-  }
   global $conf;
-  if ( !in_array( (int)$params['level'], $conf['available_permission_levels']) )
+  if ( !in_array($params['level'], $conf['available_permission_levels']) )
   {
     return new PwgError(WS_ERR_INVALID_PARAM, "Invalid level");
@@ -1355 +1335 @@
   }
 
-  // is the image_id valid?
-  $params['image_id'] = (int)$params['image_id'];
-  if ($params['image_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
-  }
-
-  // is the category valid?
-  $params['category_id'] = (int)$params['category_id'];
-  if ($params['category_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");
-  }
-
-  // is the rank valid?
-  $params['rank'] = (int)$params['rank'];
-  if ($params['rank'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid rank");
-  }
-
   // does the image really exist?
   $query='
-SELECT
-    *
+SELECT COUNT(*)
   FROM '.IMAGES_TABLE.'
   WHERE id = '.$params['image_id'].'
 ;';
 
-  $image_row = pwg_db_fetch_assoc(pwg_query($query));
-  if ($image_row == null)
+  list($count) = pwg_db_fetch_row(pwg_query($query));
+  if ($count == 0)
   {
     return new PwgError(404, "image_id not found");
@@ -1392 +1350 @@
   // is the image associated to this category?
   $query = '
-SELECT
-    image_id,
-    category_id,
-    rank
+SELECT COUNT(*)
   FROM '.IMAGE_CATEGORY_TABLE.'
   WHERE image_id = '.$params['image_id'].'
     AND category_id = '.$params['category_id'].'
 ;';
-  $category_row = pwg_db_fetch_assoc(pwg_query($query));
-  if ($category_row == null)
+  list($count) = pwg_db_fetch_row(pwg_query($query));
+  if ($count == 0)
   {
     return new PwgError(404, "This image is not associated to this category");
@@ -1625 +1580 @@
   {
     return new PwgError(401, 'Access denied');
-  }
-
-  $params['image_id'] = (int)$params['image_id'];
-  if ($params['image_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
   }
 
@@ -1647 +1596 @@
   WHERE id = '.$params['image_id'].'
 ;';
-  $image = pwg_db_fetch_assoc(pwg_query($query));
-
-  if ($image == null)
+  $result = pwg_query($query);
+
+  if (pwg_db_num_rows($result) == 0)
   {
     return new PwgError(404, "image_id not found");
   }
+  
+  $image = pwg_db_fetch_assoc($result);
 
   // since Piwigo 2.4 and derivatives, we do not take the imported "thumb"
@@ -1727 +1678 @@
   }
 
-  $params['image_id'] = (int)$params['image_id'];
   if ($params['image_id'] > 0)
   {
     $query='
-SELECT *
+SELECT COUNT(*)
   FROM '.IMAGES_TABLE.'
   WHERE id = '.$params['image_id'].'
 ;';
 
-    $image_row = pwg_db_fetch_assoc(pwg_query($query));
-    if ($image_row == null)
+    list($count) = pwg_db_fetch_row(pwg_query($query));
+    if ($count == 0)
     {
       return new PwgError(404, "image_id not found");
@@ -1756 +1706 @@
 
     $query = '
-SELECT
-    COUNT(*) AS counter
+SELECT COUNT(*)
   FROM '.IMAGES_TABLE.'
   WHERE '.$where_clause.'
@@ -1880 +1829 @@
   if (!isset($_FILES['image']))
   {
-    return new PwgError(405, "The image (file) parameter is missing");
-  }
-
-  $params['image_id'] = (int)$params['image_id'];
+    return new PwgError(405, "The image (file) is missing");
+  }
+
   if ($params['image_id'] > 0)
   {
     $query='
-SELECT *
+SELECT COUNT(*)
   FROM '.IMAGES_TABLE.'
   WHERE id = '.$params['image_id'].'
 ;';
 
-    $image_row = pwg_db_fetch_assoc(pwg_query($query));
-    if ($image_row == null)
+    list($count) = pwg_db_fetch_row(pwg_query($query));
+    if ($count == 0)
     {
       return new PwgError(404, "image_id not found");
     }
-  }
-
-  // category
-  $params['category'] = (int)$params['category'];
-  if ($params['category'] <= 0 and $params['image_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");
   }
 
@@ -1911 +1852 @@
     $_FILES['image']['tmp_name'],
     $_FILES['image']['name'],
-    $params['category'] > 0 ? array($params['category']) : null,
+    $params['category'],
     8,
     $params['image_id'] > 0 ? $params['image_id'] : null
@@ -1932 +1873 @@
   }
 
-  if (count(array_keys($update)) > 0)
+  if (count($update) > 0)
   {
     $update['id'] = $image_id;
@@ -1939 +1880 @@
       IMAGES_TABLE,
       $update,
-      array('id', $update['id'])
+      array('id' => $update['id'])
       );
   }
@@ -1970 +1911 @@
   $url_params = array('image_id' => $image_id);
 
-  if ($params['category'] > 0)
+  if (!empty($params['category']))
   {
     $query = '
 SELECT id, name, permalink
   FROM '.CATEGORIES_TABLE.'
-  WHERE id = '.$params['category'].'
+  WHERE id = '.$params['category'][0].'
 ;';
     $result = pwg_query($query);
@@ -2010 +1951 @@
   }
 
-  $user_id = (int)$params['user_id'];
-  if ($user_id<=0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid user_id');
-  }
-
   $query = '
 DELETE FROM '.RATE_TABLE.'
-  WHERE user_id='.$user_id;
+  WHERE user_id='.$params['user_id'];
 
   if (!empty($params['anonymous_id']))
@@ -2145 +2080 @@
 
   // first build all the tag_ids we are interested in
-  $params['tag_id'] = array_map( 'intval',$params['tag_id'] );
   $tags = find_tags($params['tag_id'], $params['tag_url_name'], $params['tag_name']);
   $tags_by_id = array();
@@ -2169 +2103 @@
 
   $count_set = count($image_ids);
-  $params['per_page'] = (int)$params['per_page'];
-  $params['page'] = (int)$params['page'];
   $image_ids = array_slice($image_ids, $params['per_page']*$params['page'], $params['per_page'] );
 
@@ -2273 +2205 @@
   }
   
-  if (!empty($params['visible']) and in_array($params['visible'], array('true','false')))
-  {
-    $options['visible'] = get_boolean($params['visible']);
-  }
-  
-  if (!empty($params['commentable']) and in_array($params['commentable'], array('true','false')) )
-  {
-    $options['commentable'] = get_boolean($params['commentable']);
-  }
-  
   if (!empty($params['comment']))
   {
@@ -2368 +2290 @@
     }
   }
-
-  if ('filename' == $conf['uniqueness_mode'])
+  else if ('filename' == $conf['uniqueness_mode'])
   {
     // search among photos the list of photos already added, based on
@@ -2420 +2341 @@
   // high_sum
 
-  $params['image_id'] = (int)$params['image_id'];
-  if ($params['image_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
-  }
-
   $query = '
 SELECT
@@ -2490 +2405 @@
   }
 
-  $params['image_id'] = (int)$params['image_id'];
-  if ($params['image_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
-  }
-
   include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
 
@@ -2503 +2412 @@
   WHERE id = '.$params['image_id'].'
 ;';
-
-  $image_row = pwg_db_fetch_assoc(pwg_query($query));
-  if ($image_row == null)
+  $result = pwg_query($query);
+  
+  if (pwg_db_num_rows($result) == 0)
   {
     return new PwgError(404, "image_id not found");
   }
+  
+  $image_row = pwg_db_fetch_assoc($result);
 
   // database registration
@@ -2565 +2476 @@
       IMAGES_TABLE,
       $update,
-      array('id', $update['id'])
+      array('id' => $update['id'])
       );
   }
@@ -2634 +2545 @@
   }
 
-  if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+  if (get_pwg_token() != $params['pwg_token'])
   {
     return new PwgError(403, 'Invalid security token');
   }
 
-  $params['image_id'] = preg_split(
-    '/[\s,;\|]/',
-    $params['image_id'],
-    -1,
-    PREG_SPLIT_NO_EMPTY
-    );
+  if (!is_array($params['image_id']))
+  {
+    $params['image_id'] = preg_split(
+      '/[\s,;\|]/',
+      $params['image_id'],
+      -1,
+      PREG_SPLIT_NO_EMPTY
+      );
+  }
   $params['image_id'] = array_map('intval', $params['image_id']);
 
@@ -2827 +2741 @@
   // comment
 
-  $params['category_id'] = (int)$params['category_id'];
-  if ($params['category_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");
-  }
-
   // database registration
   $update = array(
@@ -2858 +2766 @@
       CATEGORIES_TABLE,
       $update,
-      array('id', $update['id'])
+      array('id' => $update['id'])
       );
   }
@@ -2880 +2788 @@
   // image_id
 
-  $params['category_id'] = (int)$params['category_id'];
-  if ($params['category_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");
-  }
-
   // does the category really exist?
   $query='
-SELECT
-    *
+SELECT COUNT(*)
   FROM '.CATEGORIES_TABLE.'
   WHERE id = '.$params['category_id'].'
 ;';
-  $row = pwg_db_fetch_assoc(pwg_query($query));
-  if ($row == null)
+  list($count) = pwg_db_fetch_row(pwg_query($query));
+  if ($count == 0)
   {
     return new PwgError(404, "category_id not found");
-  }
-
-  $params['image_id'] = (int)$params['image_id'];
-  if ($params['image_id'] <= 0)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
   }
 
   // does the image really exist?
   $query='
-SELECT
-    *
+SELECT COUNT(*)
   FROM '.IMAGES_TABLE.'
   WHERE id = '.$params['image_id'].'
 ;';
 
-  $row = pwg_db_fetch_assoc(pwg_query($query));
-  if ($row == null)
+  list($count) = pwg_db_fetch_row(pwg_query($query));
+  if ($count == 0)
   {
     return new PwgError(404, "image_id not found");
@@ -2948 +2842 @@
   }
 
-  if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+  if (get_pwg_token() != $params['pwg_token'])
   {
     return new PwgError(403, 'Invalid security token');
@@ -2964 +2858 @@
   }
 
-  $params['category_id'] = preg_split(
-    '/[\s,;\|]/',
-    $params['category_id'],
-    -1,
-    PREG_SPLIT_NO_EMPTY
-    );
+  if (!is_array($params['category_id']))
+  {
+    $params['category_id'] = preg_split(
+      '/[\s,;\|]/',
+      $params['category_id'],
+      -1,
+      PREG_SPLIT_NO_EMPTY
+      );
+  }
   $params['category_id'] = array_map('intval', $params['category_id']);
 
@@ -3017 +2914 @@
   }
 
-  if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+  if (get_pwg_token() != $params['pwg_token'])
   {
     return new PwgError(403, 'Invalid security token');
   }
 
-  $params['category_id'] = preg_split(
-    '/[\s,;\|]/',
-    $params['category_id'],
-    -1,
-    PREG_SPLIT_NO_EMPTY
-    );
+  if (!is_array($params['category_id']))
+  {
+    $params['category_id'] = preg_split(
+      '/[\s,;\|]/',
+      $params['category_id'],
+      -1,
+      PREG_SPLIT_NO_EMPTY
+      );
+  }
   $params['category_id'] = array_map('intval', $params['category_id']);
 
@@ -3096 +2996 @@
   // does this parent exists? This check should be made in the
   // move_categories function, not here
-  //
   // 0 as parent means "move categories at gallery root"
-  if (!is_numeric($params['parent']))
-  {
-    return new PwgError(403, 'Invalid parent input parameter');
-  }
-
   if (0 != $params['parent']) {
-    $params['parent'] = intval($params['parent']);
     $subcat_ids = get_subcat_ids(array($params['parent']));
     if (count($subcat_ids) == 0)
@@ -3207 +3100 @@
   }
 
-  if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+  if (get_pwg_token() != $params['pwg_token'])
   {
     return new PwgError(403, 'Invalid security token');
@@ -3241 +3134 @@
   }
 
-  if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+  if (get_pwg_token() != $params['pwg_token'])
   {
     return new PwgError(403, 'Invalid security token');
@@ -3272 +3165 @@
   }
 
-  if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+  if (get_pwg_token() != $params['pwg_token'])
   {
     return new PwgError(403, 'Invalid security token');
   }
 
-  if (empty($params['type']) or !in_array($params['type'], array('plugins', 'themes', 'languages')))
+  if (!in_array($params['type'], array('plugins', 'themes', 'languages')))
   {
     return new PwgError(403, "invalid extension type");
-  }
-
-  if (empty($params['id']) or empty($params['revision']))
-  {
-    return new PwgError(null, 'Wrong parameters');
   }
 
@@ -3367 +3255 @@
   }
 
-  if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+  if (get_pwg_token() != $params['pwg_token'])
   {
     return new PwgError(403, 'Invalid security token');