From 24b977d8775e70e15b60cbd5143e84f4c08d4e23 Mon Sep 17 00:00:00 2001 From: mistic100 Date: Tue, 22 Oct 2013 12:58:58 +0000 Subject: feature:2982 API: add high-level type check introduces some constants fro bool, int, float, positive and notnull parameters types are tested in PwgServer::invoke and no in each method + some optimizations + update methods descriptions git-svn-id: http://piwigo.org/svn/trunk@25077 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/ws_functions.inc.php | 288 +++++++++++++------------------------------ 1 file changed, 88 insertions(+), 200 deletions(-) (limited to 'include/ws_functions.inc.php') diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index eb0399f2d..d2a920772 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -226,11 +226,7 @@ function ws_getMissingDerivatives($params, $service) } } - if ( ($max_urls = intval($params['max_urls'])) <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid max_urls"); - } - + $max_urls = $params['max_urls']; list($max_id, $image_count) = pwg_db_fetch_row( pwg_query('SELECT MAX(id)+1, COUNT(*) FROM '.IMAGES_TABLE) ); if (0 == $image_count) @@ -308,10 +304,14 @@ function ws_getMissingDerivatives($params, $service) function ws_getVersion($params, $service) { global $conf; - if ($conf['show_version'] or is_admin() ) + if ( $conf['show_version'] or is_admin() ) + { return PHPWG_VERSION; + } else + { return new PwgError(403, 'Forbidden'); + } } /** @@ -387,11 +387,6 @@ function ws_caddie_add($params, $service) { return new PwgError(401, 'Access denied'); } - $params['image_id'] = array_map( 'intval',$params['image_id'] ); - if ( empty($params['image_id']) ) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } global $user; $query = ' SELECT id @@ -427,9 +422,6 @@ function ws_categories_getImages($params, $service) $where_clauses = array(); foreach($params['cat_id'] as $cat_id) { - $cat_id = (int)$cat_id; - if ($cat_id<=0) - continue; if ($params['recursive']) { $where_clauses[] = 'uppercats '.DB_REGEX_OPERATOR.' \'(^|,)'.$cat_id.'(,|$)\''; @@ -960,7 +952,7 @@ function ws_images_addComment($params, $service) { return new PwgError(405, "This method requires HTTP POST"); } - $params['image_id'] = (int)$params['image_id']; + $query = ' SELECT DISTINCT image_id FROM '.IMAGE_CATEGORY_TABLE.' INNER JOIN '.CATEGORIES_TABLE.' ON category_id=id @@ -1014,11 +1006,6 @@ SELECT DISTINCT image_id function ws_images_getInfo($params, $service) { global $user, $conf; - $params['image_id'] = (int)$params['image_id']; - if ( $params['image_id']<=0 ) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } $query=' SELECT * FROM '.IMAGES_TABLE.' @@ -1028,12 +1015,14 @@ SELECT * FROM '.IMAGES_TABLE.' ' AND' ).' LIMIT 1'; - - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row==null) + $result = pwg_query($query); + + if (pwg_db_num_rows($resul) == 0) { return new PwgError(404, "image_id not found"); } + + $image_row = pwg_db_fetch_assoc($result); $image_row = array_merge( $image_row, ws_std_get_urls($image_row) ); //-------------------------------------------------------- related categories @@ -1202,11 +1191,10 @@ SELECT id, date, author, content */ function ws_images_Rate($params, $service) { - $image_id = (int)$params['image_id']; $query = ' SELECT DISTINCT id FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id - WHERE id='.$image_id + WHERE id='.$params['image_id'] .get_sql_condition_FandF( array( 'forbidden_categories' => 'category_id', @@ -1221,7 +1209,7 @@ SELECT DISTINCT id FROM '.IMAGES_TABLE.' } $rate = (int)$params['rate']; include_once(PHPWG_ROOT_PATH.'include/functions_rate.inc.php'); - $res = rate_picture( $image_id, $rate ); + $res = rate_picture( $params['image_id'], $rate ); if ($res==false) { global $conf; @@ -1256,9 +1244,6 @@ function ws_images_search($params, $service) implode(' AND ', $where_clauses) ); - $params['per_page'] = (int)$params['per_page']; - $params['page'] = (int)$params['page']; - $image_ids = array_slice( $search_result['items'], $params['page']*$params['per_page'], @@ -1317,13 +1302,8 @@ function ws_images_setPrivacyLevel($params, $service) { return new PwgError(405, "This method requires HTTP POST"); } - $params['image_id'] = array_map( 'intval',$params['image_id'] ); - if ( empty($params['image_id']) ) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } global $conf; - if ( !in_array( (int)$params['level'], $conf['available_permission_levels']) ) + if ( !in_array($params['level'], $conf['available_permission_levels']) ) { return new PwgError(WS_ERR_INVALID_PARAM, "Invalid level"); } @@ -1354,53 +1334,28 @@ function ws_images_setRank($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - // is the image_id valid? - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - - // is the category valid? - $params['category_id'] = (int)$params['category_id']; - if ($params['category_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - - // is the rank valid? - $params['rank'] = (int)$params['rank']; - if ($params['rank'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid rank"); - } - // does the image really exist? $query=' -SELECT - * +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "image_id not found"); } // is the image associated to this category? $query = ' -SELECT - image_id, - category_id, - rank +SELECT COUNT(*) FROM '.IMAGE_CATEGORY_TABLE.' WHERE image_id = '.$params['image_id'].' AND category_id = '.$params['category_id'].' ;'; - $category_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($category_row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "This image is not associated to this category"); } @@ -1626,12 +1581,6 @@ function ws_images_addFile($params, $service) return new PwgError(401, 'Access denied'); } - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - // // what is the path and other infos about the photo? // @@ -1646,12 +1595,14 @@ SELECT FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $image = pwg_db_fetch_assoc(pwg_query($query)); + $result = pwg_query($query); - if ($image == null) + if (pwg_db_num_rows($result) == 0) { return new PwgError(404, "image_id not found"); } + + $image = pwg_db_fetch_assoc($result); // since Piwigo 2.4 and derivatives, we do not take the imported "thumb" // into account @@ -1726,17 +1677,16 @@ function ws_images_add($params, $service) ); } - $params['image_id'] = (int)$params['image_id']; if ($params['image_id'] > 0) { $query=' -SELECT * +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "image_id not found"); } @@ -1755,8 +1705,7 @@ SELECT * } $query = ' -SELECT - COUNT(*) AS counter +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE '.$where_clause.' ;'; @@ -1879,38 +1828,30 @@ function ws_images_addSimple($params, $service) if (!isset($_FILES['image'])) { - return new PwgError(405, "The image (file) parameter is missing"); + return new PwgError(405, "The image (file) is missing"); } - $params['image_id'] = (int)$params['image_id']; if ($params['image_id'] > 0) { $query=' -SELECT * +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "image_id not found"); } } - // category - $params['category'] = (int)$params['category']; - if ($params['category'] <= 0 and $params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); $image_id = add_uploaded_file( $_FILES['image']['tmp_name'], $_FILES['image']['name'], - $params['category'] > 0 ? array($params['category']) : null, + $params['category'], 8, $params['image_id'] > 0 ? $params['image_id'] : null ); @@ -1931,14 +1872,14 @@ SELECT * } } - if (count(array_keys($update)) > 0) + if (count($update) > 0) { $update['id'] = $image_id; single_update( IMAGES_TABLE, $update, - array('id', $update['id']) + array('id' => $update['id']) ); } @@ -1969,12 +1910,12 @@ SELECT * $url_params = array('image_id' => $image_id); - if ($params['category'] > 0) + if (!empty($params['category'])) { $query = ' SELECT id, name, permalink FROM '.CATEGORIES_TABLE.' - WHERE id = '.$params['category'].' + WHERE id = '.$params['category'][0].' ;'; $result = pwg_query($query); $category = pwg_db_fetch_assoc($result); @@ -2009,15 +1950,9 @@ function ws_rates_delete($params, $service) return new PwgError(401, 'Access denied'); } - $user_id = (int)$params['user_id']; - if ($user_id<=0) - { - return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid user_id'); - } - $query = ' DELETE FROM '.RATE_TABLE.' - WHERE user_id='.$user_id; + WHERE user_id='.$params['user_id']; if (!empty($params['anonymous_id'])) { @@ -2144,7 +2079,6 @@ function ws_tags_getImages($params, $service) global $conf; // first build all the tag_ids we are interested in - $params['tag_id'] = array_map( 'intval',$params['tag_id'] ); $tags = find_tags($params['tag_id'], $params['tag_url_name'], $params['tag_name']); $tags_by_id = array(); foreach( $tags as $tag ) @@ -2168,8 +2102,6 @@ function ws_tags_getImages($params, $service) ws_std_image_sql_order($params) ); $count_set = count($image_ids); - $params['per_page'] = (int)$params['per_page']; - $params['page'] = (int)$params['page']; $image_ids = array_slice($image_ids, $params['per_page']*$params['page'], $params['per_page'] ); $image_tag_map = array(); @@ -2272,16 +2204,6 @@ function ws_categories_add($params, $service) $options['status'] = $params['status']; } - if (!empty($params['visible']) and in_array($params['visible'], array('true','false'))) - { - $options['visible'] = get_boolean($params['visible']); - } - - if (!empty($params['commentable']) and in_array($params['commentable'], array('true','false')) ) - { - $options['commentable'] = get_boolean($params['commentable']); - } - if (!empty($params['comment'])) { $options['comment'] = $params['comment']; @@ -2367,8 +2289,7 @@ SELECT } } } - - if ('filename' == $conf['uniqueness_mode']) + else if ('filename' == $conf['uniqueness_mode']) { // search among photos the list of photos already added, based on // filename list @@ -2419,12 +2340,6 @@ function ws_images_checkFiles($params, $service) // file_sum // high_sum - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - $query = ' SELECT path @@ -2489,12 +2404,6 @@ function ws_images_setInfo($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); $query=' @@ -2502,12 +2411,14 @@ SELECT * FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) + $result = pwg_query($query); + + if (pwg_db_num_rows($result) == 0) { return new PwgError(404, "image_id not found"); } + + $image_row = pwg_db_fetch_assoc($result); // database registration $update = array(); @@ -2564,7 +2475,7 @@ SELECT * single_update( IMAGES_TABLE, $update, - array('id', $update['id']) + array('id' => $update['id']) ); } @@ -2633,17 +2544,20 @@ function ws_images_delete($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } - $params['image_id'] = preg_split( - '/[\s,;\|]/', - $params['image_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); + if (!is_array($params['image_id'])) + { + $params['image_id'] = preg_split( + '/[\s,;\|]/', + $params['image_id'], + -1, + PREG_SPLIT_NO_EMPTY + ); + } $params['image_id'] = array_map('intval', $params['image_id']); $image_ids = array(); @@ -2826,12 +2740,6 @@ function ws_categories_setInfo($params, $service) // name // comment - $params['category_id'] = (int)$params['category_id']; - if ($params['category_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - // database registration $update = array( 'id' => $params['category_id'], @@ -2857,7 +2765,7 @@ function ws_categories_setInfo($params, $service) single_update( CATEGORIES_TABLE, $update, - array('id', $update['id']) + array('id' => $update['id']) ); } } @@ -2879,41 +2787,27 @@ function ws_categories_setRepresentative($params, $service) // category_id // image_id - $params['category_id'] = (int)$params['category_id']; - if ($params['category_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - // does the category really exist? $query=' -SELECT - * +SELECT COUNT(*) FROM '.CATEGORIES_TABLE.' WHERE id = '.$params['category_id'].' ;'; - $row = pwg_db_fetch_assoc(pwg_query($query)); - if ($row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "category_id not found"); } - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - // does the image really exist? $query=' -SELECT - * +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $row = pwg_db_fetch_assoc(pwg_query($query)); - if ($row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "image_id not found"); } @@ -2947,7 +2841,7 @@ function ws_categories_delete($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } @@ -2963,12 +2857,15 @@ function ws_categories_delete($params, $service) ); } - $params['category_id'] = preg_split( - '/[\s,;\|]/', - $params['category_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); + if (!is_array($params['category_id'])) + { + $params['category_id'] = preg_split( + '/[\s,;\|]/', + $params['category_id'], + -1, + PREG_SPLIT_NO_EMPTY + ); + } $params['category_id'] = array_map('intval', $params['category_id']); $category_ids = array(); @@ -3016,17 +2913,20 @@ function ws_categories_move($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } - $params['category_id'] = preg_split( - '/[\s,;\|]/', - $params['category_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); + if (!is_array($params['category_id'])) + { + $params['category_id'] = preg_split( + '/[\s,;\|]/', + $params['category_id'], + -1, + PREG_SPLIT_NO_EMPTY + ); + } $params['category_id'] = array_map('intval', $params['category_id']); $category_ids = array(); @@ -3095,15 +2995,8 @@ SELECT // does this parent exists? This check should be made in the // move_categories function, not here - // // 0 as parent means "move categories at gallery root" - if (!is_numeric($params['parent'])) - { - return new PwgError(403, 'Invalid parent input parameter'); - } - if (0 != $params['parent']) { - $params['parent'] = intval($params['parent']); $subcat_ids = get_subcat_ids(array($params['parent'])); if (count($subcat_ids) == 0) { @@ -3206,7 +3099,7 @@ function ws_plugins_performAction($params, &$service) return new PwgError(401, 'Access denied'); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } @@ -3240,7 +3133,7 @@ function ws_themes_performAction($params, $service) return new PwgError(401, 'Access denied'); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } @@ -3271,21 +3164,16 @@ function ws_extensions_update($params, $service) return new PwgError(401, l10n('Webmaster status is required.')); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } - if (empty($params['type']) or !in_array($params['type'], array('plugins', 'themes', 'languages'))) + if (!in_array($params['type'], array('plugins', 'themes', 'languages'))) { return new PwgError(403, "invalid extension type"); } - if (empty($params['id']) or empty($params['revision'])) - { - return new PwgError(null, 'Wrong parameters'); - } - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); include_once(PHPWG_ROOT_PATH.'admin/include/'.$params['type'].'.class.php'); @@ -3366,7 +3254,7 @@ function ws_extensions_ignoreupdate($params, $service) return new PwgError(401, 'Access denied'); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } -- cgit v1.2.3