diff options
author | rvelices <rv-github@modusoptimus.com> | 2009-12-18 21:08:21 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2009-12-18 21:08:21 +0000 |
commit | 8b66788392652515532a89e0dd7e3af594272cb4 (patch) | |
tree | 2d93c632523b9d0dfe8c536747dd2fe6adfef6be | |
parent | 2a9b358dc8ebe8f1a077c88e7e7e49813c34a829 (diff) |
web method images.setPrivacyLevel (ws_images_setPrivacyLevel) is POST only
git-svn-id: http://piwigo.org/svn/branches/2.0@4512 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | include/ws_functions.inc.php | 51 | ||||
-rw-r--r-- | template-common/scripts.js | 58 | ||||
-rw-r--r-- | template/yoga/picture.tpl | 1 | ||||
-rw-r--r-- | ws.php | 8 |
4 files changed, 68 insertions, 50 deletions
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 26a205014..6e13af641 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -855,6 +855,10 @@ function ws_images_setPrivacyLevel($params, &$service) { return new PwgError(401, 'Access denied'); } + if (!$service->isPost()) + { + return new PwgError(405, "This method requires HTTP POST"); + } $params['image_id'] = array_map( 'intval',$params['image_id'] ); if ( empty($params['image_id']) ) { @@ -865,6 +869,7 @@ function ws_images_setPrivacyLevel($params, &$service) { return new PwgError(WS_ERR_INVALID_PARAM, "Invalid level"); } + $query = ' UPDATE '.IMAGES_TABLE.' SET level='.(int)$params['level'].' @@ -885,7 +890,7 @@ function ws_images_add_chunk($params, &$service) // original_sum // type {thumb, file, high} // position - + if (!is_admin() || is_adviser() ) { return new PwgError(401, 'Access denied'); @@ -950,18 +955,18 @@ function merge_chunks($output_filepath, $original_sum, $type) if (is_file($output_filepath)) { unlink($output_filepath); - + if (is_file($output_filepath)) { new PwgError(500, '[merge_chunks] error while trying to remove existing '.$output_filepath); exit(); } } - + $upload_dir = PHPWG_ROOT_PATH.'upload/buffer'; $pattern = '/'.$original_sum.'-'.$type.'/'; $chunks = array(); - + if ($handle = opendir($upload_dir)) { while (false !== ($file = readdir($handle))) @@ -982,21 +987,21 @@ function merge_chunks($output_filepath, $original_sum, $type) } $i = 0; - + foreach ($chunks as $chunk) { $string = file_get_contents($chunk); - + if (function_exists('memory_get_usage')) { ws_logfile('[merge_chunks] memory_get_usage on chunk '.++$i.': '.memory_get_usage()); } - + if (!file_put_contents($output_filepath, $string, FILE_APPEND)) { new PwgError(500, '[merge_chunks] error while writting chunks for '.$output_filepath); exit(); } - + unlink($chunk); } @@ -1014,7 +1019,7 @@ function add_file($file_path, $type, $original_sum, $file_sum) $file_path = file_path_for_type($file_path, $type); $upload_dir = dirname($file_path); - + if (!is_dir($upload_dir)) { umask(0000); $recursive = true; @@ -1101,7 +1106,7 @@ SELECT // update basic metadata from file // $update = array(); - + if ('high' == $params['type']) { $update['high_filesize'] = $infos['filesize']; @@ -1120,7 +1125,7 @@ SELECT if (count($update) > 0) { $update['id'] = $params['image_id']; - + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); mass_updates( IMAGES_TABLE, @@ -1839,7 +1844,7 @@ function ws_add_image_category_relations($image_id, $categories_string, $replace ); exit(); } - + $query = ' SELECT id @@ -1857,9 +1862,9 @@ SELECT ); exit(); } - + $to_update_cat_ids = array(); - + // in case of replace mode, we first check the existing associations $query = ' SELECT @@ -1884,13 +1889,13 @@ DELETE update_category($to_remove_cat_ids); } } - + $new_cat_ids = array_diff($cat_ids, $existing_cat_ids); if (count($new_cat_ids) == 0) { return true; } - + if ($search_current_ranks) { $query = ' @@ -1914,16 +1919,16 @@ SELECT { $current_rank_of[$cat_id] = 0; } - + if ('auto' == $rank_on_category[$cat_id]) { $rank_on_category[$cat_id] = $current_rank_of[$cat_id] + 1; } } } - + $inserts = array(); - + foreach ($new_cat_ids as $cat_id) { array_push( @@ -1935,14 +1940,14 @@ SELECT ) ); } - + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); mass_inserts( IMAGE_CATEGORY_TABLE, array_keys($inserts[0]), $inserts ); - + update_category($new_cat_ids); } @@ -2001,7 +2006,7 @@ function ws_categories_setInfo($params, &$service) array($update) ); } - + } function ws_logfile($string) @@ -2011,7 +2016,7 @@ function ws_logfile($string) if (!$conf['ws_enable_log']) { return true; } - + file_put_contents( $conf['ws_log_filepath'], '['.date('c').'] '.$string."\n", diff --git a/template-common/scripts.js b/template-common/scripts.js index f6b22b41c..389ed1b21 100644 --- a/template-common/scripts.js +++ b/template-common/scripts.js @@ -71,6 +71,23 @@ function popuphelp(url) } +function blockToggleDisplay(headerId, contentId) +{ + var revHeader = document.getElementById(headerId); + var revContent = document.getElementById(contentId); + + if (revContent.style.display == 'none') + { + revContent.style.display = 'block'; + revHeader.className = 'instructionBlockHeaderExpanded'; + } + else + { + revContent.style.display = 'none'; + revHeader.className = 'instructionBlockHeaderCollapsed'; + } +} + Function.prototype.pwgBind = function() { var __method = this, object = arguments[0], args = new Array(); @@ -90,23 +107,6 @@ function PwgWS(urlRoot) }; }; -function blockToggleDisplay(headerId, contentId) -{ - var revHeader = document.getElementById(headerId); - var revContent = document.getElementById(contentId); - - if (revContent.style.display == 'none') - { - revContent.style.display = 'block'; - revHeader.className = 'instructionBlockHeaderExpanded'; - } - else - { - revContent.style.display = 'none'; - revHeader.className = 'instructionBlockHeaderCollapsed'; - } -} - PwgWS.prototype = { @@ -129,8 +129,9 @@ PwgWS.prototype = { } this.transport.onreadystatechange = this.onStateChange.pwgBind(this); - var url = this.urlRoot; - url += "ws.php?format=json&method="+method; + var url = this.urlRoot+"ws.php?format=json"; + + var body = "method="+method; if (parameters) { for (var property in parameters) @@ -138,14 +139,25 @@ PwgWS.prototype = { if ( typeof parameters[property] == 'object' && parameters[property]) { for (var i=0; i<parameters[property].length; i++) - url += "&"+property+"[]="+encodeURIComponent(parameters[property][i]); + body += "&"+property+"[]="+encodeURIComponent(parameters[property][i]); } else - url += "&"+property+"="+encodeURIComponent(parameters[property]); + body += "&"+property+"="+encodeURIComponent(parameters[property]); } } - this.transport.open(this.options.method, url, this.options.async); - this.transport.send(null); + + if (this.options.method == "POST" ) + { + this.transport.open(this.options.method, url, this.options.async); + this.transport.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); + this.transport.send(body); + } + else + { + url += "&"+body; + this.transport.open(this.options.method, url, this.options.async); + this.transport.send(null); + } }, onStateChange: function() { diff --git a/template/yoga/picture.tpl b/template/yoga/picture.tpl index 26450a21c..5b720c85e 100644 --- a/template/yoga/picture.tpl +++ b/template/yoga/picture.tpl @@ -215,6 +215,7 @@ var y = new PwgWS(rootUrl); y.callService( "pwg.images.setPrivacyLevel", {image_id: id, level:level} , { + method: "POST", onFailure: function(num, text) { selectElement.disabled = false; alert(num + " " + text); }, onSuccess: function(result) { selectElement.disabled = false; } } @@ -136,7 +136,7 @@ function ws_addDefaultMethods( $arr ) 'image_id' => array('flags'=>WS_PARAM_FORCE_ARRAY), 'level' => array('maxValue'=>$conf['available_permission_levels']), ), - 'sets the privacy levels for the images' + 'sets the privacy levels for the images (POST method only)' ); $service->addMethod('pwg.session.getStatus', 'ws_session_getStatus', null, '' ); @@ -278,7 +278,7 @@ function ws_addDefaultMethods( $arr ) 'ws_images_setInfo', array( 'image_id' => array(), - + 'name' => array('default' => null), 'author' => array('default' => null), 'date_creation' => array('default' => null), @@ -297,13 +297,13 @@ function ws_addDefaultMethods( $arr ) <br/><b>single_value_mode</b> can be "fill_if_empty" (only use the input value if the corresponding values is currently empty) or "replace" (overwrite any existing value) and applies to single values properties like name/author/date_creation/comment <br/><b>multiple_value_mode</b> can be "append" (no change on existing values, add the new values) or "replace" and applies to multiple values properties like tag_ids/categories' ); - + $service->addMethod( 'pwg.categories.setInfo', 'ws_categories_setInfo', array( 'category_id' => array(), - + 'name' => array('default' => null), 'comment' => array('default' => null), ), |