diff options
author | rvelices <rv-github@modusoptimus.com> | 2007-02-23 13:18:34 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2007-02-23 13:18:34 +0000 |
commit | cb2408a82c9bc93bef177dc33a8981bc36800839 (patch) | |
tree | 85728267a379dd1b39ac089ab2021f000e6cb668 /include/section_init.inc.php | |
parent | 6f03e29735ea395f31d09bbfd15a4e15eaf961e3 (diff) |
Plugins:
- display author and and author url (if present) on plugin admin page
- uniformized versions/authors... for all plugins in svn
- security fix (html escape name, version, uri, author... to avoid javascript injection which could automatically simulate click on Install)
- added confirmation for install/uninstall plugins
Web services:
- web service explorer now caches method details in order to avoid unnecessary web calls
- web service explorer can now send parameters as arrays
- web service explorer uses now prototype.js version 1.5
- small improvements
- added and use function bad_request (sends http status code 400)
git-svn-id: http://piwigo.org/svn/trunk@1852 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/section_init.inc.php | 39 |
1 files changed, 8 insertions, 31 deletions
diff --git a/include/section_init.inc.php b/include/section_init.inc.php index 21396955d..4239ebd93 100644 --- a/include/section_init.inc.php +++ b/include/section_init.inc.php @@ -4,7 +4,6 @@ // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) // | file : $Id$ // | last update : $Date$ // | last modifier : $Author$ @@ -119,7 +118,7 @@ if (script_basename() == 'picture') // basename without file extention } else { - die('Fatal: picture identifier is missing'); + bad_request('picture identifier is missing'); } } } @@ -159,7 +158,7 @@ else if (0 === strpos(@$tokens[$next_token], 'tag')) } else { - array_push($requested_tag_url_names, "'".$tokens[$i]."'"); + array_push($requested_tag_url_names, $tokens[$i]); } $i++; } @@ -167,32 +166,10 @@ else if (0 === strpos(@$tokens[$next_token], 'tag')) if ( empty($requested_tag_ids) && empty($requested_tag_url_names) ) { - die('Fatal: at least one tag required'); - } - // tag infos - $query = ' -SELECT name, url_name, id - FROM '.TAGS_TABLE.' - WHERE '; - if ( !empty($requested_tag_ids) ) - { - $query.= 'id IN ('.implode(',', $requested_tag_ids ).')'; - } - if ( !empty($requested_tag_url_names) ) - { - if ( !empty($requested_tag_ids) ) - { - $query.= ' OR '; - } - $query.= 'url_name IN ('.implode(',', $requested_tag_url_names ).')'; - } - $result = pwg_query($query); - $tag_infos = array(); - while ($row = mysql_fetch_assoc($result)) - { - $tag_infos[ $row['id'] ] = $row; - array_push($page['tags'], $row );//we loose given tag order; is it important? + bad_request('at least one tag required'); } + + $page['tags'] = find_tags($requested_tag_ids, $requested_tag_url_names); if ( empty($page['tags']) ) { page_not_found('Requested tag does not exist', get_root_url().'tags.php' ); @@ -228,10 +205,10 @@ else if ('search' == @$tokens[$next_token]) $page['section'] = 'search'; $next_token++; - preg_match('/(\d+)/', $tokens[$next_token], $matches); + preg_match('/(\d+)/', @$tokens[$next_token], $matches); if (!isset($matches[1])) { - die('Fatal: search identifier is missing'); + bad_request('search identifier is missing'); } $page['search'] = $matches[1]; $next_token++; @@ -254,7 +231,7 @@ else if ('list' == @$tokens[$next_token]) { if (!preg_match('/^\d+(,\d+)*$/', $tokens[$next_token])) { - die('wrong format on list GET parameter'); + bad_request('wrong format on list GET parameter'); } foreach (explode(',', $tokens[$next_token]) as $image_id) { |