aboutsummaryrefslogtreecommitdiffstats
path: root/include/section_init.inc.php
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2007-02-23 13:18:34 +0000
committerrvelices <rv-github@modusoptimus.com>2007-02-23 13:18:34 +0000
commitcb2408a82c9bc93bef177dc33a8981bc36800839 (patch)
tree85728267a379dd1b39ac089ab2021f000e6cb668 /include/section_init.inc.php
parent6f03e29735ea395f31d09bbfd15a4e15eaf961e3 (diff)
Plugins:
- display author and and author url (if present) on plugin admin page - uniformized versions/authors... for all plugins in svn - security fix (html escape name, version, uri, author... to avoid javascript injection which could automatically simulate click on Install) - added confirmation for install/uninstall plugins Web services: - web service explorer now caches method details in order to avoid unnecessary web calls - web service explorer can now send parameters as arrays - web service explorer uses now prototype.js version 1.5 - small improvements - added and use function bad_request (sends http status code 400) git-svn-id: http://piwigo.org/svn/trunk@1852 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/section_init.inc.php39
1 files changed, 8 insertions, 31 deletions
diff --git a/include/section_init.inc.php b/include/section_init.inc.php
index 21396955d..4239ebd93 100644
--- a/include/section_init.inc.php
+++ b/include/section_init.inc.php
@@ -4,7 +4,6 @@
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
-// | branch : BSF (Best So Far)
// | file : $Id$
// | last update : $Date$
// | last modifier : $Author$
@@ -119,7 +118,7 @@ if (script_basename() == 'picture') // basename without file extention
}
else
{
- die('Fatal: picture identifier is missing');
+ bad_request('picture identifier is missing');
}
}
}
@@ -159,7 +158,7 @@ else if (0 === strpos(@$tokens[$next_token], 'tag'))
}
else
{
- array_push($requested_tag_url_names, "'".$tokens[$i]."'");
+ array_push($requested_tag_url_names, $tokens[$i]);
}
$i++;
}
@@ -167,32 +166,10 @@ else if (0 === strpos(@$tokens[$next_token], 'tag'))
if ( empty($requested_tag_ids) && empty($requested_tag_url_names) )
{
- die('Fatal: at least one tag required');
- }
- // tag infos
- $query = '
-SELECT name, url_name, id
- FROM '.TAGS_TABLE.'
- WHERE ';
- if ( !empty($requested_tag_ids) )
- {
- $query.= 'id IN ('.implode(',', $requested_tag_ids ).')';
- }
- if ( !empty($requested_tag_url_names) )
- {
- if ( !empty($requested_tag_ids) )
- {
- $query.= ' OR ';
- }
- $query.= 'url_name IN ('.implode(',', $requested_tag_url_names ).')';
- }
- $result = pwg_query($query);
- $tag_infos = array();
- while ($row = mysql_fetch_assoc($result))
- {
- $tag_infos[ $row['id'] ] = $row;
- array_push($page['tags'], $row );//we loose given tag order; is it important?
+ bad_request('at least one tag required');
}
+
+ $page['tags'] = find_tags($requested_tag_ids, $requested_tag_url_names);
if ( empty($page['tags']) )
{
page_not_found('Requested tag does not exist', get_root_url().'tags.php' );
@@ -228,10 +205,10 @@ else if ('search' == @$tokens[$next_token])
$page['section'] = 'search';
$next_token++;
- preg_match('/(\d+)/', $tokens[$next_token], $matches);
+ preg_match('/(\d+)/', @$tokens[$next_token], $matches);
if (!isset($matches[1]))
{
- die('Fatal: search identifier is missing');
+ bad_request('search identifier is missing');
}
$page['search'] = $matches[1];
$next_token++;
@@ -254,7 +231,7 @@ else if ('list' == @$tokens[$next_token])
{
if (!preg_match('/^\d+(,\d+)*$/', $tokens[$next_token]))
{
- die('wrong format on list GET parameter');
+ bad_request('wrong format on list GET parameter');
}
foreach (explode(',', $tokens[$next_token]) as $image_id)
{