diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-09-04 00:57:55 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-09-04 00:57:55 +0000 |
commit | 4002f708e1b701a800b3d6968d12ab9a49c2d071 (patch) | |
tree | f5495a5c5b5b72d2a4c8c5d830bcb47cd02d2bd4 /include/ws_functions.inc.php | |
parent | 56517c7545428a9f655dd31c4bb3ae15a2fac223 (diff) |
- remove hello_world plugin (not working anymore)
- web service method images.add works only for admins now
- fix template-common js web service calls did not have the parameters url encoded
- improve admin user_list - submitting the form with no user selected triggers a javascript alert (had fun with jquery selectors)
git-svn-id: http://piwigo.org/svn/trunk@2496 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/ws_functions.inc.php')
-rw-r--r-- | include/ws_functions.inc.php | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 015f3d391..116db6687 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -918,14 +918,18 @@ UPDATE '.IMAGES_TABLE.' function ws_images_add($params, &$service) { global $conf; - + if (!is_admin() || is_adviser() ) + { + return new PwgError(401, 'Access denied'); + } + // name // category_id // file_content // file_sum // thumbnail_content // thumbnail_sum - + // $fh_log = fopen('/tmp/php.log', 'w'); // fwrite($fh_log, time()."\n"); // fwrite($fh_log, 'input: '.$params['file_sum']."\n"); @@ -934,7 +938,7 @@ function ws_images_add($params, &$service) // current date list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); list($year, $month, $day) = preg_split('/[^\d]/', $dbnow, 4); - + $upload_dir = sprintf( PHPWG_ROOT_PATH.'upload/%s/%s/%s', $year, @@ -942,8 +946,8 @@ function ws_images_add($params, &$service) $day ); - fwrite($fh_log, $upload_dir."\n"); - + //fwrite($fh_log, $upload_dir."\n"); + if (!is_dir($upload_dir)) { umask(0000); $recursive = true; @@ -954,7 +958,7 @@ function ws_images_add($params, &$service) $random_string = substr($params['file_sum'], 0, 8); $filename_wo_ext = $date_string.'-'.$random_string; - + $file_path = $upload_dir.'/'.$filename_wo_ext.'.jpg'; $fh_file = fopen($file_path, 'w'); fwrite($fh_file, base64_decode($params['file_content'])); @@ -967,7 +971,7 @@ function ws_images_add($params, &$service) umask(0000); mkdir($thumbnail_dir, 0777); } - + $thumbnail_path = sprintf( '%s/%s%s.%s', $thumbnail_dir, @@ -1011,7 +1015,7 @@ function ws_images_add($params, &$service) array_keys($insert), array($insert) ); - + // fclose($fh_log); } |