diff options
author | rvelices <rv-github@modusoptimus.com> | 2007-02-22 01:12:32 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2007-02-22 01:12:32 +0000 |
commit | cea58b64ee31c3b34887845bef6761edee3c6fc7 (patch) | |
tree | 66e631cdcad99b2189f57627fc77806fc3ca644f /include/ws_functions.inc.php | |
parent | 64108c075b87b5b4815f451909dd9d9b3a7f545a (diff) |
- user comments are not saved in the database with htmlspecialchars anymore
- web service: added the possibility to enter a user comment using the service...
- new comment functions from picture_comment.inc.php
git-svn-id: http://piwigo.org/svn/trunk@1849 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/ws_functions.inc.php')
-rw-r--r-- | include/ws_functions.inc.php | 196 |
1 files changed, 163 insertions, 33 deletions
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 494b3596f..8af08204c 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -32,8 +32,19 @@ function ws_isInvokeAllowed($res, $methodName, $params) { global $conf, $calling_partner_id; - if ( !$conf['ws_access_control'] - or strpos($methodName,'reflection.')===0 ) + + if ( strpos($methodName,'reflection.')===0 ) + { // OK for reflection + return $res; + } + + if ( !is_autorize_status(ACCESS_GUEST) and + strpos($methodName,'pwg.session.')!==0 ) + { + return new PwgError(401, 'Access denied'); + } + + if ( !$conf['ws_access_control'] ) { return $res; // No controls are requested } @@ -486,10 +497,69 @@ ORDER BY global_rank'; /** * returns detailed information for an element (web service method) */ +function ws_images_addComment($params, &$service) +{ + $params['image_id'] = (int)$params['image_id']; + $query = ' +SELECT DISTINCT image_id + FROM '.IMAGE_CATEGORY_TABLE.' INNER JOIN '.CATEGORIES_TABLE.' ON category_id=id + WHERE commentable="true" + AND image_id='.$params['image_id']. + get_sql_condition_FandF( + array( + 'forbidden_categories' => 'id', + 'visible_categories' => 'id', + 'visible_images' => 'image_id' + ), + ' AND' + ); + if ( !mysql_num_rows( pwg_query( $query ) ) ) + { + return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); + } + + include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); + + $comm = array( + 'author' => trim( stripslashes($params['author']) ), + 'content' => trim( stripslashes($params['content']) ), + 'image_id' => $params['image_id'], + ); + + include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); + + $comment_action = insert_user_comment( + $comm, $params['key'], $infos + ); + + switch ($comment_action) + { + case 'reject': + array_push($infos, l10n('comment_not_added') ); + return new PwgError(403, implode("\n", $infos) ); + case 'validate': + case 'moderate': + $ret = array( + 'id' => $comm['id'], + 'validation' => $comment_action=='validate', + ); + return new PwgNamedStruct( + 'comment', + $ret, + null, array() + ); + default: + return new PwgError(500, "Unknown comment action ".$comment_action ); + } +} + +/** + * returns detailed information for an element (web service method) + */ function ws_images_getInfo($params, &$service) { @include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); - global $user; + global $user, $conf; $params['image_id'] = (int)$params['image_id']; if ( $params['image_id']<=0 ) { @@ -515,16 +585,22 @@ LIMIT 1;'; //-------------------------------------------------------- related categories $query = ' -SELECT c.id,c.name,c.uppercats,c.global_rank +SELECT id,name,uppercats,global_rank,commentable FROM '.IMAGE_CATEGORY_TABLE.' - INNER JOIN '.CATEGORIES_TABLE.' c ON category_id = id + INNER JOIN '.CATEGORIES_TABLE.' ON category_id = id WHERE image_id = '.$image_row['id'].' AND category_id NOT IN ('.$user['forbidden_categories'].') ;'; $result = pwg_query($query); + $is_commentable = false; $related_categories = array(); while ($row = mysql_fetch_assoc($result)) { + if ($row['commentable']=='true') + { + $is_commentable = true; + } + unset($row['commentable']); $row['url'] = make_index_url( array( 'category' => $row['id'], @@ -540,6 +616,7 @@ SELECT c.id,c.name,c.uppercats,c.global_rank 'cat_name' => $row['name'], ) ); + $row['id']=(int)$row['id']; array_push($related_categories, $row); } usort($related_categories, 'global_rank_compare'); @@ -565,51 +642,97 @@ SELECT c.id,c.name,c.uppercats,c.global_rank ) ); unset($tag['counter']); + $tag['id']=(int)$tag['id']; $related_tags[$i]=$tag; } + //------------------------------------------------------------- related rates + $query = ' +SELECT COUNT(rate) AS count + , ROUND(AVG(rate),2) AS average + , ROUND(STD(rate),2) AS stdev + FROM '.RATE_TABLE.' + WHERE element_id = '.$image_row['id'].' +;'; + $rating = mysql_fetch_assoc(pwg_query($query)); + $rating['count'] = (int)$rating['count']; + //---------------------------------------------------------- related comments + $related_comments = array(); + + $where_comments = 'image_id = '.$image_row['id']; + if ( !is_admin() ) + { + $where_comments .= ' + AND validated="true"'; + } + $query = ' SELECT COUNT(id) nb_comments FROM '.COMMENTS_TABLE.' - WHERE image_id = '.$image_row['id']; + WHERE '.$where_comments; list($nb_comments) = array_from_query($query, 'nb_comments'); + $nb_comments = (int)$nb_comments; - $query = ' + if ( $nb_comments>0 and $params['comments_per_page']>0 ) + { + $query = ' SELECT id, date, author, content FROM '.COMMENTS_TABLE.' - WHERE image_id = '.$image_row['id'].' - AND validated="true"'; - $query .= ' - ORDER BY date DESC - LIMIT 0, 5'; + WHERE '.$where_comments.' + ORDER BY date + LIMIT '.$params['comments_per_page']*(int)$params['comments_page']. + ','.$params['comments_per_page']; - $result = pwg_query($query); - $related_comments = array(); - while ($row = mysql_fetch_assoc($result)) + $result = pwg_query($query); + while ($row = mysql_fetch_assoc($result)) + { + $row['id']=(int)$row['id']; + array_push($related_comments, $row); + } + } + + $comment_post_data = null; + if ($is_commentable and + (!$user['is_the_guest'] + or ($user['is_the_guest'] and $conf['comments_forall'] ) + ) + ) { - array_push($related_comments, $row); + include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); + $comment_post_data['author'] = $user['username']; + $comment_post_data['key'] = get_comment_post_key($params['image_id']); } - //------------------------------------------------------------- related rates - $query = ' -SELECT COUNT(rate) AS count - , ROUND(AVG(rate),2) AS average - , ROUND(STD(rate),2) AS stdev - FROM '.RATE_TABLE.' - WHERE element_id = '.$image_row['id'].' -;'; - $row = mysql_fetch_assoc(pwg_query($query)); - $ret = $image_row; - $ret['rates'] = array( WS_XML_ATTRIBUTES => $row ); + foreach ( array('id','width','height','hit','filesize') as $k ) + { + if (isset($ret[$k])) + { + $ret[$k] = (int)$ret[$k]; + } + } + foreach ( array('path', 'storage_category_id') as $k ) + { + unset($ret[$k]); + } + + $ret['rates'] = array( WS_XML_ATTRIBUTES => $rating ); $ret['categories'] = new PwgNamedArray($related_categories, 'category', array('id','url', 'page_url') ); $ret['tags'] = new PwgNamedArray($related_tags, 'tag', array('id','url_name','url','page_url') ); + if ( isset($comment_post_data) ) + { + $ret['comment_post'] = array( WS_XML_ATTRIBUTES => $comment_post_data ); + } $ret['comments'] = array( - WS_XML_ATTRIBUTES => array('nb_comments' => $nb_comments), - WS_XML_CONTENT => new PwgNamedArray($related_comments, 'comment', array('id') ) + WS_XML_ATTRIBUTES => + array( + 'page' => $params['comments_page'], + 'per_page' => $params['comments_per_page'], + 'count' => count($related_comments), + 'nb_comments' => $nb_comments, + ), + WS_XML_CONTENT => new PwgNamedArray($related_comments, 'comment', array('id','date') ) ); - unset($ret['path']); - unset($ret['storage_category_id']); return new PwgNamedStruct('image',$ret, null, array('name','comment') ); } @@ -768,10 +891,17 @@ function ws_session_logout($params, &$service) function ws_session_getStatus($params, &$service) { - global $user; + global $user, $lang_info; $res = array(); $res['username'] = $user['is_the_guest'] ? 'guest' : $user['username']; - $res['status'] = $user['status']; + foreach ( array('status', 'template', 'theme', 'language') as $k ) + { + $res[$k] = $user[$k]; + } + foreach ( array('charset') as $k ) + { + $res[$k] = $lang_info[$k]; + } return $res; } |