aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authormistic100 <mistic@piwigo.org>2013-10-22 12:58:58 +0000
committermistic100 <mistic@piwigo.org>2013-10-22 12:58:58 +0000
commit24b977d8775e70e15b60cbd5143e84f4c08d4e23 (patch)
tree586d34b971897e705b9803abf6ad4a9686f22e8f /include
parent677fe6f8881e43b009c8a2babb0565b6ba1620df (diff)
feature:2982 API: add high-level type check
introduces some constants fro bool, int, float, positive and notnull parameters types are tested in PwgServer::invoke and no in each method + some optimizations + update methods descriptions git-svn-id: http://piwigo.org/svn/trunk@25077 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/ws_core.inc.php233
-rw-r--r--include/ws_functions.inc.php288
2 files changed, 282 insertions, 239 deletions
diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php
index 933b2ba57..3bb69a828 100644
--- a/include/ws_core.inc.php
+++ b/include/ws_core.inc.php
@@ -35,6 +35,13 @@ define( 'WS_PARAM_ACCEPT_ARRAY', 0x010000 );
define( 'WS_PARAM_FORCE_ARRAY', 0x030000 );
define( 'WS_PARAM_OPTIONAL', 0x040000 );
+define( 'WS_TYPE_BOOL', 0x01 );
+define( 'WS_TYPE_INT', 0x02 );
+define( 'WS_TYPE_FLOAT', 0x04 );
+define( 'WS_TYPE_POSITIVE', 0x10 );
+define( 'WS_TYPE_NOTNULL', 0x20 );
+define( 'WS_TYPE_ID', WS_TYPE_INT | WS_TYPE_POSITIVE | WS_TYPE_NOTNULL);
+
define( 'WS_ERR_INVALID_METHOD', 501 );
define( 'WS_ERR_MISSING_PARAM', 1002 );
define( 'WS_ERR_INVALID_PARAM', 1003 );
@@ -273,12 +280,16 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
return;
}
- $this->addMethod('reflection.getMethodList',
- array('PwgServer', 'ws_getMethodList'),
- null, '' );
- $this->addMethod('reflection.getMethodDetails',
+ // add reflection methods
+ $this->addMethod(
+ 'reflection.getMethodList',
+ array('PwgServer', 'ws_getMethodList')
+ );
+ $this->addMethod(
+ 'reflection.getMethodDetails',
array('PwgServer', 'ws_getMethodDetails'),
- array('methodName'),'');
+ array('methodName')
+ );
trigger_action('ws_add_methods', array(&$this) );
uksort( $this->_methods, 'strnatcmp' );
@@ -302,19 +313,20 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
* Registers a web service method.
* @param methodName string - the name of the method as seen externally
* @param callback mixed - php method to be invoked internally
- * @param params array - map of allowed parameter names with optional default
- * values and parameter flags. Example of $params:
- * array( 'param1' => array('default'=>523, 'flags'=>WS_PARAM_FORCE_ARRAY) ).
- * Possible parameter flags are:
- * WS_PARAM_ALLOW_ARRAY - this parameter can be an array
- * WS_PARAM_FORCE_ARRAY - if this parameter is scalar, force it to an array
- * before invoking the method
+ * @param params array - map of allowed parameter names with options
+ * @option mixed default (optional)
+ * @option int flags (optional)
+ * possible values: WS_PARAM_ALLOW_ARRAY, WS_PARAM_FORCE_ARRAY, WS_PARAM_OPTIONAL
+ * @option int type (optional)
+ * possible values: WS_TYPE_BOOL, WS_TYPE_INT, WS_TYPE_FLOAT, WS_TYPE_ID
+ * WS_TYPE_POSITIVE, WS_TYPE_NOTNULL
+ * @option int|float maxValue (optional)
* @param description string - a description of the method.
* @param include_file string - a file to be included befaore the callback is executed
- * @param options array - Available options are:
- * hidden - if true, this method won't be visible by reflection.getMethodList
+ * @param options array
+ * @option bool hidden (hidden) - if true, this method won't be visible by reflection.getMethodList
*/
- function addMethod($methodName, $callback, $params=array(), $description, $include_file='', $options=array())
+ function addMethod($methodName, $callback, $params=array(), $description='', $include_file='', $options=array())
{
if (!is_array($params))
{
@@ -330,16 +342,22 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
{
if ( !is_array($data) )
{
- $params[$param] = array('flags'=>0);
+ $params[$param] = array('flags'=>0,'type'=>0);
}
else
{
- $flags = isset($data['flags']) ? $data['flags'] : 0;
+ if ( !isset($data['flags']) )
+ {
+ $data['flags'] = 0;
+ }
if ( array_key_exists('default', $data) )
{
- $flags |= WS_PARAM_OPTIONAL;
+ $data['flags'] |= WS_PARAM_OPTIONAL;
+ }
+ if ( !isset($data['type']) )
+ {
+ $data['type'] = 0;
}
- $data['flags'] = $flags;
$params[$param] = $data;
}
}
@@ -375,7 +393,7 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
return isset($HTTP_RAW_POST_DATA) or !empty($_POST);
}
- /*static*/ function makeArrayParam(&$param)
+ static function makeArrayParam(&$param)
{
if ( $param==null )
{
@@ -383,12 +401,100 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
}
else
{
- if (! is_array($param) )
+ if ( !is_array($param) )
{
$param = array($param);
}
}
}
+
+ static function checkType(&$param, $type, $name)
+ {
+ $opts = array();
+ $msg = '';
+ if ( self::hasFlag($type, WS_TYPE_POSITIVE | WS_TYPE_NOTNULL) )
+ {
+ $opts['options']['min_range'] = 1;
+ $msg = ' positive and not null';
+ }
+ else if ( self::hasFlag($type, WS_TYPE_POSITIVE) )
+ {
+ $opts['options']['min_range'] = 0;
+ $msg = ' positive';
+ }
+
+ if ( is_array($param) )
+ {
+ if ( self::hasFlag($type, WS_TYPE_BOOL) )
+ {
+ foreach ($param as &$value)
+ {
+ if ( ($value = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE)) === null )
+ {
+ return new PwgError(WS_ERR_INVALID_PARAM, $name.' must only contain booleans' );
+ }
+ }
+ unset($value);
+ }
+ else if ( self::hasFlag($type, WS_TYPE_INT) )
+ {
+ foreach ($param as &$value)
+ {
+ if ( ($value = filter_var($value, FILTER_VALIDATE_INT, $opts)) === false )
+ {
+ return new PwgError(WS_ERR_INVALID_PARAM, $name.' must only contain'.$msg.' integers' );
+ }
+ }
+ unset($value);
+ }
+ else if ( self::hasFlag($type, WS_TYPE_FLOAT) )
+ {
+ foreach ($param as &$value)
+ {
+ if (
+ ($value = filter_var($value, FILTER_VALIDATE_FLOAT)) === false
+ or ( isset($opts['options']['min_range']) and $value < $opts['options']['min_range'] )
+ ) {
+ return new PwgError(WS_ERR_INVALID_PARAM, $name.' must only contain'.$msg.' floats' );
+ }
+ }
+ unset($value);
+ }
+ }
+ else if ( $param !== '' )
+ {
+ if ( self::hasFlag($type, WS_TYPE_BOOL) )
+ {
+ if ( ($param = filter_var($param, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE)) === null )
+ {
+ return new PwgError(WS_ERR_INVALID_PARAM, $name.' must be a boolean' );
+ }
+ }
+ else if ( self::hasFlag($type, WS_TYPE_INT) )
+ {
+ if ( ($param = filter_var($param, FILTER_VALIDATE_INT, $opts)) === false )
+ {
+ return new PwgError(WS_ERR_INVALID_PARAM, $name.' must be an'.$msg.' integer' );
+ }
+ }
+ else if ( self::hasFlag($type, WS_TYPE_FLOAT) )
+ {
+ if (
+ ($param = filter_var($param, FILTER_VALIDATE_FLOAT)) === false
+ or ( isset($opts['options']['min_range']) and $param < $opts['options']['min_range'] )
+ ) {
+ return new PwgError(WS_ERR_INVALID_PARAM, $name.' must be a'.$msg.' float' );
+ }
+ }
+ }
+
+ return null;
+ }
+
+ static function hasFlag($val, $flag)
+ {
+ return ($val & $flag) == $flag;
+ }
/**
* Invokes a registered method. Returns the return of the method (or
@@ -400,54 +506,77 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
{
$method = @$this->_methods[$methodName];
- if ( $method==null )
+ if ( $method == null )
{
return new PwgError(WS_ERR_INVALID_METHOD, 'Method name is not valid');
}
- // parameter check and data coercion !
+ // parameter check and data correction
$signature = $method['signature'];
$missing_params = array();
- foreach($signature as $name=>$options)
+
+ foreach ($signature as $name => $options)
{
$flags = $options['flags'];
+
+ // parameter not provided in the request
if ( !array_key_exists($name, $params) )
- {// parameter not provided in the request
- if ( !($flags&WS_PARAM_OPTIONAL) )
+ {
+ if ( !self::hasFlag($flags, WS_PARAM_OPTIONAL) )
{
$missing_params[] = $name;
}
- else if ( array_key_exists('default',$options) )
+ else if ( array_key_exists('default', $options) )
{
$params[$name] = $options['default'];
- if ( ($flags&WS_PARAM_FORCE_ARRAY)==WS_PARAM_FORCE_ARRAY )
+ if ( self::hasFlag($flags, WS_PARAM_FORCE_ARRAY) )
{
- $this->makeArrayParam( $params[$name] );
+ self::makeArrayParam($params[$name]);
}
}
}
+ // parameter provided but empty
+ else if ( $params[$name]==='' and !self::hasFlag($flags, WS_PARAM_OPTIONAL) )
+ {
+ $missing_params[] = $name;
+ }
+ // parameter provided - do some basic checks
else
- {// parameter provided - do some basic checks
+ {
$the_param = $params[$name];
- if ( is_array($the_param) and ($flags&WS_PARAM_ACCEPT_ARRAY)==0 )
+
+ if ( is_array($the_param) and !self::hasFlag($flags, WS_PARAM_ACCEPT_ARRAY) )
{
return new PwgError(WS_ERR_INVALID_PARAM, $name.' must be scalar' );
}
- if ( ($flags&WS_PARAM_FORCE_ARRAY)==WS_PARAM_FORCE_ARRAY )
+
+ if ( self::hasFlag($flags, WS_PARAM_FORCE_ARRAY) )
+ {
+ self::makeArrayParam($the_param);
+ }
+
+ if ( $options['type'] > 0 )
{
- $this->makeArrayParam( $the_param );
+ if ( ($ret = self::checkType($the_param, $options['type'], $name)) !== null )
+ {
+ return $ret;
+ }
}
+
if ( isset($options['maxValue']) and $the_param>$options['maxValue'])
{
$the_param = $options['maxValue'];
}
+
$params[$name] = $the_param;
}
}
+
if (count($missing_params))
{
return new PwgError(WS_ERR_MISSING_PARAM, 'Missing parameters: '.implode(',',$missing_params));
}
+
$result = trigger_event('ws_invoke_allowed', true, $methodName, $params);
if ( strtolower( @get_class($result) )!='pwgerror')
{
@@ -457,6 +586,7 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
}
$result = call_user_func_array($method['callback'], array($params, &$this) );
}
+
return $result;
}
@@ -476,24 +606,27 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
static function ws_getMethodDetails($params, &$service)
{
$methodName = $params['methodName'];
+
if (!$service->hasMethod($methodName))
{
- return new PwgError(WS_ERR_INVALID_PARAM,
- 'Requested method does not exist');
+ return new PwgError(WS_ERR_INVALID_PARAM, 'Requested method does not exist');
}
+
$res = array(
'name' => $methodName,
'description' => $service->getMethodDescription($methodName),
'params' => array(),
);
- $signature = $service->getMethodSignature($methodName);
- foreach ($signature as $name => $options)
+
+ foreach ($service->getMethodSignature($methodName) as $name => $options)
{
$param_data = array(
'name' => $name,
- 'optional' => ($options['flags']&WS_PARAM_OPTIONAL)?true:false,
- 'acceptArray' => ($options['flags']&WS_PARAM_ACCEPT_ARRAY)?true:false,
+ 'optional' => self::hasFlag($options['flags'], WS_PARAM_OPTIONAL),
+ 'acceptArray' => self::hasFlag($options['flags'], WS_PARAM_ACCEPT_ARRAY),
+ 'type' => 'mixed',
);
+
if (isset($options['default']))
{
$param_data['defaultValue'] = $options['default'];
@@ -502,6 +635,28 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF
{
$param_data['info'] = $options['info'];
}
+
+ if ( self::hasFlag($options['type'], WS_TYPE_BOOL) )
+ {
+ $param_data['type'] = 'bool';
+ }
+ else if ( self::hasFlag($options['type'], WS_TYPE_INT) )
+ {
+ $param_data['type'] = 'int';
+ }
+ else if ( self::hasFlag($options['type'], WS_TYPE_FLOAT) )
+ {
+ $param_data['type'] = 'float';
+ }
+ if ( self::hasFlag($options['type'], WS_TYPE_POSITIVE) )
+ {
+ $param_data['type'].= ' positive';
+ }
+ if ( self::hasFlag($options['type'], WS_TYPE_NOTNULL) )
+ {
+ $param_data['type'].= ' notnull';
+ }
+
$res['params'][] = $param_data;
}
return $res;
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index eb0399f2d..d2a920772 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -226,11 +226,7 @@ function ws_getMissingDerivatives($params, $service)
}
}
- if ( ($max_urls = intval($params['max_urls'])) <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid max_urls");
- }
-
+ $max_urls = $params['max_urls'];
list($max_id, $image_count) = pwg_db_fetch_row( pwg_query('SELECT MAX(id)+1, COUNT(*) FROM '.IMAGES_TABLE) );
if (0 == $image_count)
@@ -308,10 +304,14 @@ function ws_getMissingDerivatives($params, $service)
function ws_getVersion($params, $service)
{
global $conf;
- if ($conf['show_version'] or is_admin() )
+ if ( $conf['show_version'] or is_admin() )
+ {
return PHPWG_VERSION;
+ }
else
+ {
return new PwgError(403, 'Forbidden');
+ }
}
/**
@@ -387,11 +387,6 @@ function ws_caddie_add($params, $service)
{
return new PwgError(401, 'Access denied');
}
- $params['image_id'] = array_map( 'intval',$params['image_id'] );
- if ( empty($params['image_id']) )
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
- }
global $user;
$query = '
SELECT id
@@ -427,9 +422,6 @@ function ws_categories_getImages($params, $service)
$where_clauses = array();
foreach($params['cat_id'] as $cat_id)
{
- $cat_id = (int)$cat_id;
- if ($cat_id<=0)
- continue;
if ($params['recursive'])
{
$where_clauses[] = 'uppercats '.DB_REGEX_OPERATOR.' \'(^|,)'.$cat_id.'(,|$)\'';
@@ -960,7 +952,7 @@ function ws_images_addComment($params, $service)
{
return new PwgError(405, "This method requires HTTP POST");
}
- $params['image_id'] = (int)$params['image_id'];
+
$query = '
SELECT DISTINCT image_id
FROM '.IMAGE_CATEGORY_TABLE.' INNER JOIN '.CATEGORIES_TABLE.' ON category_id=id
@@ -1014,11 +1006,6 @@ SELECT DISTINCT image_id
function ws_images_getInfo($params, $service)
{
global $user, $conf;
- $params['image_id'] = (int)$params['image_id'];
- if ( $params['image_id']<=0 )
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
- }
$query='
SELECT * FROM '.IMAGES_TABLE.'
@@ -1028,12 +1015,14 @@ SELECT * FROM '.IMAGES_TABLE.'
' AND'
).'
LIMIT 1';
-
- $image_row = pwg_db_fetch_assoc(pwg_query($query));
- if ($image_row==null)
+ $result = pwg_query($query);
+
+ if (pwg_db_num_rows($resul) == 0)
{
return new PwgError(404, "image_id not found");
}
+
+ $image_row = pwg_db_fetch_assoc($result);
$image_row = array_merge( $image_row, ws_std_get_urls($image_row) );
//-------------------------------------------------------- related categories
@@ -1202,11 +1191,10 @@ SELECT id, date, author, content
*/
function ws_images_Rate($params, $service)
{
- $image_id = (int)$params['image_id'];
$query = '
SELECT DISTINCT id FROM '.IMAGES_TABLE.'
INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
- WHERE id='.$image_id
+ WHERE id='.$params['image_id']
.get_sql_condition_FandF(
array(
'forbidden_categories' => 'category_id',
@@ -1221,7 +1209,7 @@ SELECT DISTINCT id FROM '.IMAGES_TABLE.'
}
$rate = (int)$params['rate'];
include_once(PHPWG_ROOT_PATH.'include/functions_rate.inc.php');
- $res = rate_picture( $image_id, $rate );
+ $res = rate_picture( $params['image_id'], $rate );
if ($res==false)
{
global $conf;
@@ -1256,9 +1244,6 @@ function ws_images_search($params, $service)
implode(' AND ', $where_clauses)
);
- $params['per_page'] = (int)$params['per_page'];
- $params['page'] = (int)$params['page'];
-
$image_ids = array_slice(
$search_result['items'],
$params['page']*$params['per_page'],
@@ -1317,13 +1302,8 @@ function ws_images_setPrivacyLevel($params, $service)
{
return new PwgError(405, "This method requires HTTP POST");
}
- $params['image_id'] = array_map( 'intval',$params['image_id'] );
- if ( empty($params['image_id']) )
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
- }
global $conf;
- if ( !in_array( (int)$params['level'], $conf['available_permission_levels']) )
+ if ( !in_array($params['level'], $conf['available_permission_levels']) )
{
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid level");
}
@@ -1354,53 +1334,28 @@ function ws_images_setRank($params, $service)
return new PwgError(405, "This method requires HTTP POST");
}
- // is the image_id valid?
- $params['image_id'] = (int)$params['image_id'];
- if ($params['image_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
- }
-
- // is the category valid?
- $params['category_id'] = (int)$params['category_id'];
- if ($params['category_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");
- }
-
- // is the rank valid?
- $params['rank'] = (int)$params['rank'];
- if ($params['rank'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid rank");
- }
-
// does the image really exist?
$query='
-SELECT
- *
+SELECT COUNT(*)
FROM '.IMAGES_TABLE.'
WHERE id = '.$params['image_id'].'
;';
- $image_row = pwg_db_fetch_assoc(pwg_query($query));
- if ($image_row == null)
+ list($count) = pwg_db_fetch_row(pwg_query($query));
+ if ($count == 0)
{
return new PwgError(404, "image_id not found");
}
// is the image associated to this category?
$query = '
-SELECT
- image_id,
- category_id,
- rank
+SELECT COUNT(*)
FROM '.IMAGE_CATEGORY_TABLE.'
WHERE image_id = '.$params['image_id'].'
AND category_id = '.$params['category_id'].'
;';
- $category_row = pwg_db_fetch_assoc(pwg_query($query));
- if ($category_row == null)
+ list($count) = pwg_db_fetch_row(pwg_query($query));
+ if ($count == 0)
{
return new PwgError(404, "This image is not associated to this category");
}
@@ -1626,12 +1581,6 @@ function ws_images_addFile($params, $service)
return new PwgError(401, 'Access denied');
}
- $params['image_id'] = (int)$params['image_id'];
- if ($params['image_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
- }
-
//
// what is the path and other infos about the photo?
//
@@ -1646,12 +1595,14 @@ SELECT
FROM '.IMAGES_TABLE.'
WHERE id = '.$params['image_id'].'
;';
- $image = pwg_db_fetch_assoc(pwg_query($query));
+ $result = pwg_query($query);
- if ($image == null)
+ if (pwg_db_num_rows($result) == 0)
{
return new PwgError(404, "image_id not found");
}
+
+ $image = pwg_db_fetch_assoc($result);
// since Piwigo 2.4 and derivatives, we do not take the imported "thumb"
// into account
@@ -1726,17 +1677,16 @@ function ws_images_add($params, $service)
);
}
- $params['image_id'] = (int)$params['image_id'];
if ($params['image_id'] > 0)
{
$query='
-SELECT *
+SELECT COUNT(*)
FROM '.IMAGES_TABLE.'
WHERE id = '.$params['image_id'].'
;';
- $image_row = pwg_db_fetch_assoc(pwg_query($query));
- if ($image_row == null)
+ list($count) = pwg_db_fetch_row(pwg_query($query));
+ if ($count == 0)
{
return new PwgError(404, "image_id not found");
}
@@ -1755,8 +1705,7 @@ SELECT *
}
$query = '
-SELECT
- COUNT(*) AS counter
+SELECT COUNT(*)
FROM '.IMAGES_TABLE.'
WHERE '.$where_clause.'
;';
@@ -1879,38 +1828,30 @@ function ws_images_addSimple($params, $service)
if (!isset($_FILES['image']))
{
- return new PwgError(405, "The image (file) parameter is missing");
+ return new PwgError(405, "The image (file) is missing");
}
- $params['image_id'] = (int)$params['image_id'];
if ($params['image_id'] > 0)
{
$query='
-SELECT *
+SELECT COUNT(*)
FROM '.IMAGES_TABLE.'
WHERE id = '.$params['image_id'].'
;';
- $image_row = pwg_db_fetch_assoc(pwg_query($query));
- if ($image_row == null)
+ list($count) = pwg_db_fetch_row(pwg_query($query));
+ if ($count == 0)
{
return new PwgError(404, "image_id not found");
}
}
- // category
- $params['category'] = (int)$params['category'];
- if ($params['category'] <= 0 and $params['image_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");
- }
-
include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
$image_id = add_uploaded_file(
$_FILES['image']['tmp_name'],
$_FILES['image']['name'],
- $params['category'] > 0 ? array($params['category']) : null,
+ $params['category'],
8,
$params['image_id'] > 0 ? $params['image_id'] : null
);
@@ -1931,14 +1872,14 @@ SELECT *
}
}
- if (count(array_keys($update)) > 0)
+ if (count($update) > 0)
{
$update['id'] = $image_id;
single_update(
IMAGES_TABLE,
$update,
- array('id', $update['id'])
+ array('id' => $update['id'])
);
}
@@ -1969,12 +1910,12 @@ SELECT *
$url_params = array('image_id' => $image_id);
- if ($params['category'] > 0)
+ if (!empty($params['category']))
{
$query = '
SELECT id, name, permalink
FROM '.CATEGORIES_TABLE.'
- WHERE id = '.$params['category'].'
+ WHERE id = '.$params['category'][0].'
;';
$result = pwg_query($query);
$category = pwg_db_fetch_assoc($result);
@@ -2009,15 +1950,9 @@ function ws_rates_delete($params, $service)
return new PwgError(401, 'Access denied');
}
- $user_id = (int)$params['user_id'];
- if ($user_id<=0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid user_id');
- }
-
$query = '
DELETE FROM '.RATE_TABLE.'
- WHERE user_id='.$user_id;
+ WHERE user_id='.$params['user_id'];
if (!empty($params['anonymous_id']))
{
@@ -2144,7 +2079,6 @@ function ws_tags_getImages($params, $service)
global $conf;
// first build all the tag_ids we are interested in
- $params['tag_id'] = array_map( 'intval',$params['tag_id'] );
$tags = find_tags($params['tag_id'], $params['tag_url_name'], $params['tag_name']);
$tags_by_id = array();
foreach( $tags as $tag )
@@ -2168,8 +2102,6 @@ function ws_tags_getImages($params, $service)
ws_std_image_sql_order($params) );
$count_set = count($image_ids);
- $params['per_page'] = (int)$params['per_page'];
- $params['page'] = (int)$params['page'];
$image_ids = array_slice($image_ids, $params['per_page']*$params['page'], $params['per_page'] );
$image_tag_map = array();
@@ -2272,16 +2204,6 @@ function ws_categories_add($params, $service)
$options['status'] = $params['status'];
}
- if (!empty($params['visible']) and in_array($params['visible'], array('true','false')))
- {
- $options['visible'] = get_boolean($params['visible']);
- }
-
- if (!empty($params['commentable']) and in_array($params['commentable'], array('true','false')) )
- {
- $options['commentable'] = get_boolean($params['commentable']);
- }
-
if (!empty($params['comment']))
{
$options['comment'] = $params['comment'];
@@ -2367,8 +2289,7 @@ SELECT
}
}
}
-
- if ('filename' == $conf['uniqueness_mode'])
+ else if ('filename' == $conf['uniqueness_mode'])
{
// search among photos the list of photos already added, based on
// filename list
@@ -2419,12 +2340,6 @@ function ws_images_checkFiles($params, $service)
// file_sum
// high_sum
- $params['image_id'] = (int)$params['image_id'];
- if ($params['image_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
- }
-
$query = '
SELECT
path
@@ -2489,12 +2404,6 @@ function ws_images_setInfo($params, $service)
return new PwgError(405, "This method requires HTTP POST");
}
- $params['image_id'] = (int)$params['image_id'];
- if ($params['image_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
- }
-
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
$query='
@@ -2502,12 +2411,14 @@ SELECT *
FROM '.IMAGES_TABLE.'
WHERE id = '.$params['image_id'].'
;';
-
- $image_row = pwg_db_fetch_assoc(pwg_query($query));
- if ($image_row == null)
+ $result = pwg_query($query);
+
+ if (pwg_db_num_rows($result) == 0)
{
return new PwgError(404, "image_id not found");
}
+
+ $image_row = pwg_db_fetch_assoc($result);
// database registration
$update = array();
@@ -2564,7 +2475,7 @@ SELECT *
single_update(
IMAGES_TABLE,
$update,
- array('id', $update['id'])
+ array('id' => $update['id'])
);
}
@@ -2633,17 +2544,20 @@ function ws_images_delete($params, $service)
return new PwgError(405, "This method requires HTTP POST");
}
- if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+ if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
- $params['image_id'] = preg_split(
- '/[\s,;\|]/',
- $params['image_id'],
- -1,
- PREG_SPLIT_NO_EMPTY
- );
+ if (!is_array($params['image_id']))
+ {
+ $params['image_id'] = preg_split(
+ '/[\s,;\|]/',
+ $params['image_id'],
+ -1,
+ PREG_SPLIT_NO_EMPTY
+ );
+ }
$params['image_id'] = array_map('intval', $params['image_id']);
$image_ids = array();
@@ -2826,12 +2740,6 @@ function ws_categories_setInfo($params, $service)
// name
// comment
- $params['category_id'] = (int)$params['category_id'];
- if ($params['category_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");
- }
-
// database registration
$update = array(
'id' => $params['category_id'],
@@ -2857,7 +2765,7 @@ function ws_categories_setInfo($params, $service)
single_update(
CATEGORIES_TABLE,
$update,
- array('id', $update['id'])
+ array('id' => $update['id'])
);
}
}
@@ -2879,41 +2787,27 @@ function ws_categories_setRepresentative($params, $service)
// category_id
// image_id
- $params['category_id'] = (int)$params['category_id'];
- if ($params['category_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id");
- }
-
// does the category really exist?
$query='
-SELECT
- *
+SELECT COUNT(*)
FROM '.CATEGORIES_TABLE.'
WHERE id = '.$params['category_id'].'
;';
- $row = pwg_db_fetch_assoc(pwg_query($query));
- if ($row == null)
+ list($count) = pwg_db_fetch_row(pwg_query($query));
+ if ($count == 0)
{
return new PwgError(404, "category_id not found");
}
- $params['image_id'] = (int)$params['image_id'];
- if ($params['image_id'] <= 0)
- {
- return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
- }
-
// does the image really exist?
$query='
-SELECT
- *
+SELECT COUNT(*)
FROM '.IMAGES_TABLE.'
WHERE id = '.$params['image_id'].'
;';
- $row = pwg_db_fetch_assoc(pwg_query($query));
- if ($row == null)
+ list($count) = pwg_db_fetch_row(pwg_query($query));
+ if ($count == 0)
{
return new PwgError(404, "image_id not found");
}
@@ -2947,7 +2841,7 @@ function ws_categories_delete($params, $service)
return new PwgError(405, "This method requires HTTP POST");
}
- if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+ if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
@@ -2963,12 +2857,15 @@ function ws_categories_delete($params, $service)
);
}
- $params['category_id'] = preg_split(
- '/[\s,;\|]/',
- $params['category_id'],
- -1,
- PREG_SPLIT_NO_EMPTY
- );
+ if (!is_array($params['category_id']))
+ {
+ $params['category_id'] = preg_split(
+ '/[\s,;\|]/',
+ $params['category_id'],
+ -1,
+ PREG_SPLIT_NO_EMPTY
+ );
+ }
$params['category_id'] = array_map('intval', $params['category_id']);
$category_ids = array();
@@ -3016,17 +2913,20 @@ function ws_categories_move($params, $service)
return new PwgError(405, "This method requires HTTP POST");
}
- if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+ if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
- $params['category_id'] = preg_split(
- '/[\s,;\|]/',
- $params['category_id'],
- -1,
- PREG_SPLIT_NO_EMPTY
- );
+ if (!is_array($params['category_id']))
+ {
+ $params['category_id'] = preg_split(
+ '/[\s,;\|]/',
+ $params['category_id'],
+ -1,
+ PREG_SPLIT_NO_EMPTY
+ );
+ }
$params['category_id'] = array_map('intval', $params['category_id']);
$category_ids = array();
@@ -3095,15 +2995,8 @@ SELECT
// does this parent exists? This check should be made in the
// move_categories function, not here
- //
// 0 as parent means "move categories at gallery root"
- if (!is_numeric($params['parent']))
- {
- return new PwgError(403, 'Invalid parent input parameter');
- }
-
if (0 != $params['parent']) {
- $params['parent'] = intval($params['parent']);
$subcat_ids = get_subcat_ids(array($params['parent']));
if (count($subcat_ids) == 0)
{
@@ -3206,7 +3099,7 @@ function ws_plugins_performAction($params, &$service)
return new PwgError(401, 'Access denied');
}
- if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+ if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
@@ -3240,7 +3133,7 @@ function ws_themes_performAction($params, $service)
return new PwgError(401, 'Access denied');
}
- if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+ if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
@@ -3271,21 +3164,16 @@ function ws_extensions_update($params, $service)
return new PwgError(401, l10n('Webmaster status is required.'));
}
- if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+ if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
- if (empty($params['type']) or !in_array($params['type'], array('plugins', 'themes', 'languages')))
+ if (!in_array($params['type'], array('plugins', 'themes', 'languages')))
{
return new PwgError(403, "invalid extension type");
}
- if (empty($params['id']) or empty($params['revision']))
- {
- return new PwgError(null, 'Wrong parameters');
- }
-
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once(PHPWG_ROOT_PATH.'admin/include/'.$params['type'].'.class.php');
@@ -3366,7 +3254,7 @@ function ws_extensions_ignoreupdate($params, $service)
return new PwgError(401, 'Access denied');
}
- if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token'])
+ if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}