diff options
author | vdigital <vdigital@piwigo.org> | 2007-02-23 23:25:34 +0000 |
---|---|---|
committer | vdigital <vdigital@piwigo.org> | 2007-02-23 23:25:34 +0000 |
commit | f800d4fb40468fbf255ac78ccd2da82544f8d557 (patch) | |
tree | 1498f742bf9667bf3e8e76e875f2a5b1028eee84 /include | |
parent | cb2408a82c9bc93bef177dc33a8981bc36800839 (diff) |
New / Web Services:
- ws_checker.php makes its own web service request to control availability
- config_default.inc.php : comment for cURL support needed for checker
- ws_function authorize session and getVersion for any partner
- help review
New Admin Menu: review.
git-svn-id: http://piwigo.org/svn/trunk@1853 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r-- | include/config_default.inc.php | 2 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 10 |
2 files changed, 9 insertions, 3 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 6fd1b0b26..3c3d0e7e0 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -605,7 +605,7 @@ $conf['allow_web_services'] = true; // Maximum number of images to be returned foreach call to the web service $conf['ws_max_images_per_page'] = 500; -// On Access control false +// On Access control false / Admim Web Service need Php cURL extension // Controls are done on public basis or // if connected on member authorization basis $conf['ws_access_control'] = false; diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index c68d5d195..e19966673 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -59,8 +59,10 @@ SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE." return new PwgError(403, 'Partner id does not exist or is expired'); } if ( !empty($row['request']) - and strpos($methodName, $row['request'])==false ) - { + and strpos($methodName, $row['request'])==false + and strpos($methodName, 'session')==false + and strpos($methodName, 'getVersion')==false ) + { // session and getVersion are allowed to diagnose any failure reason return new PwgError(403, 'Method not allowed'); } @@ -114,6 +116,10 @@ $result = pwg_query($query); // 3 cases: list, cat or tag // Behind / we could found img-ids, cat-ids or tag-ids $target = $row['access']; + if ( $target == '') + { + return '1=1'; // No controls are requested + } list($type, $str_ids) = explode('/',$target); // Find type list // (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, |