diff options
-rw-r--r-- | admin/template/yoga/admin/user_list.tpl | 15 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 20 | ||||
-rw-r--r-- | plugins/hello_world/index.php | 30 | ||||
-rw-r--r-- | plugins/hello_world/main.inc.php | 56 | ||||
-rw-r--r-- | template-common/scripts.js | 7 |
5 files changed, 30 insertions, 98 deletions
diff --git a/admin/template/yoga/admin/user_list.tpl b/admin/template/yoga/admin/user_list.tpl index 602576ef9..5ad163be8 100644 --- a/admin/template/yoga/admin/user_list.tpl +++ b/admin/template/yoga/admin/user_list.tpl @@ -307,3 +307,18 @@ </p> </form> + +<script type="text/javascript">// <![CDATA[ +{literal}jQuery("form:last").submit( function() { + if ( jQuery("input[name=target][value=selection]:checked", this).length > 0 ) + if ( jQuery("input[name=selection]:checked", this).length == 0) + { + alert( {/literal}"{'Select at least one user'|@translate|escape:javascript}"{literal} ); + return false; + } + return true; +} +);{/literal} +// ]]> +</script> +
\ No newline at end of file diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 015f3d391..116db6687 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -918,14 +918,18 @@ UPDATE '.IMAGES_TABLE.' function ws_images_add($params, &$service) { global $conf; - + if (!is_admin() || is_adviser() ) + { + return new PwgError(401, 'Access denied'); + } + // name // category_id // file_content // file_sum // thumbnail_content // thumbnail_sum - + // $fh_log = fopen('/tmp/php.log', 'w'); // fwrite($fh_log, time()."\n"); // fwrite($fh_log, 'input: '.$params['file_sum']."\n"); @@ -934,7 +938,7 @@ function ws_images_add($params, &$service) // current date list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); list($year, $month, $day) = preg_split('/[^\d]/', $dbnow, 4); - + $upload_dir = sprintf( PHPWG_ROOT_PATH.'upload/%s/%s/%s', $year, @@ -942,8 +946,8 @@ function ws_images_add($params, &$service) $day ); - fwrite($fh_log, $upload_dir."\n"); - + //fwrite($fh_log, $upload_dir."\n"); + if (!is_dir($upload_dir)) { umask(0000); $recursive = true; @@ -954,7 +958,7 @@ function ws_images_add($params, &$service) $random_string = substr($params['file_sum'], 0, 8); $filename_wo_ext = $date_string.'-'.$random_string; - + $file_path = $upload_dir.'/'.$filename_wo_ext.'.jpg'; $fh_file = fopen($file_path, 'w'); fwrite($fh_file, base64_decode($params['file_content'])); @@ -967,7 +971,7 @@ function ws_images_add($params, &$service) umask(0000); mkdir($thumbnail_dir, 0777); } - + $thumbnail_path = sprintf( '%s/%s%s.%s', $thumbnail_dir, @@ -1011,7 +1015,7 @@ function ws_images_add($params, &$service) array_keys($insert), array($insert) ); - + // fclose($fh_log); } diff --git a/plugins/hello_world/index.php b/plugins/hello_world/index.php deleted file mode 100644 index c15b15795..000000000 --- a/plugins/hello_world/index.php +++ /dev/null @@ -1,30 +0,0 @@ -<?php -// +-----------------------------------------------------------------------+ -// | Piwigo - a PHP based picture gallery | -// +-----------------------------------------------------------------------+ -// | Copyright(C) 2008 Piwigo Team http://piwigo.org | -// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | -// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | -// +-----------------------------------------------------------------------+ -// | This program is free software; you can redistribute it and/or modify | -// | it under the terms of the GNU General Public License as published by | -// | the Free Software Foundation | -// | | -// | This program is distributed in the hope that it will be useful, but | -// | WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | -// | General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software | -// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | -// | USA. | -// +-----------------------------------------------------------------------+ - -// Recursive call -$url = '../'; -header( 'Request-URI: '.$url ); -header( 'Content-Location: '.$url ); -header( 'Location: '.$url ); -exit(); -?> diff --git a/plugins/hello_world/main.inc.php b/plugins/hello_world/main.inc.php deleted file mode 100644 index 07808d0d9..000000000 --- a/plugins/hello_world/main.inc.php +++ /dev/null @@ -1,56 +0,0 @@ -<?php -// +-----------------------------------------------------------------------+ -// | Piwigo - a PHP based picture gallery | -// +-----------------------------------------------------------------------+ -// | Copyright(C) 2008 Piwigo Team http://piwigo.org | -// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | -// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | -// +-----------------------------------------------------------------------+ -// | This program is free software; you can redistribute it and/or modify | -// | it under the terms of the GNU General Public License as published by | -// | the Free Software Foundation | -// | | -// | This program is distributed in the hope that it will be useful, but | -// | WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | -// | General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software | -// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | -// | USA. | -// +-----------------------------------------------------------------------+ - -/* -Plugin Name: Hello World -Version: 1.8 -Description: This example plugin changes the page banner for the administration page. -Plugin URI: http://piwigo.org -Author: Piwigo team -Author URI: http://piwigo.org -*/ - -add_event_handler('loc_begin_page_header', 'hello_world_begin_header' ); - -function hello_world_begin_header() -{ - global $page; - if ( isset($page['body_id']) and $page['body_id']=='theAdminPage') - { - $hellos = array( 'Aloha', 'Ahoy', 'Guten tag', 'Hello', 'Hoi', 'Hola', 'Salut', 'Yo' ); - shuffle($hellos); - $page['page_banner'] = $hellos[0]; - // just as an example we modify it a little bit later - add_event_handler('loc_end_page_header', 'hello_world_end_header'); - } -} - - -function hello_world_end_header() -{ - global $template, $page; - $template->assign( 'PAGE_BANNER', - '<h1>"'.$page['page_banner'].'" from Piwigo plugin!</h1>'); -} - -?>
\ No newline at end of file diff --git a/template-common/scripts.js b/template-common/scripts.js index e7fa7e9b5..4e5ef822f 100644 --- a/template-common/scripts.js +++ b/template-common/scripts.js @@ -120,10 +120,10 @@ PwgWS.prototype = { if ( typeof parameters[property] == 'object' && parameters[property]) { for (var i=0; i<parameters[property].length; i++) - url += "&"+property+"[]="+parameters[property][i]; + url += "&"+property+"[]="+encodeURIComponent(parameters[property][i]); } else - url += "&"+property+"="+parameters[property]; + url += "&"+property+"="+encodeURIComponent(parameters[property]); } } this.transport.open(this.options.method, url, this.options.async); @@ -150,8 +150,7 @@ PwgWS.prototype = { try { eval('resp = ' + transport.responseText); } - catch (e) - { + catch (e) { this.dispatchError( 200, e.message + '\n' + transport.responseText.substr(0,512) ); } if (resp!=null) |