diff options
Diffstat (limited to '')
-rw-r--r-- | include/ws_core.inc.php | 233 | ||||
-rw-r--r-- | include/ws_functions.inc.php | 288 |
2 files changed, 282 insertions, 239 deletions
diff --git a/include/ws_core.inc.php b/include/ws_core.inc.php index 933b2ba57..3bb69a828 100644 --- a/include/ws_core.inc.php +++ b/include/ws_core.inc.php @@ -35,6 +35,13 @@ define( 'WS_PARAM_ACCEPT_ARRAY', 0x010000 ); define( 'WS_PARAM_FORCE_ARRAY', 0x030000 ); define( 'WS_PARAM_OPTIONAL', 0x040000 ); +define( 'WS_TYPE_BOOL', 0x01 ); +define( 'WS_TYPE_INT', 0x02 ); +define( 'WS_TYPE_FLOAT', 0x04 ); +define( 'WS_TYPE_POSITIVE', 0x10 ); +define( 'WS_TYPE_NOTNULL', 0x20 ); +define( 'WS_TYPE_ID', WS_TYPE_INT | WS_TYPE_POSITIVE | WS_TYPE_NOTNULL); + define( 'WS_ERR_INVALID_METHOD', 501 ); define( 'WS_ERR_MISSING_PARAM', 1002 ); define( 'WS_ERR_INVALID_PARAM', 1003 ); @@ -273,12 +280,16 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF return; } - $this->addMethod('reflection.getMethodList', - array('PwgServer', 'ws_getMethodList'), - null, '' ); - $this->addMethod('reflection.getMethodDetails', + // add reflection methods + $this->addMethod( + 'reflection.getMethodList', + array('PwgServer', 'ws_getMethodList') + ); + $this->addMethod( + 'reflection.getMethodDetails', array('PwgServer', 'ws_getMethodDetails'), - array('methodName'),''); + array('methodName') + ); trigger_action('ws_add_methods', array(&$this) ); uksort( $this->_methods, 'strnatcmp' ); @@ -302,19 +313,20 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF * Registers a web service method. * @param methodName string - the name of the method as seen externally * @param callback mixed - php method to be invoked internally - * @param params array - map of allowed parameter names with optional default - * values and parameter flags. Example of $params: - * array( 'param1' => array('default'=>523, 'flags'=>WS_PARAM_FORCE_ARRAY) ). - * Possible parameter flags are: - * WS_PARAM_ALLOW_ARRAY - this parameter can be an array - * WS_PARAM_FORCE_ARRAY - if this parameter is scalar, force it to an array - * before invoking the method + * @param params array - map of allowed parameter names with options + * @option mixed default (optional) + * @option int flags (optional) + * possible values: WS_PARAM_ALLOW_ARRAY, WS_PARAM_FORCE_ARRAY, WS_PARAM_OPTIONAL + * @option int type (optional) + * possible values: WS_TYPE_BOOL, WS_TYPE_INT, WS_TYPE_FLOAT, WS_TYPE_ID + * WS_TYPE_POSITIVE, WS_TYPE_NOTNULL + * @option int|float maxValue (optional) * @param description string - a description of the method. * @param include_file string - a file to be included befaore the callback is executed - * @param options array - Available options are: - * hidden - if true, this method won't be visible by reflection.getMethodList + * @param options array + * @option bool hidden (hidden) - if true, this method won't be visible by reflection.getMethodList */ - function addMethod($methodName, $callback, $params=array(), $description, $include_file='', $options=array()) + function addMethod($methodName, $callback, $params=array(), $description='', $include_file='', $options=array()) { if (!is_array($params)) { @@ -330,16 +342,22 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF { if ( !is_array($data) ) { - $params[$param] = array('flags'=>0); + $params[$param] = array('flags'=>0,'type'=>0); } else { - $flags = isset($data['flags']) ? $data['flags'] : 0; + if ( !isset($data['flags']) ) + { + $data['flags'] = 0; + } if ( array_key_exists('default', $data) ) { - $flags |= WS_PARAM_OPTIONAL; + $data['flags'] |= WS_PARAM_OPTIONAL; + } + if ( !isset($data['type']) ) + { + $data['type'] = 0; } - $data['flags'] = $flags; $params[$param] = $data; } } @@ -375,7 +393,7 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF return isset($HTTP_RAW_POST_DATA) or !empty($_POST); } - /*static*/ function makeArrayParam(&$param) + static function makeArrayParam(&$param) { if ( $param==null ) { @@ -383,12 +401,100 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF } else { - if (! is_array($param) ) + if ( !is_array($param) ) { $param = array($param); } } } + + static function checkType(&$param, $type, $name) + { + $opts = array(); + $msg = ''; + if ( self::hasFlag($type, WS_TYPE_POSITIVE | WS_TYPE_NOTNULL) ) + { + $opts['options']['min_range'] = 1; + $msg = ' positive and not null'; + } + else if ( self::hasFlag($type, WS_TYPE_POSITIVE) ) + { + $opts['options']['min_range'] = 0; + $msg = ' positive'; + } + + if ( is_array($param) ) + { + if ( self::hasFlag($type, WS_TYPE_BOOL) ) + { + foreach ($param as &$value) + { + if ( ($value = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE)) === null ) + { + return new PwgError(WS_ERR_INVALID_PARAM, $name.' must only contain booleans' ); + } + } + unset($value); + } + else if ( self::hasFlag($type, WS_TYPE_INT) ) + { + foreach ($param as &$value) + { + if ( ($value = filter_var($value, FILTER_VALIDATE_INT, $opts)) === false ) + { + return new PwgError(WS_ERR_INVALID_PARAM, $name.' must only contain'.$msg.' integers' ); + } + } + unset($value); + } + else if ( self::hasFlag($type, WS_TYPE_FLOAT) ) + { + foreach ($param as &$value) + { + if ( + ($value = filter_var($value, FILTER_VALIDATE_FLOAT)) === false + or ( isset($opts['options']['min_range']) and $value < $opts['options']['min_range'] ) + ) { + return new PwgError(WS_ERR_INVALID_PARAM, $name.' must only contain'.$msg.' floats' ); + } + } + unset($value); + } + } + else if ( $param !== '' ) + { + if ( self::hasFlag($type, WS_TYPE_BOOL) ) + { + if ( ($param = filter_var($param, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE)) === null ) + { + return new PwgError(WS_ERR_INVALID_PARAM, $name.' must be a boolean' ); + } + } + else if ( self::hasFlag($type, WS_TYPE_INT) ) + { + if ( ($param = filter_var($param, FILTER_VALIDATE_INT, $opts)) === false ) + { + return new PwgError(WS_ERR_INVALID_PARAM, $name.' must be an'.$msg.' integer' ); + } + } + else if ( self::hasFlag($type, WS_TYPE_FLOAT) ) + { + if ( + ($param = filter_var($param, FILTER_VALIDATE_FLOAT)) === false + or ( isset($opts['options']['min_range']) and $param < $opts['options']['min_range'] ) + ) { + return new PwgError(WS_ERR_INVALID_PARAM, $name.' must be a'.$msg.' float' ); + } + } + } + + return null; + } + + static function hasFlag($val, $flag) + { + return ($val & $flag) == $flag; + } /** * Invokes a registered method. Returns the return of the method (or @@ -400,54 +506,77 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF { $method = @$this->_methods[$methodName]; - if ( $method==null ) + if ( $method == null ) { return new PwgError(WS_ERR_INVALID_METHOD, 'Method name is not valid'); } - // parameter check and data coercion ! + // parameter check and data correction $signature = $method['signature']; $missing_params = array(); - foreach($signature as $name=>$options) + + foreach ($signature as $name => $options) { $flags = $options['flags']; + + // parameter not provided in the request if ( !array_key_exists($name, $params) ) - {// parameter not provided in the request - if ( !($flags&WS_PARAM_OPTIONAL) ) + { + if ( !self::hasFlag($flags, WS_PARAM_OPTIONAL) ) { $missing_params[] = $name; } - else if ( array_key_exists('default',$options) ) + else if ( array_key_exists('default', $options) ) { $params[$name] = $options['default']; - if ( ($flags&WS_PARAM_FORCE_ARRAY)==WS_PARAM_FORCE_ARRAY ) + if ( self::hasFlag($flags, WS_PARAM_FORCE_ARRAY) ) { - $this->makeArrayParam( $params[$name] ); + self::makeArrayParam($params[$name]); } } } + // parameter provided but empty + else if ( $params[$name]==='' and !self::hasFlag($flags, WS_PARAM_OPTIONAL) ) + { + $missing_params[] = $name; + } + // parameter provided - do some basic checks else - {// parameter provided - do some basic checks + { $the_param = $params[$name]; - if ( is_array($the_param) and ($flags&WS_PARAM_ACCEPT_ARRAY)==0 ) + + if ( is_array($the_param) and !self::hasFlag($flags, WS_PARAM_ACCEPT_ARRAY) ) { return new PwgError(WS_ERR_INVALID_PARAM, $name.' must be scalar' ); } - if ( ($flags&WS_PARAM_FORCE_ARRAY)==WS_PARAM_FORCE_ARRAY ) + + if ( self::hasFlag($flags, WS_PARAM_FORCE_ARRAY) ) + { + self::makeArrayParam($the_param); + } + + if ( $options['type'] > 0 ) { - $this->makeArrayParam( $the_param ); + if ( ($ret = self::checkType($the_param, $options['type'], $name)) !== null ) + { + return $ret; + } } + if ( isset($options['maxValue']) and $the_param>$options['maxValue']) { $the_param = $options['maxValue']; } + $params[$name] = $the_param; } } + if (count($missing_params)) { return new PwgError(WS_ERR_MISSING_PARAM, 'Missing parameters: '.implode(',',$missing_params)); } + $result = trigger_event('ws_invoke_allowed', true, $methodName, $params); if ( strtolower( @get_class($result) )!='pwgerror') { @@ -457,6 +586,7 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF } $result = call_user_func_array($method['callback'], array($params, &$this) ); } + return $result; } @@ -476,24 +606,27 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF static function ws_getMethodDetails($params, &$service) { $methodName = $params['methodName']; + if (!$service->hasMethod($methodName)) { - return new PwgError(WS_ERR_INVALID_PARAM, - 'Requested method does not exist'); + return new PwgError(WS_ERR_INVALID_PARAM, 'Requested method does not exist'); } + $res = array( 'name' => $methodName, 'description' => $service->getMethodDescription($methodName), 'params' => array(), ); - $signature = $service->getMethodSignature($methodName); - foreach ($signature as $name => $options) + + foreach ($service->getMethodSignature($methodName) as $name => $options) { $param_data = array( 'name' => $name, - 'optional' => ($options['flags']&WS_PARAM_OPTIONAL)?true:false, - 'acceptArray' => ($options['flags']&WS_PARAM_ACCEPT_ARRAY)?true:false, + 'optional' => self::hasFlag($options['flags'], WS_PARAM_OPTIONAL), + 'acceptArray' => self::hasFlag($options['flags'], WS_PARAM_ACCEPT_ARRAY), + 'type' => 'mixed', ); + if (isset($options['default'])) { $param_data['defaultValue'] = $options['default']; @@ -502,6 +635,28 @@ Request format: ".@$this->_requestFormat." Response format: ".@$this->_responseF { $param_data['info'] = $options['info']; } + + if ( self::hasFlag($options['type'], WS_TYPE_BOOL) ) + { + $param_data['type'] = 'bool'; + } + else if ( self::hasFlag($options['type'], WS_TYPE_INT) ) + { + $param_data['type'] = 'int'; + } + else if ( self::hasFlag($options['type'], WS_TYPE_FLOAT) ) + { + $param_data['type'] = 'float'; + } + if ( self::hasFlag($options['type'], WS_TYPE_POSITIVE) ) + { + $param_data['type'].= ' positive'; + } + if ( self::hasFlag($options['type'], WS_TYPE_NOTNULL) ) + { + $param_data['type'].= ' notnull'; + } + $res['params'][] = $param_data; } return $res; diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index eb0399f2d..d2a920772 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -226,11 +226,7 @@ function ws_getMissingDerivatives($params, $service) } } - if ( ($max_urls = intval($params['max_urls'])) <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid max_urls"); - } - + $max_urls = $params['max_urls']; list($max_id, $image_count) = pwg_db_fetch_row( pwg_query('SELECT MAX(id)+1, COUNT(*) FROM '.IMAGES_TABLE) ); if (0 == $image_count) @@ -308,10 +304,14 @@ function ws_getMissingDerivatives($params, $service) function ws_getVersion($params, $service) { global $conf; - if ($conf['show_version'] or is_admin() ) + if ( $conf['show_version'] or is_admin() ) + { return PHPWG_VERSION; + } else + { return new PwgError(403, 'Forbidden'); + } } /** @@ -387,11 +387,6 @@ function ws_caddie_add($params, $service) { return new PwgError(401, 'Access denied'); } - $params['image_id'] = array_map( 'intval',$params['image_id'] ); - if ( empty($params['image_id']) ) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } global $user; $query = ' SELECT id @@ -427,9 +422,6 @@ function ws_categories_getImages($params, $service) $where_clauses = array(); foreach($params['cat_id'] as $cat_id) { - $cat_id = (int)$cat_id; - if ($cat_id<=0) - continue; if ($params['recursive']) { $where_clauses[] = 'uppercats '.DB_REGEX_OPERATOR.' \'(^|,)'.$cat_id.'(,|$)\''; @@ -960,7 +952,7 @@ function ws_images_addComment($params, $service) { return new PwgError(405, "This method requires HTTP POST"); } - $params['image_id'] = (int)$params['image_id']; + $query = ' SELECT DISTINCT image_id FROM '.IMAGE_CATEGORY_TABLE.' INNER JOIN '.CATEGORIES_TABLE.' ON category_id=id @@ -1014,11 +1006,6 @@ SELECT DISTINCT image_id function ws_images_getInfo($params, $service) { global $user, $conf; - $params['image_id'] = (int)$params['image_id']; - if ( $params['image_id']<=0 ) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } $query=' SELECT * FROM '.IMAGES_TABLE.' @@ -1028,12 +1015,14 @@ SELECT * FROM '.IMAGES_TABLE.' ' AND' ).' LIMIT 1'; - - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row==null) + $result = pwg_query($query); + + if (pwg_db_num_rows($resul) == 0) { return new PwgError(404, "image_id not found"); } + + $image_row = pwg_db_fetch_assoc($result); $image_row = array_merge( $image_row, ws_std_get_urls($image_row) ); //-------------------------------------------------------- related categories @@ -1202,11 +1191,10 @@ SELECT id, date, author, content */ function ws_images_Rate($params, $service) { - $image_id = (int)$params['image_id']; $query = ' SELECT DISTINCT id FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id - WHERE id='.$image_id + WHERE id='.$params['image_id'] .get_sql_condition_FandF( array( 'forbidden_categories' => 'category_id', @@ -1221,7 +1209,7 @@ SELECT DISTINCT id FROM '.IMAGES_TABLE.' } $rate = (int)$params['rate']; include_once(PHPWG_ROOT_PATH.'include/functions_rate.inc.php'); - $res = rate_picture( $image_id, $rate ); + $res = rate_picture( $params['image_id'], $rate ); if ($res==false) { global $conf; @@ -1256,9 +1244,6 @@ function ws_images_search($params, $service) implode(' AND ', $where_clauses) ); - $params['per_page'] = (int)$params['per_page']; - $params['page'] = (int)$params['page']; - $image_ids = array_slice( $search_result['items'], $params['page']*$params['per_page'], @@ -1317,13 +1302,8 @@ function ws_images_setPrivacyLevel($params, $service) { return new PwgError(405, "This method requires HTTP POST"); } - $params['image_id'] = array_map( 'intval',$params['image_id'] ); - if ( empty($params['image_id']) ) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } global $conf; - if ( !in_array( (int)$params['level'], $conf['available_permission_levels']) ) + if ( !in_array($params['level'], $conf['available_permission_levels']) ) { return new PwgError(WS_ERR_INVALID_PARAM, "Invalid level"); } @@ -1354,53 +1334,28 @@ function ws_images_setRank($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - // is the image_id valid? - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - - // is the category valid? - $params['category_id'] = (int)$params['category_id']; - if ($params['category_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - - // is the rank valid? - $params['rank'] = (int)$params['rank']; - if ($params['rank'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid rank"); - } - // does the image really exist? $query=' -SELECT - * +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "image_id not found"); } // is the image associated to this category? $query = ' -SELECT - image_id, - category_id, - rank +SELECT COUNT(*) FROM '.IMAGE_CATEGORY_TABLE.' WHERE image_id = '.$params['image_id'].' AND category_id = '.$params['category_id'].' ;'; - $category_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($category_row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "This image is not associated to this category"); } @@ -1626,12 +1581,6 @@ function ws_images_addFile($params, $service) return new PwgError(401, 'Access denied'); } - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - // // what is the path and other infos about the photo? // @@ -1646,12 +1595,14 @@ SELECT FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $image = pwg_db_fetch_assoc(pwg_query($query)); + $result = pwg_query($query); - if ($image == null) + if (pwg_db_num_rows($result) == 0) { return new PwgError(404, "image_id not found"); } + + $image = pwg_db_fetch_assoc($result); // since Piwigo 2.4 and derivatives, we do not take the imported "thumb" // into account @@ -1726,17 +1677,16 @@ function ws_images_add($params, $service) ); } - $params['image_id'] = (int)$params['image_id']; if ($params['image_id'] > 0) { $query=' -SELECT * +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "image_id not found"); } @@ -1755,8 +1705,7 @@ SELECT * } $query = ' -SELECT - COUNT(*) AS counter +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE '.$where_clause.' ;'; @@ -1879,38 +1828,30 @@ function ws_images_addSimple($params, $service) if (!isset($_FILES['image'])) { - return new PwgError(405, "The image (file) parameter is missing"); + return new PwgError(405, "The image (file) is missing"); } - $params['image_id'] = (int)$params['image_id']; if ($params['image_id'] > 0) { $query=' -SELECT * +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "image_id not found"); } } - // category - $params['category'] = (int)$params['category']; - if ($params['category'] <= 0 and $params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); $image_id = add_uploaded_file( $_FILES['image']['tmp_name'], $_FILES['image']['name'], - $params['category'] > 0 ? array($params['category']) : null, + $params['category'], 8, $params['image_id'] > 0 ? $params['image_id'] : null ); @@ -1931,14 +1872,14 @@ SELECT * } } - if (count(array_keys($update)) > 0) + if (count($update) > 0) { $update['id'] = $image_id; single_update( IMAGES_TABLE, $update, - array('id', $update['id']) + array('id' => $update['id']) ); } @@ -1969,12 +1910,12 @@ SELECT * $url_params = array('image_id' => $image_id); - if ($params['category'] > 0) + if (!empty($params['category'])) { $query = ' SELECT id, name, permalink FROM '.CATEGORIES_TABLE.' - WHERE id = '.$params['category'].' + WHERE id = '.$params['category'][0].' ;'; $result = pwg_query($query); $category = pwg_db_fetch_assoc($result); @@ -2009,15 +1950,9 @@ function ws_rates_delete($params, $service) return new PwgError(401, 'Access denied'); } - $user_id = (int)$params['user_id']; - if ($user_id<=0) - { - return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid user_id'); - } - $query = ' DELETE FROM '.RATE_TABLE.' - WHERE user_id='.$user_id; + WHERE user_id='.$params['user_id']; if (!empty($params['anonymous_id'])) { @@ -2144,7 +2079,6 @@ function ws_tags_getImages($params, $service) global $conf; // first build all the tag_ids we are interested in - $params['tag_id'] = array_map( 'intval',$params['tag_id'] ); $tags = find_tags($params['tag_id'], $params['tag_url_name'], $params['tag_name']); $tags_by_id = array(); foreach( $tags as $tag ) @@ -2168,8 +2102,6 @@ function ws_tags_getImages($params, $service) ws_std_image_sql_order($params) ); $count_set = count($image_ids); - $params['per_page'] = (int)$params['per_page']; - $params['page'] = (int)$params['page']; $image_ids = array_slice($image_ids, $params['per_page']*$params['page'], $params['per_page'] ); $image_tag_map = array(); @@ -2272,16 +2204,6 @@ function ws_categories_add($params, $service) $options['status'] = $params['status']; } - if (!empty($params['visible']) and in_array($params['visible'], array('true','false'))) - { - $options['visible'] = get_boolean($params['visible']); - } - - if (!empty($params['commentable']) and in_array($params['commentable'], array('true','false')) ) - { - $options['commentable'] = get_boolean($params['commentable']); - } - if (!empty($params['comment'])) { $options['comment'] = $params['comment']; @@ -2367,8 +2289,7 @@ SELECT } } } - - if ('filename' == $conf['uniqueness_mode']) + else if ('filename' == $conf['uniqueness_mode']) { // search among photos the list of photos already added, based on // filename list @@ -2419,12 +2340,6 @@ function ws_images_checkFiles($params, $service) // file_sum // high_sum - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - $query = ' SELECT path @@ -2489,12 +2404,6 @@ function ws_images_setInfo($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); $query=' @@ -2502,12 +2411,14 @@ SELECT * FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) + $result = pwg_query($query); + + if (pwg_db_num_rows($result) == 0) { return new PwgError(404, "image_id not found"); } + + $image_row = pwg_db_fetch_assoc($result); // database registration $update = array(); @@ -2564,7 +2475,7 @@ SELECT * single_update( IMAGES_TABLE, $update, - array('id', $update['id']) + array('id' => $update['id']) ); } @@ -2633,17 +2544,20 @@ function ws_images_delete($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } - $params['image_id'] = preg_split( - '/[\s,;\|]/', - $params['image_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); + if (!is_array($params['image_id'])) + { + $params['image_id'] = preg_split( + '/[\s,;\|]/', + $params['image_id'], + -1, + PREG_SPLIT_NO_EMPTY + ); + } $params['image_id'] = array_map('intval', $params['image_id']); $image_ids = array(); @@ -2826,12 +2740,6 @@ function ws_categories_setInfo($params, $service) // name // comment - $params['category_id'] = (int)$params['category_id']; - if ($params['category_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - // database registration $update = array( 'id' => $params['category_id'], @@ -2857,7 +2765,7 @@ function ws_categories_setInfo($params, $service) single_update( CATEGORIES_TABLE, $update, - array('id', $update['id']) + array('id' => $update['id']) ); } } @@ -2879,41 +2787,27 @@ function ws_categories_setRepresentative($params, $service) // category_id // image_id - $params['category_id'] = (int)$params['category_id']; - if ($params['category_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - // does the category really exist? $query=' -SELECT - * +SELECT COUNT(*) FROM '.CATEGORIES_TABLE.' WHERE id = '.$params['category_id'].' ;'; - $row = pwg_db_fetch_assoc(pwg_query($query)); - if ($row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "category_id not found"); } - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); - } - // does the image really exist? $query=' -SELECT - * +SELECT COUNT(*) FROM '.IMAGES_TABLE.' WHERE id = '.$params['image_id'].' ;'; - $row = pwg_db_fetch_assoc(pwg_query($query)); - if ($row == null) + list($count) = pwg_db_fetch_row(pwg_query($query)); + if ($count == 0) { return new PwgError(404, "image_id not found"); } @@ -2947,7 +2841,7 @@ function ws_categories_delete($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } @@ -2963,12 +2857,15 @@ function ws_categories_delete($params, $service) ); } - $params['category_id'] = preg_split( - '/[\s,;\|]/', - $params['category_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); + if (!is_array($params['category_id'])) + { + $params['category_id'] = preg_split( + '/[\s,;\|]/', + $params['category_id'], + -1, + PREG_SPLIT_NO_EMPTY + ); + } $params['category_id'] = array_map('intval', $params['category_id']); $category_ids = array(); @@ -3016,17 +2913,20 @@ function ws_categories_move($params, $service) return new PwgError(405, "This method requires HTTP POST"); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } - $params['category_id'] = preg_split( - '/[\s,;\|]/', - $params['category_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); + if (!is_array($params['category_id'])) + { + $params['category_id'] = preg_split( + '/[\s,;\|]/', + $params['category_id'], + -1, + PREG_SPLIT_NO_EMPTY + ); + } $params['category_id'] = array_map('intval', $params['category_id']); $category_ids = array(); @@ -3095,15 +2995,8 @@ SELECT // does this parent exists? This check should be made in the // move_categories function, not here - // // 0 as parent means "move categories at gallery root" - if (!is_numeric($params['parent'])) - { - return new PwgError(403, 'Invalid parent input parameter'); - } - if (0 != $params['parent']) { - $params['parent'] = intval($params['parent']); $subcat_ids = get_subcat_ids(array($params['parent'])); if (count($subcat_ids) == 0) { @@ -3206,7 +3099,7 @@ function ws_plugins_performAction($params, &$service) return new PwgError(401, 'Access denied'); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } @@ -3240,7 +3133,7 @@ function ws_themes_performAction($params, $service) return new PwgError(401, 'Access denied'); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } @@ -3271,21 +3164,16 @@ function ws_extensions_update($params, $service) return new PwgError(401, l10n('Webmaster status is required.')); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } - if (empty($params['type']) or !in_array($params['type'], array('plugins', 'themes', 'languages'))) + if (!in_array($params['type'], array('plugins', 'themes', 'languages'))) { return new PwgError(403, "invalid extension type"); } - if (empty($params['id']) or empty($params['revision'])) - { - return new PwgError(null, 'Wrong parameters'); - } - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); include_once(PHPWG_ROOT_PATH.'admin/include/'.$params['type'].'.class.php'); @@ -3366,7 +3254,7 @@ function ws_extensions_ignoreupdate($params, $service) return new PwgError(401, 'Access denied'); } - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) + if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } |