From 0a366bae9771766cf4bba47d8a3fa17be4d844c5 Mon Sep 17 00:00:00 2001 From: vdigital Date: Sat, 27 Jan 2007 18:52:20 +0000 Subject: Web Service Revise ws_checker and ws_functions.inc.php (Next steps: - Restrict Method need to be more generic maybe - Delete functions_webserv.inc.php - Activate $partner in ws.php - Include checked access in tools - ...) git-svn-id: http://piwigo.org/svn/trunk@1760 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin.php | 2 +- admin/ws_checker.php | 21 ++++++++------------- include/ws_functions.inc.php | 30 +++++++++++++++--------------- language/en_UK.iso-8859-1/admin.lang.php | 2 +- language/fr_FR.iso-8859-1/admin.lang.php | 2 +- template/yoga/admin/ws_checker.tpl | 16 +++++----------- 6 files changed, 31 insertions(+), 42 deletions(-) diff --git a/admin.php b/admin.php index 73b5ebb9a..f124980fc 100644 --- a/admin.php +++ b/admin.php @@ -114,7 +114,7 @@ $template->assign_vars( 'L_ADMIN_HINT' => $lang['hint_admin'] ) ); -if ($conf['allow_web_services']) +if ($conf['ws_access_control']) // Do we need to display ws_checker { $template->assign_block_vars( 'web_services', diff --git a/admin/ws_checker.php b/admin/ws_checker.php index c90e55802..e887da3a2 100644 --- a/admin/ws_checker.php +++ b/admin/ws_checker.php @@ -2,7 +2,7 @@ // +-----------------------------------------------------------------------+ // | PhpWebGallery - a PHP based picture gallery | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net | +// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | // +-----------------------------------------------------------------------+ // | branch : BSF (Best So Far) // | file : $RCSfile$ @@ -62,11 +62,9 @@ if (isset($_POST['wsa_submit'])) { // Check $_post (Some values are commented - maybe a future use) $add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES); -$add_access = check_target( $_POST['add_access']) ; -$add_start = 0; // ( is_numeric($_POST['add_start']) ) ? $_POST['add_start']:0; +$add_target = check_target( $_POST['add_target']) ; $add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0; -$add_request = ( ctype_alpha($_POST['add_request']) ) ? - $_POST['add_request']:''; +$add_request = htmlspecialchars( $_POST['add_request'], ENT_QUOTES); $add_high = 'true'; // ( $_POST['add_high'] == 'true' ) ? 'true':'false'; $add_normal = 'true'; // ( $_POST['add_normal'] == 'true' ) ? 'true':'false'; $add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; @@ -79,8 +77,8 @@ INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' ( `name` , `access` , `start` , `end` , `request` , `high` , `normal` , `limit` , `comment` ) VALUES (' . " - '$add_partner', '$add_access', - ADDDATE( NOW(), INTERVAL $add_start DAY), + '$add_partner', '$add_target', + NOW(), ADDDATE( NOW(), INTERVAL $add_end DAY), '$add_request', '$add_high', '$add_normal', '$add_limit', '$add_comment' );"; @@ -207,12 +205,9 @@ while ($row = mysql_fetch_array($result)) 'ID' => $row['id'], 'NAME' => (is_adviser()) ? '*********' : $row['name'], - 'ACCESS' => $row['access'], - 'START' => $row['start'], + 'TARGET' => $row['access'], 'END' => $row['end'], - 'FORCE' => $row['request'], - 'HIGH' => $row['high'], - 'NORMAL' => $row['normal'], + 'REQUEST' => $row['request'], 'LIMIT' => $row['limit'], 'COMMENT' => $row['comment'], 'SELECTED' => '', @@ -234,7 +229,7 @@ foreach ($req_type_list as $value) { 'add_request', array( 'VALUE'=> $value, - 'CONTENT' => $lang['ws_'.$value], + 'CONTENT' => $value, 'SELECTED' => '', ) ); diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index f4e58cd37..a202e192e 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -821,21 +821,21 @@ LIMIT '.$params['per_page']*$params['page'].','.$params['per_page']; * */ function official_req() { -return array( - 'random' /* Random order */ - , 'list' /* list on MBt & z0rglub request */ - , 'maxviewed' /* hit > 0 and hit desc order */ - , 'recent' /* recent = Date_available desc order */ - , 'highrated' /* avg_rate > 0 and desc order */ - , 'oldest' /* Date_available asc order */ - , 'lessviewed' /* hit asc order */ - , 'lowrated' /* avg_rate asc order */ - , 'undescribed' /* description missing */ - , 'unnamed' /* new name missing */ - , 'portraits' /* width < height (portrait oriented) */ - , 'landscapes' /* width > height (landscape oriented) */ - , 'squares' /* width ~ height (square form) */ -); + $official = array( /* Requests are limited to */ + 'categories.' /* all categories. methods */ + , 'categories.getImages' /* <= see */ + , 'categories.getList' /* <= see */ + , 'images.' /* all images. methods */ + , 'images.getInfo' /* <= see */ + , 'tags.' /* all tags. methods */ + , 'tags.getImages' /* <= see */ + , 'tags.getList' /* <= see */ + ); + if (function_exists('local_req')) { + $local = local_req(); + return array_merge( $official, $local ); + } + return $official; } /** diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php index eadbbe0e0..0c82f4acd 100644 --- a/language/en_UK.iso-8859-1/admin.lang.php +++ b/language/en_UK.iso-8859-1/admin.lang.php @@ -501,7 +501,7 @@ $lang['ws_update_legend'] = ' Revoke / Update selected partner access '; $lang['ws_delete_legend'] = ' Revoke selected partner access '; // $lang['ws_default_legend'] = ' Assumed defaults parameters in any missing cases '; // $lang['ws_default'] = ' Default '; -// $lang['ws_request'] = ' Request (Demand type) '; +$lang['ws_Methods'] = ' Methods '; // $lang['ws_requested_nbr'] = ' Number of images per request '; $lang['ws_random'] = 'Random'; /* Random order */ $lang['ws_list'] = 'Id list'; /* list on MBt & z0rglub request */ diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php index bbeec9c44..308cf62cd 100644 --- a/language/fr_FR.iso-8859-1/admin.lang.php +++ b/language/fr_FR.iso-8859-1/admin.lang.php @@ -500,7 +500,7 @@ $lang['ws_update_legend'] = ' Supprimer / Modifier l\'acc $lang['ws_delete_legend'] = ' Supprimer définitivement l\'accès du partenaire sélectionné '; // $lang['ws_default_legend'] = ' Valeurs par défaut en situation de paramètre manquant '; // $lang['ws_default'] = ' Défauts '; -// $lang['ws_request'] = ' Requête (Type de demande) '; +$lang['ws_Methods'] = ' Méthodes '; // $lang['ws_requested_nbr'] = ' Nombre d\'images renvoyées '; $lang['ws_random'] = 'Aléatoires'; /* Random order */ $lang['ws_list'] = 'Liste d\'id'; /* list on MBt & z0rglub request */ diff --git a/template/yoga/admin/ws_checker.tpl b/template/yoga/admin/ws_checker.tpl index e3b187622..9f8238528 100644 --- a/template/yoga/admin/ws_checker.tpl +++ b/template/yoga/admin/ws_checker.tpl @@ -37,8 +37,8 @@ - ({lang:Access: see help text for more}) @@ -60,7 +60,7 @@ - ({lang:ws_Request}) + ({lang:ws_Methods}) @@ -200,11 +200,8 @@   {lang:ws_KeyName} {lang:ws_Access} - {lang:ws_End} {lang:ws_Request} - - {lang:ws_Limit} {lang:ws_Comment} @@ -215,12 +212,9 @@ value="{acc_list.access.ID}" id="selection-{acc_list.access.ID}" /> - {acc_list.access.ACCESS} - + {acc_list.access.TARGET} {acc_list.access.END} - {acc_list.access.FORCE} - - + {acc_list.access.REQUEST} {acc_list.access.LIMIT} {acc_list.access.COMMENT} -- cgit v1.2.3