From 4002f708e1b701a800b3d6968d12ab9a49c2d071 Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Thu, 4 Sep 2008 00:57:55 +0000
Subject: - remove hello_world plugin (not working anymore) - web service
 method images.add works only for admins now - fix template-common js web
 service calls did not have the parameters url encoded - improve admin
 user_list - submitting the form with no user selected triggers a javascript
 alert (had fun with jquery selectors)

git-svn-id: http://piwigo.org/svn/trunk@2496 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/template/yoga/admin/user_list.tpl | 15 +++++++++
 include/ws_functions.inc.php            | 20 +++++++-----
 plugins/hello_world/index.php           | 30 ------------------
 plugins/hello_world/main.inc.php        | 56 ---------------------------------
 template-common/scripts.js              |  7 ++---
 5 files changed, 30 insertions(+), 98 deletions(-)
 delete mode 100644 plugins/hello_world/index.php
 delete mode 100644 plugins/hello_world/main.inc.php

diff --git a/admin/template/yoga/admin/user_list.tpl b/admin/template/yoga/admin/user_list.tpl
index 602576ef9..5ad163be8 100644
--- a/admin/template/yoga/admin/user_list.tpl
+++ b/admin/template/yoga/admin/user_list.tpl
@@ -307,3 +307,18 @@
 </p>
 
 </form>
+
+<script type="text/javascript">// <![CDATA[
+{literal}jQuery("form:last").submit( function() {
+	if ( jQuery("input[name=target][value=selection]:checked", this).length > 0 )
+	if ( jQuery("input[name=selection]:checked", this).length == 0)
+	{
+		alert( {/literal}"{'Select at least one user'|@translate|escape:javascript}"{literal} );
+		return false;
+	}
+	return true;
+}
+);{/literal}
+// ]]>
+</script>
+ 
\ No newline at end of file
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 015f3d391..116db6687 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -918,14 +918,18 @@ UPDATE '.IMAGES_TABLE.'
 function ws_images_add($params, &$service)
 {
   global $conf;
-  
+  if (!is_admin() || is_adviser() )
+  {
+    return new PwgError(401, 'Access denied');
+  }
+
   // name
   // category_id
   // file_content
   // file_sum
   // thumbnail_content
   // thumbnail_sum
-  
+
   // $fh_log = fopen('/tmp/php.log', 'w');
   // fwrite($fh_log, time()."\n");
   // fwrite($fh_log, 'input:  '.$params['file_sum']."\n");
@@ -934,7 +938,7 @@ function ws_images_add($params, &$service)
   // current date
   list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
   list($year, $month, $day) = preg_split('/[^\d]/', $dbnow, 4);
-  
+
   $upload_dir = sprintf(
     PHPWG_ROOT_PATH.'upload/%s/%s/%s',
     $year,
@@ -942,8 +946,8 @@ function ws_images_add($params, &$service)
     $day
     );
 
-  fwrite($fh_log, $upload_dir."\n");
-  
+  //fwrite($fh_log, $upload_dir."\n");
+
   if (!is_dir($upload_dir)) {
     umask(0000);
     $recursive = true;
@@ -954,7 +958,7 @@ function ws_images_add($params, &$service)
   $random_string = substr($params['file_sum'], 0, 8);
 
   $filename_wo_ext = $date_string.'-'.$random_string;
-  
+
   $file_path = $upload_dir.'/'.$filename_wo_ext.'.jpg';
   $fh_file = fopen($file_path, 'w');
   fwrite($fh_file, base64_decode($params['file_content']));
@@ -967,7 +971,7 @@ function ws_images_add($params, &$service)
     umask(0000);
     mkdir($thumbnail_dir, 0777);
   }
-  
+
   $thumbnail_path = sprintf(
     '%s/%s%s.%s',
     $thumbnail_dir,
@@ -1011,7 +1015,7 @@ function ws_images_add($params, &$service)
     array_keys($insert),
     array($insert)
     );
-  
+
   // fclose($fh_log);
 }
 
diff --git a/plugins/hello_world/index.php b/plugins/hello_world/index.php
deleted file mode 100644
index c15b15795..000000000
--- a/plugins/hello_world/index.php
+++ /dev/null
@@ -1,30 +0,0 @@
-<?php
-// +-----------------------------------------------------------------------+
-// | Piwigo - a PHP based picture gallery                                  |
-// +-----------------------------------------------------------------------+
-// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
-// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
-// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify  |
-// | it under the terms of the GNU General Public License as published by  |
-// | the Free Software Foundation                                          |
-// |                                                                       |
-// | This program is distributed in the hope that it will be useful, but   |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
-// | General Public License for more details.                              |
-// |                                                                       |
-// | You should have received a copy of the GNU General Public License     |
-// | along with this program; if not, write to the Free Software           |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA.                                                                  |
-// +-----------------------------------------------------------------------+
-
-// Recursive call
-$url = '../';
-header( 'Request-URI: '.$url );
-header( 'Content-Location: '.$url );
-header( 'Location: '.$url );
-exit();
-?>
diff --git a/plugins/hello_world/main.inc.php b/plugins/hello_world/main.inc.php
deleted file mode 100644
index 07808d0d9..000000000
--- a/plugins/hello_world/main.inc.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-// +-----------------------------------------------------------------------+
-// | Piwigo - a PHP based picture gallery                                  |
-// +-----------------------------------------------------------------------+
-// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
-// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
-// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify  |
-// | it under the terms of the GNU General Public License as published by  |
-// | the Free Software Foundation                                          |
-// |                                                                       |
-// | This program is distributed in the hope that it will be useful, but   |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
-// | General Public License for more details.                              |
-// |                                                                       |
-// | You should have received a copy of the GNU General Public License     |
-// | along with this program; if not, write to the Free Software           |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA.                                                                  |
-// +-----------------------------------------------------------------------+
-
-/*
-Plugin Name: Hello World
-Version: 1.8
-Description: This example plugin changes the page banner for the administration page.
-Plugin URI: http://piwigo.org
-Author: Piwigo team
-Author URI: http://piwigo.org
-*/
-
-add_event_handler('loc_begin_page_header', 'hello_world_begin_header' );
-
-function hello_world_begin_header()
-{
-  global $page;
-  if ( isset($page['body_id']) and $page['body_id']=='theAdminPage')
-  {
-    $hellos = array( 'Aloha', 'Ahoy', 'Guten tag', 'Hello', 'Hoi', 'Hola', 'Salut', 'Yo' );
-    shuffle($hellos);
-    $page['page_banner'] = $hellos[0];
-    // just as an example we modify it a little bit later
-    add_event_handler('loc_end_page_header', 'hello_world_end_header');
-  }
-}
-
-
-function hello_world_end_header()
-{
-  global $template, $page;
-  $template->assign( 'PAGE_BANNER',
-    '<h1>"'.$page['page_banner'].'" from Piwigo plugin!</h1>');
-}
-
-?>
\ No newline at end of file
diff --git a/template-common/scripts.js b/template-common/scripts.js
index e7fa7e9b5..4e5ef822f 100644
--- a/template-common/scripts.js
+++ b/template-common/scripts.js
@@ -120,10 +120,10 @@ PwgWS.prototype = {
 				if ( typeof parameters[property] == 'object' && parameters[property])
 				{
 					for (var i=0; i<parameters[property].length; i++)
-						url += "&"+property+"[]="+parameters[property][i];
+						url += "&"+property+"[]="+encodeURIComponent(parameters[property][i]);
 				}
 				else
-					url += "&"+property+"="+parameters[property];
+					url += "&"+property+"="+encodeURIComponent(parameters[property]);
 			}
 		}
 		this.transport.open(this.options.method, url, this.options.async);
@@ -150,8 +150,7 @@ PwgWS.prototype = {
 			try {
 				eval('resp = ' + transport.responseText);
 			}
-			catch (e)
-			{
+			catch (e) {
 				this.dispatchError( 200, e.message + '\n' + transport.responseText.substr(0,512) );
 			}
 			if (resp!=null)
-- 
cgit v1.2.3