issue #1953 improved privacy on searches and associate each search to its creator

* remove temporary functions ws_gallery_getSearch and ws_gallery_updateSearch
* split get_search_array into sub-functions to use them in web API
* use search_uuid as search_id instead of the numeric search.id : better privacy
* only the creator of the search can update it
* if a visitors tries to open the search of another user, it (the search) gets forked into a new search
This commit is contained in:
plegall
2023-08-09 19:18:30 +02:00
parent 73e61749fe
commit b787dfd291
9 changed files with 152 additions and 88 deletions
+6 -2
View File
@@ -648,10 +648,14 @@ function parse_section_url( $tokens, &$next_token)
$page['section'] = 'search';
$next_token++;
preg_match('/(\d+)/', @$tokens[$next_token], $matches);
preg_match('/^(psk-\d{8}-[a-zA-Z0-9]{10})$/', @$tokens[$next_token], $matches);
if (!isset($matches[1]))
{
bad_request('search identifier is missing');
preg_match('/(\d+)/', @$tokens[$next_token], $matches);
if (!isset($matches[1]))
{
bad_request('search identifier is missing');
}
}
$page['search'] = $matches[1];
$next_token++;