mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-04 08:52:20 +02:00
issue #1953 improved privacy on searches and associate each search to its creator
* remove temporary functions ws_gallery_getSearch and ws_gallery_updateSearch * split get_search_array into sub-functions to use them in web API * use search_uuid as search_id instead of the numeric search.id : better privacy * only the creator of the search can update it * if a visitors tries to open the search of another user, it (the search) gets forked into a new search
This commit is contained in:
@@ -648,10 +648,14 @@ function parse_section_url( $tokens, &$next_token)
|
||||
$page['section'] = 'search';
|
||||
$next_token++;
|
||||
|
||||
preg_match('/(\d+)/', @$tokens[$next_token], $matches);
|
||||
preg_match('/^(psk-\d{8}-[a-zA-Z0-9]{10})$/', @$tokens[$next_token], $matches);
|
||||
if (!isset($matches[1]))
|
||||
{
|
||||
bad_request('search identifier is missing');
|
||||
preg_match('/(\d+)/', @$tokens[$next_token], $matches);
|
||||
if (!isset($matches[1]))
|
||||
{
|
||||
bad_request('search identifier is missing');
|
||||
}
|
||||
}
|
||||
$page['search'] = $matches[1];
|
||||
$next_token++;
|
||||
|
||||
Reference in New Issue
Block a user