mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-13 13:21:43 +02:00
fixes #2046 avoid strip_tags if pwg_token is provided
* pwg.categories.setInfo * pwg.categories.add * pwg.images.setInfo
This commit is contained in:
@@ -670,6 +670,11 @@ function ws_categories_add($params, &$service)
|
||||
|
||||
global $conf;
|
||||
|
||||
if (isset($params['pwg_token']) and get_pwg_token() != $params['pwg_token'])
|
||||
{
|
||||
return new PwgError(403, 'Invalid security token');
|
||||
}
|
||||
|
||||
if (!empty($params['position']) and in_array($params['position'], array('first','last')))
|
||||
{
|
||||
//TODO make persistent with user prefs
|
||||
@@ -684,12 +689,11 @@ function ws_categories_add($params, &$service)
|
||||
|
||||
if (!empty($params['comment']))
|
||||
{
|
||||
// TODO do not strip tags if pwg_token is provided (and valid)
|
||||
$options['comment'] = strip_tags($params['comment']);
|
||||
$options['comment'] = (!$conf['allow_html_descriptions'] or !isset($params['pwg_token'])) ? strip_tags($params['comment']) : $params['comment'];
|
||||
}
|
||||
|
||||
$creation_output = create_virtual_category(
|
||||
strip_tags($params['name']), // TODO do not strip tags if pwg_token is provided (and valid)
|
||||
(!$conf['allow_html_descriptions'] or !isset($params['pwg_token'])) ? strip_tags($params['name']) : $params['name'],
|
||||
$params['parent'],
|
||||
$options
|
||||
);
|
||||
@@ -800,6 +804,13 @@ SELECT id
|
||||
*/
|
||||
function ws_categories_setInfo($params, &$service)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
if (isset($params['pwg_token']) and get_pwg_token() != $params['pwg_token'])
|
||||
{
|
||||
return new PwgError(403, 'Invalid security token');
|
||||
}
|
||||
|
||||
// does the category really exist?
|
||||
$query = '
|
||||
SELECT *
|
||||
@@ -854,8 +865,7 @@ SELECT *
|
||||
if (isset($params[$key]))
|
||||
{
|
||||
$perform_update = true;
|
||||
// TODO do not strip tags if pwg_token is provided (and valid)
|
||||
$update[$key] = strip_tags($params[$key]);
|
||||
$update[$key] = (!$conf['allow_html_descriptions'] or !isset($params['pwg_token'])) ? strip_tags($params[$key]) : $params[$key];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -2292,6 +2292,11 @@ function ws_images_setInfo($params, $service)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
if (isset($params['pwg_token']) and get_pwg_token() != $params['pwg_token'])
|
||||
{
|
||||
return new PwgError(403, 'Invalid security token');
|
||||
}
|
||||
|
||||
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
||||
|
||||
$query='
|
||||
@@ -2323,14 +2328,11 @@ SELECT *
|
||||
{
|
||||
if (isset($params[$key]))
|
||||
{
|
||||
if (!$conf['allow_html_descriptions'])
|
||||
if (!$conf['allow_html_descriptions'] or !isset($params['pwg_token']))
|
||||
{
|
||||
$params[$key] = strip_tags($params[$key], '<b><strong><em><i>');
|
||||
}
|
||||
|
||||
// TODO do not strip tags if pwg_token is provided (and valid)
|
||||
$params[$key] = strip_tags($params[$key]);
|
||||
|
||||
if ('fill_if_empty' == $params['single_value_mode'])
|
||||
{
|
||||
if (empty($image_row[$key]))
|
||||
|
||||
Reference in New Issue
Block a user