iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Include pwg_token in user list POST request (Fixes #748) (#866)

Browse Source 
* user list: set pwg_token in POST data to user_list_backend.php

The POST data for the user data table request was empty, which could
cause user data retrieval to error out with HTTP 403 due to missing
the authentication token.

* user_list_backend: fix uninitialized variables

If iSortCol_0, sEcho, or sSearch are unset in the HTTP request, it
could cause variables to be uninitialized, potentially causing error
messages to be included in the HTTP response. These error messages,
if present, can prevent the JSON response from being parsed.

* user list: delete unnecessary quotes

Javascript object key names don't generally need to be quoted.
Remove some quotes that were introduced by a recent change that added
a body to the AJAX POST request to retrieve the user list.
This commit is contained in:
Daniel Dadap
2018-07-06 03:51:04 -05:00
committed by Pierrick Le Gall
parent 7e41e21af4
commit 65ac272179
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
admin/themes/default/template/user_list.tpl
View File

@@ -615,7 +615,13 @@ jQuery(document).on('click', '.close-user-details', function(e) {
processing: true,
serverSide: true,
serverMethod: "POST",
ajaxSource: "admin/user_list_backend.php",
ajax: {
url : "admin/user_list_backend.php",
type : "POST",
data : {
pwg_token : pwg_token
}
},
pagingType: "simple",
language: {
processing: "{/literal}{'Loading...'|translate|escape:'javascript'}{literal}",

10
admin/user_list_backend.php
View File

@@ -70,7 +70,8 @@ if ( isset( $_REQUEST['iDisplayStart'] ) && $_REQUEST['iDisplayLength'] != '-1'
$sLimit = "LIMIT ".$_REQUEST['iDisplayStart'].", ".$_REQUEST['iDisplayLength'];
}
$sOrder = "";
/*
* Ordering
*/
@@ -104,7 +105,7 @@ if ( isset( $_REQUEST['iSortCol_0'] ) )
* on very large tables, and MySQL's regex functionality is very limited
*/
$sWhere = "";
if ( $_REQUEST['sSearch'] != "" )
if ( isSet( $_REQUEST['sSearch']) && $_REQUEST['sSearch'] != "" )
{
$sWhere = "WHERE (";
for ( $i=0 ; $i<count($aColumns) ; $i++ )
@@ -161,12 +162,13 @@ $rResultTotal = pwg_query($sQuery);
$aResultTotal = pwg_db_fetch_array($rResultTotal);
$iTotal = $aResultTotal[0];
$sEcho = isSet($_REQUEST['sEcho']) ? intval($_REQUEST['sEcho']) : 0;
/*
* Output
*/
$output = array(
"sEcho" => intval($_REQUEST['sEcho']),
"sEcho" => $sEcho,
"iTotalRecords" => $iTotal,
"iTotalDisplayRecords" => $iFilteredTotal,
"aaData" => array()