X-Git-Url: https://dev.renevier.net/?a=blobdiff_plain;f=api.php;h=76eef437929e267d71adb56e78fccf1191a0e2c7;hb=538e9c7fc6b55272d4599e05d1bc4bb25f17f849;hp=50e8bfe3cfa2cc5cc1fad902cc24cde9757d03e8;hpb=4acc8da49e3d4083fd9906388dd8fe0212bb9f42;p=syp.git

diff --git a/api.php b/api.php
index 50e8bfe..76eef43 100644
--- a/api.php
+++ b/api.php
@@ -99,7 +99,7 @@ function save_uploaded_file ($file, $con) {
             server_error ();
         }
     }
-    return basename($dest);
+    return basename_safe ($dest);
 }
 
 function img_check_upload ($file) {
@@ -148,7 +148,7 @@ function unique_file ($dirname, $relpath, $con) {
 
    while ($counter < 1000) {
        if (!file_exists ($filename) && 
-           !($con->imgpath_exists (basename ($filename)))) {
+           !($con->imgpath_exists (basename_safe ($filename)))) {
            return $filename;
        } else {
             $counter++;
@@ -195,6 +195,7 @@ function main ($con) {
             if ($_POST ["keep_img"] == "yes") {
                 $imgpath = $feature->imgpath;
             } else {
+                request_error ();
                 $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
             }
 
@@ -235,6 +236,7 @@ function main ($con) {
             success_feature ($new_feature, "update");
         break;
         case "add":
+            request_error ();
             $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
 
             $lon = $_POST ["lon"];
@@ -254,6 +256,7 @@ function main ($con) {
             success_feature ($feature, "add");
         break;
         case "del":
+            request_error ();
             $id = $_POST ["fid"];
             $feature = $con->getfeature ($id);
             if (!isset ($feature)) {