X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=39c6319ab5c749d857665830e0bb040f5dfe30e3;hp=93f27bde6bd5e658a5a0a7af32c297754abe76f0;hb=ae3851e4befcc7f6bee6d161dc77ac2e4e9c6515;hpb=57511b4efd7402ef58de66ac1fe2c01ed1b1d7b5 diff --git a/api.php b/api.php index 93f27bd..39c6319 100644 --- a/api.php +++ b/api.php @@ -20,7 +20,7 @@ function success_feature ($feature, $request) { $res .= "" . ($feature->imgpath ? - full_url_from_filename ($feature->imgpath) + full_url_from_imgpath ($feature->imgpath) : "") . ""; @@ -99,7 +99,7 @@ function save_uploaded_file ($file, $con) { server_error (); } } - return basename($dest); + return basename_safe ($dest); } function img_check_upload ($file) { @@ -116,6 +116,9 @@ function img_check_upload ($file) { } function delete_image_if_unused ($imgpath, $con) { + if (!isset ($imgpath) || (strlen ($imgpath) == 0)) { + return; + } if ($con->imgpath_exists ($imgpath)) { return false; } @@ -145,7 +148,7 @@ function unique_file ($dirname, $relpath, $con) { while ($counter < 1000) { if (!file_exists ($filename) && - !($con->imgpath_exists (basename ($filename)))) { + !($con->imgpath_exists (basename_safe ($filename)))) { return $filename; } else { $counter++; @@ -201,7 +204,7 @@ function main ($con) { $description = unquote ($_POST ["description"]); try { - $new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description); + $new_feature = new feature ($id, $lon, $lat, $imgpath, $title, $description, 0); } catch (Exception $e) { request_error (); } @@ -239,7 +242,7 @@ function main ($con) { $title = unquote ($_POST ["title"]); $description = unquote ($_POST ["description"]); try { - $feature = new feature (null, $lon, $lat, $imgpath, $title, $description); + $feature = new feature (null, $lon, $lat, $imgpath, $title, $description, 0); } catch (Exception $e) { request_error (); }