X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=76eef437929e267d71adb56e78fccf1191a0e2c7;hp=6ed26c9712435eec3dad280935df78b5c4023c65;hb=538e9c7fc6b55272d4599e05d1bc4bb25f17f849;hpb=e4a4e5149d55cf01a86f26392c52fdca803654ce

diff --git a/api.php b/api.php
index 6ed26c9..76eef43 100644
--- a/api.php
+++ b/api.php
@@ -99,7 +99,7 @@ function save_uploaded_file ($file, $con) {
             server_error ();
         }
     }
-    return basename($dest);
+    return basename_safe ($dest);
 }
 
 function img_check_upload ($file) {
@@ -116,6 +116,9 @@ function img_check_upload ($file) {
 }
 
 function delete_image_if_unused ($imgpath, $con) {
+    if (!isset ($imgpath) || (strlen ($imgpath) == 0)) {
+        return;
+    }
     if ($con->imgpath_exists ($imgpath)) {
         return false;
     }
@@ -145,7 +148,7 @@ function unique_file ($dirname, $relpath, $con) {
 
    while ($counter < 1000) {
        if (!file_exists ($filename) && 
-           !($con->imgpath_exists (basename ($filename)))) {
+           !($con->imgpath_exists (basename_safe ($filename)))) {
            return $filename;
        } else {
             $counter++;
@@ -192,6 +195,7 @@ function main ($con) {
             if ($_POST ["keep_img"] == "yes") {
                 $imgpath = $feature->imgpath;
             } else {
+                request_error ();
                 $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
             }
 
@@ -232,6 +236,7 @@ function main ($con) {
             success_feature ($new_feature, "update");
         break;
         case "add":
+            request_error ();
             $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
 
             $lon = $_POST ["lon"];
@@ -251,6 +256,7 @@ function main ($con) {
             success_feature ($feature, "add");
         break;
         case "del":
+            request_error ();
             $id = $_POST ["fid"];
             $feature = $con->getfeature ($id);
             if (!isset ($feature)) {