From 6d067b036c0d6f3f733f03c4d8ee3c0391d4b65f Mon Sep 17 00:00:00 2001 From: Diego Najar Date: Fri, 10 Aug 2018 15:41:23 +0200 Subject: [PATCH] bug fixes: media manager and plugin API --- bl-kernel/admin/themes/booty/html/media.php | 2 +- bl-kernel/ajax/list-files.php | 5 ++-- bl-kernel/pages.class.php | 12 ++++++--- bl-plugins/api/plugin.php | 27 +++++++++++---------- things-to-do | 17 ++++++++++--- 5 files changed, 41 insertions(+), 22 deletions(-) diff --git a/bl-kernel/admin/themes/booty/html/media.php b/bl-kernel/admin/themes/booty/html/media.php index ed523f77..13ba1c5b 100644 --- a/bl-kernel/admin/themes/booty/html/media.php +++ b/bl-kernel/admin/themes/booty/html/media.php @@ -111,7 +111,7 @@ function getFiles(pageNumber) { $.post("ajax/list-files", { tokenCSRF: tokenCSRF, pageNumber: pageNumber, - path: "" + path: "thumbnails" // the path are defined in the list-files }, function(data) { displayFiles(data.files); diff --git a/bl-kernel/ajax/list-files.php b/bl-kernel/ajax/list-files.php index 7aa93596..bc5ef1b3 100644 --- a/bl-kernel/ajax/list-files.php +++ b/bl-kernel/ajax/list-files.php @@ -10,8 +10,9 @@ $pageNumber = $pageNumber - 1; // (string) $_POST['path'] $path = isset($_POST['path']) ? $_POST['path'] : false; // ---------------------------------------------------------------------------- - -if ($path==false) { +if ($path=='thumbnails') { + $path = PATH_UPLOADS_THUMBNAILS; +} else { exit (json_encode(array( 'status'=>1, 'files'=>'Invalid path.' diff --git a/bl-kernel/pages.class.php b/bl-kernel/pages.class.php index 3112a35f..63531028 100644 --- a/bl-kernel/pages.class.php +++ b/bl-kernel/pages.class.php @@ -58,9 +58,11 @@ class Pages extends dbJSON { // Check values on args and set default values if not exists foreach ($this->dbFields as $field=>$value) { if ($field=='tags') { - if (!empty($args['tags'])) { - $finalValue = $this->generateTags($args['tags']); + $tags = ''; + if (isset($args['tags'])) { + $tags = $args['tags']; } + $finalValue = $this->generateTags($tags); } elseif (isset($args[$field])) { // Sanitize if will be stored on database $finalValue = Sanitize::html($args[$field]); @@ -150,7 +152,11 @@ class Pages extends dbJSON { // Check values on args or set default values foreach ($this->dbFields as $field=>$value) { if ($field=='tags') { - $finalValue = $this->generateTags($args['tags']); + $tags = ''; + if (isset($args['tags'])) { + $tags = $args['tags']; + } + $finalValue = $this->generateTags($tags); } elseif (isset($args[$field])) { // Sanitize if will be stored on database $finalValue = Sanitize::html($args[$field]); diff --git a/bl-plugins/api/plugin.php b/bl-plugins/api/plugin.php index eea151a4..8cdf4401 100644 --- a/bl-plugins/api/plugin.php +++ b/bl-plugins/api/plugin.php @@ -98,20 +98,22 @@ class pluginAPI extends Plugin { // AUTHENTICATION TOKEN // ------------------------------------------------------------ $writePermissions = false; - if ( !empty($inputs['authentication']) ) { + if (!empty($inputs['authentication'])) { // Get the user with the authentication token, FALSE if doesn't exit $username = $users->getByAuthToken($inputs['authentication']); if ($username!==false) { - - // Get the object user to check the role - $user = $users->getUser($username); - if (($user->role()=='admin') && ($user->enabled())) { - // Loggin the user to create the session - $login = new Login(); - $login->setLogin($username, 'admin'); - // Enable write permissions - $writePermissions = true; + try { + $user = new User($username); + if (($user->role()=='admin') && ($user->enabled())) { + // Loggin the user to create the session + $login = new Login(); + $login->setLogin($username, 'admin'); + // Enable write permissions + $writePermissions = true; + } + } catch (Exception $e) { + // Continue without permissions } } } @@ -249,7 +251,7 @@ class pluginAPI extends Plugin { $tmp = array( 'status'=>'0', - 'message'=>'List of pages, amount of items: '.$numberOfItems, + 'message'=>'List of pages, number of items: '.$numberOfItems, 'data'=>array() ); @@ -293,7 +295,6 @@ class pluginAPI extends Plugin { // This function is defined on functions.php $key = createPage($args); - if ($key===false) { return array( 'status'=>'1', @@ -312,7 +313,7 @@ class pluginAPI extends Plugin { { // Unsanitize content because all values are sanitized if (isset($args['content'])) { - $args['content'] = Text::htmlDecode($args['content']); + $args['content'] = Sanitize::htmlDecode($args['content']); } $args['key'] = $key; diff --git a/things-to-do b/things-to-do index 98e85ad5..22aa365f 100644 --- a/things-to-do +++ b/things-to-do @@ -37,7 +37,18 @@ Things to do: ---- -curl -vvv \ - -X GET \ +curl -X GET \ -G "http://localhost:8000/api/pages" \ - -d "token=80a09ba055b73f68e3c9e7c9ea12b432" \ No newline at end of file + -d "token=58b1419d05ffb9dcfb299e515985c33a" + +{ + "token": "58b1419d05ffb9dcfb299e515985c33a", + "authentication": "0adaa7af50d40b459cd5c4376aab0d67", + "title": "My dog", + "content": "Content of the page here, support Markdown code and HTML code." +} + +curl -X PUT \ + -H "Content-Type: application/json" \ + -d @data.json \ + "http://localhost:8000/api/pages" \ No newline at end of file