r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

bug fixes: media manager and plugin API

This commit is contained in:
Diego Najar 2018-08-10 15:41:23 +02:00
parent 39d409ccc7
commit 6d067b036c
5 changed files with 41 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bl-kernel/admin/themes/booty/html/media.php
View File

@ -111,7 +111,7 @@ function getFiles(pageNumber) {
$.post("<?php echo HTML_PATH_ADMIN_ROOT ?>ajax/list-files", $.post("<?php echo HTML_PATH_ADMIN_ROOT ?>ajax/list-files",
{ tokenCSRF: tokenCSRF, { tokenCSRF: tokenCSRF,
pageNumber: pageNumber, pageNumber: pageNumber,
path: "<?php echo PATH_UPLOADS_THUMBNAILS ?>" path: "thumbnails" // the path are defined in the list-files
}, },
function(data) { function(data) {
displayFiles(data.files); displayFiles(data.files);

5
bl-kernel/ajax/list-files.php
View File

@ -10,8 +10,9 @@ $pageNumber = $pageNumber - 1;
// (string) $_POST['path'] // (string) $_POST['path']
$path = isset($_POST['path']) ? $_POST['path'] : false; $path = isset($_POST['path']) ? $_POST['path'] : false;
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
if ($path=='thumbnails') {
if ($path==false) { $path = PATH_UPLOADS_THUMBNAILS;
} else {
exit (json_encode(array( exit (json_encode(array(
'status'=>1, 'status'=>1,
'files'=>'Invalid path.' 'files'=>'Invalid path.'

12
bl-kernel/pages.class.php
View File

@ -58,9 +58,11 @@ class Pages extends dbJSON {
// Check values on args and set default values if not exists // Check values on args and set default values if not exists
foreach ($this->dbFields as $field=>$value) { foreach ($this->dbFields as $field=>$value) {
if ($field=='tags') { if ($field=='tags') {
if (!empty($args['tags'])) { $tags = '';
$finalValue = $this->generateTags($args['tags']); if (isset($args['tags'])) {
$tags = $args['tags'];
} }
$finalValue = $this->generateTags($tags);
} elseif (isset($args[$field])) { } elseif (isset($args[$field])) {
// Sanitize if will be stored on database // Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]); $finalValue = Sanitize::html($args[$field]);
@ -150,7 +152,11 @@ class Pages extends dbJSON {
// Check values on args or set default values // Check values on args or set default values
foreach ($this->dbFields as $field=>$value) { foreach ($this->dbFields as $field=>$value) {
if ($field=='tags') { if ($field=='tags') {
$finalValue = $this->generateTags($args['tags']); $tags = '';
if (isset($args['tags'])) {
$tags = $args['tags'];
}
$finalValue = $this->generateTags($tags);
} elseif (isset($args[$field])) { } elseif (isset($args[$field])) {
// Sanitize if will be stored on database // Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]); $finalValue = Sanitize::html($args[$field]);

27
bl-plugins/api/plugin.php
View File

@ -98,20 +98,22 @@ class pluginAPI extends Plugin {
// AUTHENTICATION TOKEN // AUTHENTICATION TOKEN
// ------------------------------------------------------------ // ------------------------------------------------------------
$writePermissions = false; $writePermissions = false;
if ( !empty($inputs['authentication']) ) { if (!empty($inputs['authentication'])) {
// Get the user with the authentication token, FALSE if doesn't exit // Get the user with the authentication token, FALSE if doesn't exit
$username = $users->getByAuthToken($inputs['authentication']); $username = $users->getByAuthToken($inputs['authentication']);
if ($username!==false) { if ($username!==false) {
try {
// Get the object user to check the role $user = new User($username);
$user = $users->getUser($username); if (($user->role()=='admin') && ($user->enabled())) {
if (($user->role()=='admin') && ($user->enabled())) { // Loggin the user to create the session
// Loggin the user to create the session $login = new Login();
$login = new Login(); $login->setLogin($username, 'admin');
$login->setLogin($username, 'admin'); // Enable write permissions
// Enable write permissions $writePermissions = true;
$writePermissions = true; }
} catch (Exception $e) {
// Continue without permissions
} }
} }
} }
@ -249,7 +251,7 @@ class pluginAPI extends Plugin {
$tmp = array( $tmp = array(
'status'=>'0', 'status'=>'0',
'message'=>'List of pages, amount of items: '.$numberOfItems, 'message'=>'List of pages, number of items: '.$numberOfItems,
'data'=>array() 'data'=>array()
); );
@ -293,7 +295,6 @@ class pluginAPI extends Plugin {
// This function is defined on functions.php // This function is defined on functions.php
$key = createPage($args); $key = createPage($args);
if ($key===false) { if ($key===false) {
return array( return array(
'status'=>'1', 'status'=>'1',
@ -312,7 +313,7 @@ class pluginAPI extends Plugin {
{ {
// Unsanitize content because all values are sanitized // Unsanitize content because all values are sanitized
if (isset($args['content'])) { if (isset($args['content'])) {
$args['content'] = Text::htmlDecode($args['content']); $args['content'] = Sanitize::htmlDecode($args['content']);
} }
$args['key'] = $key; $args['key'] = $key;

17
things-to-do
View File

@ -37,7 +37,18 @@ Things to do:
---- ----
curl -vvv \ curl -X GET \
-X GET \
-G "http://localhost:8000/api/pages" \ -G "http://localhost:8000/api/pages" \
-d "token=80a09ba055b73f68e3c9e7c9ea12b432" -d "token=58b1419d05ffb9dcfb299e515985c33a"
{
"token": "58b1419d05ffb9dcfb299e515985c33a",
"authentication": "0adaa7af50d40b459cd5c4376aab0d67",
"title": "My dog",
"content": "Content of the page here, support Markdown code and HTML code."
}
curl -X PUT \
-H "Content-Type: application/json" \
-d @data.json \
"http://localhost:8000/api/pages"