From b6d61a78bb9f528c045bdfb917a45b204b80727b Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 8 Feb 2018 13:03:26 +0100
Subject: [PATCH 1/4] fixes #838, tells PHP how many photos were deleted in
 Batch Manager

---
 admin/batch_manager_global.php                | 10 +++++++++-
 admin/themes/default/js/batchManagerGlobal.js |  4 ++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/admin/batch_manager_global.php b/admin/batch_manager_global.php
index bc10761ae..51987ec3f 100644
--- a/admin/batch_manager_global.php
+++ b/admin/batch_manager_global.php
@@ -56,7 +56,15 @@ check_input_parameter('dissociate', $_POST, false, PATTERN_ID);
 // +-----------------------------------------------------------------------+
 
 $collection = array();
-if (isset($_POST['setSelected']))
+if (isset($_POST['nb_photos_deleted']))
+{
+  check_input_parameter('nb_photos_deleted', $_POST, false, '/^\d+$/');
+
+  // let's fake a collection (we don't know the image_ids so we use "null", we only
+  // care about the number of items here)
+  $collection = array_fill(0, $_POST['nb_photos_deleted'], null);
+}
+else if (isset($_POST['setSelected']))
 {
   $collection = $page['cat_elements_id'];
 }
diff --git a/admin/themes/default/js/batchManagerGlobal.js b/admin/themes/default/js/batchManagerGlobal.js
index febfccb4f..50986a680 100644
--- a/admin/themes/default/js/batchManagerGlobal.js
+++ b/admin/themes/default/js/batchManagerGlobal.js
@@ -309,6 +309,10 @@ jQuery('#applyAction').click(function(e) {
 
     image_ids = Array();
   }
+
+  /* tell PHP how many photos were deleted */
+  jQuery('form').append('<input type="hidden" name="nb_photos_deleted" value="'+elements.length+'">');
+
   return false;
 });
 

From 02275fe275a3f97710dab75bf4c3f967f428b22d Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Wed, 21 Feb 2018 17:34:56 +0100
Subject: [PATCH 2/4] fixes #839, check input parameters on admin/tags.php

---
 admin/tags.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/admin/tags.php b/admin/tags.php
index a56f20221..fd244a6db 100644
--- a/admin/tags.php
+++ b/admin/tags.php
@@ -32,6 +32,11 @@ check_status(ACCESS_ADMINISTRATOR);
 if (!empty($_POST))
 {
   check_pwg_token();
+  check_input_parameter('tags', $_POST, true, PATTERN_ID);
+  check_input_parameter('selectAction', $_POST, false, '/^(edit|merge|duplicate|delete)$/');
+  check_input_parameter('edit_list', $_POST, false, '/^\d+(,\d+)*$/');
+  check_input_parameter('merge_list', $_POST, false, '/^\d+(,\d+)*$/');
+  check_input_parameter('destination_tag', $_POST, false, PATTERN_ID);
 }
 
 // +-----------------------------------------------------------------------+

From 63932b93907cb8cf50c0fe90f1a0f6767c22ab10 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 20 Jul 2017 19:06:26 +0200
Subject: [PATCH 3/4] fixes #735, add API method pwg.users.getAuthKey

---
 include/ws_functions/pwg.users.php | 24 ++++++++++++++++++++++++
 ws.php                             | 12 ++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php
index 31d2159ef..2af1a8afa 100644
--- a/include/ws_functions/pwg.users.php
+++ b/include/ws_functions/pwg.users.php
@@ -296,6 +296,30 @@ function ws_users_add($params, &$service)
   return $service->invoke('pwg.users.getList', array('user_id'=>$user_id));
 }
 
+/**
+ * API method
+ * Get a new authentication key for a user.
+ * @param mixed[] $params
+ *    @option int[] user_id
+ *    @option string pwg_token
+ */
+function ws_users_getAuthKey($params, &$service)
+{
+  if (get_pwg_token() != $params['pwg_token'])
+  {
+    return new PwgError(403, 'Invalid security token');
+  }
+
+  $authkey = create_user_auth_key($params['user_id']);
+
+  if ($authkey === false)
+  {
+    return new PwgError(WS_ERR_INVALID_PARAM, 'invalid user_id');
+  }
+
+  return $authkey;
+}
+
 /**
  * API method
  * Deletes users
diff --git a/ws.php b/ws.php
index d0c348e3b..b2c5e1779 100644
--- a/ws.php
+++ b/ws.php
@@ -943,6 +943,18 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
       array('admin_only'=>true, 'post_only'=>true)
     );
 
+  $service->addMethod(
+    'pwg.users.getAuthKey',
+    'ws_users_getAuthKey',
+    array(
+      'user_id' => array('type'=>WS_TYPE_ID),
+      'pwg_token' => array(),
+      ),
+    'Get a new authentication key for a user. Only works for normal/generic users (not admins)',
+    $ws_functions_root . 'pwg.users.php',
+    array('admin_only'=>true, 'post_only'=>true)
+    );
+
   $service->addMethod(
       'pwg.users.setInfo',
       'ws_users_setInfo',

From 8a57d777aa3b6401d74817822e0988fc4eb4a679 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Tue, 27 Feb 2018 12:01:45 +0100
Subject: [PATCH 4/4] fixes #596, compatibility with PHP 7.1

---
 include/template.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/template.class.php b/include/template.class.php
index b8846a561..d8d241aac 100644
--- a/include/template.class.php
+++ b/include/template.class.php
@@ -1788,7 +1788,7 @@ class ScriptLoader
    */
   private static function cmp_by_mode_and_order($s1, $s2)
   {
-    $ret = $s1->load_mode - $s2->load_mode;
+    $ret = intval($s1->load_mode) - intval($s2->load_mode);
     if ($ret) return $ret;
 
     $ret = $s1->extra['order'] - $s2->extra['order'];