Merge remote-tracking branch 'upstream/master' into php72

admin/batch_manager_global.php

@@ -56,7 +56,15 @@ check_input_parameter('dissociate', $_POST, false, PATTERN_ID);
 // +-----------------------------------------------------------------------+
 
 $collection = array();
-if (isset($_POST['setSelected']))
+if (isset($_POST['nb_photos_deleted']))
+{
+  check_input_parameter('nb_photos_deleted', $_POST, false, '/^\d+$/');
+
+  // let's fake a collection (we don't know the image_ids so we use "null", we only
+  // care about the number of items here)
+  $collection = array_fill(0, $_POST['nb_photos_deleted'], null);
+}
+else if (isset($_POST['setSelected']))
 {
   $collection = $page['cat_elements_id'];
 }

admin/tags.php

@@ -32,6 +32,11 @@ check_status(ACCESS_ADMINISTRATOR);
 if (!empty($_POST))
 {
   check_pwg_token();
+  check_input_parameter('tags', $_POST, true, PATTERN_ID);
+  check_input_parameter('selectAction', $_POST, false, '/^(edit|merge|duplicate|delete)$/');
+  check_input_parameter('edit_list', $_POST, false, '/^\d+(,\d+)*$/');
+  check_input_parameter('merge_list', $_POST, false, '/^\d+(,\d+)*$/');
+  check_input_parameter('destination_tag', $_POST, false, PATTERN_ID);
 }
 
 // +-----------------------------------------------------------------------+

admin/themes/default/js/batchManagerGlobal.js

@@ -309,6 +309,10 @@ jQuery('#applyAction').click(function(e) {
 
     image_ids = Array();
   }
+
+  /* tell PHP how many photos were deleted */
+  jQuery('form').append('<input type="hidden" name="nb_photos_deleted" value="'+elements.length+'">');
+
   return false;
 });
 

include/template.class.php

@@ -1788,7 +1788,7 @@ class ScriptLoader
    */
   private static function cmp_by_mode_and_order($s1, $s2)
   {
-    $ret = $s1->load_mode - $s2->load_mode;
+    $ret = intval($s1->load_mode) - intval($s2->load_mode);
     if ($ret) return $ret;
 
     $ret = $s1->extra['order'] - $s2->extra['order'];

include/ws_functions/pwg.users.php

@@ -296,6 +296,30 @@ function ws_users_add($params, &$service)
   return $service->invoke('pwg.users.getList', array('user_id'=>$user_id));
 }
 
+/**
+ * API method
+ * Get a new authentication key for a user.
+ * @param mixed[] $params
+ *    @option int[] user_id
+ *    @option string pwg_token
+ */
+function ws_users_getAuthKey($params, &$service)
+{
+  if (get_pwg_token() != $params['pwg_token'])
+  {
+    return new PwgError(403, 'Invalid security token');
+  }
+
+  $authkey = create_user_auth_key($params['user_id']);
+
+  if ($authkey === false)
+  {
+    return new PwgError(WS_ERR_INVALID_PARAM, 'invalid user_id');
+  }
+
+  return $authkey;
+}
+
 /**
  * API method
  * Deletes users

ws.php

@@ -943,6 +943,18 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
       array('admin_only'=>true, 'post_only'=>true)
     );
 
+  $service->addMethod(
+    'pwg.users.getAuthKey',
+    'ws_users_getAuthKey',
+    array(
+      'user_id' => array('type'=>WS_TYPE_ID),
+      'pwg_token' => array(),
+      ),
+    'Get a new authentication key for a user. Only works for normal/generic users (not admins)',
+    $ws_functions_root . 'pwg.users.php',
+    array('admin_only'=>true, 'post_only'=>true)
+    );
+
   $service->addMethod(
       'pwg.users.setInfo',
       'ws_users_setInfo',