mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 03:09:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #1356 pwg.images.uploadAsync, move auth code to inc/user.inc.php

Browse source 
In order to avoid loading user context as "guest" and then wait to be in ws_images_uploadAsync function to authenticate and load a new user context. This way we deal with "automatic" authentication in the same place (as apache auth or url auth) and we use the more common user context loading mecanism. Making Community compatible is now much easier.

To avoid duplicating too many lines of ws.php into inc/user.inc.php, I have moved the init of ws.php into inc/ws_init.inc.php
This commit is contained in:
plegall 2021-10-07 14:53:27 +02:00
parent 5803c76f4d
commit 8effbe8e95
4 changed files with 90 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

16
include/user.inc.php
View file

@ -56,6 +56,22 @@ if (isset($_GET['auth']))
auth_key_login($_GET['auth']);
}
if (
defined('IN_WS')
and isset($_REQUEST['method'])
and 'pwg.images.uploadAsync' == $_REQUEST['method']
and isset($_POST['username'])
and isset($_POST['password'])
)
{
if (!try_log_user($_POST['username'], $_POST['password'], false))
{
include_once(PHPWG_ROOT_PATH.'include/ws_init.inc.php');
$service->sendResponse(new PwgError(999, 'Invalid username/password'));
exit();
}
}
$user = build_user( $user['id'],
( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
);

17
include/ws_functions/pwg.images.php
View file

@ -1473,26 +1473,15 @@ function ws_images_uploadAsync($params, &$service)
{
global $conf, $user, $logger;
// the username/password parameters have been used in include/user.inc.php
// to authenticate the request (a much better time/place than here)
// additional check for some parameters
if (!preg_match('/^[a-fA-F0-9]{32}$/', $params['original_sum']))
{
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid original_sum');
}
if (!try_log_user($params['username'], $params['password'], false))
{
return new PwgError(999, 'Invalid username/password');
}
// build $user
// include(PHPWG_ROOT_PATH.'include/user.inc.php');
$user = build_user($user['id'], false);
if (!is_admin())
{
return new PwgError(401, 'Admin status is required.');
}
if ($params['image_id'] > 0)
{
$query='

69
include/ws_init.inc.php Normal file
View file

@ -0,0 +1,69 @@
<?php
// +-----------------------------------------------------------------------+
// | This file is part of Piwigo. |
// | |
// | For copyright and license information, please view the COPYING.txt |
// | file that was distributed with this source code. |
// +-----------------------------------------------------------------------+
defined('PHPWG_ROOT_PATH') or trigger_error('Hacking attempt!', E_USER_ERROR);
include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php');
add_event_handler('ws_add_methods', 'ws_addDefaultMethods');
add_event_handler('ws_invoke_allowed', 'ws_isInvokeAllowed', EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
$requestFormat = 'rest';
$responseFormat = null;
if ( isset($_GET['format']) )
{
$responseFormat = $_GET['format'];
}
if ( !isset($responseFormat) and isset($requestFormat) )
{
$responseFormat = $requestFormat;
}
$service = new PwgServer();
if (!is_null($requestFormat))
{
$handler = null;
switch ($requestFormat)
{
case 'rest':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/rest_handler.php');
$handler = new PwgRestRequestHandler();
break;
}
$service->setHandler($requestFormat, $handler);
}
if (!is_null($responseFormat))
{
$encoder = null;
switch ($responseFormat)
{
case 'rest':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/rest_encoder.php');
$encoder = new PwgRestEncoder();
break;
case 'php':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/php_encoder.php');
$encoder = new PwgSerialPhpEncoder();
break;
case 'json':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/json_encoder.php');
$encoder = new PwgJsonEncoder();
break;
case 'xmlrpc':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/xmlrpc_encoder.php');
$encoder = new PwgXmlRpcEncoder();
break;
}
$service->setEncoder($responseFormat, $encoder);
}
set_make_full_url();

61
ws.php
View file

@ -17,65 +17,8 @@ if ( !$conf['allow_web_services'] )
page_forbidden('Web services are disabled');
}
include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php');
include_once(PHPWG_ROOT_PATH.'include/ws_init.inc.php');
add_event_handler('ws_add_methods', 'ws_addDefaultMethods');
add_event_handler('ws_invoke_allowed', 'ws_isInvokeAllowed', EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
$requestFormat = 'rest';
$responseFormat = null;
if ( isset($_GET['format']) )
{
$responseFormat = $_GET['format'];
}
if ( !isset($responseFormat) and isset($requestFormat) )
{
$responseFormat = $requestFormat;
}
$service = new PwgServer();
if (!is_null($requestFormat))
{
$handler = null;
switch ($requestFormat)
{
case 'rest':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/rest_handler.php');
$handler = new PwgRestRequestHandler();
break;
}
$service->setHandler($requestFormat, $handler);
}
if (!is_null($responseFormat))
{
$encoder = null;
switch ($responseFormat)
{
case 'rest':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/rest_encoder.php');
$encoder = new PwgRestEncoder();
break;
case 'php':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/php_encoder.php');
$encoder = new PwgSerialPhpEncoder();
break;
case 'json':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/json_encoder.php');
$encoder = new PwgJsonEncoder();
break;
case 'xmlrpc':
include_once(PHPWG_ROOT_PATH.'include/ws_protocols/xmlrpc_encoder.php');
$encoder = new PwgXmlRpcEncoder();
break;
}
$service->setEncoder($responseFormat, $encoder);
}
set_make_full_url();
$service->run();
@ -540,7 +483,7 @@ function ws_addDefaultMethods( $arr )
<br>You can update an existing photo if you define an existing image_id.
<br>Requires <b>admin</b> credentials.',
$ws_functions_root . 'pwg.images.php',
array('post_only'=>true)
array('admin_only'=>true, 'post_only'=>true)
);
$service->addMethod(