summaryrefslogtreecommitdiffstats
path: root/rpc.php
diff options
context:
space:
mode:
Diffstat (limited to 'rpc.php')
-rw-r--r--rpc.php34
1 files changed, 18 insertions, 16 deletions
diff --git a/rpc.php b/rpc.php
index d7dafce..d5a7e8f 100644
--- a/rpc.php
+++ b/rpc.php
@@ -42,32 +42,32 @@ class PHPFSPOT_RPC {
switch($_GET['action']) {
case 'showphoto':
-
- $fspot->showPhoto($_GET['id']);
+ if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+ $fspot->showPhoto($_GET['id']);
+ }
break;
case 'show_available_tags':
-
$fspot->getAvailableTags();
break;
case 'show_selected_tags':
-
$fspot->getSelectedTags();
break;
case 'addtag':
-
- $fspot->addTag($_GET['id']);
+ if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+ $fspot->addTag($_GET['id']);
+ }
break;
case 'deltag':
-
- $fspot->delTag($_GET['id']);
+ if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+ $fspot->delTag($_GET['id']);
+ }
break;
case 'reset':
-
$fspot->resetTagSearch();
$fspot->resetTags();
$fspot->resetDateSearch();
@@ -75,28 +75,30 @@ class PHPFSPOT_RPC {
break;
case 'tagcondition':
-
- $fspot->setTagCondition($_GET['mode']);
+ if(isset($_GET['mode']) && in_array($_GET['mode'], Array('or', 'and'))) {
+ $fspot->setTagCondition($_GET['mode']);
+ }
break;
case 'show_photo_index':
-
- $_SESSION['begin_with'] = $_GET['begin_with'];
+ if(isset($_GET['begin_with']) && is_numeric($_GET['begin_with'])) {
+ $_SESSION['begin_with'] = $_GET['begin_with'];
+ }
+ else {
+ unset($_SESSION['begin_with']);
+ }
$fspot->showPhotoIndex();
break;
case 'showcredits':
-
$fspot->showCredits();
break;
case 'search':
-
$fspot->startSearch($_GET['for'], $_GET['from'], $_GET['to'], $_GET['sort_order']);
break;
case 'get_export':
-
$fspot->getExport($_GET['mode']);
break;
generated by cgit.