switch($_GET['action']) {
case 'showphoto':
-
- $fspot->showPhoto($_GET['id']);
+ if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+ $fspot->showPhoto($_GET['id']);
+ }
break;
case 'show_available_tags':
-
$fspot->getAvailableTags();
break;
case 'show_selected_tags':
-
$fspot->getSelectedTags();
break;
case 'addtag':
-
- $fspot->addTag($_GET['id']);
+ if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+ $fspot->addTag($_GET['id']);
+ }
break;
case 'deltag':
-
- $fspot->delTag($_GET['id']);
+ if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+ $fspot->delTag($_GET['id']);
+ }
break;
case 'reset':
-
$fspot->resetTagSearch();
$fspot->resetTags();
$fspot->resetDateSearch();
break;
case 'tagcondition':
-
- $fspot->setTagCondition($_GET['mode']);
+ if(isset($_GET['mode']) && in_array($_GET['mode'], Array('or', 'and'))) {
+ $fspot->setTagCondition($_GET['mode']);
+ }
break;
case 'show_photo_index':
-
- $_SESSION['begin_with'] = $_GET['begin_with'];
+ if(isset($_GET['begin_with']) && is_numeric($_GET['begin_with'])) {
+ $_SESSION['begin_with'] = $_GET['begin_with'];
+ }
+ else {
+ unset($_SESSION['begin_with']);
+ }
$fspot->showPhotoIndex();
break;
case 'showcredits':
-
$fspot->showCredits();
break;
case 'search':
-
$fspot->startSearch($_GET['for'], $_GET['from'], $_GET['to'], $_GET['sort_order']);
break;
case 'get_export':
-
$fspot->getExport($_GET['mode']);
break;
projects / phpfspot.git / commitdiff
