issue60, make sure provided photo id is numeric
[phpfspot.git] / rpc.php
diff --git a/rpc.php b/rpc.php
index 4ffae5f5fbddd3cc58884f25c3136e8abcd809e2..bdb7004ad6de1d6a03ec68c1760077517aa8e67d 100644 (file)
--- a/rpc.php
+++ b/rpc.php
@@ -95,10 +95,18 @@ class PHPFSPOT_RPC {
             break;
 
          case 'search':
-            $fspot->startSearch($_GET['for'], $_GET['from'], $_GET['to'], $_GET['sort_order']);
+               $fspot->startSearch($_GET['for'], $_GET['sort_order'], $_GET['from'], $_GET['to']);
+            
+            if((isset($_GET['from']) && $fspot->isValidDate($_GET['from'])) &&
+               (isset($_GET['to']) && $fspot->isValidDate($_GET['to']))) {
+            }
+            else {
+               $fspot->startSearch($_GET['for'], $_GET['sort_order']);
+            }
             break;
 
          case 'get_export':
+            /* $_GET['mode'] will be validated by getExport() */
             $fspot->getExport($_GET['mode']);
             break;
 
@@ -107,9 +115,9 @@ class PHPFSPOT_RPC {
             break;
 
          case 'get_calendar_matrix':
-            if((is_numeric($_GET['year']) || $_GET['year'] == "") &&
-               (is_numeric($_GET['month']) || $_GET['month'] == "") &&
-               (is_numeric($_GET['day']) || $_GET['month'] == "")) {
+            if((is_numeric($_GET['year']) || !isset($_GET['year'])) &&
+               (is_numeric($_GET['month']) || !isset($_GET['month'])) &&
+               (is_numeric($_GET['day']) || !isset($_GET['day']))) {
                $fspot->get_calendar_matrix($_GET['year'], $_GET['month'], $_GET['day']);
             }
             break;