diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-12-21 11:25:11 -0800 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-12-21 11:25:11 -0800 |
| commit | fd7990735cc73b5b1494190b9c187297e588a9f6 (patch) | |
| tree | 5e48f73a4c69217fceedf71ce3231a0ce538b39e /modules/rest | |
| parent | 213f718e59676ac7265735ad10d7861a4abbe97b (diff) | |
Added validation to the edit functionality, since we can't trust any input
Diffstat (limited to 'modules/rest')
| -rw-r--r-- | modules/rest/controllers/rest.php | 5 | ||||
| -rw-r--r-- | modules/rest/helpers/rest.php | 19 |
2 files changed, 17 insertions, 7 deletions
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index d1404b29..7a5ab46a 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -67,7 +67,7 @@ class Rest_Controller extends Controller { } private function _normalize_request($args=array()) { - $method = strtolower($this->input->server("REQUEST_METHOD")); + $method = strtolower($this->input->server("REQUEST_METHOD")); $request = new stdClass(); foreach (array_keys($this->input->get()) as $key) { $request->$key = $this->input->get($key); @@ -78,8 +78,7 @@ class Rest_Controller extends Controller { } } - $override_method = strtolower($this->input->server("HTTP_X_GALLERY_REQUEST_METHOD", null)); - $request->method = empty($override_method) ? $method : $override_method; + $request->method = strtolower($this->input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method)); $request->access_token = $this->input->server("HTTP_X_GALLERY_REQUEST_KEY"); $request->path = implode("/", $args); diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 2c653f21..ad6ca7c7 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -62,14 +62,25 @@ class rest_Core { /** * Success */ - static function success($response_data=null, $message=null) { + static function success($response_data=array(), $message=null) { $response = array("status" => "OK"); if (!empty($message)) { $response["message"] = (string)$message; } - if ($response_data) { - $response = array_merge($response, $response_data); - } + $response = array_merge($response, $response_data); + + // We don't need to save the session for this request + Session::abort_save(); + return json_encode($response); + } + + /** + * Validation Error + */ + static function validation_error($error_data) { + $response = array("status" => "VALIDATE_ERROR"); + $response = array_merge($response, array("fields" => $error_data)); + // We don't need to save the session for this request Session::abort_save(); return json_encode($response); |