diff --git a/dist/main.js b/dist/main.js index 2f34561..fe2a0aa 100644 Binary files a/dist/main.js and b/dist/main.js differ diff --git a/php/api.php b/php/api.php index f85f536..affa33a 100755 --- a/php/api.php +++ b/php/api.php @@ -53,10 +53,6 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) { $plugins = explode(';', $settings['plugins']); $plugins = new Plugins($plugins, $database, $settings); - # Escape - foreach(array_keys($_POST) as $key) $_POST[$key] = urldecode($_POST[$key]); - foreach(array_keys($_GET) as $key) $_GET[$key] = urldecode($_GET[$key]); - # Validate parameters if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1) exit('Error: Wrong parameter type for albumIDs!'); if (isset($_POST['photoIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['photoIDs'])!==1) exit('Error: Wrong parameter type for photoIDs!'); diff --git a/src/scripts/album.js b/src/scripts/album.js index a712242..362f4c3 100644 --- a/src/scripts/album.js +++ b/src/scripts/album.js @@ -42,8 +42,12 @@ album.load = function(albumID, refresh) { startTime = new Date().getTime(); - params = 'getAlbum&albumID=' + albumID + '&password=' + password.value; - lychee.api(params, function(data) { + params = { + albumID, + password: password.value + } + + api.post('getAlbum', params, function(data) { if (data==='Warning: Album private!') { if (document.location.hash.replace('#', '').split('/')[1]!=undefined) { @@ -103,15 +107,20 @@ album.add = function() { action = function(data) { - var params, - isNumber = function(n) { return !isNaN(parseFloat(n)) && isFinite(n) }; + var isNumber, + title = data.title; basicModal.close(); - if (data.title.length===0) data.title = 'Untitled'; + isNumber = function(n) { - params = 'addAlbum&title=' + escape(encodeURI(data.title)); - lychee.api(params, function(data) { + return !isNaN(parseFloat(n)) && isFinite(n) + + } + + if (title.length===0) title = 'Untitled'; + + api.post('addAlbum', { title }, function(data) { // Avoid first album to be true if (data===true) data = 1; @@ -159,8 +168,11 @@ album.delete = function(albumIDs) { basicModal.close(); - params = 'deleteAlbum&albumIDs=' + albumIDs; - lychee.api(params, function(data) { + params = { + albumIDs: albumIDs.join() + } + + api.post('deleteAlbum', params, function(data) { if (visible.albums()) { @@ -280,8 +292,12 @@ album.setTitle = function(albumIDs) { } - params = 'setAlbumTitle&albumIDs=' + albumIDs + '&title=' + escape(encodeURI(newTitle)); - lychee.api(params, function(data) { + params = { + albumIDs: albumIDs.join(), + title: newTitle + } + + api.post('setAlbumTitle', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -310,7 +326,7 @@ album.setTitle = function(albumIDs) { } -album.setDescription = function(photoID) { +album.setDescription = function(albumID) { var oldDescription = album.json.description.replace("'", '''), action; @@ -330,8 +346,12 @@ album.setDescription = function(photoID) { view.album.description(); } - params = 'setAlbumDescription&albumID=' + photoID + '&description=' + escape(encodeURI(description)); - lychee.api(params, function(data) { + params = { + albumID, + description + } + + api.post('setAlbumDescription', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -459,8 +479,14 @@ album.setPublic = function(albumID, e) { } - params = 'setAlbumPublic&albumID=' + albumID + '&password=' + password + '&visible=' + listed + '&downloadable=' + downloadable; - lychee.api(params, function(data) { + params = { + albumID, + password, + visible: listed, + downloadable + } + + api.post('setAlbumPublic', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -495,7 +521,7 @@ album.share = function(service) { album.getArchive = function(albumID) { var link, - url = 'php/api.php?function=getAlbumArchive&albumID=' + albumID; + url = api.path + '?function=getAlbumArchive&albumID=' + albumID; if (location.href.indexOf('index.html')>0) link = location.href.replace(location.hash, '').replace('index.html', url); else link = location.href.replace(location.hash, '') + url; diff --git a/src/scripts/albums.js b/src/scripts/albums.js index f9430ec..dbaf44b 100644 --- a/src/scripts/albums.js +++ b/src/scripts/albums.js @@ -22,7 +22,7 @@ albums.load = function() { if (albums.json===null) { - lychee.api('getAlbums', function(data) { + api.post('getAlbums', {}, function(data) { /* Smart Albums */ data.unsortedAlbum = { diff --git a/src/scripts/api.js b/src/scripts/api.js new file mode 100644 index 0000000..9980dd1 --- /dev/null +++ b/src/scripts/api.js @@ -0,0 +1,63 @@ +/** + * @description This module communicates with Lychee's API + * @copyright 2015 by Tobias Reich + */ + +api = { + + path: 'php/api.php' + +} + +api.post = function(fn, params, callback) { + + var success, + error; + + loadingBar.show(); + + params = $.extend({function: fn}, params); + + success = function(data) { + + setTimeout(function() { loadingBar.hide() }, 100); + + // Catch errors + if (typeof data==='string'&& + data.substring(0, 7)==='Error: ') { + lychee.error(data.substring(7, data.length), params, data); + return false; + } + + // Convert 1 to true and an empty string to false + if (data==='1') data = true; + else if (data==='') data = false; + + // Convert to JSON if string start with '{' and ends with '}' + if (typeof data==='string'&& + data.substring(0, 1)==='{'&& + data.substring(data.length-1, data.length)==='}') data = $.parseJSON(data); + + // Output response when debug mode is enabled + if (lychee.debugMode) console.log(data); + + callback(data); + + } + + error = function(jqXHR, textStatus, errorThrown) { + + lychee.error('Server error or API not found.', params, errorThrown); + + } + + $.ajax({ + type: 'POST', + url: api.path, + data: params, + dataType: 'text', + success, + error + }); + +} \ No newline at end of file diff --git a/src/scripts/contextMenu.js b/src/scripts/contextMenu.js index ec9fa40..240548a 100644 --- a/src/scripts/contextMenu.js +++ b/src/scripts/contextMenu.js @@ -75,7 +75,7 @@ contextMenu.albumTitle = function(albumID, e) { { type: 'item', title: build.iconic('pencil') + 'Rename', fn: function() { album.setTitle([albumID]) } } ]; - lychee.api('getAlbums', function(data) { + api.post('getAlbums', {}, function(data) { if (data.num!==0) { @@ -176,7 +176,7 @@ contextMenu.move = function(photoIDs, e) { } - lychee.api('getAlbums', function(data) { + api.post('getAlbums', {}, function(data) { if (data.num===0) { diff --git a/src/scripts/lychee.js b/src/scripts/lychee.js index 4abb18a..044c14b 100644 --- a/src/scripts/lychee.js +++ b/src/scripts/lychee.js @@ -9,7 +9,6 @@ lychee = { version: '3.0.0', version_code: '030000', - api_path: 'php/api.php', update_path: 'http://lychee.electerious.com/version/index.php', updateURL: 'https://github.com/electerious/Lychee', website: 'http://lychee.electerious.com', @@ -37,8 +36,11 @@ lychee.init = function() { var params; - params = 'init&version=' + lychee.version_code; - lychee.api(params, function(data) { + params = { + version: lychee.version_code + } + + api.post('init', params, function(data) { if (data.loggedIn!==true) { lychee.setMode('public'); @@ -71,58 +73,18 @@ lychee.init = function() { } -lychee.api = function(params, callback) { - - loadingBar.show(); - - $.ajax({ - type: 'POST', - url: lychee.api_path, - data: 'function=' + params, - dataType: 'text', - success: function(data) { - - setTimeout(function() { loadingBar.hide() }, 100); - - // Catch errors - if (typeof data==='string'&& - data.substring(0, 7)==='Error: ') { - lychee.error(data.substring(7, data.length), params, data); - return false; - } - - // Convert 1 to true and an empty string to false - if (data==='1') data = true; - else if (data==='') data = false; - - // Convert to JSON if string start with '{' and ends with '}' - if (typeof data==='string'&& - data.substring(0, 1)==='{'&& - data.substring(data.length-1, data.length)==='}') data = $.parseJSON(data); - - // Output response when debug mode is enabled - if (lychee.debugMode) console.log(data); - - callback(data); - - }, - error: function(jqXHR, textStatus, errorThrown) { - - lychee.error('Server error or API not found.', params, errorThrown); - - } - }); - -} - lychee.login = function(data) { var user = data.username, password = md5(data.password), params; - params = 'login&user=' + user + '&password=' + password; - lychee.api(params, function(data) { + params = { + user, + password + } + + api.post('login', params, function(data) { if (data===true) { @@ -184,7 +146,7 @@ lychee.loginDialog = function() { lychee.logout = function() { - lychee.api('logout', function() { + api.post('logout', {}, function() { window.location.reload(); }); diff --git a/src/scripts/password.js b/src/scripts/password.js index f294a64..84448d9 100644 --- a/src/scripts/password.js +++ b/src/scripts/password.js @@ -31,8 +31,13 @@ password.get = function(albumID, callback) { } else { // Check password - params = 'checkAlbumAccess&albumID=' + albumID + '&password=' + md5(passwd); - lychee.api(params, function(data) { + + params = { + albumID, + password: md5(passwd) + } + + api.post('checkAlbumAccess', params, function(data) { if (data===true) { basicModal.close(); diff --git a/src/scripts/photo.js b/src/scripts/photo.js index 195da39..3bc2ee6 100644 --- a/src/scripts/photo.js +++ b/src/scripts/photo.js @@ -27,8 +27,13 @@ photo.load = function(photoID, albumID) { var params, checkPasswd; - params = 'getPhoto&photoID=' + photoID + '&albumID=' + albumID + '&password=' + password.value; - lychee.api(params, function(data) { + params = { + photoID, + albumID, + password: password.value + } + + api.post('getPhoto', params, function(data) { if (data==='Warning: Wrong password!') { checkPasswd = function() { @@ -156,8 +161,11 @@ photo.duplicate = function(photoIDs) { albums.refresh(); - params = 'duplicatePhoto&photoIDs=' + photoIDs; - lychee.api(params, function(data) { + params = { + photoIDs: photoIDs.join() + } + + api.post('duplicatePhoto', params, function(data) { if (data!==true) lychee.error(null, params, data); else album.load(album.getID()); @@ -220,8 +228,11 @@ photo.delete = function(photoIDs) { if (visible.photo()&&nextPhoto!==''&&nextPhoto!==photo.getID()) lychee.goto(album.getID() + '/' + nextPhoto); else if (!visible.albums()) lychee.goto(album.getID()); - params = 'deletePhoto&photoIDs=' + photoIDs; - lychee.api(params, function(data) { + params = { + photoIDs: photoIDs.join() + } + + api.post('deletePhoto', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -299,8 +310,12 @@ photo.setTitle = function(photoIDs) { view.album.content.title(id); }); - params = 'setPhotoTitle&photoIDs=' + photoIDs + '&title=' + escape(encodeURI(newTitle)); - lychee.api(params, function(data) { + params = { + photoIDs: photoIDs.join(), + title: newTitle + } + + api.post('setPhotoTitle', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -359,8 +374,12 @@ photo.setAlbum = function(photoIDs, albumID) { albums.refresh(); - params = 'setPhotoAlbum&photoIDs=' + photoIDs + '&albumID=' + albumID; - lychee.api(params, function(data) { + params = { + photoIDs: photoIDs.join(), + albumID + } + + api.post('setPhotoAlbum', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -385,8 +404,11 @@ photo.setStar = function(photoIDs) { albums.refresh(); - params = 'setPhotoStar&photoIDs=' + photoIDs; - lychee.api(params, function(data) { + params = { + photoIDs: photoIDs.join() + } + + api.post('setPhotoStar', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -396,8 +418,6 @@ photo.setStar = function(photoIDs) { photo.setPublic = function(photoID, e) { - var params; - if (photo.json.public==2) { var action; @@ -440,8 +460,7 @@ photo.setPublic = function(photoID, e) { albums.refresh(); - params = 'setPhotoPublic&photoID=' + photoID; - lychee.api(params, function(data) { + api.post('setPhotoPublic', { photoID }, function(data) { if (data!==true) lychee.error(null, params, data); @@ -469,8 +488,12 @@ photo.setDescription = function(photoID) { view.photo.description(); } - params = 'setPhotoDescription&photoID=' + photoID + '&description=' + escape(encodeURI(description)); - lychee.api(params, function(data) { + params = { + photoID, + description + } + + api.post('setPhotoDescription', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -569,8 +592,12 @@ photo.setTags = function(photoIDs, tags) { album.json.content[id].tags = tags; }); - params = 'setPhotoTags&photoIDs=' + photoIDs + '&tags=' + tags; - lychee.api(params, function(data) { + params = { + photoIDs: photoIDs.join(), + tags + } + + api.post('setPhotoTags', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -666,7 +693,7 @@ photo.getSize = function() { photo.getArchive = function(photoID) { var link, - url = 'php/api.php?function=getPhotoArchive&photoID=' + photoID; + url = api.path + '?function=getPhotoArchive&photoID=' + photoID; if (location.href.indexOf('index.html')>0) link = location.href.replace(location.hash, '').replace('index.html', url); else link = location.href.replace(location.hash, '') + url; diff --git a/src/scripts/search.js b/src/scripts/search.js index db041ac..987d569 100755 --- a/src/scripts/search.js +++ b/src/scripts/search.js @@ -11,8 +11,7 @@ search = { search.find = function(term) { - var params, - albumsData = '', + var albumsData = '', photosData = '', code; @@ -21,8 +20,7 @@ search.find = function(term) { if ($('#search').val().length!==0) { - params = 'search&term=' + term; - lychee.api(params, function(data) { + api.post('search', { term }, function(data) { // Build albums if (data&&data.albums) { diff --git a/src/scripts/settings.js b/src/scripts/settings.js index 74f6fea..fddcb4b 100644 --- a/src/scripts/settings.js +++ b/src/scripts/settings.js @@ -22,8 +22,15 @@ settings.createConfig = function() { if (dbHost.length<1) dbHost = 'localhost'; if (dbName.length<1) dbName = 'lychee'; - params = 'dbCreateConfig&dbName=' + escape(dbName) + '&dbUser=' + escape(dbUser) + '&dbPassword=' + escape(dbPassword) + '&dbHost=' + escape(dbHost) + '&dbTablePrefix=' + escape(dbTablePrefix); - lychee.api(params, function(data) { + params = { + dbName, + dbUser, + dbPassword, + dbHost, + dbTablePrefix + } + + api.post('dbCreateConfig', params, function(data) { if (data!==true) { @@ -152,7 +159,13 @@ settings.createLogin = function() { basicModal.close(); params = 'setLogin&username=' + escape(username) + '&password=' + md5(password); - lychee.api(params, function(data) { + + params = { + username, + password: md5(password) + } + + api.post('setLogin', params, function(data) { if (data!==true) { @@ -221,8 +234,13 @@ settings.setLogin = function() { basicModal.close(); - params = 'setLogin&oldPassword=' + md5(oldPassword) + '&username=' + escape(username) + '&password=' + md5(password); - lychee.api(params, function(data) { + params = { + oldPassword: md5(oldPassword), + username, + password: md5(password) + } + + api.post('setLogin', params, function(data) { if (data!==true) lychee.error(null, params, data); @@ -274,8 +292,12 @@ settings.setSorting = function() { basicModal.close(); albums.refresh(); - params = 'setSorting&type=' + sorting[0] + '&order=' + sorting[1]; - lychee.api(params, function(data) { + params = { + type: sorting[0], + order: sorting[1] + } + + api.post('setSorting', params, function(data) { if (data===true) { lychee.sorting = 'ORDER BY ' + sorting[0] + ' ' + sorting[1]; @@ -339,8 +361,7 @@ settings.setDropboxKey = function(callback) { action = function(data) { - var params, - key = data.key; + var key = data.key; if (data.key.length<1) { basicModal.error('key'); @@ -349,8 +370,7 @@ settings.setDropboxKey = function(callback) { basicModal.close(); - params = 'setDropboxKey&key=' + key; - lychee.api(params, function(data) { + api.post('setDropboxKey', { key }, function(data) { if (data===true) { lychee.dropboxKey = key; diff --git a/src/scripts/upload.js b/src/scripts/upload.js index 52a2275..75c0077 100755 --- a/src/scripts/upload.js +++ b/src/scripts/upload.js @@ -111,7 +111,7 @@ upload.start = { formData.append('tags', ''); formData.append(0, file); - xhr.open('POST', lychee.api_path); + xhr.open('POST', api.path); xhr.onload = function() { @@ -267,8 +267,12 @@ upload.start = { $('.basicModal .rows .row .status').html('Importing'); - params = 'importUrl&url=' + escape(encodeURI(data.link)) + '&albumID=' + albumID; - lychee.api(params, function(data) { + params = { + url: data.link, + albumID + } + + api.post('importUrl', params, function(data) { basicModal.close(); upload.notify('Import complete'); @@ -326,8 +330,12 @@ upload.start = { $('.basicModal .rows .row .status').html('Importing'); - params = 'importServer&albumID=' + albumID + '&path=' + escape(encodeURI(data.path)); - lychee.api(params, function(data) { + params = { + albumID, + path: data.path + } + + api.post('importServer', params, function(data) { basicModal.close(); upload.notify('Import complete'); @@ -397,8 +405,12 @@ upload.start = { $('.basicModal .rows .row .status').html('Importing'); - params = 'importUrl&url=' + escape(links) + '&albumID=' + albumID; - lychee.api(params, function(data) { + params = { + url: links, + albumID + } + + api.post('importUrl', params, function(data) { basicModal.close(); upload.notify('Import complete');