forked from Public/pics
Aaron van Geffen
e28fcd8b03
Removes the intermediate confirmation page, instead using JavaScript for confirmation. Fixes an XSS issue, in that the previous method was not passing or checking the session (!)
85 lines
2.0 KiB
PHP
85 lines
2.0 KiB
PHP
<?php
|
|
/*****************************************************************************
|
|
* ViewPhoto.php
|
|
* Contains the view photo controller
|
|
*
|
|
* Kabuki CMS (C) 2013-2016, Aaron van Geffen
|
|
*****************************************************************************/
|
|
|
|
class ViewPhoto extends HTMLController
|
|
{
|
|
public function __construct()
|
|
{
|
|
// Ensure we're logged in at this point.
|
|
$user = Registry::get('user');
|
|
if (!$user->isLoggedIn())
|
|
throw new NotAllowedException();
|
|
|
|
$photo = Asset::fromSlug($_GET['slug']);
|
|
if (empty($photo))
|
|
throw new NotFoundException();
|
|
|
|
parent::__construct($photo->getTitle() . ' - ' . SITE_TITLE);
|
|
|
|
if (!empty($_POST))
|
|
$this->handleTagging($photo->getImage());
|
|
else
|
|
$this->handleViewPhoto($photo);
|
|
}
|
|
|
|
private function handleViewPhoto(Asset $photo)
|
|
{
|
|
$page = new PhotoPage($photo->getImage());
|
|
|
|
// Exif data?
|
|
$exif = EXIF::fromFile($photo->getFullPath());
|
|
if ($exif)
|
|
$page->setExif($exif);
|
|
|
|
// What tag are we browsing?
|
|
$tag = isset($_GET['in']) ? Tag::fromId($_GET['in']) : null;
|
|
$id_tag = isset($tag) ? $tag->id_tag : null;
|
|
|
|
// Find previous photo in set.
|
|
$previous_url = $photo->getUrlForPreviousInSet($id_tag);
|
|
if ($previous_url)
|
|
$page->setPreviousPhotoUrl($previous_url);
|
|
|
|
// ... and the next photo, too.
|
|
$next_url = $photo->getUrlForNextInSet($id_tag);
|
|
if ($next_url)
|
|
$page->setNextPhotoUrl($next_url);
|
|
|
|
$this->page->adopt($page);
|
|
$this->page->setCanonicalUrl($photo->getPageUrl());
|
|
}
|
|
|
|
private function handleTagging(Image $photo)
|
|
{
|
|
header('Content-Type: text/json; charset=utf-8');
|
|
|
|
// Are we tagging a photo?
|
|
if (!isset($_POST['id_tag']))
|
|
{
|
|
echo json_encode(['error' => true, 'msg' => 'Invalid tag request.']);
|
|
exit;
|
|
}
|
|
|
|
// We are!
|
|
if (!isset($_POST['delete']))
|
|
{
|
|
$photo->linkTags([(int) $_POST['id_tag']]);
|
|
echo json_encode(['success' => true]);
|
|
exit;
|
|
}
|
|
|
|
// ... deleting, that is.
|
|
else
|
|
{
|
|
$photo->unlinkTags([(int) $_POST['id_tag']]);
|
|
echo json_encode(['success' => true]);
|
|
exit;
|
|
}
|
|
}
|
|
}
|