diff --git a/ext/pools/main.php b/ext/pools/main.php index 4a22cb63..199c2f9a 100644 --- a/ext/pools/main.php +++ b/ext/pools/main.php @@ -260,21 +260,21 @@ class Pools extends Extension $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("pool/view/" . $pce->new_id)); } - if ($event->page_matches("pool/view/{poolID}", method: "GET", paged: true)) { - $poolID = $event->get_iarg('poolID'); - $this->get_posts($event->get_iarg('page_num', 1) - 1, $poolID); + if ($event->page_matches("pool/view/{pool_id}", method: "GET", paged: true)) { + $pool_id = $event->get_iarg('pool_id'); + $this->get_posts($event->get_iarg('page_num', 1) - 1, $pool_id); } if ($event->page_matches("pool/updated", paged: true)) { $this->get_history($event->get_iarg('page_num', 1) - 1); } - if ($event->page_matches("pool/revert/{historyID}", method: "POST", permission: Permissions::POOLS_UPDATE)) { - $historyID = $event->get_iarg('historyID'); - $this->revert_history($historyID); + if ($event->page_matches("pool/revert/{history_id}", method: "POST", permission: Permissions::POOLS_UPDATE)) { + $history_id = $event->get_iarg('history_id'); + $this->revert_history($history_id); $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("pool/updated")); } - if ($event->page_matches("pool/edit")) { - $pool_id = int_escape($event->req_POST("pool_id")); + if ($event->page_matches("pool/edit/{pool_id}")) { + $pool_id = $event->get_iarg('pool_id'); $pool = $this->get_single_pool($pool_id); $this->assert_permission($user, $pool); @@ -285,49 +285,52 @@ class Pools extends Extension } $this->theme->edit_pool($page, $pool, $images); } - if ($event->page_matches("pool/order")) { - $pool_id = int_escape($event->req_POST("pool_id")); + if ($event->page_matches("pool/order/{pool_id}")) { + $pool_id = $event->get_iarg('pool_id'); $pool = $this->get_single_pool($pool_id); $this->assert_permission($user, $pool); - if ($event->get_POST("order_view")) { - $result = $database->execute( - "SELECT image_id FROM pool_images WHERE pool_id=:pid ORDER BY image_order ASC", - ["pid" => $pool_id] + $result = $database->execute( + "SELECT image_id FROM pool_images WHERE pool_id=:pid ORDER BY image_order ASC", + ["pid" => $pool_id] + ); + $images = []; + + while ($row = $result->fetch()) { + $image = $database->get_row( + " + SELECT * FROM images AS i + INNER JOIN pool_images AS p ON i.id = p.image_id + WHERE pool_id=:pid AND i.id=:iid", + ["pid" => $pool_id, "iid" => (int) $row['image_id']] ); - $images = []; - - while ($row = $result->fetch()) { - $image = $database->get_row( - " - SELECT * FROM images AS i - INNER JOIN pool_images AS p ON i.id = p.image_id - WHERE pool_id=:pid AND i.id=:iid", - ["pid" => $pool_id, "iid" => (int) $row['image_id']] - ); - $images[] = ($image ? new Image($image) : null); - } - - $this->theme->edit_order($page, $pool, $images); - } else { - foreach ($event->POST as $key => $value) { - if (str_starts_with($key, "order_")) { - $imageID = (int) substr($key, 6); - $database->execute( - " - UPDATE pool_images - SET image_order = :ord - WHERE pool_id = :pid AND image_id = :iid", - ["ord" => $value, "pid" => int_escape($event->req_POST('pool_id')), "iid" => $imageID] - ); - } - } - $page->set_mode(PageMode::REDIRECT); - $page->set_redirect(make_link("pool/view/" . $pool_id)); + $images[] = ($image ? new Image($image) : null); } + + $this->theme->edit_order($page, $pool, $images); } - if ($event->page_matches("pool/reverse")) { - $pool_id = int_escape($event->req_POST("pool_id")); + if ($event->page_matches("pool/save_order/{pool_id}", method: "POST")) { + $pool_id = $event->get_iarg('pool_id'); + $pool = $this->get_single_pool($pool_id); + $this->assert_permission($user, $pool); + + foreach ($event->POST as $key => $value) { + if (str_starts_with($key, "order_")) { + $imageID = (int) substr($key, 6); + $database->execute( + " + UPDATE pool_images + SET image_order = :ord + WHERE pool_id = :pid AND image_id = :iid", + ["ord" => $value, "pid" => $pool_id, "iid" => $imageID] + ); + } + } + $page->set_mode(PageMode::REDIRECT); + $page->set_redirect(make_link("pool/view/" . $pool_id)); + } + if ($event->page_matches("pool/reverse/{pool_id}", method: "POST")) { + $pool_id = $event->get_iarg('pool_id'); $pool = $this->get_single_pool($pool_id); $this->assert_permission($user, $pool); @@ -352,8 +355,8 @@ class Pools extends Extension $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("pool/view/" . $pool_id)); } - if ($event->page_matches("pool/import")) { - $pool_id = int_escape($event->req_POST("pool_id")); + if ($event->page_matches("pool/import/{pool_id}")) { + $pool_id = $event->get_iarg('pool_id'); $pool = $this->get_single_pool($pool_id); $this->assert_permission($user, $pool); @@ -363,8 +366,8 @@ class Pools extends Extension ); $this->theme->pool_result($page, $images, $pool); } - if ($event->page_matches("pool/add_posts")) { - $pool_id = int_escape($event->req_POST("pool_id")); + if ($event->page_matches("pool/add_posts/{pool_id}")) { + $pool_id = $event->get_iarg('pool_id'); $pool = $this->get_single_pool($pool_id); $this->assert_permission($user, $pool); @@ -373,8 +376,8 @@ class Pools extends Extension $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("pool/view/" . $pool_id)); } - if ($event->page_matches("pool/remove_posts")) { - $pool_id = int_escape($event->req_POST("pool_id")); + if ($event->page_matches("pool/remove_posts/{pool_id}")) { + $pool_id = $event->get_iarg('pool_id'); $pool = $this->get_single_pool($pool_id); $this->assert_permission($user, $pool); @@ -394,8 +397,8 @@ class Pools extends Extension $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("pool/view/" . $pool_id)); } - if ($event->page_matches("pool/edit_description")) { - $pool_id = int_escape($event->req_POST("pool_id")); + if ($event->page_matches("pool/edit_description/{pool_id}")) { + $pool_id = $event->get_iarg('pool_id'); $pool = $this->get_single_pool($pool_id); $this->assert_permission($user, $pool); @@ -406,10 +409,10 @@ class Pools extends Extension $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("pool/view/" . $pool_id)); } - if ($event->page_matches("pool/nuke")) { + if ($event->page_matches("pool/nuke/{pool_id}")) { // Completely remove the given pool. // -> Only admins and owners may do this - $pool_id = int_escape($event->req_POST("pool_id")); + $pool_id = $event->get_iarg('pool_id'); $pool = $this->get_single_pool($pool_id); if ($user->can(Permissions::POOLS_ADMIN) || $user->id == $pool->user_id) { diff --git a/ext/pools/theme.php b/ext/pools/theme.php index 55c1d384..53038ade 100644 --- a/ext/pools/theme.php +++ b/ext/pools/theme.php @@ -177,27 +177,20 @@ class PoolsTheme extends Themelet $editor = emptyHTML( SHM_SIMPLE_FORM( - "pool/import", - INPUT(["type" => "text", "name" => "pool_tag", "id" => "edit_pool_tag", "placeholder" => "Please enter a tag"]), - $_input_id, + "pool/import/{$pool->id}", + INPUT(["type" => "text", "name" => "pool_tag", "id" => "edit_pool_tag", "placeholder" => "Please enter a tag", "class" => "autocomplete_tags"]), SHM_SUBMIT("Import", ["name" => "edit", "id" => "edit_pool_import_btn"]) ), SHM_SIMPLE_FORM( - "pool/edit", - $_hidden("edit_pool", "yes"), - $_input_id, + "pool/edit/{$pool->id}", SHM_SUBMIT("Edit Pool", ["name" => "edit", "id" => "edit_pool_btn"]), ), SHM_SIMPLE_FORM( - "pool/order", - $_hidden("order_view", "yes"), - $_input_id, + "pool/order/{$pool->id}", SHM_SUBMIT("Order Pool", ["name" => "edit", "id" => "edit_pool_order_btn"]) ), SHM_SIMPLE_FORM( - "pool/reverse", - $_hidden("reverse_view", "yes"), - $_input_id, + "pool/reverse/{$pool->id}", SHM_SUBMIT("Reverse Order", ["name" => "edit", "id" => "reverse_pool_order_btn"]) ), SHM_SIMPLE_FORM( @@ -217,8 +210,7 @@ class PoolsTheme extends Themelet //-->") ), SHM_SIMPLE_FORM( - "pool/nuke", - $_input_id, + "pool/nuke/{$pool->id}", SHM_SUBMIT("Delete Pool", ["name" => "delete", "id" => "delete_pool_btn", "onclick" => "return confirm_action()"]) ) ); @@ -261,7 +253,7 @@ class PoolsTheme extends Themelet ) ); - $form = SHM_FORM("pool/add_posts", name: "checks"); + $form = SHM_FORM("pool/add_posts/{$pool->id}", name: "checks"); $image_list = DIV(["class" => "shm-image-list"]); foreach ($images as $image) { $image_list->appendChild( @@ -273,7 +265,6 @@ class PoolsTheme extends Themelet $form->appendChild( BR(), SHM_SUBMIT("Add Selected", ["name" => "edit", "id" => "edit_pool_add_btn", "onclick" => "return confirm_action()"]), - INPUT(["type" => "hidden", "name" => "pool_id", "value" => $pool->id]) ); $import->appendChild($form); @@ -292,7 +283,7 @@ class PoolsTheme extends Themelet { $this->display_top($pool, "Sorting Pool"); - $form = SHM_FORM("pool/order", name: "checks"); + $form = SHM_FORM("pool/save_order/{$pool->id}", name: "checks"); $image_list = DIV(["class" => "shm-image-list"]); foreach ($images as $i => $image) { $image_list->appendChild(SPAN( @@ -304,7 +295,6 @@ class PoolsTheme extends Themelet $form->appendChild($image_list); $form->appendChild( - INPUT(["type" => "hidden", "name" => "pool_id", "value" => $pool->id]), SHM_SUBMIT("Order", ["name" => "edit", "id" => "edit_pool_order"]) ); @@ -321,17 +311,14 @@ class PoolsTheme extends Themelet */ public function edit_pool(Page $page, Pool $pool, array $images): void { - $_input_id = INPUT(["type" => "hidden", "name" => "pool_id", "value" => $pool->id]); - $desc_form = SHM_SIMPLE_FORM( - "pool/edit/description", + "pool/edit_description/{$pool->id}", TEXTAREA(["name" => "description"], $pool->description), BR(), - $_input_id, SHM_SUBMIT("Change Description") ); - $images_form = SHM_FORM("pool/remove_posts", name: "checks"); + $images_form = SHM_FORM("pool/remove_posts/{$pool->id}", name: "checks"); $image_list = DIV(["class" => "shm-image-list"]); foreach ($images as $image) { $image_list->appendChild(SPAN( @@ -344,7 +331,6 @@ class PoolsTheme extends Themelet $images_form->appendChild( BR(), - $_input_id, SHM_SUBMIT("Remove Selected", ["name" => "edit", "id" => "edit_pool_remove_sel"]) );