diff --git a/core/event.php b/core/event.php index 999c7c3e..b139d92b 100644 --- a/core/event.php +++ b/core/event.php @@ -131,6 +131,33 @@ class PageRequestEvent extends Event return $value; } + /** + * @return string[]|null + */ + public function get_POST_array(string $key): ?array + { + if(array_key_exists($key, $this->POST)) { + if(!is_array($this->POST[$key])) { + throw new SCoreException("POST parameter {$key} is a single value, expected array"); + } + return $this->POST[$key]; + } else { + return null; + } + } + + /** + * @return string[] + */ + public function req_POST_array(string $key): array + { + $value = $this->get_POST_array($key); + if($value === null) { + throw new UserErrorException("Missing POST parameter {$key}"); + } + return $value; + } + /** * Test if the requested path matches a given pattern. * diff --git a/ext/pools/main.php b/ext/pools/main.php index fe5bf924..304fd641 100644 --- a/ext/pools/main.php +++ b/ext/pools/main.php @@ -315,7 +315,7 @@ class Pools extends Extension $pool_id = int_escape($event->req_POST("pool_id")); $pool = $this->get_single_pool($pool_id); - if (isset($event->req_POST("order_view"))) { + if ($event->get_POST("order_view")) { if ($this->have_permission($user, $pool)) { $result = $database->execute( "SELECT image_id FROM pool_images WHERE pool_id=:pid ORDER BY image_order ASC", @@ -341,15 +341,17 @@ class Pools extends Extension } } else { if ($this->have_permission($user, $pool)) { - foreach ($event->req_POST('imgs') as $data) { - list($imageORDER, $imageID) = $data; - $database->execute( - " - UPDATE pool_images - SET image_order = :ord - WHERE pool_id = :pid AND image_id = :iid", - ["ord" => $imageORDER, "pid" => int_escape($event->req_POST('pool_id')), "iid" => $imageID] - ); + foreach ($event->POST as $key => $value) { + if(str_starts_with($key, "order_")) { + $imageID = (int)substr($key, 6); + $database->execute( + " + UPDATE pool_images + SET image_order = :ord + WHERE pool_id = :pid AND image_id = :iid", + ["ord" => $value, "pid" => int_escape($event->req_POST('pool_id')), "iid" => $imageID] + ); + } } $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("pool/view/" . $pool_id)); @@ -407,7 +409,7 @@ class Pools extends Extension $pool = $this->get_single_pool($pool_id); if ($this->have_permission($user, $pool)) { - $image_ids = array_map('intval', $event->req_POST('check')); + $image_ids = array_map('intval', $event->req_POST_array('check')); send_event(new PoolAddPostsEvent($pool_id, $image_ids)); $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("pool/view/" . $pool_id)); @@ -422,7 +424,7 @@ class Pools extends Extension if ($this->have_permission($user, $pool)) { $images = ""; - foreach ($event->req_POST('check') as $imageID) { + foreach ($event->req_POST_array('check') as $imageID) { $database->execute( "DELETE FROM pool_images WHERE pool_id = :pid AND image_id = :iid", ["pid" => $pool_id, "iid" => $imageID] diff --git a/ext/pools/theme.php b/ext/pools/theme.php index 32dd48d2..df4eda66 100644 --- a/ext/pools/theme.php +++ b/ext/pools/theme.php @@ -308,8 +308,7 @@ class PoolsTheme extends Themelet $form->appendChild(SPAN( ["class" => "thumb"], $this->build_thumb_html($image), - INPUT(["type" => "number", "name" => "imgs[$i][]", "value" => $image['image_order'], "style" => "max-width: 50px;"]), - INPUT(["type" => "hidden", "name" => "imgs[$i][]", "value" => $image->id]) + INPUT(["type" => "number", "name" => "order_{$image->id}", "value" => $image['image_order'], "style" => "max-width: 50px;"]), )); }