From cd4c9114dda093e54c7f80b891e51eae3d150653 Mon Sep 17 00:00:00 2001 From: Pierre Date: Sun, 14 Jan 2018 19:29:45 +0100 Subject: [PATCH] Created a function to check post content --- RestControllers/postsController.php | 24 +++++++++++++++++------- functions/requests.php | 22 ++++++++++++++++++++++ 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/RestControllers/postsController.php b/RestControllers/postsController.php index 1aa549c..e4be402 100644 --- a/RestControllers/postsController.php +++ b/RestControllers/postsController.php @@ -109,13 +109,7 @@ class postsController { $kind = $_POST['kind']; //Get the content of the post - if(!isset($_POST['content'])) - Rest_fatal_error(400, "Please specify the content of the post !"); - $content = $_POST['content']; - - //Check the security of the content - if(!checkHTMLstring($content)) - Rest_fatal_error(400, "Your request has been rejected because it has been considered as unsecure !"); + $content = getPostContent("content"); //Get the visibility of the post $visibility = $this->getPostVisibilityLevel("visibility"); @@ -350,6 +344,22 @@ class postsController { return array("success" => "The visibility level has been updated !"); } + /** + * Update the content of a post + * + * @url POST /posts/update_content + */ + public function update_content(){ + + user_login_required(); + + //Get the post ID + $postID = $this->getFullAccessPostID("postID"); + + //Get the post content + + } + /** * Delete post * diff --git a/functions/requests.php b/functions/requests.php index cebc3fa..1e06460 100644 --- a/functions/requests.php +++ b/functions/requests.php @@ -346,4 +346,26 @@ function check_youtube_id(string $id) : bool { //The video is considered as valid return TRUE; +} + +/** + * Get some content (for post actually) from a $_POST request + * and check its validity + * + * @param string $name The name of the $_POST field + * @return string The content of the post + */ +function getPostContent($name){ + + if(!isset($_POST[$name])) + Rest_fatal_error(400, "Please specify some content in '"+$name+"' !"); + $content = $_POST[$name]; + + //Check the security of the content + if(!checkHTMLstring($content)) + Rest_fatal_error(400, "Your request has been rejected because it has been considered as unsecure !"); + + //Return new content + return $content; + } \ No newline at end of file