diff --git a/TODO.md b/TODO.md index b68f2be..7ba6de3 100644 --- a/TODO.md +++ b/TODO.md @@ -1,4 +1,5 @@ - saving section info +- proper colors - account deletion - admin page - invite codes diff --git a/index.php b/index.php index 2e72822..4d341f5 100644 --- a/index.php +++ b/index.php @@ -44,7 +44,7 @@ if ($user === false) { } else if ($intent === "create-row") { $section_id = $_POST["section"]; - if (strlen($section_id) !== 64 || !preg_match("/[a-f0-9]{64}/", $section_id)) { + if (strlen($section_id) !== 64 || !preg_match("/^[a-f0-9]{64}$/", $section_id)) { $err = $lang["add"]["errors"]["invalid_id"]; } else { pg_insert( @@ -61,7 +61,7 @@ if ($user === false) { $date = strtotime($_POST["date"]); $description = $_POST["description"]; - if (strlen($row_id) !== 64 || !preg_match("/[a-f0-9]{64}/", $row_id)) { + if (strlen($row_id) !== 64 || !preg_match("/^[a-f0-9]{64}/$", $row_id)) { $err = $lang["add"]["errors"]["invalid_id"]; } else if ($date === false) { $err = $lang["add"]["errors"]["date"]; @@ -82,6 +82,40 @@ if ($user === false) { ) ); } + } else if ($intent === "update-texts") { + foreach ($_POST as $ident => $value) { + if (preg_match("/^(?:section-[a-f0-9]{64}-name)|(?:row-[a-f0-9]{64}-(?:name|format))$/", $ident)) { + $table_name = explode("-", $ident)[0]; + $table_id = explode("-", $ident)[1]; + $action = explode("-", $ident)[2]; + + if ($action === "name") { + if (strlen($value) !== 0 && strlen($value) <= 128) { + if ($table_name === "section") { + $v = array( + "name" => $value, + "show_subtitle" => (bool) $_POST["$table_name-$table_id-subtitle"] + ); + } else { + $v = array("name" => $value); + } + + pg_update( + $db, $table_name, $v, + array("id" => $table_id) + ); + } + } else if ($action === "format") { + if (strlen($value) !== 0 && strlen($value) <= 128) { + pg_update( + $db, $table_name, + array("display_format" => $value), + array("id" => $table_id) + ); + } + } + } + } } else if ($intent === "change-password") { $old_pw = $_POST["old"]; $new_pw = $_POST["new"]; @@ -110,12 +144,14 @@ if ($user === false) { } else { $err = $lang["account"]["errors"]["incorrect_password"]; } + } else { + $err = $lang["errors"]["intent"]; } } else if ($_GET["del"]) { $del_type = explode("-", $_GET["del"])[0]; $del_id = explode("-", $_GET["del"])[1]; - if (strlen($del_id) === 64 && preg_match("/[a-f0-9]{64}/", $del_id) && ($del_type === "item" || $del_type === "row" || $del_type === "section")) { + if (strlen($del_id) === 64 && preg_match("/^[a-f0-9]{64}$/", $del_id) && ($del_type === "item" || $del_type === "row" || $del_type === "section")) { pg_query($db, "DELETE FROM $del_type WHERE id='$del_id';"); } } @@ -257,7 +293,7 @@ foreach ($sections as $section) {

-
+
diff --git a/lang/en-US.json b/lang/en-US.json index 97dd7ec..80808f9 100644 --- a/lang/en-US.json +++ b/lang/en-US.json @@ -1,4 +1,8 @@ { + "errors": { + "intent": "Unknown request intent" + }, + "account": { "errors": { "bad_request": "Bad request",