diff --git a/src/API.php b/src/API.php index c955246c5..50d011673 100644 --- a/src/API.php +++ b/src/API.php @@ -75,7 +75,8 @@ class API extends \Util\Singleton $select = !empty($request['display']) ? explode(',', substr($request['display'], 1, -1)) : $select; // Ricerca personalizzata - foreach ((array) $request['filter'] as $key => $value) { + $values = isset($request['filter']) ? (array) $request['filter'] : []; + foreach ($values as $key => $value) { // Rimozione delle parentesi $value = substr($value, 1, -1); @@ -84,13 +85,14 @@ class API extends \Util\Singleton } // Ordinamento personalizzato - foreach ((array) $request['order'] as $value) { + $values = isset($request['order']) ? (array) $request['order'] : []; + foreach ($values as $value) { $pieces = explode('|', $value); $order[] = empty($pieces[1]) ? $pieces[0] : [$pieces[0] => $pieces[1]]; } // Paginazione automatica dell'API - $page = (int) $request['page'] ?: 0; + $page = isset($request['page']) ? (int) $request['page'] : 0; $length = Settings::get('Lunghezza pagine per API'); $database = Database::getConnection(); @@ -105,12 +107,19 @@ class API extends \Util\Singleton // Esecuzione delle operazioni personalizzate $filename = DOCROOT.'/modules/'.$resources[$resource].'/api/'.$kind.'.php'; include $filename; - } elseif (!in_array($resource, explode(',', Settings::get('Tabelle escluse per la sincronizzazione API automatica')))) { + } elseif ( + !in_array($resource, explode(',', Settings::get('Tabelle escluse per la sincronizzazione API automatica'))) + && $database->fetchNum('SHOW TABLES WHERE `Tables_in_'.$database->getDatabaseName().'` = '.prepare($resource)) + ) { $table = $resource; // Individuazione della colonna AUTO_INCREMENT per l'ordinamento automatico if (empty($order)) { - $order[] = $database->fetchArray('SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = '.prepare($table)." AND EXTRA LIKE '%AUTO_INCREMENT%' AND TABLE_SCHEMA = ".prepare($database->getDatabaseName()))[0]['COLUMN_NAME']; + $column = $database->fetchArray('SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = '.prepare($table)." AND EXTRA LIKE '%AUTO_INCREMENT%' AND TABLE_SCHEMA = ".prepare($database->getDatabaseName())); + + if (!empty($column)) { + $order[] = $column[0]['COLUMN_NAME']; + } } } @@ -250,6 +259,9 @@ class API extends \Util\Singleton if (!is_array(self::$resources)) { $resources = []; + // Ignore dei warning + $resource = ''; + // File nativi $files = glob(DOCROOT.'/modules/*/api/{retrieve,create,update,delete}.php', GLOB_BRACE); @@ -272,7 +284,7 @@ class API extends \Util\Singleton $module = basename(dirname(dirname($operation))); $kind = basename($operation, '.php'); - $resources[$kind] = (array) $resources[$kind]; + $resources[$kind] = isset($resources[$kind]) ? (array) $resources[$kind] : []; // Individuazione delle operazioni $api = include $operation; @@ -371,6 +383,10 @@ class API extends \Util\Singleton if ($_SERVER['REQUEST_METHOD'] == 'GET' && empty($request)) { $request = Filter::getGET(); } + + if (empty($request['token'])) { + $request['token'] = ''; + } } } diff --git a/src/Auth.php b/src/Auth.php index ad84f7f0d..3788f2211 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -55,7 +55,9 @@ class Auth extends \Util\Singleton if (API::isAPIRequest()) { $token = API::getRequest()['token']; - $id = $database->fetchArray('SELECT `id_utente` FROM `zz_tokens` WHERE `enabled` = 1 AND `token` = '.prepare($token))[0]['id_utente']; + $user = $database->fetchArray('SELECT `id_utente` FROM `zz_tokens` WHERE `enabled` = 1 AND `token` = '.prepare($token)); + + $id = !empty($user) ? $user[0]['id_utente'] : null; } // Controllo sulla sessione attiva elseif (!empty($_SESSION['id_utente'])) {