webmcp
view demo-app/app/main/medium/_action/update.lua @ 448:e3da778a8bf3
Use snprintf instead of sprintf as a precautionary measure for security
| author | jbe | 
|---|---|
| date | Wed Jun 01 19:59:05 2016 +0200 (2016-06-01) | 
| parents | 9fdfb27f8e67 | 
| children | 
 line source
     1 local medium
     2 local id = param.get_id()
     3 if id then
     4   medium = Medium:by_id(id)
     5 else
     6   medium = Medium:new()
     7 end
     9 if param.get("delete", atom.boolean) then
    10   local name = medium.name
    11   medium:destroy()
    12   slot.put_into("notice", _("Medium '#{name}' deleted", {name = name}))
    13   return
    14 end
    16 param.update(medium, "media_type_id", "name", "copyprotected")
    18 medium:save()
    20 param.update_relationship{
    21   param_name        = "genres",
    22   id                = medium.id,
    23   connecting_model  = Classification,
    24   own_reference     = "medium_id",
    25   foreign_reference = "genre_id"
    26 }
    28 for index, prefix in param.iterate("tracks") do
    29   local id = param.get(prefix .. "id", atom.integer)
    30   local track
    31   if id then
    32     track = Track:by_id(id)
    33   elseif #param.get(prefix .. "name") > 0 then
    34     track = Track:new()
    35     track.medium_id = medium.id
    36   else
    37     break
    38   end
    39   track.position    = param.get(prefix .. "position", atom.integer)
    40   track.name        = param.get(prefix .. "name")
    41   track.description = param.get(prefix .. "description")
    42   track.duration    = param.get(prefix .. "duration")
    43   track:save()
    44 end
    47 if id then
    48   slot.put_into("notice", _("Medium '#{name}' updated", {name = medium.name}))
    49 else
    50   slot.put_into("notice", _("Medium '#{name}' created", {name = medium.name}))
    51 end
