private static void HandleDetailsUpdate(HttpRequest Request, HttpResponse Response, Guid userId)
{
BinaryReader r = new BinaryReader(Request.InputStream);
int responseVersion = 0;
int responseCode = -1;
Encoding e = Encoding.Unicode;
try
{
int clientVersion = r.ReadInt32();
responseVersion = clientVersion;
if(userId == Guid.Empty)
{
responseCode = -2;
return;
}
int itemcount = r.ReadInt32();
using(Db db = new Db())
{
db.CommandText = "UPDATE tPhoto SET name=@title, comment=@text WHERE id=@photoId";
IDataParameter pid = db.AddParameter("@photoId", Guid.Empty);
IDataParameter ptitle = db.AddParameter("@title", string.Empty);
IDataParameter ptext = db.AddParameter("@text", string.Empty);
for(int i=0;i<itemcount;i++)
{
Guid photoId = new Guid(r.ReadBytes(16));
int len;
byte[] raw;
len = r.ReadInt32();
raw = r.ReadBytes(len);
string title = e.GetString(raw, 0, raw.Length-2);
len = r.ReadInt32();
raw = r.ReadBytes(len);
string text = e.GetString(raw, 0, raw.Length-2);
bool ok;
try
{
Database.EnforcePhotoPermission(userId, photoId, Permission.Change);
pid.Value = photoId;
ptitle.Value = title;
ptext.Value = text;
ok = db.ExecuteNonQuery(0)==1;
}
catch(System.Data.SqlClient.SqlException exc)
{
string debug = exc.ToString();
throw;
}
catch(Error_AccessDenied)
{
ok = false;
Log.LogSecurity(2, "Denied access to edit photo details with client control. userId:{0}, photoId:{1}, title{2}, text:{3}.",
userId, photoId, title, text);
}
}
}
responseCode = 0;
Log.LogStatistics(2, "Updated details for {0} photos.", itemcount);
}
catch
{
responseCode = -1;
throw;
}
finally
{
BinaryWriter writer = new BinaryWriter(Response.OutputStream);
writer.Write(responseVersion);
writer.Write(responseCode);
writer.Flush();
}
}