private static void HandleDetailsUpdate(HttpRequest Request, HttpResponse Response, Guid userId) { BinaryReader r = new BinaryReader(Request.InputStream); int responseVersion = 0; int responseCode = -1; Encoding e = Encoding.Unicode; try { int clientVersion = r.ReadInt32(); responseVersion = clientVersion; if(userId == Guid.Empty) { responseCode = -2; return; } int itemcount = r.ReadInt32(); using(Db db = new Db()) { db.CommandText = "UPDATE tPhoto SET name=@title, comment=@text WHERE id=@photoId"; IDataParameter pid = db.AddParameter("@photoId", Guid.Empty); IDataParameter ptitle = db.AddParameter("@title", string.Empty); IDataParameter ptext = db.AddParameter("@text", string.Empty); for(int i=0;i<itemcount;i++) { Guid photoId = new Guid(r.ReadBytes(16)); int len; byte[] raw; len = r.ReadInt32(); raw = r.ReadBytes(len); string title = e.GetString(raw, 0, raw.Length-2); len = r.ReadInt32(); raw = r.ReadBytes(len); string text = e.GetString(raw, 0, raw.Length-2); bool ok; try { Database.EnforcePhotoPermission(userId, photoId, Permission.Change); pid.Value = photoId; ptitle.Value = title; ptext.Value = text; ok = db.ExecuteNonQuery(0)==1; } catch(System.Data.SqlClient.SqlException exc) { string debug = exc.ToString(); throw; } catch(Error_AccessDenied) { ok = false; Log.LogSecurity(2, "Denied access to edit photo details with client control. userId:{0}, photoId:{1}, title{2}, text:{3}.", userId, photoId, title, text); } } } responseCode = 0; Log.LogStatistics(2, "Updated details for {0} photos.", itemcount); } catch { responseCode = -1; throw; } finally { BinaryWriter writer = new BinaryWriter(Response.OutputStream); writer.Write(responseVersion); writer.Write(responseCode); writer.Flush(); } }