Some more minor fixes, and checks for the temporary 'todo' tag

lib/Artwork.php

@@ -296,6 +296,16 @@ class Artwork extends PropertiesBase{
 			return true;
 		}
 
+		// TODO: Remove this once all legacy artworks are cleaned up and approved.
+		// Editors can edit approved artwork that has the 'todo' tag.
+		if($user->Benefits->CanReviewArtwork){
+			foreach($this->Tags as $tag){
+				if($tag->Name == 'todo'){
+					return true;
+				}
+			}
+		}
+
 		if(($user->Benefits->CanReviewArtwork || $user->UserId == $this->SubmitterUserId) && ($this->Status == ArtworkStatus::Unverified || $this->Status == ArtworkStatus::Declined)){
 			// Editors can edit an artwork, and submitters can edit their own artwork, if it's not yet approved.
 			return true;
@@ -395,8 +405,11 @@ class Artwork extends PropertiesBase{
 		}
 
 		foreach($this->Tags as $tag){
-			if(strlen($tag->Name) > ARTWORK_MAX_STRING_LENGTH){
-				$error->Add(new Exceptions\StringTooLongException('Artwork Tag: '. $tag->Name));
+			try{
+				$tag->Validate();
+			}
+			catch(Exceptions\ValidationException $ex){
+				$error->Add($ex);
 			}
 		}
 

lib/ArtworkTag.php

@@ -1,5 +1,15 @@
 <?
+use function Safe\preg_match;
+
 class ArtworkTag extends Tag{
+	// *******
+	// SETTERS
+	// *******
+
+	// protected function SetName($name): void{
+	// 	$this->_Name =
+	// }
+
 	// *******
 	// GETTERS
 	// *******
@@ -15,15 +25,29 @@ class ArtworkTag extends Tag{
 	// *******
 	// METHODS
 	// *******
-	protected function Validate(): void{
+	public function Validate(): void{
 		$error = new Exceptions\ValidationException();
 
+		$this->Name = mb_strtolower(trim($this->Name));
+		// Collapse spaces into one
+		$this->Name = preg_replace('/[\s]+/ius', ' ', $this->Name);
+
 		if(strlen($this->Name) == 0){
-			$error->Add(new Exceptions\InvalidArtworkTagException());
+			$error->Add(new Exceptions\InvalidArtworkTagNameException());
 		}
 
-		if($this->Url === null || strlen($this->Url) == 0){
-			$error->Add(new Exceptions\InvalidArtworkTagException());
+		if(strlen($this->Name) > ARTWORK_MAX_STRING_LENGTH){
+			$error->Add(new Exceptions\StringTooLongException('Artwork tag: '. $this->Name));
+		}
+
+		if(preg_match('/[^\sa-z0-9]/ius', $this->Name)){
+			$error->Add(new Exceptions\InvalidArtworkTagNameException());
+		}
+
+		// TODO: Remove this once all legacy artworks are cleaned up and approved.
+		// 'todo' is a reserved tag for legacy artworks.
+		if($this->Name == 'todo'){
+			$error->Add(new Exceptions\InvalidArtworkTagNameException());
 		}
 
 		if($error->HasExceptions){

lib/Exceptions/InvalidArtworkTagNameException.php

@@ -0,0 +1,6 @@
+<?
+namespace Exceptions;
+
+class InvalidArtworkTagNameException extends AppException{
+	protected $message = 'Artwork tags can only contain letters and numbers.';
+}

lib/HttpInput.php

@@ -50,7 +50,7 @@ class HttpInput{
 		return preg_match('/\btext\/html\b/ius', $_SERVER['HTTP_ACCEPT'] ?? '') ? WEB : REST;
 	}
 
-	public static function Str(string $type, string $variable, $allowEmptyString = false): ?string{
+	public static function Str(string $type, string $variable, bool $allowEmptyString = false): ?string{
 		$var = self::GetHttpVar($variable, HTTP_VAR_STR, $type);
 
 		if(is_array($var)){
@@ -78,7 +78,6 @@ class HttpInput{
 
 	/**
 	* @param string $variable
-	* @param array<mixed> $default
 	* @return array<string>
 	*/
 	public static function GetArray(string $variable): ?array{

www/artworks/post.php

@@ -37,7 +37,7 @@ try{
 		}
 
 		// Confirm that we have an image and that it came from POST
-		if(isset($_FILES['artwork-image']) && (!is_uploaded_file($_FILES['artwork-image']['tmp_name']) || $_FILES['artwork-image']['error'] > UPLOAD_ERR_OK)){
+		if(isset($_FILES['artwork-image']) && (!is_uploaded_file($_FILES['artwork-image']['tmp_name']) || $_FILES['artwork-image']['error'] > UPLOAD_ERR_OK || $_FILES['artwork-image']['size'] > 0)){
 			throw new Exceptions\InvalidImageUploadException();
 		}
 
@@ -76,17 +76,20 @@ try{
 		}
 
 		// Confirm that we have an image and that it came from POST
-		if(isset($_FILES['artwork-image'])){
+		$imagePath = null;
+		if(isset($_FILES['artwork-image']) && $_FILES['artwork-image']['size'] > 0){
 			if(!is_uploaded_file($_FILES['artwork-image']['tmp_name']) || $_FILES['artwork-image']['error'] > UPLOAD_ERR_OK){
 				throw new Exceptions\InvalidImageUploadException();
 			}
+
+			$imagePath = $_FILES['artwork-image']['tmp_name'] ?? null;
 		}
 		else{
 			// No uploaded file as part of this edit, so retain the MimeType of the original submission.
 			$artwork->MimeType = $originalArtwork->MimeType;
 		}
 
-		$artwork->Save($_FILES['artwork-image']['tmp_name'] ?? null);
+		$artwork->Save($imagePath);
 
 		$_SESSION['artwork'] = $artwork;
 		$_SESSION['artwork-saved'] = true;

www/bulk-downloads/collection.php

@@ -5,7 +5,7 @@ use function Safe\preg_replace;
 $canDownload = false;
 $class = HttpInput::Str(GET, 'class');
 
-if($class != 'authors' && $class != 'collections' && $class != 'subjects' && $class != 'months'){
+if($class === null || ($class != 'authors' && $class != 'collections' && $class != 'subjects' && $class != 'months')){
 	Template::Emit404();
 }
 

www/css/artwork.css

@@ -183,7 +183,7 @@ form div.footer{
 
 main h1 ~ a[href^="/images/cover-uploads"],
 .artworks h1 ~ a[href^="/images/cover-uploads"],
-main section.narrow h1 + picture{
+main section.narrow h1 ~ picture{
 	width: auto;
 	line-height: 0;
 }