public function changeSkin()
{
$updateData = array();
if (!isset($_POST['widgetId'])) {
return $this->_errorAnswer('Missing POST variable widgetId');
}
$widgetId = $_POST['widgetId'];
$record = Model::getWidgetRecord($widgetId);
if (!$record) {
return $this->_errorAnswer('Unknown widget. ' . $widgetId);
}
if (!isset($_POST['skin'])) {
return $this->_errorAnswer('Missing POST variable skin');
}
$skin = $_POST['skin'];
$skin = basename($skin);
//to avoid any path manipulation
$updateData['skin'] = $skin;
Model::updateWidget($record['id'], $updateData);
$previewHtml = Model::generateWidgetPreview($widgetId, true);
$data = array('status' => 'success', 'action' => '_updateWidget', 'html' => $previewHtml, 'widgetId' => $widgetId);
return new \Ip\Response\Json($data);
}
