//sanatize inputs
$id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT);
//make sure the ID is valid is valid for methods that require it
if (($method === "DELETE" || $method === "PUT") && (empty($id) === true || $id < 0)) {
throw new InvalidArgumentException("ID cannot be empty or negative");
}
//sanitize and trim other fields
$imageId = filter_input(INPUT_GET, "imageId", FILTER_VALIDATE_INT);
$tagId = filter_input(INPUT_GET, "tagId", FILTER_VALIDATE_INT);
//handle REST calls for GET methods
if ($method === "GET") {
//set XSFR cookie
setXsrfCookie("/");
//get tag based on the given field
if (empty($id) === false) {
$tag = Tag::getImageTagByImageId($pdo, $id);
if ($tag !== null && $tag->getImageId() === $_SESSION["tag"]->getImageId()) {
$reply->data = $tag;
}
}
}
//If the user is logged in, allow to POST their own tag.
if (empty($_SESSION["profile"]) !== false) {
if ($method === "POST") {
verifyXsrf();
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
}
//ensure all fields are present
if (empty($requestObject->imageId) === true) {
throw new InvalidArgumentException("Image must have an ID", 405);
