diff options
-rw-r--r-- | actions/twitapiaccount.php | 5 | ||||
-rw-r--r-- | actions/twitapifriendships.php | 11 | ||||
-rw-r--r-- | actions/twitapistatuses.php | 5 |
3 files changed, 21 insertions, 0 deletions
diff --git a/actions/twitapiaccount.php b/actions/twitapiaccount.php index 716ddd154..3a9b8ba3e 100644 --- a/actions/twitapiaccount.php +++ b/actions/twitapiaccount.php @@ -61,6 +61,11 @@ class TwitapiaccountAction extends TwitterapiAction { function update_location($args, $apidata) { parent::handle($args); + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + exit(); + } + $location = trim($this->arg('location')); if (!is_null($location) && strlen($location) > 255) { diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php index ae15d171e..3cc925c36 100644 --- a/actions/twitapifriendships.php +++ b/actions/twitapifriendships.php @@ -40,6 +40,11 @@ class TwitapifriendshipsAction extends TwitterapiAction { function create($args, $apidata) { parent::handle($args); + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + exit(); + } + $id = $apidata['api_arg']; $other = $this->get_user($id); @@ -98,6 +103,12 @@ class TwitapifriendshipsAction extends TwitterapiAction { function destroy($args, $apidata) { parent::handle($args); + + if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) { + $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']); + exit(); + } + $id = $apidata['api_arg']; # We can't subscribe to a remote person, but we can unsub diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 4ad2766c0..2f95d90c9 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -374,6 +374,11 @@ class TwitapistatusesAction extends TwitterapiAction { parent::handle($args); + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']); + exit(); + } + $user = $apidata['user']; $status = $this->trimmed('status'); $source = $this->trimmed('source'); |