summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/twitapiaccount.php5
-rw-r--r--actions/twitapifriendships.php11
-rw-r--r--actions/twitapistatuses.php5
3 files changed, 21 insertions, 0 deletions
diff --git a/actions/twitapiaccount.php b/actions/twitapiaccount.php
index 716ddd154..3a9b8ba3e 100644
--- a/actions/twitapiaccount.php
+++ b/actions/twitapiaccount.php
@@ -61,6 +61,11 @@ class TwitapiaccountAction extends TwitterapiAction {
function update_location($args, $apidata) {
parent::handle($args);
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+ exit();
+ }
+
$location = trim($this->arg('location'));
if (!is_null($location) && strlen($location) > 255) {
diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php
index ae15d171e..3cc925c36 100644
--- a/actions/twitapifriendships.php
+++ b/actions/twitapifriendships.php
@@ -40,6 +40,11 @@ class TwitapifriendshipsAction extends TwitterapiAction {
function create($args, $apidata) {
parent::handle($args);
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+ exit();
+ }
+
$id = $apidata['api_arg'];
$other = $this->get_user($id);
@@ -98,6 +103,12 @@ class TwitapifriendshipsAction extends TwitterapiAction {
function destroy($args, $apidata) {
parent::handle($args);
+
+ if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
+ $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']);
+ exit();
+ }
+
$id = $apidata['api_arg'];
# We can't subscribe to a remote person, but we can unsub
diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index 4ad2766c0..2f95d90c9 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -374,6 +374,11 @@ class TwitapistatusesAction extends TwitterapiAction {
parent::handle($args);
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+ exit();
+ }
+
$user = $apidata['user'];
$status = $this->trimmed('status');
$source = $this->trimmed('source');