From 0b87bf6c54f0ce4870683e976996be1a8c7c0fec Mon Sep 17 00:00:00 2001
From: zach <zach@controlyourself.ca>
Date: Tue, 19 Aug 2008 17:49:23 -0400
Subject: Twitter-compatible API - RESTfulness checks as per Twitter

darcs-hash:20080819214923-462f3-83ab492cb93c1ba643beb70853578cbd7ac35d61.gz
---
 actions/twitapifriendships.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'actions/twitapifriendships.php')

diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php
index ae15d171e..3cc925c36 100644
--- a/actions/twitapifriendships.php
+++ b/actions/twitapifriendships.php
@@ -40,6 +40,11 @@ class TwitapifriendshipsAction extends TwitterapiAction {
 	function create($args, $apidata) {
 		parent::handle($args);
 
+		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+			$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+			exit();
+		}
+
 		$id = $apidata['api_arg'];
 
 		$other = $this->get_user($id);
@@ -98,6 +103,12 @@ class TwitapifriendshipsAction extends TwitterapiAction {
 	
 	function destroy($args, $apidata) {
 		parent::handle($args);
+		
+		if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
+			$this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']);
+			exit();
+		}
+		
 		$id = $apidata['api_arg'];
 
 		# We can't subscribe to a remote person, but we can unsub
-- 
cgit v1.2.3-54-g00ecf