From dec2f29c6a77dd97383ebdbabdc0bff8e524bfa4 Mon Sep 17 00:00:00 2001
From: zach <zach@controlyourself.ca>
Date: Tue, 30 Sep 2008 22:09:59 -0400
Subject: Twitter-compatible API - Added content-type checks to several
 methods. Calling an API

method with a bad content type used to return a blank page.

darcs-hash:20081001020959-462f3-83b0241ba7dc99c4e3a52148a46deb8182e005b0.gz
---
 actions/twitapistatuses.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'actions/twitapistatuses.php')

diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index 3271f1e28..ed6c224fa 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -297,6 +297,11 @@ class TwitapistatusesAction extends TwitterapiAction {
 
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 			$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
 			exit();
@@ -448,6 +453,11 @@ class TwitapistatusesAction extends TwitterapiAction {
 	function show($args, $apidata) {
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		$notice_id = $apidata['api_arg'];
 		$notice = Notice::staticGet($notice_id);
 
@@ -485,6 +495,11 @@ class TwitapistatusesAction extends TwitterapiAction {
 
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		// Check for RESTfulness
 		if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
 			// XXX: Twitter just prints the err msg, no XML / JSON.
-- 
cgit v1.2.3-54-g00ecf