From dec2f29c6a77dd97383ebdbabdc0bff8e524bfa4 Mon Sep 17 00:00:00 2001
From: zach <zach@controlyourself.ca>
Date: Tue, 30 Sep 2008 22:09:59 -0400
Subject: Twitter-compatible API - Added content-type checks to several
 methods. Calling an API

method with a bad content type used to return a blank page.

darcs-hash:20081001020959-462f3-83b0241ba7dc99c4e3a52148a46deb8182e005b0.gz
---
 actions/twitapiaccount.php         |  5 +++++
 actions/twitapidirect_messages.php |  2 --
 actions/twitapifavorites.php       |  5 +++++
 actions/twitapifriendships.php     |  6 +++++-
 actions/twitapihelp.php            |  7 ++++---
 actions/twitapistatuses.php        | 15 +++++++++++++++
 actions/twitapiusers.php           |  9 ++++++---
 7 files changed, 40 insertions(+), 9 deletions(-)

(limited to 'actions')

diff --git a/actions/twitapiaccount.php b/actions/twitapiaccount.php
index 3a9b8ba3e..5baf0e3e3 100644
--- a/actions/twitapiaccount.php
+++ b/actions/twitapiaccount.php
@@ -61,6 +61,11 @@ class TwitapiaccountAction extends TwitterapiAction {
 	function update_location($args, $apidata) {
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 			$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
 			exit();
diff --git a/actions/twitapidirect_messages.php b/actions/twitapidirect_messages.php
index fcdf822e0..1ef543f81 100644
--- a/actions/twitapidirect_messages.php
+++ b/actions/twitapidirect_messages.php
@@ -133,8 +133,6 @@ class Twitapidirect_messagesAction extends TwitterapiAction {
 			exit();
 		}
 
-		common_debug($this->trimmed('user'));
-
 		$other = $this->get_user($this->trimmed('user'));
 
 		if (!$other) {
diff --git a/actions/twitapifavorites.php b/actions/twitapifavorites.php
index 932ee7933..d7d77907d 100644
--- a/actions/twitapifavorites.php
+++ b/actions/twitapifavorites.php
@@ -117,6 +117,11 @@ class TwitapifavoritesAction extends TwitterapiAction {
 	function create($args, $apidata) {
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		// Check for RESTfulness
 		if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
 			// XXX: Twitter just prints the err msg, no XML / JSON.
diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php
index d97b7c08e..f9ff251d6 100644
--- a/actions/twitapifriendships.php
+++ b/actions/twitapifriendships.php
@@ -152,6 +152,11 @@ class TwitapifriendshipsAction extends TwitterapiAction {
 	function exists($args, $apidata) {
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		$user_a_id = $this->trimmed('user_a');
 		$user_b_id = $this->trimmed('user_b');
 
@@ -181,7 +186,6 @@ class TwitapifriendshipsAction extends TwitterapiAction {
 			$this->end_document('json');
 			break;
 		 default:
-			print $result;  // Really? --Zach
 			break;
 		}
 
diff --git a/actions/twitapihelp.php b/actions/twitapihelp.php
index 2ac4178de..d2439484c 100644
--- a/actions/twitapihelp.php
+++ b/actions/twitapihelp.php
@@ -23,7 +23,7 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
 
 class TwitapihelpAction extends TwitterapiAction {
 
-	function is_readonly() {		
+	function is_readonly() {
 		return true;
 	}
 
@@ -32,7 +32,8 @@ class TwitapihelpAction extends TwitterapiAction {
 	 * Formats: xml, json
 	 */
 	function test($args, $apidata) {
- 		global $xw;
+		parent::handle($args);
+
 		if ($apidata['content-type'] == 'xml') {
 			$this->init_document('xml');
 			common_element('ok', NULL, 'true');
@@ -52,5 +53,5 @@ class TwitapihelpAction extends TwitterapiAction {
 		common_server_error(_('API method under construction.'), $code=501);
 		exit();
 	}
-	
+
 }
\ No newline at end of file
diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index 3271f1e28..ed6c224fa 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -297,6 +297,11 @@ class TwitapistatusesAction extends TwitterapiAction {
 
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 			$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
 			exit();
@@ -448,6 +453,11 @@ class TwitapistatusesAction extends TwitterapiAction {
 	function show($args, $apidata) {
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		$notice_id = $apidata['api_arg'];
 		$notice = Notice::staticGet($notice_id);
 
@@ -485,6 +495,11 @@ class TwitapistatusesAction extends TwitterapiAction {
 
 		parent::handle($args);
 
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+
 		// Check for RESTfulness
 		if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
 			// XXX: Twitter just prints the err msg, no XML / JSON.
diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php
index cb682695a..b43a64152 100644
--- a/actions/twitapiusers.php
+++ b/actions/twitapiusers.php
@@ -51,6 +51,11 @@ class TwitapiusersAction extends TwitterapiAction {
 	function show($args, $apidata) {
 		parent::handle($args);
 		
+		if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+			common_user_error(_('API method not found!'), $code = 404);
+			exit;
+		}
+		
 		$user = null;
 		$email = $this->arg('email');
 		
@@ -118,9 +123,7 @@ class TwitapiusersAction extends TwitterapiAction {
 			$this->init_document('json');
 			$this->show_json_objects($twitter_user);
 			$this->end_document('json');
-		} else {
-			common_user_error(_('API method not found!'), $code = 404);
-		}
+		} 
 			
 		exit();
 	}
-- 
cgit v1.2.3-54-g00ecf