summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzach <zach@controlyourself.ca>2008-09-30 22:09:59 -0400
committerzach <zach@controlyourself.ca>2008-09-30 22:09:59 -0400
commitdec2f29c6a77dd97383ebdbabdc0bff8e524bfa4 (patch)
treebc14f25539cfdf85adf746bb9813f2bf0b5c3370
parentc08a67094cb848e8bcd8f631aa44adf57a33b7ab (diff)
Twitter-compatible API - Added content-type checks to several methods. Calling an API
method with a bad content type used to return a blank page. darcs-hash:20081001020959-462f3-83b0241ba7dc99c4e3a52148a46deb8182e005b0.gz
-rw-r--r--actions/twitapiaccount.php5
-rw-r--r--actions/twitapidirect_messages.php2
-rw-r--r--actions/twitapifavorites.php5
-rw-r--r--actions/twitapifriendships.php6
-rw-r--r--actions/twitapihelp.php7
-rw-r--r--actions/twitapistatuses.php15
-rw-r--r--actions/twitapiusers.php9
7 files changed, 40 insertions, 9 deletions
diff --git a/actions/twitapiaccount.php b/actions/twitapiaccount.php
index 3a9b8ba3e..5baf0e3e3 100644
--- a/actions/twitapiaccount.php
+++ b/actions/twitapiaccount.php
@@ -61,6 +61,11 @@ class TwitapiaccountAction extends TwitterapiAction {
function update_location($args, $apidata) {
parent::handle($args);
+ if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+ common_user_error(_('API method not found!'), $code = 404);
+ exit;
+ }
+
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
exit();
diff --git a/actions/twitapidirect_messages.php b/actions/twitapidirect_messages.php
index fcdf822e0..1ef543f81 100644
--- a/actions/twitapidirect_messages.php
+++ b/actions/twitapidirect_messages.php
@@ -133,8 +133,6 @@ class Twitapidirect_messagesAction extends TwitterapiAction {
exit();
}
- common_debug($this->trimmed('user'));
-
$other = $this->get_user($this->trimmed('user'));
if (!$other) {
diff --git a/actions/twitapifavorites.php b/actions/twitapifavorites.php
index 932ee7933..d7d77907d 100644
--- a/actions/twitapifavorites.php
+++ b/actions/twitapifavorites.php
@@ -117,6 +117,11 @@ class TwitapifavoritesAction extends TwitterapiAction {
function create($args, $apidata) {
parent::handle($args);
+ if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+ common_user_error(_('API method not found!'), $code = 404);
+ exit;
+ }
+
// Check for RESTfulness
if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
// XXX: Twitter just prints the err msg, no XML / JSON.
diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php
index d97b7c08e..f9ff251d6 100644
--- a/actions/twitapifriendships.php
+++ b/actions/twitapifriendships.php
@@ -152,6 +152,11 @@ class TwitapifriendshipsAction extends TwitterapiAction {
function exists($args, $apidata) {
parent::handle($args);
+ if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+ common_user_error(_('API method not found!'), $code = 404);
+ exit;
+ }
+
$user_a_id = $this->trimmed('user_a');
$user_b_id = $this->trimmed('user_b');
@@ -181,7 +186,6 @@ class TwitapifriendshipsAction extends TwitterapiAction {
$this->end_document('json');
break;
default:
- print $result; // Really? --Zach
break;
}
diff --git a/actions/twitapihelp.php b/actions/twitapihelp.php
index 2ac4178de..d2439484c 100644
--- a/actions/twitapihelp.php
+++ b/actions/twitapihelp.php
@@ -23,7 +23,7 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
class TwitapihelpAction extends TwitterapiAction {
- function is_readonly() {
+ function is_readonly() {
return true;
}
@@ -32,7 +32,8 @@ class TwitapihelpAction extends TwitterapiAction {
* Formats: xml, json
*/
function test($args, $apidata) {
- global $xw;
+ parent::handle($args);
+
if ($apidata['content-type'] == 'xml') {
$this->init_document('xml');
common_element('ok', NULL, 'true');
@@ -52,5 +53,5 @@ class TwitapihelpAction extends TwitterapiAction {
common_server_error(_('API method under construction.'), $code=501);
exit();
}
-
+
} \ No newline at end of file
diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index 3271f1e28..ed6c224fa 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -297,6 +297,11 @@ class TwitapistatusesAction extends TwitterapiAction {
parent::handle($args);
+ if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+ common_user_error(_('API method not found!'), $code = 404);
+ exit;
+ }
+
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
exit();
@@ -448,6 +453,11 @@ class TwitapistatusesAction extends TwitterapiAction {
function show($args, $apidata) {
parent::handle($args);
+ if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+ common_user_error(_('API method not found!'), $code = 404);
+ exit;
+ }
+
$notice_id = $apidata['api_arg'];
$notice = Notice::staticGet($notice_id);
@@ -485,6 +495,11 @@ class TwitapistatusesAction extends TwitterapiAction {
parent::handle($args);
+ if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+ common_user_error(_('API method not found!'), $code = 404);
+ exit;
+ }
+
// Check for RESTfulness
if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
// XXX: Twitter just prints the err msg, no XML / JSON.
diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php
index cb682695a..b43a64152 100644
--- a/actions/twitapiusers.php
+++ b/actions/twitapiusers.php
@@ -51,6 +51,11 @@ class TwitapiusersAction extends TwitterapiAction {
function show($args, $apidata) {
parent::handle($args);
+ if (!in_array($apidata['content-type'], array('xml', 'json'))) {
+ common_user_error(_('API method not found!'), $code = 404);
+ exit;
+ }
+
$user = null;
$email = $this->arg('email');
@@ -118,9 +123,7 @@ class TwitapiusersAction extends TwitterapiAction {
$this->init_document('json');
$this->show_json_objects($twitter_user);
$this->end_document('json');
- } else {
- common_user_error(_('API method not found!'), $code = 404);
- }
+ }
exit();
}