Mark OembedAction, XrdAction, and (plugin) AutocompleteAction as read-only. Tweaked ApiStatusesShow and ApiTimelineUser to still claim read-only when hit with a HEAD request (usually link checkers or a precursor to a GET, and should be semantically equivalent to a GET without actually transferring data)

5 files changed, 39 insertions, 12 deletions

diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php
index e684a07ee..80b0374a6 100644
--- a/actions/apistatusesshow.php
+++ b/actions/apistatusesshow.php
@@ -165,7 +165,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
     }
 
     /**
-     * Is this action read only?
+     * We expose AtomPub here, so non-GET/HEAD reqs must be read/write.
      *
      * @param array $args other arguments
      *
@@ -174,11 +174,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
     
     function isReadOnly($args)
     {
-        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
-	    return true;
-	} else {
-	    return false;
-	}
+        return ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD');
     }
 
     /**
diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php
index 81809670b..42988a00f 100644
--- a/actions/apitimelineuser.php
+++ b/actions/apitimelineuser.php
@@ -235,7 +235,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
     }
 
     /**
-     * Is this action read only?
+     * We expose AtomPub here, so non-GET/HEAD reqs must be read/write.
      *
      * @param array $args other arguments
      *
@@ -244,11 +244,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
     
     function isReadOnly($args)
     {
-        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
-	    return true;
-	} else {
-	    return false;
-	}
+        return ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD');
     }
 
     /**
diff --git a/actions/oembed.php b/actions/oembed.php
index 09d68a446..bef707f92 100644
--- a/actions/oembed.php
+++ b/actions/oembed.php
@@ -215,4 +215,15 @@ class OembedAction extends Action
         return;
     }
 
+    /**
+     * Is this action read-only?
+     *
+     * @param array $args other arguments
+     *
+     * @return boolean is read only action?
+     */
+    function isReadOnly($args)
+    {
+        return true;
+    }
 }
diff --git a/lib/xrdaction.php b/lib/xrdaction.php
index 4377eab94..855ed1ea8 100644
--- a/lib/xrdaction.php
+++ b/lib/xrdaction.php
@@ -145,4 +145,16 @@ class XrdAction extends Action
 
         return (substr($uri, 0, 5) == 'acct:');
     }
+
+    /**
+     * Is this action read-only?
+     *
+     * @param array $args other arguments
+     *
+     * @return boolean is read only action?
+     */
+    function isReadOnly($args)
+    {
+        return true;
+    }
 }
diff --git a/plugins/Autocomplete/autocomplete.php b/plugins/Autocomplete/autocomplete.php
index c92002245..e15e95ec1 100644
--- a/plugins/Autocomplete/autocomplete.php
+++ b/plugins/Autocomplete/autocomplete.php
@@ -165,4 +165,16 @@ class AutocompleteAction extends Action
             print json_encode($result) . "\n";
         }
     }
+
+    /**
+     * Is this action read-only?
+     *
+     * @param array $args other arguments
+     *
+     * @return boolean is read only action?
+     */
+    function isReadOnly($args)
+    {
+        return true;
+    }
 }