summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorEvan Prodromou <evan@prodromou.name>2008-07-19 13:16:05 -0400
committerEvan Prodromou <evan@prodromou.name>2008-07-19 13:16:05 -0400
commit2d47b3ad643a450c7c85f0c5165a156036283040 (patch)
treeec21c79c96f8eaa58c377cb40f3fd7f79e47644c /actions
parentdfbc427e0407d66d961a3d00b137dbc0a5f71599 (diff)
correct handling of bareauth
darcs-hash:20080719171605-84dde-4b23eb6896d9bb6e57ce65de374acaf1703b7463.gz
Diffstat (limited to 'actions')
-rw-r--r--actions/api.php20
1 files changed, 12 insertions, 8 deletions
diff --git a/actions/api.php b/actions/api.php
index 2c1086ae1..a52570320 100644
--- a/actions/api.php
+++ b/actions/api.php
@@ -101,23 +101,27 @@ class ApiAction extends Action {
# Whitelist of API methods that don't need authentication
function requires_auth() {
static $noauth = array( 'statuses/public_timeline',
- 'statuses/user_timeline',
'statuses/show',
'help/test',
'help/downtime_schedule');
static $bareauth = array('statuses/user_timeline', 'statuses/friends');
- # noauth: never needs auth
- # bareauth: only needs auth if without an argument
-
$fullname = "$this->api_action/$this->api_method";
- if (in_array($fullname, $bareauth) && !$this->api_arg) {
- return true;
- } if (in_array($fullname, $noauth)) {
+ if (in_array($fullname, $bareauth)) {
+ # bareauth: only needs auth if without an argument
+ if ($this->api_arg) {
+ return false;
+ } else {
+ return true;
+ }
+ } else if (in_array($fullname, $noauth)) {
+ # noauth: never needs auth
return false;
+ } else {
+ # everybody else needs auth
+ return true;
}
- return true;
}
}