diff options
author | Evan Prodromou <evan@prodromou.name> | 2008-07-19 13:16:05 -0400 |
---|---|---|
committer | Evan Prodromou <evan@prodromou.name> | 2008-07-19 13:16:05 -0400 |
commit | 2d47b3ad643a450c7c85f0c5165a156036283040 (patch) | |
tree | ec21c79c96f8eaa58c377cb40f3fd7f79e47644c /actions | |
parent | dfbc427e0407d66d961a3d00b137dbc0a5f71599 (diff) |
correct handling of bareauth
darcs-hash:20080719171605-84dde-4b23eb6896d9bb6e57ce65de374acaf1703b7463.gz
Diffstat (limited to 'actions')
-rw-r--r-- | actions/api.php | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/actions/api.php b/actions/api.php index 2c1086ae1..a52570320 100644 --- a/actions/api.php +++ b/actions/api.php @@ -101,23 +101,27 @@ class ApiAction extends Action { # Whitelist of API methods that don't need authentication function requires_auth() { static $noauth = array( 'statuses/public_timeline', - 'statuses/user_timeline', 'statuses/show', 'help/test', 'help/downtime_schedule'); static $bareauth = array('statuses/user_timeline', 'statuses/friends'); - # noauth: never needs auth - # bareauth: only needs auth if without an argument - $fullname = "$this->api_action/$this->api_method"; - if (in_array($fullname, $bareauth) && !$this->api_arg) { - return true; - } if (in_array($fullname, $noauth)) { + if (in_array($fullname, $bareauth)) { + # bareauth: only needs auth if without an argument + if ($this->api_arg) { + return false; + } else { + return true; + } + } else if (in_array($fullname, $noauth)) { + # noauth: never needs auth return false; + } else { + # everybody else needs auth + return true; } - return true; } } |