summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/api.php53
-rw-r--r--actions/twitapiaccount.php14
-rw-r--r--actions/twitapidirect_messages.php14
-rw-r--r--actions/twitapifavorites.php13
-rw-r--r--actions/twitapifriendships.php14
-rw-r--r--actions/twitapihelp.php4
-rw-r--r--actions/twitapistatuses.php18
-rw-r--r--actions/twitapiusers.php4
8 files changed, 34 insertions, 100 deletions
diff --git a/actions/api.php b/actions/api.php
index ea4553543..4cdda5ff6 100644
--- a/actions/api.php
+++ b/actions/api.php
@@ -10,11 +10,11 @@
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!defined('LACONICA')) { exit(1); }
@@ -40,7 +40,7 @@ class ApiAction extends Action {
$this->api_method = $method;
$this->content_type = strtolower($cmdext[1]);
} else {
-
+
# Requested format / content-type will be an extension on the method
$cmdext = explode('.', $method);
$this->api_method = $cmdext[0];
@@ -72,13 +72,13 @@ class ApiAction extends Action {
# Caller might give us a username even if not required
if (isset($_SERVER['PHP_AUTH_USER'])) {
- $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
+ $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
if ($user) {
$this->user = $user;
}
# Twitter doesn't throw an error if the user isn't found
}
-
+
$this->process_command();
}
}
@@ -109,7 +109,7 @@ class ApiAction extends Action {
# Whitelist of API methods that don't need authentication
function requires_auth() {
- static $noauth = array( 'statuses/public_timeline',
+ static $noauth = array( 'statuses/public_timeline',
'statuses/show',
'users/show',
'help/test',
@@ -138,10 +138,10 @@ class ApiAction extends Action {
}
}
- function show_basic_auth_error() {
- header('HTTP/1.1 401 Unauthorized');
- $msg = 'Could not authenticate you.';
-
+ function show_basic_auth_error() {
+ header('HTTP/1.1 401 Unauthorized');
+ $msg = 'Could not authenticate you.';
+
if ($this->content_type == 'xml') {
header('Content-Type: application/xml; charset=utf-8');
common_start_xml();
@@ -151,7 +151,7 @@ class ApiAction extends Action {
common_element_end('hash');
common_end_xml();
} else if ($this->content_type == 'json') {
- header('Content-Type: application/json; charset=utf-8');
+ header('Content-Type: application/json; charset=utf-8');
$error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']);
print(json_encode($error_array));
} else {
@@ -165,20 +165,27 @@ class ApiAction extends Action {
$apiaction = $_REQUEST['apiaction'];
$method = $_REQUEST['method'];
list($cmdtext, $fmt) = explode('.', $method);
-
- # FIXME: probably need a table here, instead of this switch
-
- switch ($apiaction) {
- case 'statuses':
- switch ($cmdtext) {
- case 'update':
- case 'destroy':
- return false;
- default:
+
+ static $write_methods = array(
+ 'account' => array('update_location', 'update_delivery_device', 'end_session'),
+ 'blocks' => array('create', 'destroy'),
+ 'direct_messages' => array('create', 'destroy'),
+ 'favorites' => array('create', 'destroy'),
+ 'friendships' => array('create', 'destroy'),
+ 'help' => array(),
+ 'notifications' => array('follow', 'leave'),
+ 'statuses' => array('update', 'destroy'),
+ 'users' => array()
+ );
+
+ if (array_key_exists($apiaction, $write_methods)) {
+ common_debug("checking method");
+ if (!in_array($cmdtext, $write_methods[$apiaction])) {
return true;
}
- default:
- return false;
}
+
+ return false;
}
+
}
diff --git a/actions/twitapiaccount.php b/actions/twitapiaccount.php
index 4ce61f353..bb59005a9 100644
--- a/actions/twitapiaccount.php
+++ b/actions/twitapiaccount.php
@@ -23,20 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
class TwitapiaccountAction extends TwitterapiAction {
- function is_readonly() {
-
- static $write_methods = array( 'update_location',
- 'update_delivery_device');
-
- $cmdtext = explode('.', $this->arg('method'));
-
- if (in_array($cmdtext[0], $write_methods)) {
- return false;
- }
-
- return true;
- }
-
function verify_credentials($args, $apidata) {
if ($apidata['content-type'] == 'xml') {
diff --git a/actions/twitapidirect_messages.php b/actions/twitapidirect_messages.php
index 466e74823..a31d18a5c 100644
--- a/actions/twitapidirect_messages.php
+++ b/actions/twitapidirect_messages.php
@@ -23,20 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
class Twitapidirect_messagesAction extends TwitterapiAction {
- function is_readonly() {
-
- static $write_methods = array( 'direct_messages',
- 'sent');
-
- $cmdtext = explode('.', $this->arg('method'));
-
- if (in_array($cmdtext[0], $write_methods)) {
- return false;
- }
-
- return true;
- }
-
function direct_messages($args, $apidata) {
parent::handle($args);
return $this->show_messages($args, $apidata, 'received');
diff --git a/actions/twitapifavorites.php b/actions/twitapifavorites.php
index 2c6c2e1d9..2fdd88544 100644
--- a/actions/twitapifavorites.php
+++ b/actions/twitapifavorites.php
@@ -23,19 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
class TwitapifavoritesAction extends TwitterapiAction {
- function is_readonly() {
-
- static $write_methods = array('favorites');
-
- $cmdtext = explode('.', $this->arg('method'));
-
- if (in_array($cmdtext[0], $write_methods)) {
- return false;
- }
-
- return true;
- }
-
function favorites($args, $apidata) {
parent::handle($args);
diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php
index 03dd8f063..e4b49cbe4 100644
--- a/actions/twitapifriendships.php
+++ b/actions/twitapifriendships.php
@@ -23,20 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
class TwitapifriendshipsAction extends TwitterapiAction {
- function is_readonly() {
-
- static $write_methods = array( 'create',
- 'destroy');
-
- $cmdtext = explode('.', $this->arg('method'));
-
- if (in_array($cmdtext[0], $write_methods)) {
- return false;
- }
-
- return true;
- }
-
function create($args, $apidata) {
parent::handle($args);
diff --git a/actions/twitapihelp.php b/actions/twitapihelp.php
index 6e9b41f8a..c5d503e11 100644
--- a/actions/twitapihelp.php
+++ b/actions/twitapihelp.php
@@ -23,10 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
class TwitapihelpAction extends TwitterapiAction {
- function is_readonly() {
- return true;
- }
-
/* Returns the string "ok" in the requested format with a 200 OK HTTP status code.
* URL:http://identi.ca/api/help/test.format
* Formats: xml, json
diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index f80db8899..5459db8a0 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -23,20 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
class TwitapistatusesAction extends TwitterapiAction {
- function is_readonly() {
-
- static $write_methods = array( 'update',
- 'destroy');
-
- $cmdtext = explode('.', $this->arg('method'));
-
- if (in_array($cmdtext[0], $write_methods)) {
- return false;
- }
-
- return true;
- }
-
function public_timeline($args, $apidata) {
parent::handle($args);
@@ -242,6 +228,10 @@ class TwitapistatusesAction extends TwitterapiAction {
return;
}
+ foreach ($_POST as $p => $v) {
+ common_debug("_POST: $p = $v");
+ }
+
$this->auth_user = $apidata['user'];
$user = $this->auth_user;
$status = $this->trimmed('status');
diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php
index ec66ad1fa..337ec91d1 100644
--- a/actions/twitapiusers.php
+++ b/actions/twitapiusers.php
@@ -23,10 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
class TwitapiusersAction extends TwitterapiAction {
- function is_readonly() {
- return true;
- }
-
function show($args, $apidata) {
parent::handle($args);