diff options
Diffstat (limited to 'actions/apitimelineuser.php')
| -rw-r--r-- | actions/apitimelineuser.php | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php index d90507aa4..42988a00f 100644 --- a/actions/apitimelineuser.php +++ b/actions/apitimelineuser.php @@ -235,7 +235,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction } /** - * Is this action read only? + * We expose AtomPub here, so non-GET/HEAD reqs must be read/write. * * @param array $args other arguments * @@ -244,11 +244,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction function isReadOnly($args) { - if ($_SERVER['REQUEST_METHOD'] == 'GET') { - return true; - } else { - return false; - } + return ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD'); } /** @@ -309,9 +305,15 @@ class ApiTimelineUserAction extends ApiBareAuthAction return; } - $xml = file_get_contents('php://input'); + $xml = trim(file_get_contents('php://input')); + if (empty($xml)) { + $this->clientError(_('Atom post must not be empty.')); + } $dom = DOMDocument::loadXML($xml); + if (!$dom) { + $this->clientError(_('Atom post must be well-formed XML.')); + } if ($dom->documentElement->namespaceURI != Activity::ATOM || $dom->documentElement->localName != 'entry') { @@ -349,7 +351,8 @@ class ApiTimelineUserAction extends ApiBareAuthAction } if (!empty($saved)) { - header("Location: " . common_local_url('ApiStatusesShow', array('notice_id' => $saved->id, + header('HTTP/1.1 201 Created'); + header("Location: " . common_local_url('ApiStatusesShow', array('id' => $saved->id, 'format' => 'atom'))); $this->showSingleAtomStatus($saved); } |