From 2d47b3ad643a450c7c85f0c5165a156036283040 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 19 Jul 2008 13:16:05 -0400 Subject: correct handling of bareauth darcs-hash:20080719171605-84dde-4b23eb6896d9bb6e57ce65de374acaf1703b7463.gz --- actions/api.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'actions/api.php') diff --git a/actions/api.php b/actions/api.php index 2c1086ae1..a52570320 100644 --- a/actions/api.php +++ b/actions/api.php @@ -101,23 +101,27 @@ class ApiAction extends Action { # Whitelist of API methods that don't need authentication function requires_auth() { static $noauth = array( 'statuses/public_timeline', - 'statuses/user_timeline', 'statuses/show', 'help/test', 'help/downtime_schedule'); static $bareauth = array('statuses/user_timeline', 'statuses/friends'); - # noauth: never needs auth - # bareauth: only needs auth if without an argument - $fullname = "$this->api_action/$this->api_method"; - if (in_array($fullname, $bareauth) && !$this->api_arg) { - return true; - } if (in_array($fullname, $noauth)) { + if (in_array($fullname, $bareauth)) { + # bareauth: only needs auth if without an argument + if ($this->api_arg) { + return false; + } else { + return true; + } + } else if (in_array($fullname, $noauth)) { + # noauth: never needs auth return false; + } else { + # everybody else needs auth + return true; } - return true; } } -- cgit v1.2.3-54-g00ecf