From b6159983099e40444ef552b78870e13f60f33545 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Fri, 19 Nov 2010 16:12:28 -0800 Subject: Fix ticket #2700: some numeric IDs were misinterpreted as hex numbers instead of strings when '0x123' passed in. Switched from is_numeric() to a custom self::is_decimal() which is more strict. This makes our behavior match Twitter's API a bit better, so eg this: http://identi.ca/api/statuses/home_timeline/0x6d686b.xml should now be equivalent to: http://identi.ca/api/statuses/home_timeline.xml?screen_name=0x6d686b instead of: http://identi.ca/api/statuses/home_timeline.xml?user_id=7170155 --- lib/apiaction.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'lib/apiaction.php') diff --git a/lib/apiaction.php b/lib/apiaction.php index 4e9dbb310..d5023f7c5 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -1359,11 +1359,16 @@ class ApiAction extends Action return; } + private static function is_decimal($str) + { + return preg_match('/^[0-9]+$/', $str); + } + function getTargetUser($id) { if (empty($id)) { // Twitter supports these other ways of passing the user ID - if (is_numeric($this->arg('id'))) { + if (self::is_decimal($this->arg('id'))) { return User::staticGet($this->arg('id')); } else if ($this->arg('id')) { $nickname = common_canonical_nickname($this->arg('id')); @@ -1371,7 +1376,7 @@ class ApiAction extends Action } else if ($this->arg('user_id')) { // This is to ensure that a non-numeric user_id still // overrides screen_name even if it doesn't get used - if (is_numeric($this->arg('user_id'))) { + if (self::is_decimal($this->arg('user_id'))) { return User::staticGet('id', $this->arg('user_id')); } } else if ($this->arg('screen_name')) { @@ -1382,7 +1387,7 @@ class ApiAction extends Action return $this->auth_user; } - } else if (is_numeric($id)) { + } else if (self::is_decimal($id)) { return User::staticGet($id); } else { $nickname = common_canonical_nickname($id); @@ -1395,7 +1400,7 @@ class ApiAction extends Action if (empty($id)) { // Twitter supports these other ways of passing the user ID - if (is_numeric($this->arg('id'))) { + if (self::is_decimal($this->arg('id'))) { return Profile::staticGet($this->arg('id')); } else if ($this->arg('id')) { // Screen names currently can only uniquely identify a local user. @@ -1405,7 +1410,7 @@ class ApiAction extends Action } else if ($this->arg('user_id')) { // This is to ensure that a non-numeric user_id still // overrides screen_name even if it doesn't get used - if (is_numeric($this->arg('user_id'))) { + if (self::is_decimal($this->arg('user_id'))) { return Profile::staticGet('id', $this->arg('user_id')); } } else if ($this->arg('screen_name')) { @@ -1413,7 +1418,7 @@ class ApiAction extends Action $user = User::staticGet('nickname', $nickname); return $user ? $user->getProfile() : null; } - } else if (is_numeric($id)) { + } else if (self::is_decimal($id)) { return Profile::staticGet($id); } else { $nickname = common_canonical_nickname($id); @@ -1425,7 +1430,7 @@ class ApiAction extends Action function getTargetGroup($id) { if (empty($id)) { - if (is_numeric($this->arg('id'))) { + if (self::is_decimal($this->arg('id'))) { return User_group::staticGet($this->arg('id')); } else if ($this->arg('id')) { $nickname = common_canonical_nickname($this->arg('id')); @@ -1438,7 +1443,7 @@ class ApiAction extends Action } else if ($this->arg('group_id')) { // This is to ensure that a non-numeric user_id still // overrides screen_name even if it doesn't get used - if (is_numeric($this->arg('group_id'))) { + if (self::is_decimal($this->arg('group_id'))) { return User_group::staticGet('id', $this->arg('group_id')); } } else if ($this->arg('group_name')) { @@ -1451,7 +1456,7 @@ class ApiAction extends Action } } - } else if (is_numeric($id)) { + } else if (self::is_decimal($id)) { return User_group::staticGet($id); } else { $nickname = common_canonical_nickname($id); -- cgit v1.2.3-54-g00ecf