From d247c08aebea98740175f1d004685f328478dddf Mon Sep 17 00:00:00 2001 From: Hannes Mannerheim Date: Mon, 1 Feb 2016 18:22:41 +0100 Subject: [PATCH] set api format so client errors work --- actions/apiaccountupdateprofilebanner.php | 2 ++ actions/apiexternalusershow.php | 2 ++ actions/apifavsandrepeats.php | 5 +++-- actions/apiqvitterallfollowing.php | 2 ++ actions/apiqvitterblocks.php | 11 ++++++++--- actions/apiqvittercheckemail.php | 2 ++ actions/apiqvitterchecklogin.php | 15 ++++++--------- actions/apiqvitterlistmembers.php | 2 ++ actions/apiqvitterlistsubscribers.php | 2 ++ actions/apiqvitternotifications.php | 2 ++ actions/apiqvitterstatusesupdate.php | 4 ++-- actions/apiqvittertimelinelist.php | 2 ++ actions/apiqvitterupdatebackgroundcolor.php | 2 ++ actions/apiqvitterupdatebookmarks.php | 2 ++ actions/apiqvitterupdatelinkcolor.php | 2 ++ actions/apisavedsearcheslist.php | 2 ++ actions/apitrendsplace.php | 2 ++ actions/apiupdateavatar.php | 2 ++ actions/apiupdatebackgroundimage.php | 2 ++ 19 files changed, 49 insertions(+), 16 deletions(-) diff --git a/actions/apiaccountupdateprofilebanner.php b/actions/apiaccountupdateprofilebanner.php index 4f07dcb..32156bd 100644 --- a/actions/apiaccountupdateprofilebanner.php +++ b/actions/apiaccountupdateprofilebanner.php @@ -57,6 +57,8 @@ class ApiAccountUpdateProfileBannerAction extends ApiAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->user = $this->auth_user; $this->cropW = $this->trimmed('width'); diff --git a/actions/apiexternalusershow.php b/actions/apiexternalusershow.php index 9eed117..dd6d13e 100644 --- a/actions/apiexternalusershow.php +++ b/actions/apiexternalusershow.php @@ -46,6 +46,8 @@ class ApiExternalUserShowAction extends ApiPrivateAuthAction { parent::prepare($args); + $this->format = 'json'; + $profileurl = urldecode($this->arg('profileurl')); $nickname = urldecode($this->arg('nickname')); diff --git a/actions/apifavsandrepeats.php b/actions/apifavsandrepeats.php index 469cc26..fd3db94 100644 --- a/actions/apifavsandrepeats.php +++ b/actions/apifavsandrepeats.php @@ -46,14 +46,15 @@ class ApiFavsAndRepeatsAction extends ApiPrivateAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->notice_id = $this->trimmed('notice_id'); $this->original = Notice::getKV('id', $this->notice_id); if (empty($this->original)) { // TRANS: Client error displayed trying to display redents of a non-exiting notice. - $this->clientError(_('No such notice.'), - 400, $this->format); + $this->clientError(_('No such notice.'), 400); return false; } diff --git a/actions/apiqvitterallfollowing.php b/actions/apiqvitterallfollowing.php index 9cfd187..a28c4c8 100644 --- a/actions/apiqvitterallfollowing.php +++ b/actions/apiqvitterallfollowing.php @@ -62,6 +62,8 @@ class ApiQvitterAllFollowingAction extends ApiBareAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->count = 5000; // max 5000, completely arbitrary... $this->target = $this->getTargetProfile($this->arg('id')); diff --git a/actions/apiqvitterblocks.php b/actions/apiqvitterblocks.php index a4973ba..ebeed52 100644 --- a/actions/apiqvitterblocks.php +++ b/actions/apiqvitterblocks.php @@ -43,7 +43,7 @@ if (!defined('STATUSNET')) { } -class ApiQvitterBlocksAction extends ApiBareAuthAction +class ApiQvitterBlocksAction extends ApiPrivateAuthAction { var $profiles = null; @@ -58,15 +58,20 @@ class ApiQvitterBlocksAction extends ApiBareAuthAction { parent::prepare($args); - // If called as a social graph method, show 5000 per page, otherwise 100 + $this->format = 'json'; $this->count = (int)$this->arg('count', 100); - $this->target = $this->getTargetProfile($this->arg('id')); + $arg_user = $this->getTargetUser($this->arg('id')); + + $this->target = ($this->auth_user) ? $this->auth_user->getProfile() : null; if (!($this->target instanceof Profile)) { // TRANS: Client error displayed when requesting a list of followers for a non-existing user. $this->clientError(_('No such user.'), 404); + } else if($this->auth_user->id != $arg_user->id) { + $this->clientError(_('You are only allowed to view your own blocks.'), 403); + } $this->profiles = $this->getProfiles(); diff --git a/actions/apiqvittercheckemail.php b/actions/apiqvittercheckemail.php index aa53ac7..8d1f3be 100644 --- a/actions/apiqvittercheckemail.php +++ b/actions/apiqvittercheckemail.php @@ -39,6 +39,8 @@ class ApiQvitterCheckEmailAction extends ApiAction { parent::prepare($args); + $this->format = 'json'; + $this->email = $this->trimmed('email'); if(!Validate::email($this->email, common_config('email', 'check_domain'))) { diff --git a/actions/apiqvitterchecklogin.php b/actions/apiqvitterchecklogin.php index 9c4d461..db24770 100644 --- a/actions/apiqvitterchecklogin.php +++ b/actions/apiqvitterchecklogin.php @@ -61,19 +61,16 @@ class ApiQvitterCheckLoginAction extends ApiAction { parent::handle(); + $this->format = 'json'; + if ($_SERVER['REQUEST_METHOD'] != 'POST') { - $this->clientError( - // TRANS: Client error. POST is a HTTP command. It should not be translated. - _('This method requires a POST.'), - 400, - $this->format - ); + $this->clientError(_('This method requires a POST.'), 400); return; } - + $user = common_check_user($this->arg('username'), - $this->arg('password')); - + $this->arg('password')); + if($user) { $user = true; } diff --git a/actions/apiqvitterlistmembers.php b/actions/apiqvitterlistmembers.php index 690d465..4f65f26 100644 --- a/actions/apiqvitterlistmembers.php +++ b/actions/apiqvitterlistmembers.php @@ -65,6 +65,8 @@ class ApiQvitterListMembersAction extends ApiPrivateAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->list = $this->getTargetList($this->arg('nickname'), $this->arg('id')); if (!$this->list instanceof Profile_list) { // TRANS: Client error displayed trying to show list membership on a non-existing list. diff --git a/actions/apiqvitterlistsubscribers.php b/actions/apiqvitterlistsubscribers.php index 38bf5ab..238144c 100644 --- a/actions/apiqvitterlistsubscribers.php +++ b/actions/apiqvitterlistsubscribers.php @@ -65,6 +65,8 @@ class ApiQvitterListSubscribersAction extends ApiPrivateAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->list = $this->getTargetList($this->arg('nickname'), $this->arg('id')); if (!$this->list instanceof Profile_list) { // TRANS: Client error displayed trying to show list membership on a non-existing list. diff --git a/actions/apiqvitternotifications.php b/actions/apiqvitternotifications.php index 77c661c..c992fb2 100644 --- a/actions/apiqvitternotifications.php +++ b/actions/apiqvitternotifications.php @@ -55,6 +55,8 @@ class ApiQvitterNotificationsAction extends ApiPrivateAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->notifications = $this->getNotifications(); return true; diff --git a/actions/apiqvitterstatusesupdate.php b/actions/apiqvitterstatusesupdate.php index 55fb68d..5154af9 100644 --- a/actions/apiqvitterstatusesupdate.php +++ b/actions/apiqvitterstatusesupdate.php @@ -199,12 +199,12 @@ class ApiQvitterStatusesUpdateAction extends ApiAuthAction 'The server was unable to handle that much POST data (%s bytes) due to its current configuration.', intval($_SERVER['CONTENT_LENGTH'])); - $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH'])); + $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH']), 400); } if (empty($this->status)) { // TRANS: Client error displayed when the parameter "status" is missing. - $this->clientError(_('Client must provide a \'status\' parameter with a value.')); + $this->clientError(_('Client must provide a \'status\' parameter with a value.'), 400); } if (is_null($this->scoped)) { diff --git a/actions/apiqvittertimelinelist.php b/actions/apiqvittertimelinelist.php index 072300d..809af53 100644 --- a/actions/apiqvittertimelinelist.php +++ b/actions/apiqvittertimelinelist.php @@ -58,6 +58,8 @@ class ApiQvitterTimelineListAction extends ApiBareAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->list = $this->getTargetList($this->arg('nickname'), $this->arg('id')); if (!($this->list instanceof Profile_list)) { // TRANS: Client error displayed when requesting a non existing list diff --git a/actions/apiqvitterupdatebackgroundcolor.php b/actions/apiqvitterupdatebackgroundcolor.php index 34cc500..d74303c 100644 --- a/actions/apiqvitterupdatebackgroundcolor.php +++ b/actions/apiqvitterupdatebackgroundcolor.php @@ -53,6 +53,8 @@ class ApiQvitterUpdateBackgroundColorAction extends ApiAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->backgroundcolor = $this->trimmed('backgroundcolor'); return true; } diff --git a/actions/apiqvitterupdatebookmarks.php b/actions/apiqvitterupdatebookmarks.php index 077cfbb..f847c7b 100644 --- a/actions/apiqvitterupdatebookmarks.php +++ b/actions/apiqvitterupdatebookmarks.php @@ -58,6 +58,8 @@ class ApiQvitterUpdateBookmarksAction extends ApiAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->bookmarks = $this->trimmed('bookmarks'); return true; diff --git a/actions/apiqvitterupdatelinkcolor.php b/actions/apiqvitterupdatelinkcolor.php index a616c62..6b66f16 100644 --- a/actions/apiqvitterupdatelinkcolor.php +++ b/actions/apiqvitterupdatelinkcolor.php @@ -54,6 +54,8 @@ class ApiQvitterUpdateLinkColorAction extends ApiAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->linkcolor = $this->trimmed('linkcolor'); return true; diff --git a/actions/apisavedsearcheslist.php b/actions/apisavedsearcheslist.php index ecd9e5d..a4865db 100644 --- a/actions/apisavedsearcheslist.php +++ b/actions/apisavedsearcheslist.php @@ -56,6 +56,8 @@ class ApiSavedSearchesListAction extends ApiAuthAction { parent::prepare($args); + $this->format = 'json'; + return true; } diff --git a/actions/apitrendsplace.php b/actions/apitrendsplace.php index 115e32f..e846896 100644 --- a/actions/apitrendsplace.php +++ b/actions/apitrendsplace.php @@ -56,6 +56,8 @@ class ApiTrendsPlaceAction extends ApiAuthAction { parent::prepare($args); + $this->format = 'json'; + return true; } diff --git a/actions/apiupdateavatar.php b/actions/apiupdateavatar.php index fa33985..086b07f 100644 --- a/actions/apiupdateavatar.php +++ b/actions/apiupdateavatar.php @@ -57,6 +57,8 @@ class ApiUpdateAvatarAction extends ApiAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->user = $this->auth_user; $this->cropW = $this->trimmed('cropW'); diff --git a/actions/apiupdatebackgroundimage.php b/actions/apiupdatebackgroundimage.php index 69052d8..8be9f3a 100644 --- a/actions/apiupdatebackgroundimage.php +++ b/actions/apiupdatebackgroundimage.php @@ -57,6 +57,8 @@ class ApiUpdateBackgroundImageAction extends ApiAuthAction { parent::prepare($args); + $this->format = 'json'; + $this->user = $this->auth_user; $this->cropW = $this->trimmed('cropW');