From d40075ae9c7c2b920a5e9a7cd436aff96f94d8f8 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 6 Jul 2009 11:57:21 -0700 Subject: [PATCH 1/5] Support undocumented 'id' parameter in /statuses/show API method --- actions/twitapistatuses.php | 15 ++++++++++++--- lib/router.php | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 555c746cbc..c9943698dc 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -373,9 +373,19 @@ class TwitapistatusesAction extends TwitterapiAction return; } + // 'id' is an undocumented parameter in Twitter's API. Several + // clients make use of it, so we support it too. + + // show.json?id=12345 takes precedence over /show/12345.json + $this->auth_user = $apidata['user']; - $notice_id = $apidata['api_arg']; - $notice = Notice::staticGet($notice_id); + $notice_id = $this->trimmed('id'); + + if (empty($notice_id)) { + $notice_id = $apidata['api_arg']; + } + + $notice = Notice::staticGet((int)$notice_id); if ($notice) { if ($apidata['content-type'] == 'xml') { @@ -389,7 +399,6 @@ class TwitapistatusesAction extends TwitterapiAction $this->clientError(_('No status with that ID found.'), 404, $apidata['content-type']); } - } function destroy($args, $apidata) diff --git a/lib/router.php b/lib/router.php index 50b733453e..75e72f9322 100644 --- a/lib/router.php +++ b/lib/router.php @@ -261,7 +261,7 @@ class Router $m->connect('api/statuses/:method', array('action' => 'api', 'apiaction' => 'statuses'), - array('method' => '(public_timeline|friends_timeline|user_timeline|update|replies|mentions|friends|followers|featured)(\.(atom|rss|xml|json))?')); + array('method' => '(public_timeline|friends_timeline|user_timeline|update|replies|mentions|show|friends|followers|featured)(\.(atom|rss|xml|json))?')); $m->connect('api/statuses/:method/:argument', array('action' => 'api', From 5e067c2c813cb51c1162761aaf3a7efd883ba731 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 6 Jul 2009 13:21:16 -0700 Subject: [PATCH 2/5] Add special basic auth handling for friendships/show. Other fixups. --- actions/api.php | 65 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 16 deletions(-) diff --git a/actions/api.php b/actions/api.php index 08f5fadad9..18c3b68d4b 100644 --- a/actions/api.php +++ b/actions/api.php @@ -75,14 +75,14 @@ class ApiAction extends Action } } else { - # Caller might give us a username even if not required - if (isset($_SERVER['PHP_AUTH_USER'])) { - $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); - if ($user) { - $this->user = $user; - } - # Twitter doesn't throw an error if the user isn't found - } + // Caller might give us a username even if not required + if (isset($_SERVER['PHP_AUTH_USER'])) { + $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); + if ($user) { + $this->user = $user; + } + # Twitter doesn't throw an error if the user isn't found + } $this->process_command(); } @@ -117,7 +117,7 @@ class ApiAction extends Action } } - # Whitelist of API methods that don't need authentication + // Whitelist of API methods that don't need authentication function requires_auth() { static $noauth = array( 'statuses/public_timeline', @@ -135,28 +135,61 @@ class ApiAction extends Action 'statuses/replies', 'statuses/mentions', 'statuses/followers', - 'favorites/favorites'); + 'favorites/favorites', + 'friendships/show'); $fullname = "$this->api_action/$this->api_method"; // If the site is "private", all API methods except laconica/config // need authentication + if (common_config('site', 'private')) { return $fullname != 'laconica/config' || false; } + // bareauth: only needs auth if without an argument or query param specifying user + if (in_array($fullname, $bareauth)) { - # bareauth: only needs auth if without an argument or query param specifying user - if ($this->api_arg || $this->arg('id') || is_numeric($this->arg('user_id')) || $this->arg('screen_name')) { + + // Special case: friendships/show only needs auth if source_id or + // source_screen_name is not specified as a param + + if ($fullname == 'friendships/show') { + + $source_id = $this->arg('source_id'); + $source_screen_name = $this->arg('source_screen_name'); + + if (empty($source_id) && empty($source_screen_name)) { + return true; + } + return false; - } else { - return true; } + + // if all of these are empty, auth is required + + $id = $this->arg('id'); + $user_id = $this->arg('user_id'); + $screen_name = $this->arg('screen_name'); + + if (empty($this->api_arg) && + empty($id) && + empty($user_id) && + empty($screen_name)) { + return true; + } else { + return false; + } + } else if (in_array($fullname, $noauth)) { - # noauth: never needs auth + + // noauth: never needs auth + return false; } else { - # everybody else needs auth + + // everybody else needs auth + return true; } } From a9c1e665701d5f5f20940143aa413faaec1a8c78 Mon Sep 17 00:00:00 2001 From: Dan Moore Date: Fri, 5 Jun 2009 12:53:17 -0400 Subject: [PATCH 3/5] Bringing users/show in line with Twitter as far as specifying user. --- actions/twitapiusers.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php index 4057b63e74..ee01c2a433 100644 --- a/actions/twitapiusers.php +++ b/actions/twitapiusers.php @@ -37,20 +37,13 @@ class TwitapiusersAction extends TwitterapiAction $user = null; $email = $this->arg('email'); - $user_id = $this->arg('user_id'); // XXX: email field deprecated in Twitter's API - // XXX: Also: need to add screen_name param - if ($email) { $user = User::staticGet('email', $email); - } elseif ($user_id) { - $user = $this->get_user($user_id); - } elseif (isset($apidata['api_arg'])) { + } else { $user = $this->get_user($apidata['api_arg']); - } elseif (isset($apidata['user'])) { - $user = $apidata['user']; } if (empty($user)) { From 195ec6820bf0c7fa60bca0f112a2ff8f98345a3c Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 6 Jul 2009 15:56:10 -0700 Subject: [PATCH 4/5] fix bad function call Conflicts: actions/twitapiusers.php --- actions/twitapiusers.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php index ee01c2a433..e9fcccbde1 100644 --- a/actions/twitapiusers.php +++ b/actions/twitapiusers.php @@ -47,7 +47,7 @@ class TwitapiusersAction extends TwitterapiAction } if (empty($user)) { - $this->client_error(_('Not found.'), 404, $apidata['content-type']); + $this->clientError(_('Not found.'), 404, $apidata['content-type']); return; } From 4fffe1874f7db6239a42d5a9acdc4279fdde08f8 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 6 Jul 2009 16:44:35 -0700 Subject: [PATCH 5/5] Fix redundant page display for group design settings --- actions/groupdesignsettings.php | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/actions/groupdesignsettings.php b/actions/groupdesignsettings.php index 6c1c052cba..bb01243c6e 100644 --- a/actions/groupdesignsettings.php +++ b/actions/groupdesignsettings.php @@ -312,36 +312,4 @@ class GroupDesignSettingsAction extends DesignSettingsAction $this->showForm(_('Design preferences saved.'), true); } - /** - * Handle input and output a page (overrided) - * - * @param array $args $_REQUEST arguments - * - * @return void - */ - - function handle($args) - { - parent::handle($args); - if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); - return; - } else if (!common_is_real_login()) { - // Cookie theft means that automatic logins can't - // change important settings or see private info, and - // _all_ our settings are important - common_set_returnto($this->selfUrl()); - $user = common_current_user(); - if ($user->hasOpenID()) { - common_redirect(common_local_url('openidlogin'), 303); - } else { - common_redirect(common_local_url('login'), 303); - } - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->handlePost(); - } else { - $this->showForm(); - } - } - }