wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '0.8.x' of git@gitorious.org:laconica/dev into 0.8.x

Browse Source
This commit is contained in:
Sarven Capadisli 2009-07-07 00:23:42 +00:00
commit 65ef1cb72a
5 changed files with 64 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
actions/api.php
View File

@ -75,7 +75,7 @@ class ApiAction extends Action
} }
} else { } else {
# Caller might give us a username even if not required // Caller might give us a username even if not required
if (isset($_SERVER['PHP_AUTH_USER'])) { if (isset($_SERVER['PHP_AUTH_USER'])) {
$user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
if ($user) { if ($user) {
@ -117,7 +117,7 @@ class ApiAction extends Action
} }
} }
# Whitelist of API methods that don't need authentication // Whitelist of API methods that don't need authentication
function requires_auth() function requires_auth()
{ {
static $noauth = array( 'statuses/public_timeline', static $noauth = array( 'statuses/public_timeline',
@ -135,28 +135,61 @@ class ApiAction extends Action
'statuses/replies', 'statuses/replies',
'statuses/mentions', 'statuses/mentions',
'statuses/followers', 'statuses/followers',
'favorites/favorites'); 'favorites/favorites',
'friendships/show');
$fullname = "$this->api_action/$this->api_method"; $fullname = "$this->api_action/$this->api_method";
// If the site is "private", all API methods except laconica/config // If the site is "private", all API methods except laconica/config
// need authentication // need authentication
if (common_config('site', 'private')) { if (common_config('site', 'private')) {
return $fullname != 'laconica/config' || false; return $fullname != 'laconica/config' || false;
} }
// bareauth: only needs auth if without an argument or query param specifying user
if (in_array($fullname, $bareauth)) { if (in_array($fullname, $bareauth)) {
# bareauth: only needs auth if without an argument or query param specifying user
if ($this->api_arg || $this->arg('id') || is_numeric($this->arg('user_id')) || $this->arg('screen_name')) { // Special case: friendships/show only needs auth if source_id or
return false; // source_screen_name is not specified as a param
} else {
if ($fullname == 'friendships/show') {
$source_id = $this->arg('source_id');
$source_screen_name = $this->arg('source_screen_name');
if (empty($source_id) && empty($source_screen_name)) {
return true; return true;
} }
return false;
}
// if all of these are empty, auth is required
$id = $this->arg('id');
$user_id = $this->arg('user_id');
$screen_name = $this->arg('screen_name');
if (empty($this->api_arg) &&
empty($id) &&
empty($user_id) &&
empty($screen_name)) {
return true;
} else {
return false;
}
} else if (in_array($fullname, $noauth)) { } else if (in_array($fullname, $noauth)) {
# noauth: never needs auth
// noauth: never needs auth
return false; return false;
} else { } else {
# everybody else needs auth
// everybody else needs auth
return true; return true;
} }
} }

32
actions/groupdesignsettings.php
View File

@ -312,36 +312,4 @@ class GroupDesignSettingsAction extends DesignSettingsAction
$this->showForm(_('Design preferences saved.'), true); $this->showForm(_('Design preferences saved.'), true);
} }
/**
* Handle input and output a page (overrided)
*
* @param array $args $_REQUEST arguments
*
* @return void
*/
function handle($args)
{
parent::handle($args);
if (!common_logged_in()) {
$this->clientError(_('Not logged in.'));
return;
} else if (!common_is_real_login()) {
// Cookie theft means that automatic logins can't
// change important settings or see private info, and
// _all_ our settings are important
common_set_returnto($this->selfUrl());
$user = common_current_user();
if ($user->hasOpenID()) {
common_redirect(common_local_url('openidlogin'), 303);
} else {
common_redirect(common_local_url('login'), 303);
}
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$this->handlePost();
} else {
$this->showForm();
}
}
} }

13
actions/twitapistatuses.php
View File

@ -373,9 +373,19 @@ class TwitapistatusesAction extends TwitterapiAction
return; return;
} }
// 'id' is an undocumented parameter in Twitter's API. Several
// clients make use of it, so we support it too.
// show.json?id=12345 takes precedence over /show/12345.json
$this->auth_user = $apidata['user']; $this->auth_user = $apidata['user'];
$notice_id = $this->trimmed('id');
if (empty($notice_id)) {
$notice_id = $apidata['api_arg']; $notice_id = $apidata['api_arg'];
$notice = Notice::staticGet($notice_id); }
$notice = Notice::staticGet((int)$notice_id);
if ($notice) { if ($notice) {
if ($apidata['content-type'] == 'xml') { if ($apidata['content-type'] == 'xml') {
@ -389,7 +399,6 @@ class TwitapistatusesAction extends TwitterapiAction
$this->clientError(_('No status with that ID found.'), $this->clientError(_('No status with that ID found.'),
404, $apidata['content-type']); 404, $apidata['content-type']);
} }
} }
function destroy($args, $apidata) function destroy($args, $apidata)

11
actions/twitapiusers.php
View File

@ -37,24 +37,17 @@ class TwitapiusersAction extends TwitterapiAction
$user = null; $user = null;
$email = $this->arg('email'); $email = $this->arg('email');
$user_id = $this->arg('user_id');
// XXX: email field deprecated in Twitter's API // XXX: email field deprecated in Twitter's API
// XXX: Also: need to add screen_name param
if ($email) { if ($email) {
$user = User::staticGet('email', $email); $user = User::staticGet('email', $email);
} elseif ($user_id) { } else {
$user = $this->get_user($user_id);
} elseif (isset($apidata['api_arg'])) {
$user = $this->get_user($apidata['api_arg']); $user = $this->get_user($apidata['api_arg']);
} elseif (isset($apidata['user'])) {
$user = $apidata['user'];
} }
if (empty($user)) { if (empty($user)) {
$this->client_error(_('Not found.'), 404, $apidata['content-type']); $this->clientError(_('Not found.'), 404, $apidata['content-type']);
return; return;
} }

2
lib/router.php
View File

@ -261,7 +261,7 @@ class Router
$m->connect('api/statuses/:method', $m->connect('api/statuses/:method',
array('action' => 'api', array('action' => 'api',
'apiaction' => 'statuses'), 'apiaction' => 'statuses'),
array('method' => '(public_timeline|friends_timeline|user_timeline|update|replies|mentions|friends|followers|featured)(\.(atom|rss|xml|json))?')); array('method' => '(public_timeline|friends_timeline|user_timeline|update|replies|mentions|show|friends|followers|featured)(\.(atom|rss|xml|json))?'));
$m->connect('api/statuses/:method/:argument', $m->connect('api/statuses/:method/:argument',
array('action' => 'api', array('action' => 'api',