wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18,215 Commits 8 Branches 0 Tags 330 MiB
4a56a61094
Commit Graph

18 Commits

Author SHA1 Message Date
Mikael Nordfeldth
5f7032dfee Verify that authenticated API calls are made from our domain name. 
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json" or
whatever. XHR is already blocked with CORS stuff.

Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
 2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
5dc718c54d Make Bsaic Auth work properly with RW actions 2015-10-09 15:43:17 +02:00
Mikael Nordfeldth
7e65f4f6ea StatusNet to GNU social renaming in minor places 2015-02-27 12:55:25 +01:00
Mikael Nordfeldth
a063bb43a8 EndSetApiUser will always contain a User 2015-02-13 01:19:59 +01:00
Mikael Nordfeldth
c7dd595984 Run onEndSetApiUser also when already logged in! 2015-01-31 16:02:01 +01:00
Mikael Nordfeldth
34f6ea1d04 Present WWW-Authenticate on failure to authenticate 2014-11-10 12:17:39 +01:00
Mikael Nordfeldth
b6a168c82e Unnecessary to check PHP_AUTH_USER here 
it was implied from $this->auth_user_nickname above
 2014-11-10 12:10:21 +01:00
Mikael Nordfeldth
17647dc3ff $header was always true due to previous if statement 2014-11-10 11:59:01 +01:00
Mikael Nordfeldth
e91deb683f Checking user properties for instanceof User 2014-11-10 11:57:53 +01:00
Mikael Nordfeldth
403cb858be Less verbose logic for checking api authentication 2014-11-10 11:43:08 +01:00
Mikael Nordfeldth
6f5086fc52 Integrate qvitter ApiAuthAction (thanks hannes2peer) 2014-11-10 11:39:19 +01:00
Mikael Nordfeldth
29d0871e5a Making many of the API actions more consistent with coding style 
clientError and serverError exit after they're done so no need for
break or return. Also, $this->format is default.

We also got rid of the incredibly verbose version of $this->isPost()
which was spread all over the place.

Not all of this cleaning up is done yet.
 2013-10-15 03:07:40 +02:00
Mikael Nordfeldth
f46d675a20 GNU social is with a minor s. 2013-10-15 00:20:36 +02:00
Mikael Nordfeldth
9be368006c Naming stuff GNUsocial rather than StatusNet 2013-10-15 00:19:03 +02:00
Mikael Nordfeldth
78f9629bf3 Moved shareLocation preference check to Profile class 2013-10-06 13:38:09 +02:00
Mikael Nordfeldth
cc34bb48c7 OAuth related syntax fixes, nothing big 
Making better use of class autoloading too.
 2013-10-06 12:43:18 +02:00
Mikael Nordfeldth
99312c8cc2 Declaring some more static functions properly 
As a bonus I added type declaration on Profile_block::exists and
Subscription::exists respectively.
 2013-09-09 23:28:20 +02:00
Mikael Nordfeldth
a9c4bcd71f Removing unnecessary require_once lines (autoload!) 2013-09-09 23:06:56 +02:00