clean up username entered at login

[quix0rs-gnu-social.git] / actions / twitapifriendships.php

diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php
index 05c192ea6fc8bc46938c64d5a60b2dac2539a9bf..3cc925c3690bcd2ef29c00961e70e93418b877fd 100644 (file)
--- a/actions/twitapifriendships.php
+++ b/actions/twitapifriendships.php
@@ -40,6 +40,11 @@ class TwitapifriendshipsAction extends TwitterapiAction {
        function create($args, $apidata) {
                parent::handle($args);
 
+               if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+                       $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+                       exit();
+               }
+
                $id = $apidata['api_arg'];
 
                $other = $this->get_user($id);
@@ -52,7 +57,8 @@ class TwitapifriendshipsAction extends TwitterapiAction {
                $user = $apidata['user'];
                
                if ($user->isSubscribed($other)) {
-                       $this->client_error("Could not follow user: $other->nickname is already on your list.", 403, $apidata['content-type']);
+                       $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname);
+                       $this->client_error($errmsg, 403, $apidata['content-type']);
                        exit();
                }
                
@@ -67,7 +73,8 @@ class TwitapifriendshipsAction extends TwitterapiAction {
                $result = $sub->insert();
 
                if (!$result) {
-                       $this->client_error("Could not follow user: $other->nickname.", 400, $apidata['content-type']);                 
+                       $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname);
+                       $this->client_error($errmsg, 400, $apidata['content-type']);                    
                        exit();
                }
                
@@ -96,6 +103,12 @@ class TwitapifriendshipsAction extends TwitterapiAction {
        
        function destroy($args, $apidata) {
                parent::handle($args);
+               
+               if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
+                       $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']);
+                       exit();
+               }
+               
                $id = $apidata['api_arg'];
 
                # We can't subscribe to a remote person, but we can unsub