clean up username entered at login

[quix0rs-gnu-social.git] / actions / twitapifriendships.php

diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php
index 90e890e35c5096f64fa239ea468f4022897f6fe5..3cc925c3690bcd2ef29c00961e70e93418b877fd 100644 (file)
--- a/actions/twitapifriendships.php
+++ b/actions/twitapifriendships.php
@@ -23,9 +23,28 @@ require_once(INSTALLDIR.'/lib/twitterapi.php');
 
 class TwitapifriendshipsAction extends TwitterapiAction {
 
+       function is_readonly() {
+               
+               static $write_methods = array(  'create',
+                                                                               'destroy');
+               
+               $cmdtext = explode('.', $this->arg('method'));          
+               
+               if (in_array($cmdtext[0], $write_methods)) {                    
+                       return false;
+               }
+                               
+               return true;
+       }
+
        function create($args, $apidata) {
                parent::handle($args);
 
+               if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+                       $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+                       exit();
+               }
+
                $id = $apidata['api_arg'];
 
                $other = $this->get_user($id);
@@ -33,15 +52,14 @@ class TwitapifriendshipsAction extends TwitterapiAction {
                if (!$other) {
                        $this->client_error(_('Could not follow user: User not found.'), 403, $apidata['content-type']);
                        exit();
-                       return;
                }
                
                $user = $apidata['user'];
                
                if ($user->isSubscribed($other)) {
-                       $this->client_error("Could not follow user: $other->nickname is already on your list.", 403, $apidata['content-type']);
+                       $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname);
+                       $this->client_error($errmsg, 403, $apidata['content-type']);
                        exit();
-                       return;
                }
                
                $sub = new Subscription();
@@ -55,9 +73,9 @@ class TwitapifriendshipsAction extends TwitterapiAction {
                $result = $sub->insert();
 
                if (!$result) {
-                       $this->client_error("Could not follow user: $other->nickname.", 400, $apidata['content-type']);                 
+                       $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname);
+                       $this->client_error($errmsg, 400, $apidata['content-type']);                    
                        exit();
-                       return;
                }
                
                $sub->query('COMMIT');
@@ -66,7 +84,7 @@ class TwitapifriendshipsAction extends TwitterapiAction {
 
                $type = $apidata['content-type'];
                $this->init_document($type);
-               $this->show_profile($other);
+               $this->show_profile($other, $type);
                $this->end_document($type);
                exit();
        }
@@ -85,6 +103,12 @@ class TwitapifriendshipsAction extends TwitterapiAction {
        
        function destroy($args, $apidata) {
                parent::handle($args);
+               
+               if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
+                       $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']);
+                       exit();
+               }
+               
                $id = $apidata['api_arg'];
 
                # We can't subscribe to a remote person, but we can unsub
@@ -106,8 +130,8 @@ class TwitapifriendshipsAction extends TwitterapiAction {
                }
 
                $type = $apidata['content-type'];
-               $this->init_document($type);
-               $this->show_profile($other);
+               $this->init_document($type);    
+               $this->show_profile($other, $type);
                $this->end_document($type);
                exit();
        }
@@ -132,12 +156,8 @@ class TwitapifriendshipsAction extends TwitterapiAction {
                $user_a_id = $this->trimmed('user_a');
                $user_b_id = $this->trimmed('user_b');
                
-               $user_a = $this->get_profile($user_a_id);
-               $user_b = $this->get_profile($user_b_id);
-               
-               if($user_a) { print "got user a profile";}
-               if($user_b) { print "got user b profile";}
-               
+               $user_a = $this->get_user($user_a_id);
+               $user_b = $this->get_user($user_b_id);
                
                if (!$user_a || !$user_b) {
                        $this->client_error(_('Two user ids or screen_names must be supplied.'), 400, $apidata['content-type']);
@@ -152,15 +172,17 @@ class TwitapifriendshipsAction extends TwitterapiAction {
                
                switch ($apidata['content-type']) {
                 case 'xml':
-                       common_start_xml();
+                       $this->init_document('xml');
                        common_element('friends', NULL, $result);
-                       common_end_xml();
+                       $this->end_document('xml');
                        break;
                 case 'json':
+                       $this->init_document('json');
                        print json_encode($result);
+                       $this->end_document('json');
                        break;
                 default:
-                       print $result;
+                       print $result;  // Really? --Zach
                        break;
                }