if (!defined('STATUSNET')) {
exit(1);
}
-
+require_once INSTALLDIR . '/lib/apiaction.php';
require_once INSTALLDIR . '/lib/apioauthstore.php';
/**
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
-
-class ApiOauthAction extends Action
+class ApiOauthAction extends ApiAction
{
/**
* Is this a read-only action?
*
* @return boolean false
*/
-
function isReadOnly($args)
{
return false;
*
* @return void
*/
-
function handle($args)
{
parent::handle($args);
self::cleanRequest();
}
+ /*
+ * Clean up the request so the OAuth library doesn't find
+ * any extra parameters or anything else it's not expecting.
+ * I'm looking at you, p parameter.
+ */
static function cleanRequest()
{
// kill evil effects of magical slashing
-
if (get_magic_quotes_gpc() == 1) {
$_POST = array_map('stripslashes', $_POST);
$_GET = array_map('stripslashes', $_GET);
}
// strip out the p param added in index.php
-
- // XXX: should we strip anything else? Or alternatively
- // only allow a known list of params?
-
unset($_GET['p']);
unset($_POST['p']);
+ unset($_REQUEST['p']);
+
+ $queryArray = explode('&', $_SERVER['QUERY_STRING']);
+
+ for ($i = 0; $i < sizeof($queryArray); $i++) {
+ if (substr($queryArray[$i], 0, 2) == 'p=') {
+ unset($queryArray[$i]);
+ }
+ }
+
+ $_SERVER['QUERY_STRING'] = implode('&', $queryArray);
}
function getCallback($url, $params)