X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=actions%2Fapistatusesshow.php;h=8b9cc347797bdfeb4b7bbff62def398e354edd2c;hb=df46f123dd656545c80821931f0a384f7dc5d608;hp=3a60b87637e571dd27a6c5653441b59afa380f57;hpb=220b51d8be61e9bd316567f3ad03fffdbc4b7526;p=quix0rs-gnu-social.git

diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php
index 3a60b87637..8b9cc34779 100644
--- a/actions/apistatusesshow.php
+++ b/actions/apistatusesshow.php
@@ -34,9 +34,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
-    exit(1);
-}
+if (!defined('GNUSOCIAL')) { exit(1); }
 
 /**
  * Returns the notice specified by id as a Twitter-style status and inline user
@@ -65,7 +63,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      *
      * @return boolean success flag
      */
-    function prepare($args)
+    protected function prepare(array $args=array())
     {
         parent::prepare($args);
 
@@ -76,11 +74,20 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
 
         $this->notice_id = (int)$this->trimmed('id');
 
-        if (empty($notice_id)) {
-            $this->notice_id = (int)$this->arg('id');
+        $this->notice = Notice::getKV('id', $this->notice_id);
+        if (!$this->notice instanceof Notice) {
+            $deleted = Deleted_notice::getKV('id', $this->notice_id);
+            if ($deleted instanceof Deleted_notice) {
+                // TRANS: Client error displayed trying to show a deleted notice.
+                $this->clientError(_('Notice deleted.'), 410);
+            }
+            // TRANS: Client error displayed trying to show a non-existing notice.
+            $this->clientError(_('No such notice.'), 404);
+        }
+        if (!$this->notice->inScope($this->scoped)) {
+            // TRANS: Client exception thrown when trying a view a notice the user has no access to.
+            throw new ClientException(_('Access restricted.'), 403);
         }
-
-        $this->notice = Notice::getKV((int)$this->notice_id);
 
         return true;
     }
@@ -90,13 +97,11 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      *
      * Check the format and show the notice
      *
-     * @param array $args $_REQUEST data (unused)
-     *
      * @return void
      */
-    function handle($args)
+    protected function handle()
     {
-        parent::handle($args);
+        parent::handle();
 
         if (!in_array($this->format, array('xml', 'json', 'atom'))) {
             // TRANS: Client error displayed when coming across a non-supported API method.