X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapitimelineuser.php;h=5809df3b5ee17fb6a18b9fa3db8867b3bba600f1;hb=6e894c010fc0e7ddaaafa8795634d6343019aafb;hp=e4a8b596ee7d6491a817f7f2b826af420d719aa6;hpb=c1cee3b27ffa1529009195604c5495bef4f83bc2;p=quix0rs-gnu-social.git

diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php
index e4a8b596ee..5809df3b5e 100644
--- a/actions/apitimelineuser.php
+++ b/actions/apitimelineuser.php
@@ -235,15 +235,16 @@ class ApiTimelineUserAction extends ApiBareAuthAction
     }
 
     /**
-     * Is this action read only?
+     * We expose AtomPub here, so non-GET/HEAD reqs must be read/write.
      *
      * @param array $args other arguments
      *
      * @return boolean true
      */
+    
     function isReadOnly($args)
     {
-        return true;
+        return ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD');
     }
 
     /**
@@ -292,32 +293,45 @@ class ApiTimelineUserAction extends ApiBareAuthAction
     {
         if (empty($this->auth_user) ||
             $this->auth_user->id != $this->user->id) {
-            $this->clientError(_("Only the user can add to their own timeline."));
+            // TRANS: Client error displayed trying to add a notice to another user's timeline.
+            $this->clientError(_('Only the user can add to their own timeline.'));
             return;
         }
 
+        // Only handle posts for Atom
         if ($this->format != 'atom') {
-            // Only handle posts for Atom
-            $this->clientError(_("Only accept AtomPub for atom feeds."));
+            // TRANS: Client error displayed when using another format than AtomPub.
+            $this->clientError(_('Only accept AtomPub for Atom feeds.'));
             return;
         }
 
-        $xml = file_get_contents('php://input');
+        $xml = trim(file_get_contents('php://input'));
+        if (empty($xml)) {
+            $this->clientError(_('Atom post must not be empty.'));
+        }
 
         $dom = DOMDocument::loadXML($xml);
+        if (!$dom) {
+            $this->clientError(_('Atom post must be well-formed XML.'));
+        }
 
         if ($dom->documentElement->namespaceURI != Activity::ATOM ||
             $dom->documentElement->localName != 'entry') {
+            // TRANS: Client error displayed when not using an Atom entry.
             $this->clientError(_('Atom post must be an Atom entry.'));
             return;
         }
 
         $activity = new Activity($dom->documentElement);
 
-        if (Event::handle('StartAtomPubNewActivity', array(&$activity))) {
+        $saved = null;
+
+        if (Event::handle('StartAtomPubNewActivity', array(&$activity, $this->user, &$saved))) {
 
             if ($activity->verb != ActivityVerb::POST) {
-                $this->clientError(_('Can only handle post activities.'));
+                // TRANS: Client error displayed when not using the POST verb.
+                // TRANS: Do not translate POST.
+                $this->clientError(_('Can only handle POST activities.'));
                 return;
             }
 
@@ -326,18 +340,21 @@ class ApiTimelineUserAction extends ApiBareAuthAction
             if (!in_array($note->type, array(ActivityObject::NOTE,
                                              ActivityObject::BLOGENTRY,
                                              ActivityObject::STATUS))) {
-                $this->clientError(sprintf(_('Cannot handle activity object type "%s"',
-                                             $note->type)));
+                // TRANS: Client error displayed when using an unsupported activity object type.
+                // TRANS: %s is the unsupported activity object type.
+                $this->clientError(sprintf(_('Cannot handle activity object type "%s".'),
+                                             $note->type));
                 return;
             }
 
             $saved = $this->postNote($activity);
 
-            Event::handle('EndAtomPubNewActivity', array($activity, $saved));
+            Event::handle('EndAtomPubNewActivity', array($activity, $this->user, $saved));
         }
 
         if (!empty($saved)) {
-            header("Location: " . common_local_url('ApiStatusesShow', array('notice_id' => $saved->id,
+            header('HTTP/1.1 201 Created');
+            header("Location: " . common_local_url('ApiStatusesShow', array('id' => $saved->id,
                                                                             'format' => 'atom')));
             $this->showSingleAtomStatus($saved);
         }
@@ -357,8 +374,9 @@ class ApiTimelineUserAction extends ApiBareAuthAction
             $sourceContent = $note->title;
         } else {
             // @fixme fetch from $sourceUrl?
-            // @todo i18n FIXME: use sprintf and add i18n.
-            $this->clientError("No content for notice {$note->id}.");
+            // TRANS: Client error displayed when posting a notice without content through the API.
+            $this->clientError(sprintf(_('No content for notice %d.'),
+                                       $note->id));
             return;
         }
 
@@ -367,7 +385,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
         $rendered = $this->purify($sourceContent);
         $content = html_entity_decode(strip_tags($rendered), ENT_QUOTES, 'UTF-8');
 
-        $shortened = common_shorten_links($content);
+        $shortened = $this->auth_user->shortenLinks($content);
 
         $options = array('is_local' => Notice::LOCAL_PUBLIC,
                          'rendered' => $rendered,
@@ -384,6 +402,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
             $notice = Notice::staticGet('uri', trim($note->id));
 
             if (!empty($notice)) {
+                // TRANS: Client error displayed when using another format than AtomPub.
                 $this->clientError(sprintf(_('Notice with URI "%s" already exists.'),
                                            $note->id));
                 return;