X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapitimelineuser.php;h=b3b908accc8a3f971df137c98632820ccf78b026;hb=dc424ab63a91bf4c29198452d54543b8737b65ac;hp=d90507aa4460e8c24476f0db940c15ef774a0569;hpb=2503c33502607ad81da69dece32c6b981a4db335;p=quix0rs-gnu-social.git diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php index d90507aa44..b3b908accc 100644 --- a/actions/apitimelineuser.php +++ b/actions/apitimelineuser.php @@ -235,20 +235,16 @@ class ApiTimelineUserAction extends ApiBareAuthAction } /** - * Is this action read only? + * We expose AtomPub here, so non-GET/HEAD reqs must be read/write. * * @param array $args other arguments * * @return boolean true */ - + function isReadOnly($args) { - if ($_SERVER['REQUEST_METHOD'] == 'GET') { - return true; - } else { - return false; - } + return ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD'); } /** @@ -309,9 +305,17 @@ class ApiTimelineUserAction extends ApiBareAuthAction return; } - $xml = file_get_contents('php://input'); + $xml = trim(file_get_contents('php://input')); + if (empty($xml)) { + // TRANS: Client error displayed attempting to post an empty API notice. + $this->clientError(_('Atom post must not be empty.')); + } $dom = DOMDocument::loadXML($xml); + if (!$dom) { + // TRANS: Client error displayed attempting to post an API that is not well-formed XML. + $this->clientError(_('Atom post must be well-formed XML.')); + } if ($dom->documentElement->namespaceURI != Activity::ATOM || $dom->documentElement->localName != 'entry') { @@ -322,11 +326,12 @@ class ApiTimelineUserAction extends ApiBareAuthAction $activity = new Activity($dom->documentElement); - if (Event::handle('StartAtomPubNewActivity', array(&$activity))) { + $saved = null; + + if (Event::handle('StartAtomPubNewActivity', array(&$activity, $this->user, &$saved))) { if ($activity->verb != ActivityVerb::POST) { - // TRANS: Client error displayed when not using the POST verb. - // TRANS: Do not translate POST. + // TRANS: Client error displayed when not using the POST verb. Do not translate POST. $this->clientError(_('Can only handle POST activities.')); return; } @@ -345,11 +350,12 @@ class ApiTimelineUserAction extends ApiBareAuthAction $saved = $this->postNote($activity); - Event::handle('EndAtomPubNewActivity', array($activity, $saved)); + Event::handle('EndAtomPubNewActivity', array($activity, $this->user, $saved)); } if (!empty($saved)) { - header("Location: " . common_local_url('ApiStatusesShow', array('notice_id' => $saved->id, + header('HTTP/1.1 201 Created'); + header("Location: " . common_local_url('ApiStatusesShow', array('id' => $saved->id, 'format' => 'atom'))); $this->showSingleAtomStatus($saved); } @@ -370,6 +376,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction } else { // @fixme fetch from $sourceUrl? // TRANS: Client error displayed when posting a notice without content through the API. + // TRANS: %d is the notice ID (number). $this->clientError(sprintf(_('No content for notice %d.'), $note->id)); return; @@ -422,14 +429,14 @@ class ApiTimelineUserAction extends ApiBareAuthAction $profile = Profile::fromURI($uri); if (!empty($profile)) { - $options['replies'] = $uri; + $options['replies'][] = $uri; } else { $group = User_group::staticGet('uri', $uri); if (!empty($group)) { - $options['groups'] = $uri; + $options['groups'][] = $uri; } else { // @fixme: hook for discovery here - common_log(LOG_WARNING, sprintf(_('AtomPub post with unknown attention URI %s'), $uri)); + common_log(LOG_WARNING, sprintf('AtomPub post with unknown attention URI %s', $uri)); } } }