From: Evan Prodromou Date: Sat, 19 Jul 2008 17:16:05 +0000 (-0400) Subject: correct handling of bareauth X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=2d47b3ad643a450c7c85f0c5165a156036283040;p=quix0rs-gnu-social.git correct handling of bareauth darcs-hash:20080719171605-84dde-4b23eb6896d9bb6e57ce65de374acaf1703b7463.gz --- diff --git a/actions/api.php b/actions/api.php index 2c1086ae11..a525703208 100644 --- a/actions/api.php +++ b/actions/api.php @@ -101,23 +101,27 @@ class ApiAction extends Action { # Whitelist of API methods that don't need authentication function requires_auth() { static $noauth = array( 'statuses/public_timeline', - 'statuses/user_timeline', 'statuses/show', 'help/test', 'help/downtime_schedule'); static $bareauth = array('statuses/user_timeline', 'statuses/friends'); - # noauth: never needs auth - # bareauth: only needs auth if without an argument - $fullname = "$this->api_action/$this->api_method"; - if (in_array($fullname, $bareauth) && !$this->api_arg) { - return true; - } if (in_array($fullname, $noauth)) { + if (in_array($fullname, $bareauth)) { + # bareauth: only needs auth if without an argument + if ($this->api_arg) { + return false; + } else { + return true; + } + } else if (in_array($fullname, $noauth)) { + # noauth: never needs auth return false; + } else { + # everybody else needs auth + return true; } - return true; } }