harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

always check api_user

Browse Source
This commit is contained in:
zotlabs 2016-12-07 19:04:24 -08:00
parent c4d6189b55
commit b407074281
1 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
include/api_zot.php
View File

@ -117,6 +117,9 @@
} }
function api_attach_list($type) { function api_attach_list($type) {
if(api_user() === false)
return false;
logger('api_user: ' . api_user()); logger('api_user: ' . api_user());
$hash = ((array_key_exists('filehash',$_REQUEST)) ? $_REQUEST['filehash'] : ''); $hash = ((array_key_exists('filehash',$_REQUEST)) ? $_REQUEST['filehash'] : '');
$filename = ((array_key_exists('filename',$_REQUEST)) ? $_REQUEST['filename'] : ''); $filename = ((array_key_exists('filename',$_REQUEST)) ? $_REQUEST['filename'] : '');
@ -135,7 +138,8 @@
function api_file_meta($type) { function api_file_meta($type) {
if (api_user()===false) return false; if(api_user() === false)
return false;
if(! $_REQUEST['file_id']) return false; if(! $_REQUEST['file_id']) return false;
$r = q("select * from attach where uid = %d and hash = '%s' limit 1", $r = q("select * from attach where uid = %d and hash = '%s' limit 1",
intval(api_user()), intval(api_user()),
@ -152,7 +156,8 @@
function api_file_data($type) { function api_file_data($type) {
if (api_user()===false) return false; if(api_user() === false)
return false;
if(! $_REQUEST['file_id']) return false; if(! $_REQUEST['file_id']) return false;
$start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0); $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0);
$length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0); $length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0);
@ -193,8 +198,10 @@
function api_file_export($type) { function api_file_export($type) {
if (api_user()===false) return false; if(api_user() === false)
if(! $_REQUEST['file_id']) return false; return false;
if(! $_REQUEST['file_id'])
return false;
$ret = attach_export_data(api_user(),$_REQUEST['file_id']); $ret = attach_export_data(api_user(),$_REQUEST['file_id']);
if($ret) { if($ret) {
@ -205,7 +212,8 @@
function api_file_detail($type) { function api_file_detail($type) {
if (api_user()===false) return false; if(api_user() === false)
return false;
if(! $_REQUEST['file_id']) return false; if(! $_REQUEST['file_id']) return false;
$r = q("select * from attach where uid = %d and hash = '%s' limit 1", $r = q("select * from attach where uid = %d and hash = '%s' limit 1",
intval(api_user()), intval(api_user()),
@ -228,16 +236,21 @@
function api_albums($type) { function api_albums($type) {
if(api_user() === false)
return false;
json_return_and_die(photos_albums_list(App::get_channel(),App::get_observer())); json_return_and_die(photos_albums_list(App::get_channel(),App::get_observer()));
} }
function api_photos($type) { function api_photos($type) {
if(api_user() === false)
return false;
$album = $_REQUEST['album']; $album = $_REQUEST['album'];
json_return_and_die(photos_list_photos(App::get_channel(),App::get_observer(),$album)); json_return_and_die(photos_list_photos(App::get_channel(),App::get_observer(),$album));
} }
function api_photo_detail($type) { function api_photo_detail($type) {
if (api_user()===false) return false; if(api_user() === false)
return false;
if(! $_REQUEST['photo_id']) return false; if(! $_REQUEST['photo_id']) return false;
$scale = ((array_key_exists('scale',$_REQUEST)) ? intval($_REQUEST['scale']) : 0); $scale = ((array_key_exists('scale',$_REQUEST)) ? intval($_REQUEST['scale']) : 0);
$r = q("select * from photo where uid = %d and resource_id = '%s' and imgscale = %d limit 1", $r = q("select * from photo where uid = %d and resource_id = '%s' and imgscale = %d limit 1",
@ -316,8 +329,6 @@
function api_red_xchan($type) { function api_red_xchan($type) {
logger('api_xchan');
if(api_user() === false) if(api_user() === false)
return false; return false;
logger('api_xchan'); logger('api_xchan');