apioauthaction.php 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. <?php
  2. /**
  3. * StatusNet, the distributed open-source microblogging tool
  4. *
  5. * Base action for OAuth API endpoints
  6. *
  7. * PHP version 5
  8. *
  9. * LICENCE: This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as published by
  11. * the Free Software Foundation, either version 3 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. * @category API
  23. * @package StatusNet
  24. * @author Zach Copley <zach@status.net>
  25. * @copyright 2010 StatusNet, Inc.
  26. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  27. * @link http://status.net/
  28. */
  29. if (!defined('STATUSNET')) {
  30. exit(1);
  31. }
  32. require_once INSTALLDIR . '/lib/apiaction.php';
  33. /**
  34. * Base action for API OAuth enpoints. Clean up the
  35. * request. Some other common functions.
  36. *
  37. * @category API
  38. * @package StatusNet
  39. * @author Zach Copley <zach@status.net>
  40. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  41. * @link http://status.net/
  42. */
  43. class ApiOAuthAction extends ApiAction
  44. {
  45. /**
  46. * Is this a read-only action?
  47. *
  48. * @return boolean false
  49. */
  50. function isReadOnly($args)
  51. {
  52. return false;
  53. }
  54. function prepare($args)
  55. {
  56. parent::prepare($args);
  57. return true;
  58. }
  59. /**
  60. * Handle input, produce output
  61. *
  62. * Switches on request method; either shows the form or handles its input.
  63. *
  64. * @param array $args $_REQUEST data
  65. *
  66. * @return void
  67. */
  68. function handle($args)
  69. {
  70. parent::handle($args);
  71. self::cleanRequest();
  72. }
  73. /*
  74. * Clean up the request so the OAuth library doesn't find
  75. * any extra parameters or anything else it's not expecting.
  76. * I'm looking at you, p parameter.
  77. */
  78. static function cleanRequest()
  79. {
  80. // kill evil effects of magical slashing
  81. if (get_magic_quotes_gpc() == 1) {
  82. $_POST = array_map('stripslashes', $_POST);
  83. $_GET = array_map('stripslashes', $_GET);
  84. }
  85. // strip out the p param added in index.php
  86. unset($_GET['p']);
  87. unset($_POST['p']);
  88. unset($_REQUEST['p']);
  89. $queryArray = explode('&', $_SERVER['QUERY_STRING']);
  90. for ($i = 0; $i < sizeof($queryArray); $i++) {
  91. if (substr($queryArray[$i], 0, 2) == 'p=') {
  92. unset($queryArray[$i]);
  93. }
  94. }
  95. $_SERVER['QUERY_STRING'] = implode('&', $queryArray);
  96. }
  97. }