apioauthaction.php 2.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
  1. <?php
  2. /**
  3. * StatusNet, the distributed open-source microblogging tool
  4. *
  5. * Base action for OAuth API endpoints
  6. *
  7. * PHP version 5
  8. *
  9. * LICENCE: This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as published by
  11. * the Free Software Foundation, either version 3 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. * @category API
  23. * @package StatusNet
  24. * @author Zach Copley <zach@status.net>
  25. * @copyright 2010 StatusNet, Inc.
  26. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  27. * @link http://status.net/
  28. */
  29. if (!defined('STATUSNET')) {
  30. exit(1);
  31. }
  32. require_once INSTALLDIR . '/lib/api/apiaction.php';
  33. /**
  34. * Base action for API OAuth enpoints. Clean up the
  35. * request. Some other common functions.
  36. *
  37. * @category API
  38. * @package StatusNet
  39. * @author Zach Copley <zach@status.net>
  40. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  41. * @link http://status.net/
  42. */
  43. class ApiOAuthAction extends ApiAction
  44. {
  45. /**
  46. * Is this a read-only action?
  47. *
  48. * @return boolean false
  49. */
  50. function isReadOnly($args)
  51. {
  52. return false;
  53. }
  54. protected function prepare(array $args=array())
  55. {
  56. self::cleanRequest();
  57. return parent::prepare($args);
  58. }
  59. /*
  60. * Clean up the request so the OAuth library doesn't find
  61. * any extra parameters or anything else it's not expecting.
  62. * I'm looking at you, p parameter.
  63. */
  64. static function cleanRequest()
  65. {
  66. // kill evil effects of magical slashing
  67. if (get_magic_quotes_gpc() == 1) {
  68. $_POST = array_map('stripslashes', $_POST);
  69. $_GET = array_map('stripslashes', $_GET);
  70. }
  71. // strip out the p param added in index.php
  72. unset($_GET['p']);
  73. unset($_POST['p']);
  74. unset($_REQUEST['p']);
  75. $queryArray = explode('&', $_SERVER['QUERY_STRING']);
  76. for ($i = 0; $i < sizeof($queryArray); $i++) {
  77. if (substr($queryArray[$i], 0, 2) == 'p=') {
  78. unset($queryArray[$i]);
  79. }
  80. }
  81. $_SERVER['QUERY_STRING'] = implode('&', $queryArray);
  82. }
  83. }