aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2016-12-07 19:04:24 -0800
committerzotlabs <mike@macgirvin.com>2016-12-07 19:04:24 -0800
commitb40707428130a927b27f595a875808d08588ff52 (patch)
tree395349e8edfb1414dcdc4c706d345fc5d4fda0e3
parentc4d6189b55ee4f006013fb180bbf1c431094df72 (diff)
downloadvolse-hubzilla-b40707428130a927b27f595a875808d08588ff52.tar.gz
volse-hubzilla-b40707428130a927b27f595a875808d08588ff52.tar.bz2
volse-hubzilla-b40707428130a927b27f595a875808d08588ff52.zip
always check api_user
-rw-r--r--include/api_zot.php27
1 files changed, 19 insertions, 8 deletions
diff --git a/include/api_zot.php b/include/api_zot.php
index d9895fae0..d1979c3ae 100644
--- a/include/api_zot.php
+++ b/include/api_zot.php
@@ -117,6 +117,9 @@
}
function api_attach_list($type) {
+ if(api_user() === false)
+ return false;
+
logger('api_user: ' . api_user());
$hash = ((array_key_exists('filehash',$_REQUEST)) ? $_REQUEST['filehash'] : '');
$filename = ((array_key_exists('filename',$_REQUEST)) ? $_REQUEST['filename'] : '');
@@ -135,7 +138,8 @@
function api_file_meta($type) {
- if (api_user()===false) return false;
+ if(api_user() === false)
+ return false;
if(! $_REQUEST['file_id']) return false;
$r = q("select * from attach where uid = %d and hash = '%s' limit 1",
intval(api_user()),
@@ -152,7 +156,8 @@
function api_file_data($type) {
- if (api_user()===false) return false;
+ if(api_user() === false)
+ return false;
if(! $_REQUEST['file_id']) return false;
$start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0);
$length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0);
@@ -193,8 +198,10 @@
function api_file_export($type) {
- if (api_user()===false) return false;
- if(! $_REQUEST['file_id']) return false;
+ if(api_user() === false)
+ return false;
+ if(! $_REQUEST['file_id'])
+ return false;
$ret = attach_export_data(api_user(),$_REQUEST['file_id']);
if($ret) {
@@ -205,7 +212,8 @@
function api_file_detail($type) {
- if (api_user()===false) return false;
+ if(api_user() === false)
+ return false;
if(! $_REQUEST['file_id']) return false;
$r = q("select * from attach where uid = %d and hash = '%s' limit 1",
intval(api_user()),
@@ -228,16 +236,21 @@
function api_albums($type) {
+ if(api_user() === false)
+ return false;
json_return_and_die(photos_albums_list(App::get_channel(),App::get_observer()));
}
function api_photos($type) {
+ if(api_user() === false)
+ return false;
$album = $_REQUEST['album'];
json_return_and_die(photos_list_photos(App::get_channel(),App::get_observer(),$album));
}
function api_photo_detail($type) {
- if (api_user()===false) return false;
+ if(api_user() === false)
+ return false;
if(! $_REQUEST['photo_id']) return false;
$scale = ((array_key_exists('scale',$_REQUEST)) ? intval($_REQUEST['scale']) : 0);
$r = q("select * from photo where uid = %d and resource_id = '%s' and imgscale = %d limit 1",
@@ -316,8 +329,6 @@
function api_red_xchan($type) {
- logger('api_xchan');
-
if(api_user() === false)
return false;
logger('api_xchan');