diff options
| author | zotlabs <mike@macgirvin.com> | 2016-12-07 19:04:24 -0800 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2016-12-07 19:04:24 -0800 |
| commit | b40707428130a927b27f595a875808d08588ff52 (patch) | |
| tree | 395349e8edfb1414dcdc4c706d345fc5d4fda0e3 /include | |
| parent | c4d6189b55ee4f006013fb180bbf1c431094df72 (diff) | |
| download | volse-hubzilla-b40707428130a927b27f595a875808d08588ff52.tar.gz volse-hubzilla-b40707428130a927b27f595a875808d08588ff52.tar.bz2 volse-hubzilla-b40707428130a927b27f595a875808d08588ff52.zip | |
always check api_user
Diffstat (limited to 'include')
| -rw-r--r-- | include/api_zot.php | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/include/api_zot.php b/include/api_zot.php index d9895fae0..d1979c3ae 100644 --- a/include/api_zot.php +++ b/include/api_zot.php @@ -117,6 +117,9 @@ } function api_attach_list($type) { + if(api_user() === false) + return false; + logger('api_user: ' . api_user()); $hash = ((array_key_exists('filehash',$_REQUEST)) ? $_REQUEST['filehash'] : ''); $filename = ((array_key_exists('filename',$_REQUEST)) ? $_REQUEST['filename'] : ''); @@ -135,7 +138,8 @@ function api_file_meta($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $r = q("select * from attach where uid = %d and hash = '%s' limit 1", intval(api_user()), @@ -152,7 +156,8 @@ function api_file_data($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0); $length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0); @@ -193,8 +198,10 @@ function api_file_export($type) { - if (api_user()===false) return false; - if(! $_REQUEST['file_id']) return false; + if(api_user() === false) + return false; + if(! $_REQUEST['file_id']) + return false; $ret = attach_export_data(api_user(),$_REQUEST['file_id']); if($ret) { @@ -205,7 +212,8 @@ function api_file_detail($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $r = q("select * from attach where uid = %d and hash = '%s' limit 1", intval(api_user()), @@ -228,16 +236,21 @@ function api_albums($type) { + if(api_user() === false) + return false; json_return_and_die(photos_albums_list(App::get_channel(),App::get_observer())); } function api_photos($type) { + if(api_user() === false) + return false; $album = $_REQUEST['album']; json_return_and_die(photos_list_photos(App::get_channel(),App::get_observer(),$album)); } function api_photo_detail($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['photo_id']) return false; $scale = ((array_key_exists('scale',$_REQUEST)) ? intval($_REQUEST['scale']) : 0); $r = q("select * from photo where uid = %d and resource_id = '%s' and imgscale = %d limit 1", @@ -316,8 +329,6 @@ function api_red_xchan($type) { - logger('api_xchan'); - if(api_user() === false) return false; logger('api_xchan'); |