From 6f6fcddfc3fc9bb2e63dd615f29116ced49838d5 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 26 Nov 2013 16:38:48 -0800
Subject: api fixes

---
 include/api.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'include/api.php')

diff --git a/include/api.php b/include/api.php
index 8f7be37c7..717f1572a 100644
--- a/include/api.php
+++ b/include/api.php
@@ -739,7 +739,7 @@ require_once('include/photos.php');
 				'created_at' => api_date($lastwall['created']),
 				'in_reply_to_status_id' => $in_reply_to_status_id,
 				'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'),
-				'id' => (($w) ? $w[0]['abook_id'] : $user_info['id']),
+				'id' => ($lastwall['id']),
 				'in_reply_to_user_id' => $in_reply_to_user_id,
 				'in_reply_to_screen_name' => $in_reply_to_screen_name,
 				'geo' => '',
@@ -1081,10 +1081,18 @@ require_once('include/photos.php');
 		// params
 		$id = intval(argv(3));
 
-		logger('API: api_statuses_destroy: '.$id);
+		// first prove that we own the item
+
+		$r = q("select * from item where id = %d and uid = %d limit 1",
+			intval($id),
+			intval($user_info['uid'])
+		);
 
-		require_once('include/items.php');
-		drop_item($id, false);
+		if($r) {
+			logger('API: api_statuses_destroy: '.$id);
+			require_once('include/items.php');
+			drop_item($id, false);
+		}
 
 		if ($type == 'xml')
 			$ok = "true";
-- 
cgit v1.2.3