From b40707428130a927b27f595a875808d08588ff52 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 7 Dec 2016 19:04:24 -0800
Subject: always check api_user

---
 include/api_zot.php | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

(limited to 'include')

diff --git a/include/api_zot.php b/include/api_zot.php
index d9895fae0..d1979c3ae 100644
--- a/include/api_zot.php
+++ b/include/api_zot.php
@@ -117,6 +117,9 @@
 	}
 
 	function api_attach_list($type) {
+		if(api_user() === false) 
+			return false;
+
 		logger('api_user: ' . api_user());
 		$hash     = ((array_key_exists('filehash',$_REQUEST)) ? $_REQUEST['filehash'] : '');
 		$filename = ((array_key_exists('filename',$_REQUEST)) ? $_REQUEST['filename'] : '');
@@ -135,7 +138,8 @@
 
 
 	function api_file_meta($type) {
-		if (api_user()===false) return false;
+		if(api_user() === false)
+			return false;
 		if(! $_REQUEST['file_id']) return false;
 		$r = q("select * from attach where uid = %d and hash = '%s' limit 1",
 			intval(api_user()),
@@ -152,7 +156,8 @@
 
 
 	function api_file_data($type) {
-		if (api_user()===false) return false;
+		if(api_user() === false)
+			return false;
 		if(! $_REQUEST['file_id']) return false;
 		$start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0);
 		$length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0);
@@ -193,8 +198,10 @@
 
 
 	function api_file_export($type) {
-		if (api_user()===false) return false;
-		if(! $_REQUEST['file_id']) return false;
+		if(api_user() === false)
+			return false;
+		if(! $_REQUEST['file_id'])
+			return false;
 
 		$ret = attach_export_data(api_user(),$_REQUEST['file_id']);
 		if($ret) {
@@ -205,7 +212,8 @@
 
 
 	function api_file_detail($type) {
-		if (api_user()===false) return false;
+		if(api_user() === false)
+			return false;
 		if(! $_REQUEST['file_id']) return false;
 		$r = q("select * from attach where uid = %d and hash = '%s' limit 1",
 			intval(api_user()),
@@ -228,16 +236,21 @@
 
 
 	function api_albums($type) {
+		if(api_user() === false)
+			return false;
 		json_return_and_die(photos_albums_list(App::get_channel(),App::get_observer()));
 	}
 
 	function api_photos($type) {
+		if(api_user() === false)
+			return false;
 		$album = $_REQUEST['album'];
 		json_return_and_die(photos_list_photos(App::get_channel(),App::get_observer(),$album));
 	}
 
 	function api_photo_detail($type) {
-		if (api_user()===false) return false;
+		if(api_user() === false)
+			return false;
 		if(! $_REQUEST['photo_id']) return false;
 		$scale = ((array_key_exists('scale',$_REQUEST)) ? intval($_REQUEST['scale']) : 0);
 		$r = q("select * from photo where uid = %d and resource_id = '%s' and imgscale = %d limit 1",
@@ -316,8 +329,6 @@
 
 
 	function api_red_xchan($type) {
-		logger('api_xchan');
-
 		if(api_user() === false)
 			return false;
 		logger('api_xchan');
-- 
cgit v1.2.3