From 2d47b3ad643a450c7c85f0c5165a156036283040 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Sat, 19 Jul 2008 13:16:05 -0400
Subject: [PATCH] correct handling of bareauth

darcs-hash:20080719171605-84dde-4b23eb6896d9bb6e57ce65de374acaf1703b7463.gz
---
 actions/api.php | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/actions/api.php b/actions/api.php
index 2c1086ae11..a525703208 100644
--- a/actions/api.php
+++ b/actions/api.php
@@ -101,23 +101,27 @@ class ApiAction extends Action {
 	# Whitelist of API methods that don't need authentication
 	function requires_auth() {
 		static $noauth = array(	'statuses/public_timeline',
-		 						'statuses/user_timeline',
 								'statuses/show',
 								'help/test', 
 								'help/downtime_schedule');
 		static $bareauth = array('statuses/user_timeline', 'statuses/friends');
 
-		# noauth: never needs auth
-		# bareauth: only needs auth if without an argument
-		
 		$fullname = "$this->api_action/$this->api_method";
 		
-		if (in_array($fullname, $bareauth) && !$this->api_arg) {
-			return true;
-		} if (in_array($fullname, $noauth)) {
+		if (in_array($fullname, $bareauth)) {
+			# bareauth: only needs auth if without an argument
+			if ($this->api_arg) {
+				return false;
+			} else {
+				return true;
+			}
+		} else if (in_array($fullname, $noauth)) {
+			# noauth: never needs auth
 			return false;
+		} else {
+			# everybody else needs auth
+			return true;
 		}
-		return true;
 	}
 		
 }