From 4e8e77f6b091e024f58241c2807c61e0b7930e5c Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 29 Jul 2010 18:47:28 +0000 Subject: [PATCH 1/2] Return HTTP 403 instead of 400 when silenced users try to post via API --- actions/apistatusesupdate.php | 2 +- classes/Notice.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php index d65a068f50..9be16b2c56 100644 --- a/actions/apistatusesupdate.php +++ b/actions/apistatusesupdate.php @@ -332,7 +332,7 @@ class ApiStatusesUpdateAction extends ApiAuthAction $options ); } catch (Exception $e) { - $this->clientError($e->getMessage()); + $this->clientError($e->getMessage(), $e->getCode()); return; } diff --git a/classes/Notice.php b/classes/Notice.php index 8552248bad..36943be84b 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -275,7 +275,7 @@ class Notice extends Memcached_DataObject if (!$profile->hasRight(Right::NEWNOTICE)) { common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname); - throw new ClientException(_('You are banned from posting notices on this site.')); + throw new ClientException(_('You are banned from posting notices on this site.'), 403); } $notice = new Notice(); From 0faa988e91056564b2ae19f045a81b322cce4e0c Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 29 Jul 2010 20:31:22 +0000 Subject: [PATCH 2/2] Fix for issue ID 2290: make sure errors are returned in the right format, and use callback for errors when the request is JSONP --- actions/apiaccountupdateprofilecolors.php | 6 +++--- actions/apimediaupload.php | 6 +++--- actions/apistatusesupdate.php | 17 +++++++++++------ actions/apitimelinegroup.php | 6 ++++-- lib/apiaction.php | 2 +- 5 files changed, 22 insertions(+), 15 deletions(-) diff --git a/actions/apiaccountupdateprofilecolors.php b/actions/apiaccountupdateprofilecolors.php index 3cac829749..c666f9d759 100644 --- a/actions/apiaccountupdateprofilecolors.php +++ b/actions/apiaccountupdateprofilecolors.php @@ -22,7 +22,7 @@ * @category API * @package StatusNet * @author Zach Copley - * @copyright 2009 StatusNet, Inc. + * @copyright 2009-2010 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -131,7 +131,7 @@ class ApiAccountUpdateProfileColorsAction extends ApiAuthAction try { $this->setColors($design); } catch (WebColorException $e) { - $this->clientError($e->getMessage()); + $this->clientError($e->getMessage(), 400, $this->format); return false; } @@ -153,7 +153,7 @@ class ApiAccountUpdateProfileColorsAction extends ApiAuthAction try { $this->setColors($design); } catch (WebColorException $e) { - $this->clientError($e->getMessage()); + $this->clientError($e->getMessage(), 400, $this->format); return false; } diff --git a/actions/apimediaupload.php b/actions/apimediaupload.php index ec316edc8d..7aa88c186b 100644 --- a/actions/apimediaupload.php +++ b/actions/apimediaupload.php @@ -88,15 +88,15 @@ class ApiMediaUploadAction extends ApiAuthAction try { $upload = MediaFile::fromUpload('media', $this->auth_user); - } catch (ClientException $ce) { - $this->clientError($ce->getMessage()); + } catch (Exception $e) { + $this->clientError($e->getMessage(), $e->getCode()); return; } if (isset($upload)) { $this->showResponse($upload); } else { - $this->clientError('Upload failed.'); + $this->clientError(_('Upload failed.')); return; } } diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php index 9be16b2c56..fa3f611c0a 100644 --- a/actions/apistatusesupdate.php +++ b/actions/apistatusesupdate.php @@ -196,7 +196,8 @@ class ApiStatusesUpdateAction extends ApiAuthAction if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->clientError( _('This method requires a POST.'), - 400, $this->format + 400, + $this->format ); return; } @@ -217,7 +218,7 @@ class ApiStatusesUpdateAction extends ApiAuthAction if (empty($this->status)) { $this->clientError( - 'Client must provide a \'status\' parameter with a value.', + _('Client must provide a \'status\' parameter with a value.'), 400, $this->format ); @@ -291,8 +292,8 @@ class ApiStatusesUpdateAction extends ApiAuthAction try { $upload = MediaFile::fromUpload('media', $this->auth_user); - } catch (ClientException $ce) { - $this->clientError($ce->getMessage()); + } catch (Exception $e) { + $this->clientError($e->getMessage(), $e->getCode(), $this->format); return; } @@ -305,7 +306,11 @@ class ApiStatusesUpdateAction extends ApiAuthAction 'Max notice size is %d chars, ' . 'including attachment URL.' ); - $this->clientError(sprintf($msg, Notice::maxContent())); + $this->clientError( + sprintf($msg, Notice::maxContent()), + 400, + $this->format + ); } } @@ -332,7 +337,7 @@ class ApiStatusesUpdateAction extends ApiAuthAction $options ); } catch (Exception $e) { - $this->clientError($e->getMessage(), $e->getCode()); + $this->clientError($e->getMessage(), $e->getCode(), $this->format); return; } diff --git a/actions/apitimelinegroup.php b/actions/apitimelinegroup.php index c4a6a18d24..7a40fd8084 100644 --- a/actions/apitimelinegroup.php +++ b/actions/apitimelinegroup.php @@ -25,7 +25,7 @@ * @author Evan Prodromou * @author Jeffery To * @author Zach Copley - * @copyright 2009 StatusNet, Inc. + * @copyright 2009-2010 StatusNet, Inc. * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ @@ -138,7 +138,9 @@ class ApiTimelineGroupAction extends ApiPrivateAuthAction $this->raw($atom->getString()); } catch (Atom10FeedException $e) { $this->serverError( - 'Could not generate feed for group - ' . $e->getMessage() + 'Could not generate feed for group - ' . $e->getMessage(), + 400, + $this->format ); return; } diff --git a/lib/apiaction.php b/lib/apiaction.php index 7868ecab15..479a86ad80 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -27,7 +27,7 @@ * @author Jeffery To * @author Toby Inkster * @author Zach Copley - * @copyright 2009 StatusNet, Inc. + * @copyright 2009-2010 StatusNet, Inc. * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/