GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
18,064 Commits 8 Branches 4 Tags 309 MiB
Commit Graph

18 Commits

Author SHA1 Message Date
Mikael Nordfeldth 5f7032dfee Verify that authenticated API calls are made from our domain name. 
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json" or
whatever. XHR is already blocked with CORS stuff.

Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
 2016-02-22 15:19:10 +01:00
Mikael Nordfeldth 5dc718c54d Make Bsaic Auth work properly with RW actions 2015-10-09 15:43:17 +02:00
Mikael Nordfeldth 7e65f4f6ea StatusNet to GNU social renaming in minor places 2015-02-27 12:55:25 +01:00
Mikael Nordfeldth a063bb43a8 EndSetApiUser will always contain a User 2015-02-13 01:19:59 +01:00
Mikael Nordfeldth c7dd595984 Run onEndSetApiUser also when already logged in! 2015-01-31 16:02:01 +01:00
Mikael Nordfeldth 34f6ea1d04 Present WWW-Authenticate on failure to authenticate 2014-11-10 12:17:39 +01:00
Mikael Nordfeldth b6a168c82e Unnecessary to check PHP_AUTH_USER here 
it was implied from $this->auth_user_nickname above
 2014-11-10 12:10:21 +01:00
Mikael Nordfeldth 17647dc3ff $header was always true due to previous if statement 2014-11-10 11:59:01 +01:00
Mikael Nordfeldth e91deb683f Checking user properties for instanceof User 2014-11-10 11:57:53 +01:00
Mikael Nordfeldth 403cb858be Less verbose logic for checking api authentication 2014-11-10 11:43:08 +01:00
Mikael Nordfeldth 6f5086fc52 Integrate qvitter ApiAuthAction (thanks hannes2peer) 2014-11-10 11:39:19 +01:00
Mikael Nordfeldth 29d0871e5a Making many of the API actions more consistent with coding style 
clientError and serverError exit after they're done so no need for
break or return. Also, $this->format is default.

We also got rid of the incredibly verbose version of $this->isPost()
which was spread all over the place.

Not all of this cleaning up is done yet.
 2013-10-15 03:07:40 +02:00
Mikael Nordfeldth f46d675a20 GNU social is with a minor s. 2013-10-15 00:20:36 +02:00
Mikael Nordfeldth 9be368006c Naming stuff GNUsocial rather than StatusNet 2013-10-15 00:19:03 +02:00
Mikael Nordfeldth 78f9629bf3 Moved shareLocation preference check to Profile class 2013-10-06 13:38:09 +02:00
Mikael Nordfeldth cc34bb48c7 OAuth related syntax fixes, nothing big 
Making better use of class autoloading too.
 2013-10-06 12:43:18 +02:00
Mikael Nordfeldth 99312c8cc2 Declaring some more static functions properly 
As a bonus I added type declaration on Profile_block::exists and
Subscription::exists respectively.
 2013-09-09 23:28:20 +02:00
Mikael Nordfeldth a9c4bcd71f Removing unnecessary require_once lines (autoload!) 2013-09-09 23:06:56 +02:00