gnu-social/lib/api/apioauthaction.php

<?php
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Base action for OAuth API endpoints
 *
 * @category  API
 * @package   GNUsocial
 * @author    Zach Copley <zach@status.net>
 * @copyright 2010 StatusNet, Inc.
 * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
 */

defined('GNUSOCIAL') || die();

require_once INSTALLDIR . '/lib/api/apiaction.php';

/**
 * Base action for API OAuth enpoints. Clean up the
 * request. Some other common functions.
 *
 * @category  API
 * @package   GNUsocial
 * @author    Zach Copley <zach@status.net>
 * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
 */
class ApiOAuthAction extends ApiAction
{
    /**
     * Is this a read-only action?
     *
     * @return boolean false
     */
    public function isReadOnly($args)
    {
        return false;
    }

    protected function prepare(array $args=array())
    {
        self::cleanRequest();
        return parent::prepare($args);
    }

    /*
     * Clean up the request so the OAuth library doesn't find
     * any extra parameters or anything else it's not expecting.
     * I'm looking at you, p parameter.
     */

    public static function cleanRequest()
    {
        // strip out the p param added in index.php
        unset($_GET['p']);
        unset($_POST['p']);
        unset($_REQUEST['p']);

        $queryArray = explode('&', $_SERVER['QUERY_STRING']);

        for ($i = 0; $i < sizeof($queryArray); $i++) {
            if (substr($queryArray[$i], 0, 2) == 'p=') {
                unset($queryArray[$i]);
            }
        }

        $_SERVER['QUERY_STRING'] = implode('&', $queryArray);
    }
}
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`<?php`
Remove "magic quotes" code and avoid wrong order implode "Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore. Avoid implode() with the join()-like order of arguments which was deprecated since PHP 7.4 and implicitly since PHP 5.3. Also avoid implode() with an implicit separator for stylistic reasons. mktime() with no arguments has been deprecated since PHP 5.1. 2020-09-15 12:59:27 +01:00			`// This file is part of GNU social - https://www.gnu.org/software/social`
			`//`
			`// GNU social is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// GNU social is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with GNU social. If not, see <http://www.gnu.org/licenses/>.`

OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`/**`
			`* Base action for OAuth API endpoints`
			`*`
			`* @category API`
Remove "magic quotes" code and avoid wrong order implode "Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore. Avoid implode() with the join()-like order of arguments which was deprecated since PHP 7.4 and implicitly since PHP 5.3. Also avoid implode() with an implicit separator for stylistic reasons. mktime() with no arguments has been deprecated since PHP 5.1. 2020-09-15 12:59:27 +01:00			`* @package GNUsocial`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`* @author Zach Copley <zach@status.net>`
			`* @copyright 2010 StatusNet, Inc.`
Remove "magic quotes" code and avoid wrong order implode "Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore. Avoid implode() with the join()-like order of arguments which was deprecated since PHP 7.4 and implicitly since PHP 5.3. Also avoid implode() with an implicit separator for stylistic reasons. mktime() with no arguments has been deprecated since PHP 5.1. 2020-09-15 12:59:27 +01:00			`* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`*/`

Remove "magic quotes" code and avoid wrong order implode "Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore. Avoid implode() with the join()-like order of arguments which was deprecated since PHP 7.4 and implicitly since PHP 5.3. Also avoid implode() with an implicit separator for stylistic reasons. mktime() with no arguments has been deprecated since PHP 5.1. 2020-09-15 12:59:27 +01:00			`defined('GNUSOCIAL') \|\| die();`

[LIB_REFACTOR] Fix requires 2019-08-23 13:36:02 +01:00			`require_once INSTALLDIR . '/lib/api/apiaction.php';`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00
			`/**`
- Update ApiOauthAuthorizeAction to 1.0a - Fix enumerable bugs - New page for displaying 1.0a verifier (still needs work) 2010-10-07 03:20:47 +01:00			`* Base action for API OAuth enpoints. Clean up the`
			`* request. Some other common functions.`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`*`
Remove "magic quotes" code and avoid wrong order implode "Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore. Avoid implode() with the join()-like order of arguments which was deprecated since PHP 7.4 and implicitly since PHP 5.3. Also avoid implode() with an implicit separator for stylistic reasons. mktime() with no arguments has been deprecated since PHP 5.1. 2020-09-15 12:59:27 +01:00			`* @category API`
			`* @package GNUsocial`
			`* @author Zach Copley <zach@status.net>`
			`* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`*/`
OAuth related syntax fixes, nothing big Making better use of class autoloading too. 2013-10-06 11:40:58 +01:00			`class ApiOAuthAction extends ApiAction`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`{`
			`/**`
			`* Is this a read-only action?`
			`*`
			`* @return boolean false`
			`*/`
Remove "magic quotes" code and avoid wrong order implode "Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore. Avoid implode() with the join()-like order of arguments which was deprecated since PHP 7.4 and implicitly since PHP 5.3. Also avoid implode() with an implicit separator for stylistic reasons. mktime() with no arguments has been deprecated since PHP 5.1. 2020-09-15 12:59:27 +01:00			`public function isReadOnly($args)`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`{`
			`return false;`
			`}`

ApiOAuthAction functions didn't match parents 2015-06-06 20:57:42 +01:00			`protected function prepare(array $args=array())`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`{`
			`self::cleanRequest();`
ApiOAuthAction functions didn't match parents 2015-06-06 20:57:42 +01:00			`return parent::prepare($args);`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`}`

Update ApiOauthRequestTokenAction to support OAuth 1.0a 2010-10-06 01:53:50 +01:00			`/*`
			`* Clean up the request so the OAuth library doesn't find`
			`* any extra parameters or anything else it's not expecting.`
			`* I'm looking at you, p parameter.`
			`*/`
- Update ApiOauthAuthorizeAction to 1.0a - Fix enumerable bugs - New page for displaying 1.0a verifier (still needs work) 2010-10-07 03:20:47 +01:00
Remove "magic quotes" code and avoid wrong order implode "Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore. Avoid implode() with the join()-like order of arguments which was deprecated since PHP 7.4 and implicitly since PHP 5.3. Also avoid implode() with an implicit separator for stylistic reasons. mktime() with no arguments has been deprecated since PHP 5.1. 2020-09-15 12:59:27 +01:00			`public static function cleanRequest()`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`{`
			`// strip out the p param added in index.php`
			`unset($_GET['p']);`
			`unset($_POST['p']);`
Strip out the special 'p' paramter added by index.php from $_SERVER['QUERY_STRING'] before doing OAuth requests. Required by the latest version of the OAuth lib. 2010-10-05 02:21:50 +01:00			`unset($_REQUEST['p']);`

			`$queryArray = explode('&', $_SERVER['QUERY_STRING']);`
Fix bad reference 2010-10-06 00:13:07 +01:00
Strip out the special 'p' paramter added by index.php from $_SERVER['QUERY_STRING'] before doing OAuth requests. Required by the latest version of the OAuth lib. 2010-10-05 02:21:50 +01:00			`for ($i = 0; $i < sizeof($queryArray); $i++) {`
Stab that 'p' parameter! 2010-10-06 01:27:55 +01:00			`if (substr($queryArray[$i], 0, 2) == 'p=') {`
Strip out the special 'p' paramter added by index.php from $_SERVER['QUERY_STRING'] before doing OAuth requests. Required by the latest version of the OAuth lib. 2010-10-05 02:21:50 +01:00			`unset($queryArray[$i]);`
			`}`
			`}`

Fix bad reference 2010-10-06 00:13:07 +01:00			`$_SERVER['QUERY_STRING'] = implode('&', $queryArray);`
OAuth 1.0 working now 2010-01-13 05:06:35 +00:00			`}`
			`}`