Twitter-compatible API - RESTfulness checks as per Twitter

darcs-hash:20080819214923-462f3-83ab492cb93c1ba643beb70853578cbd7ac35d61.gz

actions/twitapiaccount.php

@@ -61,6 +61,11 @@ class TwitapiaccountAction extends TwitterapiAction {
 	function update_location($args, $apidata) {
 		parent::handle($args);
 
+		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+			$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+			exit();
+		}
+
 		$location = trim($this->arg('location'));
 
 		if (!is_null($location) && strlen($location) > 255) {

actions/twitapifriendships.php

@@ -40,6 +40,11 @@ class TwitapifriendshipsAction extends TwitterapiAction {
 	function create($args, $apidata) {
 		parent::handle($args);
 
+		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+			$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+			exit();
+		}
+
 		$id = $apidata['api_arg'];
 
 		$other = $this->get_user($id);
@@ -98,6 +103,12 @@ class TwitapifriendshipsAction extends TwitterapiAction {
 	
 	function destroy($args, $apidata) {
 		parent::handle($args);
+		
+		if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
+			$this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']);
+			exit();
+		}
+		
 		$id = $apidata['api_arg'];
 
 		# We can't subscribe to a remote person, but we can unsub

actions/twitapistatuses.php

@@ -374,6 +374,11 @@ class TwitapistatusesAction extends TwitterapiAction {
 
 		parent::handle($args);
 
+		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+			$this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
+			exit();
+		}
+
 		$user = $apidata['user'];
 		$status = $this->trimmed('status');
 		$source = $this->trimmed('source');