diff options
author | Florian Pritz <bluewind@xinu.at> | 2015-02-03 11:18:28 +0100 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2015-02-03 11:18:28 +0100 |
commit | d9c895ce4f53b180fc11c3b5a172c4cf787b1279 (patch) | |
tree | 6757ed1622b79519279fcf50eda88118fa6ca5c8 | |
parent | 9ea78213f8e505b5fde7372106adc1947d1f7de2 (diff) |
Remove unstable json api
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r-- | application/controllers/file.php | 20 | ||||
-rw-r--r-- | application/controllers/user.php | 9 | ||||
-rw-r--r-- | application/core/MY_Controller.php | 29 | ||||
-rw-r--r-- | application/errors/error_general.php | 11 |
4 files changed, 2 insertions, 67 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index e35978a1e..63f6a71b5 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -9,13 +9,6 @@ class File extends MY_Controller { - protected $json_enabled_functions = array( - "upload_history", - "do_upload", - "do_delete", - "do_multipaste", - ); - function __construct() { parent::__construct(); @@ -470,10 +463,6 @@ class File extends MY_Controller { } } - if (static_storage("response_type") == "json") { - return send_json_reply($this->data["urls"]); - } - if (is_cli_client()) { $redirect = false; } @@ -740,15 +729,6 @@ class File extends MY_Controller { ); } - if (static_storage("response_type") == "json") { - return send_json_reply(array( - "errors" => $errors, - "deleted" => $deleted, - "total_count" => $total_count, - "deleted_count" => $deleted_count, - )); - } - $this->data["errors"] = $errors; $this->data["deleted_count"] = $deleted_count; $this->data["total_count"] = $total_count; diff --git a/application/controllers/user.php b/application/controllers/user.php index 62569e1f1..aba2a8ec1 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -8,11 +8,6 @@ */ class User extends MY_Controller { - protected $json_enabled_functions = array( - "create_apikey", - "apikeys", - ); - function __construct() { @@ -93,10 +88,6 @@ class User extends MY_Controller { $key = \service\user::create_apikey($userid, $comment, $access_level); - if (static_storage("response_type") == "json") { - return send_json_reply(array("new_key" => $key)); - } - if (is_cli_client()) { echo "$key\n"; } else { diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php index fc08b10ae..0f71a7fdc 100644 --- a/application/core/MY_Controller.php +++ b/application/core/MY_Controller.php @@ -11,9 +11,6 @@ class MY_Controller extends CI_Controller { public $data = array(); public $var; - protected $json_enabled_functions = array( - ); - function __construct() { parent::__construct(); @@ -46,33 +43,11 @@ class MY_Controller extends CI_Controller { $this->load->helper(array('form', 'filebin')); $this->load->library('customautoloader'); - // TODO: proper accept header handling or is this enough? - if (isset($_SERVER["HTTP_ACCEPT"])) { - if ($_SERVER["HTTP_ACCEPT"] == "application/json") { - static_storage("response_type", "json"); - } - } - - // Allow for easier testing in browser - if ($this->input->get("json") !== false) { - static_storage("response_type", "json"); - } - - // TODO: this should probably call a function in the controller that does the checking - // instead of checking if the controller name == "api" - if (static_storage("response_type") == "json" - && $this->uri->segment(1) != "api" - && ! in_array($this->uri->rsegment(2), $this->json_enabled_functions)) { - show_error("Function not JSON enabled"); - } - if ($this->uri->segment(1) == "api") { is_cli_client(true); } - if ($this->input->post("apikey") !== false - || ($this->input->post("username") !== false - && $this->input->post("password") !== false)) { + if ($this->input->post("apikey") !== false || is_cli_client()) { /* This relies on the authentication code always verifying the supplied * apikey. If the key is not verified/logged in an attacker could simply * add an empty "apikey" field to the CSRF form to circumvent the @@ -119,7 +94,7 @@ class MY_Controller extends CI_Controller { $this->security->csrf_verify(); } - if ($this->config->item("environment") == "development" && static_storage("response_type") != "json") { + if ($this->config->item("environment") == "development") { $this->output->enable_profiler(true); } diff --git a/application/errors/error_general.php b/application/errors/error_general.php index 844dfb74d..87d5b62f6 100644 --- a/application/errors/error_general.php +++ b/application/errors/error_general.php @@ -15,17 +15,6 @@ if (class_exists("CI_Controller") && !isset($GLOBALS["is_error_page"])) { is_cli_client(true); } - if (static_storage("response_type") == "json") { - $message = str_replace("</p>", "</p>\n", $message); - $array = array( - "status" => "error", - "message" => strip_tags($message), - ); - header('Content-type: application/json'); - echo json_encode($array); - exit(); - } - if (is_cli_client()) { $message = str_replace("</p>", "</p>\n", $message); $message = strip_tags($message); |