summaryrefslogtreecommitdiffstats
path: root/application/controllers
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2015-09-14 13:46:40 +0200
committerFlorian Pritz <bluewind@xinu.at>2015-09-14 18:52:24 +0200
commitb71797c7a3dd454ddf53ee6c14af5c5a22be9272 (patch)
treec1209d6bdbff8b62a57e61f6ecfa9bf3dbbd6a7e /application/controllers
parent441f9ceb06c5cbdb9fc258114d2aadb9e71d280a (diff)
API 2.0: Remove private fields from file/history
Since this is a breaking change bump the api version to 2. The private fields are user_id and multipaste_id which where leaked via the multipaste_items field. This commit also adds a test case to both api versions that checks the returned fields. NOTE: Most of this commit is copied from the files of api v1 so when viewing the diff use --find-copies-harder for an easy to read diff. Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers')
-rw-r--r--application/controllers/api/v2/api_info.php16
-rw-r--r--application/controllers/api/v2/file.php88
-rw-r--r--application/controllers/api/v2/user.php12
3 files changed, 116 insertions, 0 deletions
diff --git a/application/controllers/api/v2/api_info.php b/application/controllers/api/v2/api_info.php
new file mode 100644
index 000000000..f07086a1a
--- /dev/null
+++ b/application/controllers/api/v2/api_info.php
@@ -0,0 +1,16 @@
+<?php
+/*
+ * Copyright 2014-2015 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+namespace controllers\api\v2;
+
+class api_info extends \controllers\api\api_controller {
+ static public function get_version()
+ {
+ return "2.0.0";
+ }
+}
diff --git a/application/controllers/api/v2/file.php b/application/controllers/api/v2/file.php
new file mode 100644
index 000000000..ba80ae309
--- /dev/null
+++ b/application/controllers/api/v2/file.php
@@ -0,0 +1,88 @@
+<?php
+/*
+ * Copyright 2014-2015 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+namespace controllers\api\v2;
+
+class file extends \controllers\api\api_controller {
+ public function __construct()
+ {
+ parent::__construct();
+
+ $this->load->model('mfile');
+ $this->load->model('mmultipaste');
+ }
+
+ public function upload()
+ {
+ $this->muser->require_access("basic");
+
+ $files = getNormalizedFILES();
+
+ if (empty($files)) {
+ throw new \exceptions\PublicApiException("file/no-file", "No file was uploaded or unknown error occurred.");
+ }
+
+ \service\files::verify_uploaded_files($files);
+
+ $limits = $this->muser->get_upload_id_limits();
+ $urls = array();
+
+ foreach ($files as $file) {
+ $id = $this->mfile->new_id($limits[0], $limits[1]);
+ \service\files::add_uploaded_file($id, $file["tmp_name"], $file["name"]);
+ $ids[] = $id;
+ $urls[] = site_url($id).'/';
+ }
+
+ return array(
+ "ids" => $ids,
+ "urls" => $urls,
+ );
+ }
+
+ public function get_config()
+ {
+ return array(
+ "upload_max_size" => $this->config->item("upload_max_size"),
+ "max_files_per_request" => intval(ini_get("max_file_uploads")),
+ "max_input_vars" => intval(ini_get("max_input_vars")),
+ "request_max_size" => return_bytes(ini_get("post_max_size")),
+ );
+ }
+
+ public function history()
+ {
+ $this->muser->require_access("apikey");
+ $history = \service\files::history($this->muser->get_userid());
+ # APIv1-cleanup: Remove this
+ foreach ($history['multipaste_items'] as $key => $item) {
+ unset($history['multipaste_items'][$key]['user_id']);
+ unset($history['multipaste_items'][$key]['multipaste_id']);
+ }
+ return $history;
+ }
+
+ public function delete()
+ {
+ $this->muser->require_access("apikey");
+ $ids = $this->input->post("ids");
+ return \service\files::delete($ids);
+ }
+
+ public function create_multipaste()
+ {
+ $this->muser->require_access("basic");
+ $ids = $this->input->post("ids");
+ $userid = $this->muser->get_userid();
+ $limits = $this->muser->get_upload_id_limits();
+
+ return \service\files::create_multipaste($ids, $userid, $limits);
+ }
+
+}
+# vim: set noet:
diff --git a/application/controllers/api/v2/user.php b/application/controllers/api/v2/user.php
new file mode 100644
index 000000000..2a233fe52
--- /dev/null
+++ b/application/controllers/api/v2/user.php
@@ -0,0 +1,12 @@
+<?php
+/*
+ * Copyright 2014-2015 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+namespace controllers\api\v2;
+
+class user extends \controllers\api\v1\user {
+}