diff options
author | Florian Pritz <bluewind@xinu.at> | 2015-09-14 13:46:40 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2015-09-14 18:52:24 +0200 |
commit | b71797c7a3dd454ddf53ee6c14af5c5a22be9272 (patch) | |
tree | c1209d6bdbff8b62a57e61f6ecfa9bf3dbbd6a7e /application/controllers | |
parent | 441f9ceb06c5cbdb9fc258114d2aadb9e71d280a (diff) |
API 2.0: Remove private fields from file/history
Since this is a breaking change bump the api version to 2.
The private fields are user_id and multipaste_id which where leaked via
the multipaste_items field. This commit also adds a test case to both
api versions that checks the returned fields.
NOTE: Most of this commit is copied from the files of api v1 so when
viewing the diff use --find-copies-harder for an easy to read diff.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers')
-rw-r--r-- | application/controllers/api/v2/api_info.php | 16 | ||||
-rw-r--r-- | application/controllers/api/v2/file.php | 88 | ||||
-rw-r--r-- | application/controllers/api/v2/user.php | 12 |
3 files changed, 116 insertions, 0 deletions
diff --git a/application/controllers/api/v2/api_info.php b/application/controllers/api/v2/api_info.php new file mode 100644 index 000000000..f07086a1a --- /dev/null +++ b/application/controllers/api/v2/api_info.php @@ -0,0 +1,16 @@ +<?php +/* + * Copyright 2014-2015 Florian "Bluewind" Pritz <bluewind@server-speed.net> + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ +namespace controllers\api\v2; + +class api_info extends \controllers\api\api_controller { + static public function get_version() + { + return "2.0.0"; + } +} diff --git a/application/controllers/api/v2/file.php b/application/controllers/api/v2/file.php new file mode 100644 index 000000000..ba80ae309 --- /dev/null +++ b/application/controllers/api/v2/file.php @@ -0,0 +1,88 @@ +<?php +/* + * Copyright 2014-2015 Florian "Bluewind" Pritz <bluewind@server-speed.net> + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ +namespace controllers\api\v2; + +class file extends \controllers\api\api_controller { + public function __construct() + { + parent::__construct(); + + $this->load->model('mfile'); + $this->load->model('mmultipaste'); + } + + public function upload() + { + $this->muser->require_access("basic"); + + $files = getNormalizedFILES(); + + if (empty($files)) { + throw new \exceptions\PublicApiException("file/no-file", "No file was uploaded or unknown error occurred."); + } + + \service\files::verify_uploaded_files($files); + + $limits = $this->muser->get_upload_id_limits(); + $urls = array(); + + foreach ($files as $file) { + $id = $this->mfile->new_id($limits[0], $limits[1]); + \service\files::add_uploaded_file($id, $file["tmp_name"], $file["name"]); + $ids[] = $id; + $urls[] = site_url($id).'/'; + } + + return array( + "ids" => $ids, + "urls" => $urls, + ); + } + + public function get_config() + { + return array( + "upload_max_size" => $this->config->item("upload_max_size"), + "max_files_per_request" => intval(ini_get("max_file_uploads")), + "max_input_vars" => intval(ini_get("max_input_vars")), + "request_max_size" => return_bytes(ini_get("post_max_size")), + ); + } + + public function history() + { + $this->muser->require_access("apikey"); + $history = \service\files::history($this->muser->get_userid()); + # APIv1-cleanup: Remove this + foreach ($history['multipaste_items'] as $key => $item) { + unset($history['multipaste_items'][$key]['user_id']); + unset($history['multipaste_items'][$key]['multipaste_id']); + } + return $history; + } + + public function delete() + { + $this->muser->require_access("apikey"); + $ids = $this->input->post("ids"); + return \service\files::delete($ids); + } + + public function create_multipaste() + { + $this->muser->require_access("basic"); + $ids = $this->input->post("ids"); + $userid = $this->muser->get_userid(); + $limits = $this->muser->get_upload_id_limits(); + + return \service\files::create_multipaste($ids, $userid, $limits); + } + +} +# vim: set noet: diff --git a/application/controllers/api/v2/user.php b/application/controllers/api/v2/user.php new file mode 100644 index 000000000..2a233fe52 --- /dev/null +++ b/application/controllers/api/v2/user.php @@ -0,0 +1,12 @@ +<?php +/* + * Copyright 2014-2015 Florian "Bluewind" Pritz <bluewind@server-speed.net> + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ +namespace controllers\api\v2; + +class user extends \controllers\api\v1\user { +} |