diff options
| author | Florian Pritz <bluewind@xinu.at> | 2015-02-15 11:11:49 +0100 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2015-02-15 11:11:49 +0100 |
| commit | 45c16c802720faf9de6c3028ba41753c5edba974 (patch) | |
| tree | e20148091cf0f9b6ff11efe65a76cfe1d1bad24c /application/core | |
| parent | 9535ede862e01d834ebdd553184b1f6544b06d2c (diff) | |
| parent | 01226a9afd760a920e9cb3377913ee296f0ab2ca (diff) | |
Merge branch 'api-rework' into working
Diffstat (limited to 'application/core')
| -rw-r--r-- | application/core/MY_Controller.php | 30 |
1 files changed, 8 insertions, 22 deletions
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php index 22c1a9a1a..a58d03563 100644 --- a/application/core/MY_Controller.php +++ b/application/core/MY_Controller.php @@ -11,9 +11,6 @@ class MY_Controller extends CI_Controller { public $data = array(); public $var; - protected $json_enabled_functions = array( - ); - function __construct() { parent::__construct(); @@ -21,10 +18,12 @@ class MY_Controller extends CI_Controller { $this->var = new StdClass(); $csrf_protection = true; + $this->load->library('customautoloader'); + // check if DB is up to date if (!$this->input->is_cli_request()) { if (!$this->db->table_exists('migrations')){ - show_error("Database not initialized. Can't find migrations table. Please run the migration script. (php index.php tools update_database)"); + throw new \exceptions\PublicApiException("general/db/not-initialized", "Database not initialized. Can't find migrations table. Please run the migration script. (php index.php tools update_database)"); } else { $this->config->load("migration", true); $target_version = $this->config->item("migration_version", "migration"); @@ -34,7 +33,7 @@ class MY_Controller extends CI_Controller { $current_version = $row ? $row->version : 0; if ($current_version != $target_version) { - show_error("Database version is $current_version, we want $target_version. Please run the migration script. (php index.php tools update_database)"); + throw new \exceptions\PublicApiException("general/db/wrong-version", "Database version is $current_version, we want $target_version. Please run the migration script. (php index.php tools update_database)"); } } } @@ -44,25 +43,12 @@ class MY_Controller extends CI_Controller { mb_internal_encoding('UTF-8'); $this->load->helper(array('form', 'filebin')); - $this->load->library('customautoloader'); - - // TODO: proper accept header handling or is this enough? - if (isset($_SERVER["HTTP_ACCEPT"])) { - if ($_SERVER["HTTP_ACCEPT"] == "application/json") { - static_storage("response_type", "json"); - } - } - - // Allow for easier testing in browser - if ($this->input->get("json") !== false) { - static_storage("response_type", "json"); - } - if (static_storage("response_type") == "json" && ! in_array($this->uri->rsegment(2), $this->json_enabled_functions)) { - show_error("Function not JSON enabled"); + if ($this->uri->segment(1) == "api") { + is_cli_client(true); } - if ($this->input->post("apikey") !== false) { + if ($this->input->post("apikey") !== false || is_cli_client()) { /* This relies on the authentication code always verifying the supplied * apikey. If the key is not verified/logged in an attacker could simply * add an empty "apikey" field to the CSRF form to circumvent the @@ -109,7 +95,7 @@ class MY_Controller extends CI_Controller { $this->security->csrf_verify(); } - if ($this->config->item("environment") == "development" && static_storage("response_type") != "json") { + if ($this->config->item("environment") == "development") { $this->output->enable_profiler(true); } |