API 2.0: Remove private fields from file/history

Since this is a breaking change bump the api version to 2.

The private fields are user_id and multipaste_id which where leaked via
the multipaste_items field. This commit also adds a test case to both
api versions that checks the returned fields.

NOTE: Most of this commit is copied from the files of api v1 so when
viewing the diff use --find-copies-harder for an easy to read diff.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

1 files changed, 6 insertions, 1 deletions

diff --git a/application/service/files.php b/application/service/files.php
index 5e0dd140b..7cef73d97 100644
--- a/application/service/files.php
+++ b/application/service/files.php
@@ -51,7 +51,12 @@ class files {
 		$multipaste_items_grouped = array();
 		$multipaste_items = array();
 
-		$query = $CI->db->get_where("multipaste", array("user_id" => $user))->result_array();
+		# APIv1-cleanup: Remove multipaste_id and user_id
+		$query = $CI->db
+			->select('m.url_id, m.multipaste_id, m.user_id, m.date')
+			->from("multipaste m")
+			->where("user_id", $user)
+			->get()->result_array();
 		$multipaste_info = array();
 		foreach ($query as $item) {
 			$multipaste_info[$item["url_id"]] = $item;