API 2.0: Remove private fields from file/history

Since this is a breaking change bump the api version to 2. The private fields are user_id and multipaste_id which where leaked via the multipaste_items field. This commit also adds a test case to both api versions that checks the returned fields. NOTE: Most of this commit is copied from the files of api v1 so when viewing the diff use --find-copies-harder for an easy to read diff. Signed-off-by: Florian Pritz <bluewind@xinu.at>
author: Florian Pritz <bluewind@xinu.at> 2015-09-14 13:46:40 +0200
committer: Florian Pritz <bluewind@xinu.at> 2015-09-14 18:52:24 +0200
commit: b71797c7a3dd454ddf53ee6c14af5c5a22be9272 (patch)
tree: c1209d6bdbff8b62a57e61f6ecfa9bf3dbbd6a7e /application/service
parent: 441f9ceb06c5cbdb9fc258114d2aadb9e71d280a (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/application/service/files.php b/application/service/files.php
index 5e0dd140b..7cef73d97 100644
--- a/application/service/files.php
+++ b/application/service/files.php
@@ -51,7 +51,12 @@ class files {
 		$multipaste_items_grouped = array();
 		$multipaste_items = array();
 
-		$query = $CI->db->get_where("multipaste", array("user_id" => $user))->result_array();
+		# APIv1-cleanup: Remove multipaste_id and user_id
+		$query = $CI->db
+			->select('m.url_id, m.multipaste_id, m.user_id, m.date')
+			->from("multipaste m")
+			->where("user_id", $user)
+			->get()->result_array();
 		$multipaste_info = array();
 		foreach ($query as $item) {
 			$multipaste_info[$item["url_id"]] = $item;
author	Florian Pritz <bluewind@xinu.at>	2015-09-14 13:46:40 +0200
committer	Florian Pritz <bluewind@xinu.at>	2015-09-14 18:52:24 +0200
commit	b71797c7a3dd454ddf53ee6c14af5c5a22be9272 (patch)
tree	c1209d6bdbff8b62a57e61f6ecfa9bf3dbbd6a7e /application/service
parent	441f9ceb06c5cbdb9fc258114d2aadb9e71d280a (diff)