diff options
author | Florian Pritz <bluewind@xinu.at> | 2015-09-14 13:46:40 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2015-09-14 18:52:24 +0200 |
commit | b71797c7a3dd454ddf53ee6c14af5c5a22be9272 (patch) | |
tree | c1209d6bdbff8b62a57e61f6ecfa9bf3dbbd6a7e /application/service | |
parent | 441f9ceb06c5cbdb9fc258114d2aadb9e71d280a (diff) |
API 2.0: Remove private fields from file/history
Since this is a breaking change bump the api version to 2.
The private fields are user_id and multipaste_id which where leaked via
the multipaste_items field. This commit also adds a test case to both
api versions that checks the returned fields.
NOTE: Most of this commit is copied from the files of api v1 so when
viewing the diff use --find-copies-harder for an easy to read diff.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/service')
-rw-r--r-- | application/service/files.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/application/service/files.php b/application/service/files.php index 5e0dd140b..7cef73d97 100644 --- a/application/service/files.php +++ b/application/service/files.php @@ -51,7 +51,12 @@ class files { $multipaste_items_grouped = array(); $multipaste_items = array(); - $query = $CI->db->get_where("multipaste", array("user_id" => $user))->result_array(); + # APIv1-cleanup: Remove multipaste_id and user_id + $query = $CI->db + ->select('m.url_id, m.multipaste_id, m.user_id, m.date') + ->from("multipaste m") + ->where("user_id", $user) + ->get()->result_array(); $multipaste_info = array(); foreach ($query as $item) { $multipaste_info[$item["url_id"]] = $item; |