From d9c895ce4f53b180fc11c3b5a172c4cf787b1279 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Tue, 3 Feb 2015 11:18:28 +0100
Subject: Remove unstable json api

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/controllers/file.php     | 20 --------------------
 application/controllers/user.php     |  9 ---------
 application/core/MY_Controller.php   | 29 ++---------------------------
 application/errors/error_general.php | 11 -----------
 4 files changed, 2 insertions(+), 67 deletions(-)

diff --git a/application/controllers/file.php b/application/controllers/file.php
index e35978a1e..63f6a71b5 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -9,13 +9,6 @@
 
 class File extends MY_Controller {
 
-	protected $json_enabled_functions = array(
-		"upload_history",
-		"do_upload",
-		"do_delete",
-		"do_multipaste",
-	);
-
 	function __construct()
 	{
 		parent::__construct();
@@ -470,10 +463,6 @@ class File extends MY_Controller {
 			}
 		}
 
-		if (static_storage("response_type") == "json") {
-			return send_json_reply($this->data["urls"]);
-		}
-
 		if (is_cli_client()) {
 			$redirect = false;
 		}
@@ -740,15 +729,6 @@ class File extends MY_Controller {
 			);
 		}
 
-		if (static_storage("response_type") == "json") {
-			return send_json_reply(array(
-				"errors" => $errors,
-				"deleted" => $deleted,
-				"total_count" => $total_count,
-				"deleted_count" => $deleted_count,
-			));
-		}
-
 		$this->data["errors"] = $errors;
 		$this->data["deleted_count"] = $deleted_count;
 		$this->data["total_count"] = $total_count;
diff --git a/application/controllers/user.php b/application/controllers/user.php
index 62569e1f1..aba2a8ec1 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -8,11 +8,6 @@
  */
 
 class User extends MY_Controller {
-	protected $json_enabled_functions = array(
-		"create_apikey",
-		"apikeys",
-	);
-
 
 	function __construct()
 	{
@@ -93,10 +88,6 @@ class User extends MY_Controller {
 
 		$key = \service\user::create_apikey($userid, $comment, $access_level);
 
-		if (static_storage("response_type") == "json") {
-			return send_json_reply(array("new_key" => $key));
-		}
-
 		if (is_cli_client()) {
 			echo "$key\n";
 		} else {
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php
index fc08b10ae..0f71a7fdc 100644
--- a/application/core/MY_Controller.php
+++ b/application/core/MY_Controller.php
@@ -11,9 +11,6 @@ class MY_Controller extends CI_Controller {
 	public $data = array();
 	public $var;
 
-	protected $json_enabled_functions = array(
-	);
-
 	function __construct()
 	{
 		parent::__construct();
@@ -46,33 +43,11 @@ class MY_Controller extends CI_Controller {
 		$this->load->helper(array('form', 'filebin'));
 		$this->load->library('customautoloader');
 
-		// TODO: proper accept header handling or is this enough?
-		if (isset($_SERVER["HTTP_ACCEPT"])) {
-			if ($_SERVER["HTTP_ACCEPT"] == "application/json") {
-				static_storage("response_type", "json");
-			}
-		}
-
-		// Allow for easier testing in browser
-		if ($this->input->get("json") !== false) {
-			static_storage("response_type", "json");
-		}
-
-		// TODO: this should probably call a function in the controller that does the checking
-		//       instead of checking if the controller name == "api"
-		if (static_storage("response_type") == "json"
-			&& $this->uri->segment(1) != "api"
-			&& ! in_array($this->uri->rsegment(2), $this->json_enabled_functions)) {
-			show_error("Function not JSON enabled");
-		}
-
 		if ($this->uri->segment(1) == "api") {
 			is_cli_client(true);
 		}
 
-		if ($this->input->post("apikey") !== false
-				|| ($this->input->post("username") !== false
-					&& $this->input->post("password") !== false)) {
+		if ($this->input->post("apikey") !== false || is_cli_client()) {
 			/* This relies on the authentication code always verifying the supplied
 			 * apikey. If the key is not verified/logged in an attacker could simply
 			 * add an empty "apikey" field to the CSRF form to circumvent the
@@ -119,7 +94,7 @@ class MY_Controller extends CI_Controller {
 			$this->security->csrf_verify();
 		}
 
-		if ($this->config->item("environment") == "development" && static_storage("response_type") != "json") {
+		if ($this->config->item("environment") == "development") {
 			$this->output->enable_profiler(true);
 		}
 
diff --git a/application/errors/error_general.php b/application/errors/error_general.php
index 844dfb74d..87d5b62f6 100644
--- a/application/errors/error_general.php
+++ b/application/errors/error_general.php
@@ -15,17 +15,6 @@ if (class_exists("CI_Controller") && !isset($GLOBALS["is_error_page"])) {
 		is_cli_client(true);
 	}
 
-	if (static_storage("response_type") == "json") {
-		$message = str_replace("</p>", "</p>\n", $message);
-		$array = array(
-			"status" => "error",
-			"message" => strip_tags($message),
-		);
-		header('Content-type: application/json');
-		echo json_encode($array);
-		exit();
-	}
-
 	if (is_cli_client()) {
 		$message = str_replace("</p>", "</p>\n", $message);
 		$message = strip_tags($message);
-- 
cgit v1.2.3-24-g4f1b