From b71797c7a3dd454ddf53ee6c14af5c5a22be9272 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 14 Sep 2015 13:46:40 +0200 Subject: API 2.0: Remove private fields from file/history Since this is a breaking change bump the api version to 2. The private fields are user_id and multipaste_id which where leaked via the multipaste_items field. This commit also adds a test case to both api versions that checks the returned fields. NOTE: Most of this commit is copied from the files of api v1 so when viewing the diff use --find-copies-harder for an easy to read diff. Signed-off-by: Florian Pritz --- application/service/files.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'application/service/files.php') diff --git a/application/service/files.php b/application/service/files.php index 5e0dd140b..7cef73d97 100644 --- a/application/service/files.php +++ b/application/service/files.php @@ -51,7 +51,12 @@ class files { $multipaste_items_grouped = array(); $multipaste_items = array(); - $query = $CI->db->get_where("multipaste", array("user_id" => $user))->result_array(); + # APIv1-cleanup: Remove multipaste_id and user_id + $query = $CI->db + ->select('m.url_id, m.multipaste_id, m.user_id, m.date') + ->from("multipaste m") + ->where("user_id", $user) + ->get()->result_array(); $multipaste_info = array(); foreach ($query as $item) { $multipaste_info[$item["url_id"]] = $item; -- cgit v1.2.3-24-g4f1b