diff options
author | icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-03-19 16:52:14 +0000 |
---|---|---|
committer | icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-03-19 16:52:14 +0000 |
commit | 48a856675272576a192b4967322d56f4a5d3e613 (patch) | |
tree | a8309f880e2865502a77b42f5e7540500be4e4ef | |
parent | 9dc1455158e86f162444394dd0e0092d474ae4cc (diff) | |
download | elgg-48a856675272576a192b4967322d56f4a5d3e613.tar.gz elgg-48a856675272576a192b4967322d56f4a5d3e613.tar.bz2 |
Marcus Povey <marcus@dushka.co.uk>
* Using simple cache for replay protection... still need to clear cache of old files etc.
git-svn-id: https://code.elgg.org/elgg/trunk@253 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | engine/lib/api.php | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index 1e842af8c..b86a8a09c 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -267,7 +267,7 @@ */ function execute_method($method, array $parameters, $token = "") { - global $METHODS; + global $METHODS, $CONFIG; // Sanity check $method = sanitise_string($method); @@ -278,7 +278,7 @@ { $serialised_parameters = ""; - $validated_userid = validate_user_token($ApiEnvironment->site_id, $token); + $validated_userid = validate_user_token($CONFIG->site_id, $token); if ((!$METHODS[$method]["require_auth"]) || ($validated_userid) || (isloggedin())) { @@ -378,7 +378,7 @@ "sha256" => "sha256" ); - if (array_key_exists($algo)) + if (array_key_exists($algo, $supported_algos)) return $supported_algos[$algo]; throw new APIException("Algorithm '$algo' is not supported or has been disabled."); @@ -440,7 +440,18 @@ { global $CONFIG; - throw new NotImplementedException("Writeme!"); + $cache_dir = $CONFIG->cache_path; + if (!$cache_dir) + throw new ConfigurationException("Cache directory 'cache_path' not set."); + + $cache = new ElggFileCache($cache_dir, 90000); // cache lifetime is 25 hours (see time window in get_and_validate_api_headers() ) + + if (!$result = $cache->load($hmac)) + { + $cache->save($hmac, $hmac); + + return false; + } return true; } @@ -612,7 +623,7 @@ global $CONFIG; $api_header = get_and_validate_api_headers(); // Get api header - $api_user = get_api_user($CONFIG->api_header->api_key); // Pull API user details + $api_user = get_api_user($CONFIG->site_id, $api_header->api_key); // Pull API user details if ($api_user) { |