aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/lib/api.php52
-rw-r--r--languages/en.php30
2 files changed, 55 insertions, 27 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 6ce5bd29c..11543da21 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -223,7 +223,7 @@
$site = (int)$site;
$token = sanitise_string($token);
- if (!$site) throw new ConfigurationException("No site ID has been specified.");
+ if (!$site) throw new ConfigurationException(elgg_echo('ConfigurationException:NoSiteID'));
$time = time();
@@ -274,7 +274,7 @@
case 'POST' : $METHODS[$method]["call_method"] = 'POST'; break;
case 'GET' : $METHODS[$method]["call_method"] = 'GET'; break;
default :
- throw new InvalidParameterException("Unrecognised call method '$call_method'");
+ throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:UnrecognisedMethod'), $method));
}
$METHODS[$method]["description"] = $description;
@@ -333,7 +333,7 @@
(!isset($parameters[$key])) && // No parameter
((!isset($value['required'])) || ($value['required']!=true)) // and not optional
)
- throw new APIException("Missing parameter $key in method $method");
+ throw new APIException(sprintf(elgg_echo('APIException:MissingParameterInMethod'), $key, $method));
else
{
// Avoid debug error
@@ -371,20 +371,20 @@
$array = trim($array,",");
}
else
- throw APIException("$key does not appear to be an array.");
+ throw APIException(sprintf(elgg_echo('APIException:ParameterNotArray'), $key));
$array .= ")";
$serialised_parameters .= $array;
break;
- default : throw new APIException("Unrecognised type in cast {$value['type']} for variable '$key' in method '$method'");
+ default : throw new APIException(sprintf(elgg_echo('APIException:UnrecognisedTypeCast'), $value['type'], $key, $method));
}
}
}
}
else
- throw new APIException("Invalid parameter found for '$key' in method '$method'.");
+ throw new APIException(sprintf(elgg_echo('APIException:InvalidParameter'), $key, $method));
}
}
@@ -399,22 +399,22 @@
return $result;
if ($result === FALSE)
- throw new APIException("$function($serialised_parameters) has a parsing error.");
+ throw new APIException(sprintf(elgg_echo('APIException:FunctionParseError'), $function, $serialised_parameters));
if ($result === NULL)
- throw new APIException("$function($serialised_parameters) returned no value."); // If no value
+ throw new APIException(sprintf(elgg_echo('APIException:FunctionNoReturn'), $function, $serialised_parameters)); // If no value
return SuccessResult::getInstance($result); // Otherwise assume that the call was successful and return it as a success object.
}
else
- throw new SecurityException("Authentication token either missing, invalid or expired.", GenericResult::$RESULT_FAIL_AUTHTOKEN);
+ throw new SecurityException(elgg_echo('SecurityException:AuthTokenExpired'), GenericResult::$RESULT_FAIL_AUTHTOKEN);
}
else
- throw new CallException("$method must be called using '{$METHODS[$method]["call_method"]}'");
+ throw new CallException(sprintf(elgg_echo('CallException:InvalidCallMethod'), $method, $METHODS[$method]["call_method"]));
}
// Return an error if not found
- throw new APIException("Method call '$method' has not been implemented.");
+ throw new APIException(sprintf(elgg_echo('APIException:MethodCallNotImplemented'), $method));
}
// System functions ///////////////////////////////////////////////////////////////////////
@@ -455,7 +455,7 @@
if (array_key_exists($algo, $supported_algos))
return $supported_algos[$algo];
- throw new APIException("Algorithm '$algo' is not supported or has been disabled.");
+ throw new APIException(sprintf(elgg_echo('APIException:AlgorithmNotSupported'), $algo));
}
/**
@@ -516,7 +516,7 @@
$cache_dir = $CONFIG->cache_path;
if (!$cache_dir)
- throw new ConfigurationException("Cache directory 'cache_path' not set.");
+ throw new ConfigurationException(elgg_echo('ConfigurationException:CacheDirNotSet'));
$cache = new ElggFileCache($cache_dir, 90000); // cache lifetime is 25 hours (see time window in get_and_validate_api_headers() )
@@ -560,43 +560,43 @@
$result->method = $_SERVER['REQUEST_METHOD'];
if (($result->method != "GET") && ($result->method!= "POST")) // Only allow these methods
- throw new APIException("Request method must be GET or POST");
+ throw new APIException(elgg_echo('APIException:NotGetOrPost'));
$result->api_key = $_SERVER['HTTP_X_ELGG_APIKEY'];
if ($result->api_key == "")
- throw new APIException("Missing X-Elgg-apikey HTTP header");
+ throw new APIException(elgg_echo('APIException:MissingAPIKey'));
$result->hmac = $_SERVER['HTTP_X_ELGG_HMAC'];
if ($result->hmac == "")
- throw new APIException("Missing X-Elgg-hmac header");
+ throw new APIException(elgg_echo('APIException:MissingHmac'));
$result->hmac_algo = $_SERVER['HTTP_X_ELGG_HMAC_ALGO'];
if ($result->hmac_algo == "")
- throw new APIException("Missing X-Elgg-hmac-algo header");
+ throw new APIException(elgg_echo('APIException:MissingHmacAlgo'));
$result->time = $_SERVER['HTTP_X_ELGG_TIME'];
if ($result->time == "")
- throw new APIException("Missing X-Elgg-time header");
+ throw new APIException(elgg_echo('APIException:MissingTime'));
if (($result->time<(microtime(true)-86400.00)) || ($result->time>(microtime(true)+86400.00))) // Basic timecheck, think about making this smaller if we get loads of users and the cache gets really big.
- throw new APIException("X-Elgg-time is too far in the past or future");
+ throw new APIException(elgg_echo('APIException:TemporalDrift'));
$result->get_variables = $_SERVER['QUERY_STRING'];
if ($result->get_variables == "")
- throw new APIException("No data on the query string");
+ throw new APIException(elgg_echo('APIException:NoQueryString'));
if ($result->method=="POST")
{
$result->posthash = $_SERVER['HTTP_X_ELGG_POSTHASH'];
if ($result->posthash == "")
- throw new APIException("Missing X-Elgg-posthash header");
+ throw new APIException(elgg_echo('APIException:MissingPOSTHash'));
$result->posthash_algo = $_SERVER['HTTP_X_ELGG_POSTHASH_ALGO'];
if ($result->posthash_algo == "")
- throw new APIException("Missing X-Elgg-posthash_algo header");
+ throw new APIException(elgg_echo('APIException:MissingPOSTAlgo'));
$result->content_type = $_SERVER['CONTENT_TYPE'];
if ($result->content_type == "")
- throw new APIException("Missing content type for post data");
+ throw new APIException(elgg_echo('APIException:MissingContentType'));
}
return $result;
@@ -662,20 +662,20 @@
$calculated_posthash = calculate_posthash($postdata, $api_header->posthash_algo);
if (strcmp($api_header->posthash, $calculated_posthash)!=0)
- throw new SecurityException("POST data hash is invalid - Expected $calculated_posthash but got {$api_header->posthash}.");
+ throw new SecurityException(sprintf(elgg_echo('SecurityException:InvalidPostHash'), $calculated_posthash, $api_header->posthash));
}
// If we've passed all the checks so far then we can be reasonably certain that the request is authentic, so return this fact to the PAM engine.
return true;
}
else
- throw new SecurityException("Packet signature already seen.");
+ throw new SecurityException(elgg_echo('SecurityException:DupePacket'));
}
else
throw new SecurityException("HMAC is invalid. {$api_header->hmac} != [calc]$hmac = {$api_header->hmac_algo}(**SECRET KEY**, time:{$api_header->time}, apikey:{$api_header->api_key}, get_vars:{$api_header->get_variables}" . ($api_header->method=="POST"? "posthash:$api_header->posthash}" : ")"));
}
else
- throw new SecurityException("Invalid or missing API Key.",ErrorResult::$RESULT_FAIL_APIKEY_INVALID);
+ throw new SecurityException(elgg_echo('SecurityException:InvalidAPIKey'),ErrorResult::$RESULT_FAIL_APIKEY_INVALID);
return false;
}
diff --git a/languages/en.php b/languages/en.php
index 3fde82ee5..c177ba305 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -97,7 +97,35 @@
'SecurityException:APIAccessDenied' => "Sorry, API access has been disabled by the administrator.",
'SecurityException:NoAuthMethods' => "No authentication methods were found that could authenticate this API request.",
- 'APIException:ApiResultUnknown' => "API Result is of an unknown type, this should never happen.",
+ 'APIException:ApiResultUnknown' => "API Result is of an unknown type, this should never happen.",
+
+ 'ConfigurationException:NoSiteID' => "No site ID has been specified.",
+ 'InvalidParameterException:UnrecognisedMethod' => "Unrecognised call method '%s'",
+ 'APIException:MissingParameterInMethod' => "Missing parameter %s in method %s",
+ 'APIException:ParameterNotArray' => "%s does not appear to be an array.",
+ 'APIException:UnrecognisedTypeCast' => "Unrecognised type in cast %s for variable '%s' in method '%s'",
+ 'APIException:InvalidParameter' => "Invalid parameter found for '%s' in method '%s'.",
+ 'APIException:FunctionParseError' => "%s(%s) has a parsing error.",
+ 'APIException:FunctionNoReturn' => "%s(%s) returned no value.",
+ 'SecurityException:AuthTokenExpired' => "Authentication token either missing, invalid or expired.",
+ 'CallException:InvalidCallMethod' => "%s must be called using '%s'",
+ 'APIException:MethodCallNotImplemented' => "Method call '%s' has not been implemented.",
+ 'APIException:AlgorithmNotSupported' => "Algorithm '%s' is not supported or has been disabled.",
+ 'ConfigurationException:CacheDirNotSet' => "Cache directory 'cache_path' not set.",
+ 'APIException:NotGetOrPost' => "Request method must be GET or POST",
+ 'APIException:MissingAPIKey' => "Missing X-Elgg-apikey HTTP header",
+ 'APIException:MissingHmac' => "Missing X-Elgg-hmac header",
+ 'APIException:MissingHmacAlgo' => "Missing X-Elgg-hmac-algo header",
+ 'APIException:MissingTime' => "Missing X-Elgg-time header",
+ 'APIException:TemporalDrift' => "X-Elgg-time is too far in the past or future",
+ 'APIException:NoQueryString' => "No data on the query string",
+ 'APIException:MissingPOSTHash' => "Missing X-Elgg-posthash header",
+ 'APIException:MissingPOSTAlgo' => "Missing X-Elgg-posthash_algo header",
+ 'APIException:MissingContentType' => "Missing content type for post data",
+ 'SecurityException:InvalidPostHash' => "POST data hash is invalid - Expected %s but got %s.",
+ 'SecurityException:DupePacket' => "Packet signature already seen.",
+ 'SecurityException:InvalidAPIKey' => "Invalid or missing API Key.",
+
/**
* User details
*/