diff options
author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2010-09-28 22:14:31 +0000 |
---|---|---|
committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2010-09-28 22:14:31 +0000 |
commit | 22c9a01ee845d2b92fcab6b6cb10ac6ff0eec52e (patch) | |
tree | 5f5c876689ee1dc4d8054db29ce9946221b0045b /www/api/posts_delete.php | |
parent | df8216d607a9806b57b83eea9eb55577eae7d54f (diff) | |
download | semanticscuttle-22c9a01ee845d2b92fcab6b6cb10ac6ff0eec52e.tar.gz semanticscuttle-22c9a01ee845d2b92fcab6b6cb10ac6ff0eec52e.tar.bz2 |
rewrite api/posts/delete to be more secure and add unit tests for it
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@769 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'www/api/posts_delete.php')
-rw-r--r-- | www/api/posts_delete.php | 63 |
1 files changed, 45 insertions, 18 deletions
diff --git a/www/api/posts_delete.php b/www/api/posts_delete.php index a63cc62..982b686 100644 --- a/www/api/posts_delete.php +++ b/www/api/posts_delete.php @@ -1,33 +1,60 @@ <?php -// Implements the del.icio.us API request to delete a post. - -// del.icio.us behavior: -// - returns "done" even if the bookmark doesn't exist; -// - does NOT allow the hash for the url parameter; -// - doesn't set the Content-Type to text/xml (we do). +/** + * API for deleting a bookmark. + * The delicious API is implemented here. + * + * The delicious API behaves like that: + * - returns "done" even if the bookmark doesn't exist + * - we do it correctly + * - does NOT allow the hash for the url parameter + * - doesn't set the Content-Type to text/xml + * - we do it correctly, too + * + * SemanticScuttle - your social bookmark manager. + * + * PHP version 5. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net> + * @author Christian Weiske <cweiske@cweiske.de> + * @author Eric Dane <ericdane@users.sourceforge.net> + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ // Force HTTP authentication first! $httpContentType = 'text/xml'; require_once 'httpauth.inc.php'; -/* Service creation: only useful services are created */ -$bookmarkservice =SemanticScuttle_Service_Factory::get('Bookmark'); - +$bs = SemanticScuttle_Service_Factory::get('Bookmark'); +$uId = $userservice->getCurrentUserId(); -// Note that del.icio.us only errors out if no URL was passed in; there's no error on attempting -// to delete a bookmark you don't have. // Error out if there's no address -if (is_null($_REQUEST['url'])) { +if (!isset($_REQUEST['url']) + || $_REQUEST['url'] == '' +) { $deleted = false; +} else if (!$bs->bookmarkExists($_REQUEST['url'], $uId)) { + //the user does not have such a bookmark + // Note that del.icio.us only errors out if no URL was passed in; + // there's no error on attempting to delete a bookmark you don't have. + // this sucks, and I don't care about being different but correct here. + header('HTTP/1.0 404 Not Found'); + $deleted = false; + } else { - $bookmark = $bookmarkservice->getBookmarkByAddress($_REQUEST['url']); - $bid = $bookmark['bId']; - $delete = $bookmarkservice->deleteBookmark($bid); - $deleted = true; + $bookmark = $bs->getBookmarkByAddress($_REQUEST['url'], false); + $bId = $bookmark['bId']; + $deleted = $bs->deleteBookmark($bId); + if (!$deleted) { + //something really went wrong + header('HTTP/1.0 500 Internal Server Error'); + } } // Set up the XML file and output the result. -echo '<?xml version="1.0" standalone="yes" ?'.">\r\n"; -echo '<result code="'. ($deleted ? 'done' : 'something went wrong') .'" />'; +echo '<?xml version="1.0" standalone="yes" ?' . ">\r\n"; +echo '<result code="' . ($deleted ? 'done' : 'something went wrong') . '" />'; ?>
\ No newline at end of file |