diff options
| -rw-r--r-- | build.xml | 4 | ||||
| -rw-r--r-- | doc/ChangeLog | 8 | ||||
| -rw-r--r-- | src/SemanticScuttle/Service/Bookmark.php | 18 | ||||
| -rw-r--r-- | tests/AllTests.php | 1 | ||||
| -rw-r--r-- | www/api/posts_delete.php | 62 |
5 files changed, 66 insertions, 27 deletions
@@ -9,7 +9,7 @@ <property file="build.properties" /> <property name="version-m" value="0.97" /> - <property name="version" value="0.97.0" /> + <property name="version" value="0.97.1" /> <property name="zipfile" value="${phing.project.name}-${version}.zip" /> <property name="distfile" value="dist/${zipfile}" /> <property name="sfproject" value="SemanticScuttle" /> @@ -99,4 +99,4 @@ <fail unless="sffilepath" message="Sourceforge project file path not defined!" /> </target> -</project>
\ No newline at end of file +</project> diff --git a/doc/ChangeLog b/doc/ChangeLog index 5b4e4d3..92898c4 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,6 +1,14 @@ ChangeLog for SemantiScuttle ============================ +0.97.1 - 2010-09-30 +------------------- +This is a security release! We do highly recommend to update +your SemanticScuttle installations! + +- Fix bug #3077187: Permission problem when deleting bookmarks + + 0.97.0 - 2010-06-09 ------------------- - Many SQL optimizations - SemanticScuttle shows bookmarks 4 times faster now diff --git a/src/SemanticScuttle/Service/Bookmark.php b/src/SemanticScuttle/Service/Bookmark.php index 364b1a0..97e0d8f 100644 --- a/src/SemanticScuttle/Service/Bookmark.php +++ b/src/SemanticScuttle/Service/Bookmark.php @@ -168,7 +168,10 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService * Retrieves a bookmark with the given URL. * DOES NOT RESPECT PRIVACY SETTINGS! * - * @param string $hash URL + * @param string $address URL to get bookmarks for + * @param boolean $all Retrieve from all users (true) + * or only bookmarks owned by the current + * user (false) * * @return mixed Array with bookmark data or false in case * of an error (i.e. not found). @@ -176,9 +179,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService * @uses getBookmarkByHash() * @see getBookmarkByShortname() */ - public function getBookmarkByAddress($address) + public function getBookmarkByAddress($address, $all = true) { - return $this->getBookmarkByHash($this->getHash($address)); + return $this->getBookmarkByHash($this->getHash($address), $all); } @@ -187,16 +190,19 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService * Retrieves a bookmark with the given hash. * DOES NOT RESPECT PRIVACY SETTINGS! * - * @param string $hash URL hash + * @param string $hash URL hash + * @param boolean $all Retrieve from all users (true) + * or only bookmarks owned by the current + * user (false) * * @return mixed Array with bookmark data or false in case * of an error (i.e. not found). * * @see getHash() */ - public function getBookmarkByHash($hash) + public function getBookmarkByHash($hash, $all = true) { - return $this->_getbookmark('bHash', $hash, true); + return $this->_getbookmark('bHash', $hash, $all); } diff --git a/tests/AllTests.php b/tests/AllTests.php index d29de7f..1266041 100644 --- a/tests/AllTests.php +++ b/tests/AllTests.php @@ -64,6 +64,7 @@ class AllTests extends PHPUnit_Framework_TestSuite $suite->addTestFile($tdir . '/TagTest.php'); $suite->addTestFile($tdir . '/VoteTest.php'); $suite->addTestFile($tdir . '/UserTest.php'); + $suite->addTestFile($tdir . '/Api/PostsDeleteTest.php'); return $suite; } diff --git a/www/api/posts_delete.php b/www/api/posts_delete.php index a63cc62..69b2429 100644 --- a/www/api/posts_delete.php +++ b/www/api/posts_delete.php @@ -1,33 +1,57 @@ <?php -// Implements the del.icio.us API request to delete a post. - -// del.icio.us behavior: -// - returns "done" even if the bookmark doesn't exist; -// - does NOT allow the hash for the url parameter; -// - doesn't set the Content-Type to text/xml (we do). +/** + * API for deleting a bookmark. + * The delicious API is implemented here. + * + * The delicious API behaves like that: + * - does NOT allow the hash for the url parameter + * - doesn't set the Content-Type to text/xml + * - we do it correctly, too + * + * SemanticScuttle - your social bookmark manager. + * + * PHP version 5. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net> + * @author Christian Weiske <cweiske@cweiske.de> + * @author Eric Dane <ericdane@users.sourceforge.net> + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + * @link http://www.delicious.com/help/api + */ // Force HTTP authentication first! $httpContentType = 'text/xml'; require_once 'httpauth.inc.php'; -/* Service creation: only useful services are created */ -$bookmarkservice =SemanticScuttle_Service_Factory::get('Bookmark'); - +$bs = SemanticScuttle_Service_Factory::get('Bookmark'); +$uId = $userservice->getCurrentUserId(); -// Note that del.icio.us only errors out if no URL was passed in; there's no error on attempting -// to delete a bookmark you don't have. // Error out if there's no address -if (is_null($_REQUEST['url'])) { - $deleted = false; +if (!isset($_REQUEST['url']) + || $_REQUEST['url'] == '' +) { + $msg = 'something went wrong'; +} else if (!$bs->bookmarkExists($_REQUEST['url'], $uId)) { + //the user does not have such a bookmark + header('HTTP/1.0 404 Not Found'); + $msg = 'item not found'; } else { - $bookmark = $bookmarkservice->getBookmarkByAddress($_REQUEST['url']); - $bid = $bookmark['bId']; - $delete = $bookmarkservice->deleteBookmark($bid); - $deleted = true; + $bookmark = $bs->getBookmarkByAddress($_REQUEST['url'], false); + $bId = $bookmark['bId']; + $deleted = $bs->deleteBookmark($bId); + $msg = 'done'; + if (!$deleted) { + //something really went wrong + header('HTTP/1.0 500 Internal Server Error'); + $msg = 'something really went wrong'; + } } // Set up the XML file and output the result. -echo '<?xml version="1.0" standalone="yes" ?'.">\r\n"; -echo '<result code="'. ($deleted ? 'done' : 'something went wrong') .'" />'; +echo '<?xml version="1.0" standalone="yes" ?' . ">\r\n"; +echo '<result code="' . $msg . '" />'; ?>
\ No newline at end of file |