mirror of
https://github.com/friendica/friendica
synced 2025-04-26 02:30:11 +00:00
allow_api removed
This commit is contained in:
Michael
parent
98b68b47f0
commit
42bd7918ad
3 changed files with 3 additions and 44 deletions
|
|
@ -73,27 +73,6 @@ define('API_LOG_PREFIX', 'API {action} - ');
|
|||
$API = [];
|
||||
$called_api = [];
|
||||
|
||||
/**
|
||||
* Auth API user
|
||||
*
|
||||
* It is not sufficient to use local_user() to check whether someone is allowed to use the API,
|
||||
* because this will open CSRF holes (just embed an image with src=friendicasite.com/api/statuses/update?status=CSRF
|
||||
* into a page, and visitors will post something without noticing it).
|
||||
*/
|
||||
function api_user()
|
||||
{
|
||||
$user = OAuth::getCurrentUserID();
|
||||
if (!empty($user)) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
if (!empty($_SESSION['allow_api'])) {
|
||||
return local_user();
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get source name from API client
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue