From c01ca1583c74d77ca71829917090a23ec3174395 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 20 Jul 2021 21:45:42 +0000 Subject: [PATCH] Added permission check --- src/Factory/Api/Mastodon/Status.php | 2 +- src/Module/Api/Mastodon/Statuses/Card.php | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/Factory/Api/Mastodon/Status.php b/src/Factory/Api/Mastodon/Status.php index 69257d652b..42f02a725c 100644 --- a/src/Factory/Api/Mastodon/Status.php +++ b/src/Factory/Api/Mastodon/Status.php @@ -79,7 +79,7 @@ class Status extends BaseFactory 'thr-parent-id', 'parent-author-id', 'language', 'uri', 'plink', 'private', 'vid', 'gravity']; $item = Post::selectFirst($fields, ['uri-id' => $uriId, 'uid' => [0, $uid]], ['order' => ['uid' => true]]); if (!$item) { - throw new HTTPException\NotFoundException('Item with URI ID ' . $uriId . 'not found' . ($uid ? ' for user ' . $uid : '.')); + throw new HTTPException\NotFoundException('Item with URI ID ' . $uriId . ' not found' . ($uid ? ' for user ' . $uid : '.')); } $account = $this->mstdnAccountFactory->createFromContactId($item['author-id']); diff --git a/src/Module/Api/Mastodon/Statuses/Card.php b/src/Module/Api/Mastodon/Statuses/Card.php index 48facb2f0a..2fe4825544 100644 --- a/src/Module/Api/Mastodon/Statuses/Card.php +++ b/src/Module/Api/Mastodon/Statuses/Card.php @@ -23,7 +23,9 @@ namespace Friendica\Module\Api\Mastodon\Statuses; use Friendica\Core\System; use Friendica\DI; +use Friendica\Model\Post; use Friendica\Module\BaseApi; +use Friendica\Network\HTTPException; /** * @see https://docs.joinmastodon.org/methods/statuses/ @@ -42,12 +44,12 @@ class Card extends BaseApi DI::mstdnError()->UnprocessableEntity(); } - $request = self::getRequest([ - 'limit' => 40, // Maximum number of results to return. Defaults to 40. - ]); - $id = $parameters['id']; + if (!Post::exists(['uri-id' => $id, 'uid' => [0, $uid]])) { + throw new HTTPException\NotFoundException('Item with URI ID ' . $id . ' not found' . ($uid ? ' for user ' . $uid : '.')); + } + $card = DI::mstdnCard()->createFromUriId($id); System::jsonExit($card->toArray());