From d1b3b7fbe4db703953a3c8e16fcfcb3621b19d56 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Thu, 4 Jan 2018 13:26:09 -0500 Subject: [PATCH] Review changes - Remove doc for unused config value - Restore api_get_user($a) calls --- doc/htconfig.md | 2 -- include/api.php | 10 ++++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/doc/htconfig.md b/doc/htconfig.md index 34045e5c12..a39bf0aade 100644 --- a/doc/htconfig.md +++ b/doc/htconfig.md @@ -25,7 +25,6 @@ Example: To set the directory value please add this line to your .htconfig.php: * **allowed_link_protocols** (Array) - Allowed protocols in links URLs, add at your own risk. http is always allowed. * **always_show_preview** (Boolean) - Only show small preview picures. Default value is false. -* **birthday_input_format** - Default value is "ymd". * **block_local_dir** (Boolean) - Blocks the access to the directory of the local users. * **auth_cookie_lifetime** (Integer) - Number of days that should pass without any activity before a user who chose "Remember me" when logging in is considered logged out. Defaults to 7. * **curl_range_bytes** - Maximum number of bytes that should be fetched. Default is 0, which mean "no limit". @@ -43,7 +42,6 @@ Example: To set the directory value please add this line to your .htconfig.php: * **disable_email_validation** (Boolean) - Disables the check if a mail address is in a valid format and can be resolved via DNS. * **disable_url_validation** (Boolean) - Disables the DNS lookup of an URL. * **dlogfile - location of the developer log file -* **event_input_format** - Default value is "ymd". * **frontend_worker_timeout** - Value in minutes after we think that a frontend task was killed by the webserver. Default value is 10. * **hsts** (Boolean) - Enables the sending of HTTP Strict Transport Security headers * **ignore_cache** (Boolean) - For development only. Disables the item cache. diff --git a/include/api.php b/include/api.php index bf038de90d..e527cb003b 100644 --- a/include/api.php +++ b/include/api.php @@ -1111,6 +1111,8 @@ function api_statuses_update($type) throw new ForbiddenException(); } + api_get_user($a); + // convert $_POST array items to the form we use for web posts. if (requestdata('htmlstatus')) { $txt = requestdata('htmlstatus'); @@ -1286,6 +1288,8 @@ function api_media_upload() throw new ForbiddenException(); } + api_get_user($a); + if (!x($_FILES, 'media')) { // Output error throw new BadRequestException("No media."); @@ -2112,6 +2116,8 @@ function api_statuses_repeat($type) throw new ForbiddenException(); } + api_get_user($a); + // params $id = intval($a->argv[3]); @@ -2190,6 +2196,8 @@ function api_statuses_destroy($type) throw new ForbiddenException(); } + api_get_user($a); + // params $id = intval($a->argv[3]); @@ -3524,6 +3532,8 @@ function api_ff_ids($type) throw new ForbiddenException(); } + api_get_user($a); + $stringify_ids = defaults($_REQUEST, 'stringify_ids', false); $r = q(