Upgrade twig to version 3 for php 8.1

[anoweco.git] / www / micropub.php

diff --git a/www/micropub.php b/www/micropub.php
index 0dd476a17f877b41bc9975471addeb8d1f633f50..ab6af864ff1fef631fc45db57db5e130414c0133 100644 (file)
--- a/www/micropub.php
+++ b/www/micropub.php
@@ -35,7 +35,8 @@ function validateToken($token)
         array(
             'http' => array(
                 'header' => array(
-                    'Authorization: Bearer ' . $token
+                    'Authorization: Bearer ' . $token,
+                    'Accept: application/json',
                 ),
                 'ignore_errors' => true,
             ),
@@ -52,10 +53,10 @@ function validateToken($token)
         );
     }
 
-    parse_str($res, $data);
+    $data = json_decode($res, true);
     //FIXME: they spit out non-micropub json error responess
-    verifyUrlParameter($data, 'me');
-    verifyUrlParameter($data, 'client_id');
+    verifyParameter($data, 'me');
+    verifyParameter($data, 'client_id');
     verifyParameter($data, 'scope');
 
     return [$data['me'], $data['client_id'], $data['scope']];
@@ -83,8 +84,10 @@ function handleCreate($json, $token)
     }
 
     $storage = new Storage();
+    $lb      = new Linkback();
     try {
         $id = $storage->addComment($json, $userId);
+        $lb->ping($id);
 
         header('HTTP/1.0 201 Created');
         header('Location: ' . Urls::full(Urls::comment($id)));
@@ -109,9 +112,13 @@ function handleCreate($json, $token)
 
 function getTokenFromHeader()
 {
-    if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+    if (isset($_SERVER['HTTP_AUTHORIZATION'])
+        && $_SERVER['HTTP_AUTHORIZATION'] != ''
+    ) {
         $auth = $_SERVER['HTTP_AUTHORIZATION'];
-    } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+    } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
+        && $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] != ''
+    ) {
         //php-cgi has it there
         $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
     } else {
@@ -120,11 +127,17 @@ function getTokenFromHeader()
             'Authorization HTTP header missing'
         );
     }
+    if (strpos($auth, ' ') === false) {
+        mpError(
+            'HTTP/1.0 403 Forbidden', 'forbidden',
+            'Authorization header must start with "Bearer "'
+        );
+    }
     list($bearer, $token) = explode(' ', $auth, 2);
     if ($bearer !== 'Bearer') {
         mpError(
             'HTTP/1.0 403 Forbidden', 'forbidden',
-            'Authorization header must start with "Bearer"'
+            'Authorization header must start with "Bearer "'
         );
     }
     return trim($token);
@@ -163,8 +176,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
             'Content-Type header missing.'
         );
     }
-    $ctype = $_SERVER['CONTENT_TYPE'];
-    if ($ctype == 'application/x-www-form-urlencoded') {
+    list($ctype) = explode(';', $_SERVER['CONTENT_TYPE'], 2);
+    $ctype = trim($ctype);
+    if ($ctype == 'application/x-www-form-urlencoded'
+        || $ctype == 'multipart/form-data'
+    ) {
         if (!isset($_POST['action'])) {
             $_POST['action'] = 'create';
         }
@@ -209,8 +225,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
         $json = $base;
         $json->properties = (object) $data;
         handleCreate($json, $token);
-    } else if ($ctype == 'application/javascript') {
-        $input = file_get_contents('php://stdin');
+    } else if ($ctype == 'application/json') {
+        $input = file_get_contents('php://input');
         $json  = json_decode($input);
         if ($json === null) {
             mpError(