array(
'http' => array(
'header' => array(
- 'Authorization: Bearer ' . $token
+ 'Authorization: Bearer ' . $token,
+ 'Accept: application/json',
),
'ignore_errors' => true,
),
);
}
- parse_str($res, $data);
+ $data = json_decode($res, true);
//FIXME: they spit out non-micropub json error responess
- verifyUrlParameter($data, 'me');
- verifyUrlParameter($data, 'client_id');
+ verifyParameter($data, 'me');
+ verifyParameter($data, 'client_id');
verifyParameter($data, 'scope');
return [$data['me'], $data['client_id'], $data['scope']];
);
}
- if (!isset($json->properties->{'in-reply-to'})) {
- mpError(
- 'HTTP/1.0 400 Bad Request',
- 'invalid_request',
- 'Only replies accepted'
- );
- }
-
$storage = new Storage();
+ $lb = new Linkback();
try {
$id = $storage->addComment($json, $userId);
+ $lb->ping($id);
header('HTTP/1.0 201 Created');
header('Location: ' . Urls::full(Urls::comment($id)));
exit();
} catch (\Exception $e) {
- //FIXME: return correct status code
- header('HTTP/1.0 500 Internal Server Error');
+ if ($e->getCode() == 400) {
+ mpError(
+ 'HTTP/1.0 400 Bad Request',
+ 'invalid_request',
+ $e->getMessage()
+ );
+ }
+
+ mpError(
+ 'HTTP/1.0 500 Internal Server Error',
+ 'this_violates_the_spec',
+ $e->getMessage()
+ );
exit();
}
}
function getTokenFromHeader()
{
- if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
+ if (isset($_SERVER['HTTP_AUTHORIZATION'])
+ && $_SERVER['HTTP_AUTHORIZATION'] != ''
+ ) {
+ $auth = $_SERVER['HTTP_AUTHORIZATION'];
+ } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
+ && $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] != ''
+ ) {
+ //php-cgi has it there
+ $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+ } else {
mpError(
'HTTP/1.0 403 Forbidden', 'forbidden',
'Authorization HTTP header missing'
);
}
- list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
+ if (strpos($auth, ' ') === false) {
+ mpError(
+ 'HTTP/1.0 403 Forbidden', 'forbidden',
+ 'Authorization header must start with "Bearer "'
+ );
+ }
+ list($bearer, $token) = explode(' ', $auth, 2);
if ($bearer !== 'Bearer') {
mpError(
'HTTP/1.0 403 Forbidden', 'forbidden',
- 'Authorization header must start with "Bearer"'
+ 'Authorization header must start with "Bearer "'
);
}
return trim($token);
'Content-Type header missing.'
);
}
- $ctype = $_SERVER['CONTENT_TYPE'];
- if ($ctype == 'application/x-www-form-urlencoded') {
+ list($ctype) = explode(';', $_SERVER['CONTENT_TYPE'], 2);
+ $ctype = trim($ctype);
+ if ($ctype == 'application/x-www-form-urlencoded'
+ || $ctype == 'multipart/form-data'
+ ) {
if (!isset($_POST['action'])) {
$_POST['action'] = 'create';
}
$json = $base;
$json->properties = (object) $data;
handleCreate($json, $token);
- } else if ($ctype == 'application/javascript') {
- $input = file_get_contents('php://stdin');
+ } else if ($ctype == 'application/json') {
+ $input = file_get_contents('php://input');
$json = json_decode($input);
if ($json === null) {
mpError(