}
}
+ /**
+ * Post a comment, like or bookmark via micropub
+ */
protected function postAction()
{
- if (!isset($_POST['me'])) {
- return $this->errorOut('"me" parameter missing');
+ $action = 'comment';
+ if (isset($_POST['action'])) {
+ $action = trim($_POST['action']);
}
- $me = trim($_POST['me']);
-
- if (!isset($_POST['replyTo'])) {
- return $this->errorOut('"replyTo" parameter missing');
+ if (array_search($action, ['bookmark', 'comment', 'like']) === false) {
+ return $this->errorOut('"action" parameter invalid');
}
- $replyTo = trim($_POST['replyTo']);
- if (!isset($_POST['content'])) {
- return $this->errorOut('"content" parameter missing');
+ if (!isset($_POST['me'])) {
+ return $this->errorOut('"me" parameter missing');
}
- $content = trim($_POST['content']);
-
+ $me = trim($_POST['me']);
$accounts = PluginHost::getInstance()->get($this, 'accounts', []);
if (!isset($accounts[$me])) {
return $this->errorOut('"me" parameter invalid');
}
$account = $accounts[$me];
+ if (!isset($_POST['postUrl'])) {
+ return $this->errorOut('"postUrl" parameter missing');
+ }
+ $postUrl = trim($_POST['postUrl']);
+
+ if ($action == 'comment') {
+ if (!isset($_POST['content'])) {
+ return $this->errorOut('"content" parameter missing');
+ }
+ $content = trim($_POST['content']);
+ if (!strlen($_POST['content'])) {
+ return $this->errorOut('"content" is empty');
+ }
+ }
+
+
$links = $this->getLinks($me);
if (!count($links)) {
return $this->errorOut('No links found');
return $this->errorOut('No micropub endpoint found');
}
+ $parameters = [
+ 'access_token' => $account['access_token'],
+ 'h' => 'entry',
+ ];
+
+ if ($action == 'bookmark') {
+ $parameters['bookmark-of'] = $postUrl;
+
+ } else if ($action == 'comment') {
+ $parameters['in-reply-to'] = $postUrl;
+ $parameters['content'] = $content;
+
+ } else if ($action == 'like') {
+ $parameters['like-of'] = $postUrl;
+ }
+
+
/* unfortunately fetch_file_contents() does not return headers
so we have to bring our own way to POST data */
$opts = [
'http' => [
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
- 'content' => http_build_query(
- [
- 'access_token' => $account['access_token'],
- 'h' => 'entry',
- 'in-reply-to' => $replyTo,
- 'content' => $content,
- ]
- ),
+ 'content' => http_build_query($parameters),
'ignore_errors' => true,
]
];
$status = array_shift($headers);
list($httpver, $code, $text) = explode(' ', $status, 3);
if ($code != 201 && $code != 202) {
+ $errData = json_decode($content);
+ if (isset($errData->error_description)
+ && $errData->error_description != ''
+ ) {
+ return $this->errorOut(
+ 'Error creating post: '
+ . $errData->error_description
+ );
+ }
return $this->errorOut(
- 'An error occured: '
- . $code . ' ' . $text
+ 'Error creating post: '
+ . $code . ' ' . $text.$content
);
}
'access_token' => $data['access_token'],
'scope' => $data['scope'],
];
+ $accounts = $this->fixDefaultIdentity($accounts);
$host->set($this, 'accounts', $accounts);
//all fine now.
}
unset($accounts[$me]);
+ $accounts = $this->fixDefaultIdentity($accounts);
$host->set($this, 'accounts', $accounts);
- header('Content-type: application/json');
+ header('Content-type: application/json');
echo json_encode(
[
'code' => '200',
if (!isset($accounts[$me])) {
return $this->errorOut('Unknown identity');
}
-
foreach ($accounts as $url => $data) {
$accounts[$url]['default'] = ($url == $me);
}
$host->set($this, 'accounts', $accounts);
- header('Content-type: application/json');
+ header('Content-type: application/json');
echo json_encode(
[
'code' => '200',
exit();
}
+ /**
+ * Set the default identity if there is none
+ *
+ * @param array $accounts Array of account data arrays
+ *
+ * @return array Array of account data arrays
+ */
+ protected function fixDefaultIdentity($accounts)
+ {
+ if (!count($accounts)) {
+ return $accounts;
+ }
+
+ $hasDefault = false;
+ foreach ($accounts as $account) {
+ if ($account['default']) {
+ $hasDefault = true;
+ }
+ }
+
+ if (!$hasDefault) {
+ reset($accounts);
+ $accounts[key($accounts)]['default'] = true;
+ }
+ return $accounts;
+ }
+
/**
* Send an error message.
* Automatically in the correct format (plain text or json)
return $links;
}
+ /**
+ * If a valid CSRF token is necessary or not
+ *
+ * @param string $method Plugin method name (here: "action")
+ *
+ * @return boolean True if an invalid CSRF token shall be ignored
+ */
function csrf_ignore($method)
{
- return true;
+ $mode = null;
+ if (isset($_POST['mode'])) {
+ $mode = $_POST['mode'];
+ } else if (isset($_GET['mode'])) {
+ $mode = $_GET['mode'];
+ }
+
+ if ($mode == 'authreturn') {
+ return true;
+ }
+
+ return false;
}
/**