remove twitter-specific code

[tt-rss.git] / backend.php
diff --git a/backend.php b/backend.php

index 92a91ef91525d03cd893f7e328d592d1f505963a..8e6ff6ced4ff3fa60c9cbfc4641d332643117be3 100644 (file)
--- a/backend.php
+++ b/backend.php
@@ -1,5 +1,6 @@
  <?php
-       set_include_path(get_include_path() . PATH_SEPARATOR . "include");
+       set_include_path(get_include_path() . PATH_SEPARATOR .
+               dirname(__FILE__) . "/include");
  
         /* remove ill effects of magic quotes */
  
@@ -19,6 +20,11 @@
         $op = $_REQUEST["op"];
         @$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
  
+       if (!$method)
+               $method = 'index';
+       else
+               $method = strtolower($method);
+
         /* Public calls compatibility shim */
  
         $public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
@@ -29,9 +35,10 @@
                 return;
         }
  
+       @$csrf_token = $_REQUEST['csrf_token'];
+
         require_once "functions.php";
         require_once "sessions.php";
-       require_once "sanity_check.php";
         require_once "config.php";
         require_once "db.php";
         require_once "db-prefs.php";
@@ -48,7 +55,7 @@
  
         header("Content-Type: text/plain; charset=utf-8");
  
-       if (ENABLE_GZIP_OUTPUT) {
+       if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) {
                 ob_start("ob_gzhandler");
         }
  
@@ -103,8 +110,7 @@
         $update_methods = array(
                 0   => __("Default"),
                 1   => __("Magpie"),
-               2   => __("SimplePie"),
-               3   => __("Twitter OAuth"));
+               2   => __("SimplePie"));
  
         if (DEFAULT_UPDATE_METHOD == "1") {
                 $update_methods[0] .= ' (SimplePie)';
@@ -117,33 +123,30 @@
                 5 => __("Power User"),
                 10 => __("Administrator"));
  
-       $error = sanity_check($link);
+       #$error = sanity_check($link);
  
-       if ($error['code'] != 0 && $op != "logout") {
-               print json_encode(array("error" => $error));
-               return;
-       }
-
-       function __autoload($class) {
-               $file = "classes/".strtolower(basename($class)).".php";
-               if (file_exists($file)) {
-                       require $file;
-               }
-       }
+       #if ($error['code'] != 0 && $op != "logout") {
+       #       print json_encode(array("error" => $error));
+       #       return;
+       #}
  
         $op = str_replace("-", "_", $op);
  
         if (class_exists($op)) {
                 $handler = new $op($link, $_REQUEST);
  
-               if ($handler) {
-                       if ($handler->before($method)) {
-                               if ($method && method_exists($handler, $method)) {
-                                       $handler->$method();
-                               } else if (method_exists($handler, 'index')) {
-                                       $handler->index();
+               if ($handler && is_subclass_of($handler, 'Handler')) {
+                       if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) {
+                               if ($handler->before($method)) {
+                                       if ($method && method_exists($handler, $method)) {
+                                               $handler->$method();
+                                       }
+                                       $handler->after();
+                                       return;
                                 }
-                               $handler->after();
+                       } else {
+                               header("Content-Type: text/plain");
+                               print json_encode(array("error" => array("code" => 6)));
                                 return;
                         }
                 }