diff --git a/lib/PrivateBin.php b/lib/PrivateBin.php index 1b164342..ef35301f 100644 --- a/lib/PrivateBin.php +++ b/lib/PrivateBin.php @@ -356,38 +356,31 @@ class PrivateBin } /** - * Read an existing paste or comment + * Read an existing paste or comment, only allowed via a JSON API call * * @access private * @param string $dataid */ private function _read($dataid) { + if (!$this->_request->isJsonApiCall()) { + return; + } + try { $paste = $this->_model->getPaste($dataid); if ($paste->exists()) { - // reading paste is only possible via JSON call - if ($this->_request->isJsonApiCall()) { - $data = $paste->get(); - $this->_doesExpire = property_exists($data, 'meta') && property_exists($data->meta, 'expire_date'); - if (property_exists($data->meta, 'salt')) { - unset($data->meta->salt); - } - $this->_data = json_encode($data); + $data = $paste->get(); + $this->_doesExpire = property_exists($data, 'meta') && property_exists($data->meta, 'expire_date'); + if (property_exists($data->meta, 'salt')) { + unset($data->meta->salt); } + $this->_return_message(0, $dataid, (array) $data); } else { - $this->_error = self::GENERIC_ERROR; + $this->_return_message(1, self::GENERIC_ERROR); } } catch (Exception $e) { - $this->_error = $e->getMessage(); - } - - if ($this->_request->isJsonApiCall()) { - if (strlen($this->_error)) { - $this->_return_message(1, $this->_error); - } else { - $this->_return_message(0, $dataid, json_decode($this->_data, true)); - } + $this->_return_message(1, $e->getMessage()); } } diff --git a/tst/PrivateBinTest.php b/tst/PrivateBinTest.php index e712a0a7..7b953b0c 100644 --- a/tst/PrivateBinTest.php +++ b/tst/PrivateBinTest.php @@ -679,16 +679,15 @@ class PrivateBinTest extends PHPUnit_Framework_TestCase */ public function testReadInvalidId() { - $_SERVER['QUERY_STRING'] = 'foo'; + $_SERVER['QUERY_STRING'] = 'foo'; + $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; ob_start(); new PrivateBin; $content = ob_get_contents(); ob_end_clean(); - $this->assertRegExp( - '#