From fd7990735cc73b5b1494190b9c187297e588a9f6 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 21 Dec 2009 11:25:11 -0800
Subject: Added validation to the edit functionality, since we can't trust any
 input

---
 modules/rest/controllers/rest.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'modules/rest/controllers/rest.php')

diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index d1404b29..7a5ab46a 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -67,7 +67,7 @@ class Rest_Controller extends Controller {
   }
 
   private function _normalize_request($args=array()) {
-   $method = strtolower($this->input->server("REQUEST_METHOD"));
+    $method = strtolower($this->input->server("REQUEST_METHOD"));
     $request = new stdClass();
     foreach (array_keys($this->input->get()) as $key) {
       $request->$key = $this->input->get($key);
@@ -78,8 +78,7 @@ class Rest_Controller extends Controller {
       }
     }
 
-    $override_method = strtolower($this->input->server("HTTP_X_GALLERY_REQUEST_METHOD", null));
-    $request->method = empty($override_method) ? $method : $override_method;
+    $request->method = strtolower($this->input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
     $request->access_token = $this->input->server("HTTP_X_GALLERY_REQUEST_KEY");
     $request->path = implode("/", $args);
 
-- 
cgit v1.2.3