detects when server sends a bad formed html page

[syp.git] / api.php

diff --git a/api.php b/api.php
index fda62ff32389e1a630759a43e5d3643b9b44d29e..ac49d76665ca7cec11da77cad84d1b03c3bc3181 100644 (file)
--- a/api.php
+++ b/api.php
@@ -3,7 +3,8 @@
    license. */
 
 function exit_document ($body) {
-    exit ("<html><head></head><body>$body</body></html>");
+    $charset_meta = '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
+    exit ("<html>$charset_meta<head></head><body>$body</body></html>");
 }
 
 function success ($reason) {
@@ -192,8 +193,14 @@ function setcookies ($user, $pwd) {
     // cookie will be valid for 2 weeks. I've chosen that value
     // arbitrarily, and it may change in the future.
     $time = time () + 14 * 60 * 24 * 60;
-    setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
-    setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+    if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+        setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+        setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+    } else {
+        setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+        setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+    }
+
 }
 
 function check_auth ($con, $user, $pwd, $auth_only) {
@@ -239,7 +246,7 @@ function main ($con) {
             if (!isset ($feature)) {
                 error_unreferenced ($id);
             }
-            if ($feature->user != $user) {
+            if (($feature->user != $user) && ($user != "admin")) {
                 error_unauthorized ();
             }