public static function buildApiLink($type, $data = null, array $extraParams = array(), $skipPrepend = false) { // the type MUST BE full:type // NOTE: this is the opposite with public links if (strpos($type, 'canonical:') === 0) { // replace canonical: with full: $type = str_replace('canonical:', 'full:', $type); } elseif (strpos($type, 'full:') === false) { // enforce full: $type = 'full:' . $type; } // auto appends oauth_token param from the session if (!isset($extraParams['oauth_token'])) { $session = bdApi_Data_Helper_Core::safeGetSession(); if (!empty($session)) { $oauthToken = $session->getOAuthTokenText(); if (!empty($oauthToken) && !empty($_REQUEST['oauth_token']) && $_REQUEST['oauth_token'] === $oauthToken) { // only append token to built link if the current request has token in query too // this will prevent token in links if it's requested with OTT, token in Auth header // or token in body (PUT/POST requests) $extraParams['oauth_token'] = $oauthToken; } } } $type = XenForo_Link::_checkForFullLink($type, $fullLink, $fullLinkPrefix); $link = XenForo_Link::_buildLink(self::API_LINK_GROUP, $type, $data, $extraParams); $queryString = XenForo_Link::buildQueryString($extraParams); if ($link instanceof XenForo_Link) { $canPrependFull = $link->canPrependFull(); } else { $canPrependFull = true; if (strpos($link, '#') !== false) { list($link, $hash) = explode('#', $link); } } if ($queryString !== '' && $link !== '') { $append = "?{$link}&{$queryString}"; } else { // 1 or neither of these has content $append = $link . $queryString; if ($append !== '') { $append = "?{$append}"; } } if ($skipPrepend) { $outputLink = $append; } else { $outputLink = 'index.php' . $append; } if ($fullLink && $canPrependFull) { $outputLink = $fullLinkPrefix . $outputLink; } // deal with a hash in the $type {xen:link prefix#hash..} if (($hashPos = strpos($type, '#')) !== false) { $hash = substr($type, $hashPos + 1); } if ($outputLink === '') { $outputLink = '.'; } return $outputLink . (empty($hash) ? '' : '#' . $hash); }