API not functioning correctly when backend plugin enabled with PrivateBin

[LuckVintage]

Hi,

Since enabling the backend plugin for Sleeky I've noticed that the YOURLS API seems to have a slight issue when used with PrivateBin.

When attempting to use the API via PrivateBin to shorten a paste, I always receive the 'Too Many requests' page - however, the URL seems to get added successfully anyway. When disabling the plugin, the API seems to function normally when used with PrivateBin again.

If I use the API directly in my browser (instead of using PrivateBin), everything functions as intended.

After looking at the source code for Sleeky's backend, I think I'm experiencing this issue because the API always has <style>ul#admin_menu li:not(.frontend_link) {display: none}</style> infront of the API response, which isn't valid JSON. PrivateBin is expecting a JSON response from the API. Whenever there is an error/unexpected response, PrivateBin opens the API URL directly in a new browser tab which seems to trigger YOURLS's flood prevention as it tries to add the URL again straight after it was already added.

When I removed the code:

// Hide admin links for non-authenticated users if (yourls_is_valid_user() != 1) { echo <<<HEAD <style>ul#admin_menu li:not(.frontend_link) {display: none}</style> HEAD; }

from the very end of the backend plugin.php file, the API seems to function as expected when used with PrivateBin.

Obviously, just removing the code isn't a valid fix, more a temporarily workaround. To fix this issue, I think the <style>ul#admin_menu li:not(.frontend_link) {display: none}</style> code needs to stop appearing in front of the API file.

Many Thanks 🙂