From fc5f2f923936bf6ae28292487b41ae889d4e3e36 Mon Sep 17 00:00:00 2001
From: Lain Iwakura <lain@iwakurahome.ru>
Date: Mon, 16 Jun 2025 01:41:58 +0300
Subject: [PATCH] fixed!

---
 main/api.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/main/api.php b/main/api.php
index 2b76a65..194a27d 100644
--- a/main/api.php
+++ b/main/api.php
@@ -20,11 +20,22 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     try {
         $stmt = $db->query("SELECT username, message, created_at, signature, is_encrypted FROM messages ORDER BY created_at DESC LIMIT $limit");
         $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
-        echo json_encode(['messages' => $messages]);
+        
+        $filtered_messages = array_map(function($msg) {
+            return [
+                'username' => htmlspecialchars($msg['username']),
+                'message' => $msg['is_encrypted'] ? '[Encrypted]' : htmlspecialchars($msg['message']),
+                'created_at' => $msg['created_at'],
+                'signature' => $msg['signature'] ? '[Signed]' : '',
+                'is_encrypted' => (bool)$msg['is_encrypted']
+            ];
+        }, $messages);
+        
+        echo json_encode(['messages' => $filtered_messages]);
     } catch (Exception $e) {
         error_log("API Error: " . $e->getMessage());
         http_response_code(500);
-        echo json_encode(['error' => 'Server error', 'details' => $e->getMessage()]);
+        echo json_encode(['error' => 'Server error']);
     }
     exit;
 }