1 files changed, 11 insertions, 5 deletions

diff --git a/lib/api.php b/lib/api.php
index 8d6bbb7cc09..fc76836995b 100644
--- a/lib/api.php
+++ b/lib/api.php
@@ -89,7 +89,7 @@ class OC_API {
 		$responses = array();
 		foreach(self::$actions[$name] as $action) {
 			// Check authentication and availability
-			if(!self::isAuthorised(self::$actions[$name])) {
+			if(!self::isAuthorised($action)) {
 				$responses[] = array(
 					'app' => $action['app'],
 					'response' => new OC_OCS_Result(null, OC_API::RESPOND_UNAUTHORISED, 'Unauthorised'),
@@ -111,9 +111,11 @@ class OC_API {
 		}
 		$response = self::mergeResponses($responses);
 		$formats = array('json', 'xml');
+
 		$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';
-		self::respond($response);
 		OC_User::logout();
+
+		self::respond($response, $format);
 	}
 	
 	/**
@@ -147,6 +149,7 @@ class OC_API {
 				}
 			}
 		}
+
 		// Remove any error responses if there is one shipped response that succeeded
 		if(!empty($shipped['succeeded'])) {
 			$responses = array_merge($shipped['succeeded'], $thirdparty['succeeded']);
@@ -155,16 +158,19 @@ class OC_API {
 			// They may have failed for different reasons (different status codes)
 			// Which reponse code should we return?
 			// Maybe any that are not OC_API::RESPOND_SERVER_ERROR
-			$response = $shipped['failed'][0];
+			$response = reset($shipped['failed']);
 			return $response;
-		} else {
+		} elseif(!empty($thirdparty['failed'])) {
 			// Return the third party failure result
-			$response = $thirdparty['failed'][0];
+			$response = reset($thirdparty['failed']);
 			return $response;
+		} else {
+			$responses = array_merge($shipped['succeeded'], $thirdparty['succeeded']);
 		}
 		// Merge the successful responses
 		$meta = array();
 		$data = array();
+
 		foreach($responses as $app => $response) {
 			if(OC_App::isShipped($app)) {
 				$data = array_merge_recursive($response->getData(), $data);