- $val = $sub->validate();
-
- if ($val !== TRUE) {
- # XXX: give some error notice
- common_server_error(_t('Subscription did not validate.'));
- return;
- }
-
- if (!$sub->insert()) {
- common_server_error(_t('Couldn\'t create subscription.'));
- return;
- }
-
- common_redirect(common_local_url('all', array('nickname' =>
- $user->nickname)));
- }
-}
\ No newline at end of file
+ $user = common_current_user();
+
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
+ return;
+ }
+
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->clientError(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
+ $other_id = $this->arg('subscribeto');
+
+ $other = User::staticGet('id', $other_id);
+
+ if (!$other) {
+ $this->clientError(_('Not a local user.'));
+ return;
+ }
+
+ $result = subs_subscribe_to($user, $other);
+
+ if($result != true) {
+ $this->clientError($result);
+ return;
+ }
+
+ if ($this->boolean('ajax')) {
+ $this->startHTML('text/xml;charset=utf-8');
+ $this->elementStart('head');
+ $this->element('title', null, _('Subscribed'));
+ $this->elementEnd('head');
+ $this->elementStart('body');
+ $unsubscribe = new UnsubscribeForm($this, $other->getProfile());
+ $unsubscribe->show();
+ $this->elementEnd('body');
+ $this->elementEnd('html');
+ } else {
+ common_redirect(common_local_url('subscriptions', array('nickname' =>
+ $user->nickname)));
+ }
+ }
+}