Remove CSRF protection from username/password login and from OpenID login.

[quix0rs-gnu-social.git] / actions / apiblockcreate.php

diff --git a/actions/apiblockcreate.php b/actions/apiblockcreate.php
index e79dec32d0521ced06d3da89c6a4226ac05e89d0..b355cd1c7e7e3ed0b6b9dc44abe6d65f6400820a 100644 (file)
--- a/actions/apiblockcreate.php
+++ b/actions/apiblockcreate.php
@@ -23,7 +23,7 @@
  * @package   StatusNet
  * @author    Evan Prodromou <evan@status.net>
  * @author    Zach Copley <zach@status.net>
- * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009-2010 StatusNet, Inc.
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link      http://status.net/
  */
@@ -65,7 +65,7 @@ class ApiBlockCreateAction extends ApiAuthAction
         parent::prepare($args);
 
         $this->user   = $this->auth_user;
-        $this->other  = $this->getTargetUser($this->arg('id'));
+        $this->other  = $this->getTargetProfile($this->arg('id'));
 
         return true;
     }
@@ -109,9 +109,16 @@ class ApiBlockCreateAction extends ApiAuthAction
             return;
         }
 
-        if ($this->user->hasBlocked($this->other)
-            || $this->user->block($this->other)
-        ) {
+        if (!$this->user->hasBlocked($this->other)) {
+            if (Event::handle('StartBlockProfile', array($this->user, $this->other))) {
+                $result = $this->user->block($this->other);
+                if ($result) {
+                    Event::handle('EndBlockProfile', array($this->user, $this->other));
+                }
+            }
+        }
+
+        if ($this->user->hasBlocked($this->other)) {
             $this->initDocument($this->format);
             $this->showProfile($this->other, $this->format);
             $this->endDocument($this->format);