Remove CSRF protection from username/password login and from OpenID login.

[quix0rs-gnu-social.git] / actions / apitimelinementions.php

diff --git a/actions/apitimelinementions.php b/actions/apitimelinementions.php
index fe5ff0f28fd2eabfa0c7d236c4877bbb51d58fc7..ed1ad20e3247a3c8198ff9959d6f5ce4654fcedd 100644 (file)
--- a/actions/apitimelinementions.php
+++ b/actions/apitimelinementions.php
@@ -29,6 +29,7 @@
  * @author    Robin Millette <robin@millette.info>
  * @author    Zach Copley <zach@status.net>
  * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link      http://status.net/
  */
@@ -76,7 +77,7 @@ class ApiTimelineMentionsAction extends ApiBareAuthAction
         $this->user = $this->getTargetUser($this->arg('id'));
 
         if (empty($this->user)) {
-            $this->clientError(_('No such user!'), 404, $this->format);
+            $this->clientError(_('No such user.'), 404, $this->format);
             return;
         }
 
@@ -110,43 +111,67 @@ class ApiTimelineMentionsAction extends ApiBareAuthAction
     function showTimeline()
     {
         $profile = $this->user->getProfile();
+        $avatar     = $profile->getAvatar(AVATAR_PROFILE_SIZE);
 
         $sitename   = common_config('site', 'name');
         $title      = sprintf(
             _('%1$s / Updates mentioning %2$s'),
             $sitename, $this->user->nickname
         );
-        $taguribase = common_config('integration', 'taguri');
+        $taguribase = TagURI::base();
         $id         = "tag:$taguribase:Mentions:" . $this->user->id;
         $link       = common_local_url(
             'replies',
             array('nickname' => $this->user->nickname)
         );
+
+        $self = $this->getSelfUri();
+
         $subtitle   = sprintf(
             _('%1$s updates that reply to updates from %2$s / %3$s.'),
             $sitename, $this->user->nickname, $profile->getBestName()
         );
+        $logo = ($avatar) ? $avatar->displayUrl() : Avatar::defaultImage(AVATAR_PROFILE_SIZE);
 
         switch($this->format) {
         case 'xml':
             $this->showXmlTimeline($this->notices);
             break;
         case 'rss':
-            $this->showRssTimeline($this->notices, $title, $link, $subtitle);
+            $this->showRssTimeline(
+                $this->notices,
+                $title,
+                $link,
+                $subtitle,
+                null,
+                $logo,
+                $self
+            );
             break;
         case 'atom':
-            $selfuri = common_root_url() .
-                ltrim($_SERVER['QUERY_STRING'], 'p=');
-            $this->showAtomTimeline(
-                $this->notices, $title, $id, $link, $subtitle,
-                null, $selfuri
-            );
+
+            header('Content-Type: application/atom+xml; charset=utf-8');
+
+            $atom = new AtomNoticeFeed($this->auth_user);
+
+            $atom->setId($id);
+            $atom->setTitle($title);
+            $atom->setSubtitle($subtitle);
+            $atom->setLogo($logo);
+            $atom->setUpdated('now');
+
+            $atom->addLink($link);
+            $atom->setSelfLink($self);
+
+            $atom->addEntryFromNotices($this->notices);
+            $this->raw($atom->getString());
+
             break;
         case 'json':
             $this->showJsonTimeline($this->notices);
             break;
         default:
-            $this->clientError(_('API method not found!'), $code = 404);
+            $this->clientError(_('API method not found.'), $code = 404);
             break;
         }
     }
@@ -163,7 +188,7 @@ class ApiTimelineMentionsAction extends ApiBareAuthAction
 
         $notice = $this->user->getReplies(
             ($this->page - 1) * $this->count, $this->count,
-            $this->since_id, $this->max_id, $this->since
+            $this->since_id, $this->max_id
         );
 
         while ($notice->fetch()) {