}
function save_new_message() {
-
$user = common_current_user();
assert($user); # XXX: maybe an error instead...
+
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->show_form(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
$content = $this->trimmed('content');
$to = $this->trimmed('to');
if (!$content) {
$this->show_form(_('No content!'));
return;
- } else if (mb_strlen($content) > 140) {
- common_debug("Content = '$content'", __FILE__);
- common_debug("mb_strlen(\$content) = " . mb_strlen($content), __FILE__);
- $this->show_form(_('That\'s too long. Max message size is 140 chars.'));
- return;
+ } else {
+ $content_shortened = common_shorten_links($content);
+
+ if (mb_strlen($content_shortened) > 140) {
+ common_debug("Content = '$content_shortened'", __FILE__);
+ common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__);
+ $this->show_form(_('That\'s too long. Max message size is 140 chars.'));
+ return;
+ }
}
$other = User::staticGet('id', $to);
} else if (!$user->mutuallySubscribed($other)) {
$this->client_error(_('You can\'t send a message to this user.'), 404);
return;
+ } else if ($user->id == $other->id) {
+ $this->client_error(_('Don\'t send a message to yourself; just say it to yourself quietly instead.'), 403);
+ return;
}
$message = Message::saveNew($user->id, $other->id, $content, 'web');
return;
}
- $this->notify($user, $to, $message);
+ $this->notify($user, $other, $message);
- $url = common_local_url('showmessage',
- array('message' => $message->id));
+ $url = common_local_url('outbox', array('nickname' => $user->nickname));
common_redirect($url, 303);
}
list($content, $user, $to) = $params;
assert(!is_null($user));
-
- common_element_start('form', array('id' => 'message_form',
- 'method' => 'post',
- 'action' => $this->self_url()));
-
- common_element_start('p');
-
- $mutual_users = $user->mutuallySubscribedUsers();
-
- $mutual = array();
-
- while ($mutual_users->fetch()) {
- $mutual[$mutual_users->id] = $mutual_users->nickname;
- }
-
- $mutual_users->free();
- unset($mutual_users);
- common_dropdown('to', _('To'), $mutual,
- _('User you want to send a message to'), FALSE,
- $to->id);
-
- common_element('textarea', array('id' => 'content',
- 'cols' => 60,
- 'rows' => 3,
- 'name' => 'content'),
- ($content) ? $content : '');
-
- common_element('input', array('id' => 'message_send',
- 'name' => 'message_send',
- 'type' => 'submit',
- 'value' => _('Send')));
-
- common_element_end('p');
- common_element_end('form');
+ common_message_form($content, $user, $to);
}
function show_form($msg=NULL) {
}
common_show_header(_('New message'), NULL,
- array($content, $user, $to),
+ array($content, $user, $other),
array($this, 'show_top'));
if ($msg) {