$user = common_current_user();
assert($user); # XXX: maybe an error instead...
+
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->show_form(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
$content = $this->trimmed('content');
$to = $this->trimmed('to');
return;
}
- $this->notify($user, $to, $message);
+ $this->notify($user, $other, $message);
- $url = common_local_url('showmessage',
- array('message' => $message->id));
+ $url = common_local_url('outbox', array('nickname' => $user->nickname));
common_redirect($url, 303);
}
list($content, $user, $to) = $params;
assert(!is_null($user));
-
- common_element_start('form', array('id' => 'message_form',
- 'method' => 'post',
- 'action' => $this->self_url()));
-
- $mutual_users = $user->mutuallySubscribedUsers();
-
- $mutual = array();
-
- while ($mutual_users->fetch()) {
- if ($mutual_users->id != $user->id) {
- $mutual[$mutual_users->id] = $mutual_users->nickname;
- }
- }
-
- $mutual_users->free();
- unset($mutual_users);
- common_dropdown('to', _('To'), $mutual,
- _('User you want to send a message to'), FALSE,
- $to->id);
-
- common_element_start('p');
-
- common_element('textarea', array('id' => 'message_content',
- 'cols' => 60,
- 'rows' => 3,
- 'name' => 'content'),
- ($content) ? $content : '');
-
- common_element('input', array('id' => 'message_send',
- 'name' => 'message_send',
- 'type' => 'submit',
- 'value' => _('Send')));
-
- common_element_end('p');
- common_element_end('form');
+ common_message_form($content, $user, $to);
}
function show_form($msg=NULL) {