allow doc and api calls from private

[quix0rs-gnu-social.git] / actions / remotesubscribe.php

diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php
index c2c00ab619d3a9863fa66af982eb3dc3194bac31..0adcc08481a30038f6d2c6ec139bce3350e22776 100644 (file)
--- a/actions/remotesubscribe.php
+++ b/actions/remotesubscribe.php
@@ -130,6 +130,18 @@ class RemotesubscribeAction extends Action {
                        return;
                }
 
+               if (omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]) ==
+                       common_local_url('requesttoken'))
+               {
+                       $this->show_form(_('That\'s a local profile! Login to subscribe.'));
+                       return;
+               }
+
+               if (User::staticGet('uri', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]))) {
+                       $this->show_form(_('That\'s a local profile! Login to subscribe.'));
+                       return;
+               }
+               
                list($token, $secret) = $this->request_token($omb);
 
                if (!$token || !$secret) {
@@ -313,7 +325,14 @@ class RemotesubscribeAction extends Action {
                $req->set_parameter('omb_listenee_profile', common_profile_url($user->nickname));
                $req->set_parameter('omb_listenee_nickname', $user->nickname);
                $req->set_parameter('omb_listenee_license', $config['license']['url']);
+
                $profile = $user->getProfile();
+               if (!$profile) {
+                       common_log_db_error($user, 'SELECT', __FILE__);
+                       $this->server_error(_('User without matching profile'));
+                       return;
+               }
+               
                if ($profile->fullname) {
                        $req->set_parameter('omb_listenee_fullname', $profile->fullname);
                }