Remove CSRF protection from username/password login and from OpenID login.

[quix0rs-gnu-social.git] / actions / remotesubscribe.php

diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php
index 5122c117287567b24609d1bb641fcd41109483bf..9fc235e743a8deba34f2321e05b3254412f62dda 100644 (file)
--- a/actions/remotesubscribe.php
+++ b/actions/remotesubscribe.php
@@ -5,14 +5,14 @@
  * PHP version 5
  *
  * @category Action
- * @package  Laconica
- * @author   Evan Prodromou <evan@controlyourself.ca>
- * @author   Robin Millette <millette@controlyourself.ca>
+ * @package  StatusNet
+ * @author   Evan Prodromou <evan@status.net>
+ * @author   Robin Millette <millette@status.net>
  * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
- * @link     http://laconi.ca/
+ * @link     http://status.net/
  *
- * Laconica - a distributed open-source microblogging tool
- * Copyright (C) 2008, 2009, Control Yourself, Inc.
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2008, 2009, StatusNet, Inc.
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -28,9 +28,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  **/
 
-if (!defined('LACONICA')) {
-    exit(1);
-}
+if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
 
 require_once INSTALLDIR.'/lib/omb.php';
 require_once INSTALLDIR.'/extlib/libomb/service_consumer.php';
@@ -40,11 +38,11 @@ require_once INSTALLDIR.'/extlib/libomb/profile.php';
  * Handler for remote subscription
  *
  * @category Action
- * @package  Laconica
- * @author   Evan Prodromou <evan@controlyourself.ca>
- * @author   Robin Millette <millette@controlyourself.ca>
+ * @package  StatusNet
+ * @author   Evan Prodromou <evan@status.net>
+ * @author   Robin Millette <millette@status.net>
  * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
- * @link     http://laconi.ca/
+ * @link     http://status.net/
  */
 
 class RemotesubscribeAction extends Action
@@ -157,8 +155,7 @@ class RemotesubscribeAction extends Action
             return;
         }
 
-        if (!Validate::uri($this->profile_url,
-                           array('allowed_schemes' => array('http', 'https')))) {
+        if (!common_valid_http_url($this->profile_url)) {
             $this->showForm(_('Invalid profile URL (bad format)'));
             return;
         }
@@ -169,21 +166,21 @@ class RemotesubscribeAction extends Action
                                                 omb_oauth_datastore());
         } catch (OMB_InvalidYadisException $e) {
             $this->showForm(_('Not a valid profile URL (no YADIS document or ' .
-                              'no or invalid XRDS defined).'));
+                              'invalid XRDS defined).'));
             return;
         }
 
         if ($service->getServiceURI(OAUTH_ENDPOINT_REQUEST) ==
             common_local_url('requesttoken') ||
             User::staticGet('uri', $service->getRemoteUserURI())) {
-            $this->showForm(_('That\'s a local profile! Login to subscribe.'));
+            $this->showForm(_('That’s a local profile! Login to subscribe.'));
             return;
         }
 
         try {
             $service->requestToken();
         } catch (OMB_RemoteServiceException $e) {
-            $this->showForm(_('Couldn\'t get a request token.'));
+            $this->showForm(_('Couldn’t get a request token.'));
             return;
         }
 
@@ -191,7 +188,7 @@ class RemotesubscribeAction extends Action
         $profile = $user->getProfile();
         if (!$profile) {
             common_log_db_error($user, 'SELECT', __FILE__);
-            $this->serverError(_('User without matching profile'));
+            $this->serverError(_('User without matching profile.'));
             return;
         }