*/
class UnsubscribeAction extends Action {
-
- function is_readonly() {
- return false;
- }
-
+
function handle($args) {
parent::handle($args);
if (!common_logged_in()) {
return;
}
- $other_nickname = $this->arg('unsubscribeto');
- $other = User::staticGet('nickname', $other_nickname);
- if (!$other) {
- common_user_error(_('No such user.'));
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
return;
}
- if (!$user->isSubscribed($other)) {
- common_server_error(_('Not subscribed!.'));
- }
+ $other_id = $this->arg('unsubscribeto');
- $sub = DB_DataObject::factory('subscription');
+ if (!$other_id) {
+ $this->client_error(_('No profile id in request.'));
+ return;
+ }
- $sub->subscriber = $user->id;
- $sub->subscribed = $other->id;
+ $other = Profile::staticGet('id', $other_id);
- $sub->find(true);
+ if (!$other_id) {
+ $this->client_error(_('No profile with that id.'));
+ return;
+ }
- // note we checked for existence above
+ $result = subs_unsubscribe_to($user, $other);
- if (!$sub->delete()) {
- common_server_error(_('Couldn\'t delete subscription.'));
+ if ($result != true) {
+ common_user_error($result);
return;
}
- common_redirect(common_local_url('subscriptions', array('nickname' =>
- $user->nickname)));
+ if ($this->boolean('ajax')) {
+ common_start_html('text/xml');
+ common_element_start('head');
+ common_element('title', null, _('Unsubscribed'));
+ common_element_end('head');
+ common_element_start('body');
+ common_subscribe_form($other);
+ common_element_end('body');
+ common_element_end('html');
+ } else {
+ common_redirect(common_local_url('subscriptions', array('nickname' =>
+ $user->nickname)));
+ }
}
}