* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-class UnsubscribeAction extends Action {
- function handle($args) {
- parent::handle($args);
- if (!common_logged_in()) {
- common_user_error(_t('Not logged in.'));
- return;
- }
-
- $user = common_current_user();
-
- if ($_SERVER['REQUEST_METHOD'] != 'POST') {
- common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
- return;
- }
-
- $other_nickname = $this->arg('unsubscribeto');
- $other = User::staticGet('nickname', $other_nickname);
- if (!$other) {
- common_user_error(_t('No such user.'));
- return;
- }
-
- if (!$user->isSubscribed($other)) {
- common_server_error(_t('Not subscribed!.'));
- }
-
- $sub = DB_DataObject::factory('subscription');
-
- $sub->subscriber = $user->id;
- $sub->subscribed = $other->id;
-
- $sub->find(true);
-
- // note we checked for existence above
-
- if (!$sub->delete()) {
- common_server_error(_t('Couldn\'t delete subscription.'));
- return;
- }
-
- common_redirect(common_local_url('subscriptions', array('nickname' =>
- $user->nickname)));
- }
+class UnsubscribeAction extends Action
+{
+
+ function handle($args)
+ {
+ parent::handle($args);
+ if (!common_logged_in()) {
+ $this->clientError(_('Not logged in.'));
+ return;
+ }
+
+ $user = common_current_user();
+
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
+ return;
+ }
+
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->clientError(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
+ $other_id = $this->arg('unsubscribeto');
+
+ if (!$other_id) {
+ $this->clientError(_('No profile id in request.'));
+ return;
+ }
+
+ $other = Profile::staticGet('id', $other_id);
+
+ if (!$other_id) {
+ $this->clientError(_('No profile with that id.'));
+ return;
+ }
+
+ $result = subs_unsubscribe_to($user, $other);
+
+ if ($result != true) {
+ $this->clientError($result);
+ return;
+ }
+
+ if ($this->boolean('ajax')) {
+ $this->startHTML('text/xml;charset=utf-8');
+ $this->elementStart('head');
+ $this->element('title', null, _('Unsubscribed'));
+ $this->elementEnd('head');
+ $this->elementStart('body');
+ $subscribe = new SubscribeForm($this, $other);
+ $subscribe->show();
+ $this->elementEnd('body');
+ $this->elementEnd('html');
+ } else {
+ common_redirect(common_local_url('subscriptions', array('nickname' =>
+ $user->nickname)),
+ 303);
+ }
+ }
}
projects / quix0rs-gnu-social.git / blobdiff