Remove CSRF protection from username/password login and from OpenID login.

[quix0rs-gnu-social.git] / classes / Message.php

diff --git a/classes/Message.php b/classes/Message.php
index 979e6e87ccbdcb4d79de3c0fec07a19a239a6812..fa0c5b31812411dd03b08da8a4867add45bb45ed 100644 (file)
--- a/classes/Message.php
+++ b/classes/Message.php
@@ -39,6 +39,13 @@ class Message extends Memcached_DataObject
 
     static function saveNew($from, $to, $content, $source) {
 
+        $sender = Profile::staticGet('id', $from);
+
+        if (!$sender->hasRight(Right::NEWMESSAGE)) {
+            // TRANS: Client exception thrown when a user tries to send a direct message while being banned from sending them.
+            throw new ClientException(_('You are banned from sending direct messages.'));
+        }
+
         $msg = new Message();
 
         $msg->from_profile = $from;
@@ -52,6 +59,7 @@ class Message extends Memcached_DataObject
 
         if (!$result) {
             common_log_db_error($msg, 'INSERT', __FILE__);
+            // TRANS: Message given when a message could not be stored on the server.
             return _('Could not insert message.');
         }
 
@@ -62,6 +70,7 @@ class Message extends Memcached_DataObject
 
         if (!$result) {
             common_log_db_error($msg, 'UPDATE', __FILE__);
+            // TRANS: Message given when a message could not be updated on the server.
             return _('Could not update message with new URI.');
         }
 
@@ -83,4 +92,12 @@ class Message extends Memcached_DataObject
         $contentlimit = self::maxContent();
         return ($contentlimit > 0 && !empty($content) && (mb_strlen($content) > $contentlimit));
     }
+
+    function notify()
+    {
+        $from = User::staticGet('id', $this->from_profile);
+        $to   = User::staticGet('id', $this->to_profile);
+
+        mail_notify_message($this, $from, $to);
+    }
 }