X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=actions%2Funsubscribe.php;h=b1e2b642568026cc62df626c9913105819fa3bbd;hb=5e816d7be208fc24419288234559c78da7391c8b;hp=1bf95fb612b16bb69d8cfbab0b954e0e435b8ded;hpb=293ad758f76143cf0e23c8d4a65f66d8a1ba7bab;p=quix0rs-gnu-social.git

diff --git a/actions/unsubscribe.php b/actions/unsubscribe.php
index 1bf95fb612..b1e2b64256 100644
--- a/actions/unsubscribe.php
+++ b/actions/unsubscribe.php
@@ -17,47 +17,67 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-class UnsubscribeAction extends Action {
-	function handle($args) {
-		parent::handle($args);
-		if (!common_logged_in()) {
-			common_user_error(_t('Not logged in.'));
-			return;
-		}
-		
-		$user = common_current_user();
-
-		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-			common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
-			return;
-		}
-		
-		$other_nickname = $this->arg('unsubscribeto');
-		$other = User::staticGet('nickname', $other_nickname);
-		if (!$other) {
-			common_user_error(_t('No such user.'));
-			return;
-		}
-
-		if (!$user->isSubscribed($other)) {
-			common_server_error(_t('Not subscribed!.'));
-		}
-
-		$sub = DB_DataObject::factory('subscription');
-		
-		$sub->subscriber = $user->id;
-		$sub->subscribed = $other->id;
-
-		$sub->find(true);
-
-		// note we checked for existence above
-		
-		if (!$sub->delete()) {
-			common_server_error(_t('Couldn\'t delete subscription.'));
-			return;
-		}
-
-		common_redirect(common_local_url('subscriptions', array('nickname' =>
-																$user->nickname)));
-	}
+class UnsubscribeAction extends Action
+{
+
+    function handle($args)
+    {
+        parent::handle($args);
+        if (!common_logged_in()) {
+            $this->clientError(_('Not logged in.'));
+            return;
+        }
+
+        $user = common_current_user();
+
+        if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+            common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
+            return;
+        }
+
+        # CSRF protection
+
+        $token = $this->trimmed('token');
+
+        if (!$token || $token != common_session_token()) {
+            $this->clientError(_('There was a problem with your session token. Try again, please.'));
+            return;
+        }
+
+        $other_id = $this->arg('unsubscribeto');
+
+        if (!$other_id) {
+            $this->clientError(_('No profile id in request.'));
+            return;
+        }
+
+        $other = Profile::staticGet('id', $other_id);
+
+        if (!$other_id) {
+            $this->clientError(_('No profile with that id.'));
+            return;
+        }
+
+        $result = subs_unsubscribe_to($user, $other);
+
+        if ($result != true) {
+            $this->clientError($result);
+            return;
+        }
+
+        if ($this->boolean('ajax')) {
+            $this->startHTML('text/xml;charset=utf-8');
+            $this->elementStart('head');
+            $this->element('title', null, _('Unsubscribed'));
+            $this->elementEnd('head');
+            $this->elementStart('body');
+            $subscribe = new SubscribeForm($this, $other);
+            $subscribe->show();
+            $this->elementEnd('body');
+            $this->elementEnd('html');
+        } else {
+            common_redirect(common_local_url('subscriptions', array('nickname' =>
+                                                                    $user->nickname)));
+        }
+    }
 }