X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Finvite.php;h=c7d92085c163faff7999baba8f08186e6ae79e35;hb=3a246c17266d562e0510e5a332009dcfda43c1c7;hp=1e2a9550325f93f30f82b4c0b4119ab132b22aac;hpb=ebf5d52f74b9441c1b65fb4cd2492fc21893664f;p=quix0rs-gnu-social.git

diff --git a/actions/invite.php b/actions/invite.php
index 1e2a955032..c7d92085c1 100644
--- a/actions/invite.php
+++ b/actions/invite.php
@@ -40,6 +40,13 @@ class InviteAction extends Action {
 
 	function send_invitations() {
 
+		# CSRF protection
+		$token = $this->trimmed('token');
+		if (!$token || $token != common_session_token()) {
+			$this->show_form(_('There was a problem with your session token. Try again, please.'));
+			return;
+		}
+
 		$user = common_current_user();
 		$profile = $user->getProfile();
 
@@ -125,6 +132,7 @@ class InviteAction extends Action {
 		common_element_start('form', array('method' => 'post',
 										   'id' => 'invite',
 										   'action' => common_local_url('invite')));
+		common_hidden('token', common_session_token());
 
 		common_textarea('addresses', _('Email addresses'),
 						$this->trimmed('addresses'),
@@ -134,7 +142,7 @@ class InviteAction extends Action {
 						$this->trimmed('personal'),
 						_('Optionally add a personal message to the invitation.'));
 
-		common_submit('preview', _('Preview'));
+		common_submit('send', _('Send'));
 
 		common_element_end('form');
 
@@ -143,6 +151,11 @@ class InviteAction extends Action {
 
 	function send_invitation($email, $user, $personal) {
 
+		$profile = $user->getProfile();
+		$bestname = $profile->getBestName();
+
+		$sitename = common_config('site', 'name');
+
 		$invite = new Invitation();
 
 		$invite->address = $email;
@@ -162,17 +175,17 @@ class InviteAction extends Action {
 		$headers['To'] = $email;
 		$headers['Subject'] = sprintf(_('%1$s has invited you to join them on %2$s'), $bestname, $sitename);
 
-		$body = sprintf(_("%1$s has invited you to join them on %2$s (%3$s).\n\n".
-						  "%2$s is a micro-blogging service that lets you keep up-to-date with people you know and people who interest you.\n\n".
+		$body = sprintf(_("%1\$s has invited you to join them on %2\$s (%3\$s).\n\n".
+						  "%2\$s is a micro-blogging service that lets you keep up-to-date with people you know and people who interest you.\n\n".
 						  "You can also share news about yourself, your thoughts, or your life online with people who know about you. ".
 						  "It's also great for meeting new people who share your interests.\n\n".
-						  "%1$s said:\n\n%4$s\n\n".
-						  "You can see %1$s's profile page on %2$s here:\n\n".
-						  "%5$s\n\n".
+						  "%1\$s said:\n\n%4\$s\n\n".
+						  "You can see %1\$s's profile page on %2\$s here:\n\n".
+						  "%5\$s\n\n".
 						  "If you'd like to try the service, click on the link below to accept the invitation.\n\n".
-						  "%6$s\n\n".
+						  "%6\$s\n\n".
 						  "If not, you can ignore this message. Thanks for your patience and your time.\n\n".
-						  "Sincerely, %2$s\n"),
+						  "Sincerely, %2\$s\n"),
 						$bestname,
 						$sitename,
 						common_root_url(),