X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fnewmessage.php;h=67695210ec21ebf5db6add7234fbd1f0d2ee1f33;hb=2abe10b8ea4b5d69fc7f6513bf465541454ca2cf;hp=f134e89483c4d1d2db4f9dcfb70a327ccf9a0e9f;hpb=892132549ea6674bcdae8097084cafde879a6f1b;p=quix0rs-gnu-social.git diff --git a/actions/newmessage.php b/actions/newmessage.php index f134e89483..67695210ec 100644 --- a/actions/newmessage.php +++ b/actions/newmessage.php @@ -34,9 +34,16 @@ class NewmessageAction extends Action { } function save_new_message() { - $user = common_current_user(); assert($user); # XXX: maybe an error instead... + + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } $content = $this->trimmed('content'); $to = $this->trimmed('to'); @@ -44,11 +51,15 @@ class NewmessageAction extends Action { if (!$content) { $this->show_form(_('No content!')); return; - } else if (mb_strlen($content) > 140) { - common_debug("Content = '$content'", __FILE__); - common_debug("mb_strlen(\$content) = " . mb_strlen($content), __FILE__); - $this->show_form(_('That\'s too long. Max message size is 140 chars.')); - return; + } else { + $content_shortened = common_shorten_links($content); + + if (mb_strlen($content_shortened) > 140) { + common_debug("Content = '$content_shortened'", __FILE__); + common_debug("mb_strlen(\$content) = " . mb_strlen($content_shortened), __FILE__); + $this->show_form(_('That\'s too long. Max message size is 140 chars.')); + return; + } } $other = User::staticGet('id', $to); @@ -71,10 +82,9 @@ class NewmessageAction extends Action { return; } - $this->notify($user, $to, $message); + $this->notify($user, $other, $message); - $url = common_local_url('showmessage', - array('message' => $message->id)); + $url = common_local_url('outbox', array('nickname' => $user->nickname)); common_redirect($url, 303); } @@ -84,43 +94,8 @@ class NewmessageAction extends Action { list($content, $user, $to) = $params; assert(!is_null($user)); - - common_element_start('form', array('id' => 'message_form', - 'method' => 'post', - 'action' => $this->self_url())); - - $mutual_users = $user->mutuallySubscribedUsers(); - - $mutual = array(); - - while ($mutual_users->fetch()) { - if ($mutual_users->id != $user->id) { - $mutual[$mutual_users->id] = $mutual_users->nickname; - } - } - $mutual_users->free(); - unset($mutual_users); - - common_dropdown('to', _('To'), $mutual, - _('User you want to send a message to'), FALSE, - $to->id); - - common_element_start('p'); - - common_element('textarea', array('id' => 'message_content', - 'cols' => 60, - 'rows' => 3, - 'name' => 'content'), - ($content) ? $content : ''); - - common_element('input', array('id' => 'message_send', - 'name' => 'message_send', - 'type' => 'submit', - 'value' => _('Send'))); - - common_element_end('p'); - common_element_end('form'); + common_message_form($content, $user, $to); } function show_form($msg=NULL) {