X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fnewnotice.php;h=c8a321b91780ddf980265b8a6c92f2eb8091ab1d;hb=4f3d1e93e97365deac2366bfe422e8301d773a25;hp=64fe2494b8f11845675e086d364910e656e8c9a5;hpb=d34fc127a55301a08560d4c2b45bdf057e852432;p=quix0rs-gnu-social.git diff --git a/actions/newnotice.php b/actions/newnotice.php index 64fe2494b8..c8a321b917 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -26,7 +26,7 @@ class NewnoticeAction extends Action { # XXX: Ajax! if (!common_logged_in()) { - common_user_error(_t('Not logged in.')); + common_user_error(_('Not logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->save_new_notice(); } else { @@ -36,46 +36,62 @@ class NewnoticeAction extends Action { function save_new_notice() { + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + $user = common_current_user(); assert($user); # XXX: maybe an error instead... - $notice = DB_DataObject::factory('notice'); - assert($notice); - $notice->profile_id = $user->id; # user id *is* profile id - $notice->created = DB_DataObject_Cast::dateTime(); - # Default theme uses 'content' for something else - $notice->content = $this->trimmed('status_textarea'); - - if (!$notice->content) { - $this->show_form(_t('No content!')); - return; - } else if (strlen($notice->content) > 140) { - $this->show_form(_t('That\'s too long. Max notice size is 140 chars.')); + $content = $this->trimmed('status_textarea'); + + if (!$content) { + $this->show_form(_('No content!')); return; +// } else if (mb_strlen($content) > 140) { + } else { + $content = common_shorten_links($content); + + if (mb_strlen($content) > 140) { + common_debug("Content = '$content'", __FILE__); + common_debug("mb_strlen(\$content) = " . mb_strlen($content), __FILE__); + $this->show_form(_('That\'s too long. Max notice size is 140 chars.')); + return; + } } - $id = $notice->insert(); + $inter = new CommandInterpreter(); - if (!$id) { - common_server_error(_t('Problem saving notice.')); + $cmd = $inter->handle_command($user, $content); + + if ($cmd) { + $cmd->execute(new WebChannel()); return; } - $orig = clone($notice); - $notice->uri = common_notice_uri($notice); + $replyto = $this->trimmed('inreplyto'); + + common_debug("Replyto = $replyto\n"); + + $notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto); - if (!$notice->update($orig)) { - common_server_error(_t('Problem saving notice.')); + if (is_string($notice)) { + $this->show_form($notice); return; } common_broadcast_notice($notice); + $returnto = $this->trimmed('returnto'); + if ($returnto) { $url = common_local_url($returnto, array('nickname' => $user->nickname)); } else { $url = common_local_url('shownotice', - array('notice' => $id)); + array('notice' => $notice->id)); } common_redirect($url, 303); } @@ -86,7 +102,14 @@ class NewnoticeAction extends Action { function show_form($msg=NULL) { $content = $this->trimmed('status_textarea'); - common_show_header(_t('New notice'), NULL, $content, + if (!$content) { + $replyto = $this->trimmed('replyto'); + $profile = Profile::staticGet('nickname', $replyto); + if ($profile) { + $content = '@' . $profile->nickname . ' '; + } + } + common_show_header(_('New notice'), NULL, $content, array($this, 'show_top')); if ($msg) { common_element('p', 'error', $msg);