X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fsmssettings.php;h=5db26730a50b1c5f05ccb314dc4dab33c3adba7b;hb=31d5b61ca7daf72a847aed50eb65b672b52766f5;hp=632a30ba8ede83957b763defefec6815174ae1d5;hpb=485331f99d5dfdfd7f1dca60853dac292f721b55;p=quix0rs-gnu-social.git diff --git a/actions/smssettings.php b/actions/smssettings.php index 632a30ba8e..5db26730a5 100644 --- a/actions/smssettings.php +++ b/actions/smssettings.php @@ -35,7 +35,7 @@ class SmssettingsAction extends EmailsettingsAction { 'id' => 'smssettings', 'action' => common_local_url('smssettings'))); - + common_hidden('token', common_session_token()); common_element('h2', NULL, _('Address')); if ($user->sms) { @@ -52,11 +52,12 @@ class SmssettingsAction extends EmailsettingsAction { $confirm = $this->get_confirmation(); if ($confirm) { $carrier = Sms_carrier::staticGet($confirm->address_extra); + common_element_start('p'); common_element('span', 'address unconfirmed', $confirm->address . ' (' . $carrier->name . ')'); common_element('span', 'input_instructions', _('Awaiting confirmation on this phone number.')); - common_hidden('sms', $user->sms); - common_hidden('carrier', $user->carrier); + common_hidden('sms', $confirm->address); + common_hidden('carrier', $confirm->address_extra); common_element_end('p'); common_submit('cancel', _('Cancel')); common_input('code', _('Confirmation code'), NULL, @@ -116,6 +117,14 @@ class SmssettingsAction extends EmailsettingsAction { function handle_post() { + # CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + if ($this->arg('save')) { $this->save_preferences(); } else if ($this->arg('add')) { @@ -137,7 +146,7 @@ class SmssettingsAction extends EmailsettingsAction { function save_preferences() { - $smsnotify = $this->boolean('emailpost'); + $smsnotify = $this->boolean('smsnotify'); $user = common_current_user(); @@ -228,8 +237,8 @@ class SmssettingsAction extends EmailsettingsAction { $this->show_form(_('No pending confirmation to cancel.')); return; } - if ($confirm->address != $sms || $confirm->address_extra != $carrier) { - $this->show_form(_('That is the wrong IM address.')); + if ($confirm->address != $sms) { + $this->show_form(_('That is the wrong confirmation number.')); return; } @@ -261,6 +270,7 @@ class SmssettingsAction extends EmailsettingsAction { $original = clone($user); $user->sms = NULL; $user->carrier = NULL; + $user->smsemail = NULL; $result = $user->updateKeys($original); if (!$result) { common_log_db_error($user, 'UPDATE', __FILE__); @@ -316,6 +326,6 @@ class SmssettingsAction extends EmailsettingsAction { } common_redirect(common_local_url('confirmaddress', - array('code' => $this->code))); + array('code' => $code))); } }