X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fsubscribe.php;h=20c258923bb0b2b33fed38d1d156e27e8cbe155a;hb=a528cff1a1391f92c1f9be47bffbacf0c6874ac4;hp=68fdd24e98d5bca9679b7b1d9cfc81570d054d69;hpb=3b14b7901c65144835d74b712279d0492c267c0c;p=quix0rs-gnu-social.git diff --git a/actions/subscribe.php b/actions/subscribe.php index 68fdd24e98..20c258923b 100644 --- a/actions/subscribe.php +++ b/actions/subscribe.php @@ -1,18 +1,18 @@ . */ @@ -20,42 +20,41 @@ if (!defined('LACONICA')) { exit(1); } class SubscribeAction extends Action { + function handle($args) { parent::handle($args); - + if (!common_logged_in()) { - common_user_error(_t('Not logged in.')); + common_user_error(_('Not logged in.')); return; } - - $other_nickname = $this->arg('subscribeto'); - $other = User::staticGet('nickname', $other_nickname); - - if (!$other) { - common_user_error(_t('No such user.')); - return; - } - $user = common_current_user(); - if ($user->isSubscribed($other)) { - common_user_error(_t('Already subscribed!.')); + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); return; } + + # CSRF protection + + $token = $this->trimmed('token'); - $sub = new Subscription(); - $sub->subscriber = $user->id; - $sub->subscribed = $other->id; - - $sub->created = time(); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + $other_nickname = $this->arg('subscribeto'); + + $result=subs_subscribe_user($user, $other_nickname); - if (!$sub->insert()) { - common_server_error(_t('Couldn\'t create subscription.')); + if($result != true) { + common_user_error($result); return; } - common_redirect(common_local_url('all', array('nickname' => - $user->nickname))); + common_redirect(common_local_url('subscriptions', array('nickname' => + $user->nickname))); } } \ No newline at end of file