X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fsubscribe.php;h=b93c06f120f0f50b084584acaa8d5688606275c0;hb=bf14709fe2ed18f5a2641f841cb000a4856290fd;hp=45dffa62bc6e00612e71c5ba280aa448ebc4f6d4;hpb=2ebe1fc61cb71cf9468763b837263e9101151127;p=quix0rs-gnu-social.git

diff --git a/actions/subscribe.php b/actions/subscribe.php
index 45dffa62bc..b93c06f120 100644
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -20,6 +20,7 @@
 if (!defined('LACONICA')) { exit(1); }
 
 class SubscribeAction extends Action {
+	
 	function handle($args) {
 		parent::handle($args);
 
@@ -35,6 +36,15 @@ class SubscribeAction extends Action {
 			return;
 		}
 
+		# CSRF protection
+
+		$token = $this->trimmed('token');
+		
+		if (!$token || $token != common_session_token()) {
+			$this->client_error(_('There was a problem with your session token. Try again, please.'));
+			return;
+		}
+
 		$other_nickname = $this->arg('subscribeto');
 
 		$other = User::staticGet('nickname', $other_nickname);
@@ -49,19 +59,21 @@ class SubscribeAction extends Action {
 			return;
 		}
 
-		$sub = new Subscription();
-		$sub->subscriber = $user->id;
-		$sub->subscribed = $other->id;
-
-		$sub->created = DB_DataObject_Cast::dateTime(); # current time
-
-		if (!$sub->insert()) {
-			common_server_error(_('Couldn\'t create subscription.'));
+		if (!$user->subscribeTo($other)) {
+			$this->server_error(_('Could not subscribe.'));
 			return;
 		}
 
 		$this->notify($other, $user);
 
+		if ($other->autosubscribe && !$other->isSubscribed($user)) {
+			if (!$other->subscribeTo($user)) {
+				$this->server_error(_('Could not subscribe other to you.'));
+				return;
+			}
+			$this->notify($user, $other);
+		}
+		
 		common_redirect(common_local_url('subscriptions', array('nickname' =>
 																$user->nickname)));
 	}