X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fsubscribe.php;h=f761992de40f6fd7401f77ebae0a5b024642a20d;hb=28ef2ccf427683837dde29f8b89ea8d5378f287b;hp=ea3038236c45303dab990a62166c7013ea42607a;hpb=3f5ededc01d8eedac2a9a75917849fbe78a3e701;p=quix0rs-gnu-social.git diff --git a/actions/subscribe.php b/actions/subscribe.php index ea3038236c..f761992de4 100644 --- a/actions/subscribe.php +++ b/actions/subscribe.php @@ -1,69 +1,81 @@ . */ if (!defined('LACONICA')) { exit(1); } -class SubscribeAction extends Action { - function handle($args) { - parent::handle($args); - - if (!common_logged_in()) { - common_user_error(_t('Not logged in.')); - return; - } - - $other_nickname = $this->arg('subscribeto'); +class SubscribeAction extends Action +{ - $other = User::staticGet('nickname', $other_nickname); - - if (!$other) { - common_user_error(_t('No such user.')); - return; - } - - $user = common_current_user(); + function handle($args) + { + parent::handle($args); - if ($user->isSubscribed($other)) { - common_user_error(_t('Already subscribed!.')); - return; - } - - $sub = new Subscription(); - $sub->subscriber = $user->id; - $sub->subscribed = $other->id; - - $sub->created = DB_DataObject_Cast::dateTime(); # current time + if (!common_logged_in()) { + $this->clientError(_('Not logged in.')); + return; + } - $val = $sub->validate(); - - if ($val !== TRUE) { - # XXX: give some error notice - common_server_error(_t('Subscription did not validate.')); - return; - } - - if (!$sub->insert()) { - common_server_error(_t('Couldn\'t create subscription.')); - return; - } - - common_redirect(common_local_url('all', array('nickname' => - $user->nickname))); - } -} \ No newline at end of file + $user = common_current_user(); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); + return; + } + + # CSRF protection + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token. Try again, please.')); + return; + } + + $other_id = $this->arg('subscribeto'); + + $other = User::staticGet('id', $other_id); + + if (!$other) { + $this->clientError(_('Not a local user.')); + return; + } + + $result = subs_subscribe_to($user, $other); + + if($result != true) { + $this->clientError($result); + return; + } + + if ($this->boolean('ajax')) { + $this->startHTML('text/xml;charset=utf-8'); + $this->elementStart('head'); + $this->element('title', null, _('Subscribed')); + $this->elementEnd('head'); + $this->elementStart('body'); + $unsubscribe = new UnsubscribeForm($this, $other->getProfile()); + $unsubscribe->show(); + $this->elementEnd('body'); + $this->elementEnd('html'); + } else { + common_redirect(common_local_url('subscriptions', array('nickname' => + $user->nickname))); + } + } +}