X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Funsubscribe.php;h=4bfaf79580f0c49b316b98efe9f79b71cd7b63c2;hb=f2e3021b59f3661b3c900b06600a580b8970df2f;hp=bac7523932e4e92e3eda81832f915c8430b5ea6a;hpb=52600ce0b063e68e622b19699841e41b5ddbf2d1;p=quix0rs-gnu-social.git

diff --git a/actions/unsubscribe.php b/actions/unsubscribe.php
index bac7523932..4bfaf79580 100644
--- a/actions/unsubscribe.php
+++ b/actions/unsubscribe.php
@@ -18,35 +18,38 @@
  */
 
 class UnsubscribeAction extends Action {
+	
 	function handle($args) {
 		parent::handle($args);
 		if (!common_logged_in()) {
-			common_user_error(_t('Not logged in.'));
-			return;
-		}
-		$other_nickname = $this->arg('unsubscribeto');
-		$other = User::staticGet('nickname', $other_nickname);
-		if (!$other) {
-			common_user_error(_t('No such user.'));
+			common_user_error(_('Not logged in.'));
 			return;
 		}
 
 		$user = common_current_user();
 
-		if (!$user->isSubscribed($other)) {
-			common_server_error(_t('Not subscribed!.'));
+		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+			common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
+			return;
 		}
 
-		$sub = new Subscription();
-		$sub->subscriber = $user->id;
-		$sub->subscribed = $other->id;
+		# CSRF protection
 
-		if (!$sub->delete()) {
-			common_server_error(_t('Couldn\'t delete subscription.'));
+		$token = $this->trimmed('token');
+		
+		if (!$token || $token != common_session_token()) {
+			$this->client_error(_('There was a problem with your session token. Try again, please.'));
+			return;
+		}
+
+		$other_nickname = $this->arg('unsubscribeto');
+		$result=subs_unsubscribe_user($user,$other_nickname);
+		if($result!=true) {
+			common_user_error($result);
 			return;
 		}
 
-		common_redirect(common_local_url('all', array('nickname' =>
-													  $user->nickname)));
+		common_redirect(common_local_url('subscriptions', array('nickname' =>
+																$user->nickname)));
 	}
 }