X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Funsubscribe.php;h=7dcab04c045d2bd3ba6e3bd2ac152e6571b184c2;hb=b4e649fe906a793cd5e62d6390065ea5d41c40db;hp=69d5139073a60c2a3d1fd47e1594a732ba86e772;hpb=038f762bce95323ac929b0635cceb7f9425527ec;p=quix0rs-gnu-social.git

diff --git a/actions/unsubscribe.php b/actions/unsubscribe.php
index 69d5139073..7dcab04c04 100644
--- a/actions/unsubscribe.php
+++ b/actions/unsubscribe.php
@@ -17,52 +17,68 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-class UnsubscribeAction extends Action {
-	
-	function is_readonly() {
-		return false;
-	}
-	
-	function handle($args) {
-		parent::handle($args);
-		if (!common_logged_in()) {
-			common_user_error(_('Not logged in.'));
-			return;
-		}
+class UnsubscribeAction extends Action
+{
 
-		$user = common_current_user();
+    function handle($args)
+    {
+        parent::handle($args);
+        if (!common_logged_in()) {
+            $this->clientError(_('Not logged in.'));
+            return;
+        }
 
-		if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-			common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
-			return;
-		}
+        $user = common_current_user();
 
-		$other_nickname = $this->arg('unsubscribeto');
-		$other = User::staticGet('nickname', $other_nickname);
-		if (!$other) {
-			common_user_error(_('No such user.'));
-			return;
-		}
+        if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+            common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
+            return;
+        }
 
-		if (!$user->isSubscribed($other)) {
-			common_server_error(_('Not subscribed!.'));
-		}
+        # CSRF protection
 
-		$sub = DB_DataObject::factory('subscription');
+        $token = $this->trimmed('token');
 
-		$sub->subscriber = $user->id;
-		$sub->subscribed = $other->id;
+        if (!$token || $token != common_session_token()) {
+            $this->clientError(_('There was a problem with your session token. Try again, please.'));
+            return;
+        }
 
-		$sub->find(true);
+        $other_id = $this->arg('unsubscribeto');
 
-		// note we checked for existence above
+        if (!$other_id) {
+            $this->clientError(_('No profile id in request.'));
+            return;
+        }
 
-		if (!$sub->delete()) {
-			common_server_error(_('Couldn\'t delete subscription.'));
-			return;
-		}
+        $other = Profile::staticGet('id', $other_id);
 
-		common_redirect(common_local_url('subscriptions', array('nickname' =>
-																$user->nickname)));
-	}
+        if (!$other_id) {
+            $this->clientError(_('No profile with that id.'));
+            return;
+        }
+
+        $result = subs_unsubscribe_to($user, $other);
+
+        if ($result != true) {
+            $this->clientError($result);
+            return;
+        }
+
+        if ($this->boolean('ajax')) {
+            $this->startHTML('text/xml;charset=utf-8');
+            $this->elementStart('head');
+            $this->element('title', null, _('Unsubscribed'));
+            $this->elementEnd('head');
+            $this->elementStart('body');
+            $subscribe = new SubscribeForm($this, $other);
+            $subscribe->show();
+            $this->elementEnd('body');
+            $this->elementEnd('html');
+        } else {
+            common_redirect(common_local_url('subscriptions', array('nickname' =>
+                                                                    $user->nickname)),
+                            303);
+        }
+    }
 }