X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fprofiles.php;h=7b3b6ccc1eb5ea1451bcf361768c53f73f117379;hb=9b6e91086b29554fd04362f6c87ea148718e8b1c;hp=5cc9fa38c4728e31c0473d339701dc9d68e1efb7;hpb=d284f8017cefb79571fe51c4ae3f85b9b4e517c9;p=friendica.git

diff --git a/mod/profiles.php b/mod/profiles.php
old mode 100644
new mode 100755
index 5cc9fa38c4..7b3b6ccc1e
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -21,6 +21,9 @@ function profiles_post(&$a) {
 			notice( t('Profile not found.') . EOL);
 			return;
 		}
+		
+		check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
+		
 		$is_default = (($orig[0]['is-default']) ? 1 : 0);
 
 		$profile_name = notags(trim($_POST['profile_name']));
@@ -210,6 +213,9 @@ function profiles_post(&$a) {
 			$url = $_SESSION['my_url'];
 			if($url && strlen(get_config('system','directory_submit_url')))
 				proc_run('php',"include/directory.php","$url");
+
+			require_once('include/profile_update.php');
+			profile_change();
 		}
 	}
 }
@@ -234,9 +240,11 @@ function profiles_content(&$a) {
 		);
 		if(! count($r)) {
 			notice( t('Profile not found.') . EOL);
-			goaway($a->get_baseurl() . '/profiles');
+			goaway($a->get_baseurl(true) . '/profiles');
 			return; // NOTREACHED
 		}
+		
+		check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't');
 
 		// move every contact using this profile as their default to the user default
 
@@ -252,7 +260,7 @@ function profiles_content(&$a) {
 		if($r)
 			info( t('Profile deleted.') . EOL);
 
-		goaway($a->get_baseurl() . '/profiles');
+		goaway($a->get_baseurl(true) . '/profiles');
 		return; // NOTREACHED
 	}
 
@@ -261,6 +269,8 @@ function profiles_content(&$a) {
 
 
 	if(($a->argc > 1) && ($a->argv[1] === 'new')) {
+		
+		check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't');
 
 		$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
 			intval(local_user()));
@@ -287,11 +297,14 @@ function profiles_content(&$a) {
 
 		info( t('New profile created.') . EOL);
 		if(count($r3) == 1)
-			goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
-		goaway($a->get_baseurl() . '/profiles');
-	}		 
+			goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']);
+		
+		goaway($a->get_baseurl(true) . '/profiles');
+	} 
 
 	if(($a->argc > 2) && ($a->argv[1] === 'clone')) {
+		
+		check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't');
 
 		$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
 			intval(local_user()));
@@ -326,10 +339,12 @@ function profiles_content(&$a) {
 		);
 		info( t('New profile created.') . EOL);
 		if(count($r3) == 1)
-			goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
-	goaway($a->get_baseurl() . '/profiles');
-	return; // NOTREACHED
-	}		 
+			goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']);
+		
+		goaway($a->get_baseurl(true) . '/profiles');
+		
+		return; // NOTREACHED
+	}
 
 
 	if(($a->argc > 1) && (intval($a->argv[1]))) {
@@ -358,8 +373,8 @@ function profiles_content(&$a) {
 		));
 
 
-		$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
-		$a->page['htmlhead'] .= "<script type=\"text/javascript\" src=\"include/country.js\" ></script>";
+		$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true)));
+		$a->page['htmlhead'] .= "<script type=\"text/javascript\" src=\"js/country.js\" ></script>";
 
 		$f = get_config('system','birthday_input_format');
 		if(! $f)
@@ -368,6 +383,9 @@ function profiles_content(&$a) {
 		$is_default = (($r[0]['is-default']) ? 1 : 0);
 		$tpl = get_markup_template("profile_edit.tpl");
 		$o .= replace_macros($tpl,array(
+			'$form_security_token' => get_form_security_token("profile_edit"),
+			'$profile_clone_link' => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"),
+			'$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"),
 			'$banner' => t('Edit Profile Details'),
 			'$submit' => t('Submit'),
 			'$viewprof' => t('View this profile'),
@@ -407,7 +425,7 @@ function profiles_content(&$a) {
 			'$lbl_work' => t('Work/employment'),
 			'$lbl_school' => t('School/education'),
 			'$disabled' => (($is_default) ? 'onclick="return false;" style="color: #BBBBFF;"' : ''),
-			'$baseurl' => $a->get_baseurl(),
+			'$baseurl' => $a->get_baseurl(true),
 			'$profile_id' => $r[0]['id'],
 			'$profile_name' => $r[0]['profile-name'],
 			'$default' => (($is_default) ? '<p id="profile-edit-default-desc">' . t('This is your <strong>public</strong> profile.<br />It <strong>may</strong> be visible to anybody using the internet.') . '</p>' : ""),
@@ -455,9 +473,10 @@ function profiles_content(&$a) {
 
 			$tpl_header = get_markup_template('profile_listing_header.tpl');
 			$o .= replace_macros($tpl_header,array(
-				'$header' => t('Profiles'),
+				'$header' => t('Edit/Manage Profiles'),
 				'$chg_photo' => t('Change profile photo'),
-				'$cr_new' => t('Create New Profile')
+				'$cr_new' => t('Create New Profile'),
+				'$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new")
 			));
 
 
@@ -470,7 +489,7 @@ function profiles_content(&$a) {
 					'$alt' => t('Profile Image'),
 					'$profile_name' => $rr['profile-name'],
 					'$visible' => (($rr['is-default']) ? '<strong>' . t('visible to everybody') . '</strong>' 
-						: '<a href="' . $a->get_baseurl() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>')
+						: '<a href="' . $a->get_baseurl(true) . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>')
 				));
 			}
 		}