]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
small nudge enhancements
authormillette <millette@controlyourself.ca>
Tue, 18 Nov 2008 15:56:43 +0000 (10:56 -0500)
committermillette <millette@controlyourself.ca>
Tue, 18 Nov 2008 15:56:43 +0000 (10:56 -0500)
darcs-hash:20081118155643-099f7-df2d332253d9acc007966b28f5afc2edcd7cc9ac.gz

actions/nudge.php
lib/util.php

index 019c88b506a9d043debd42ae1b6deda3ecb87a6f..822606d30893b7b59c4434db2ab8221d7b2e46e4 100644 (file)
@@ -27,13 +27,35 @@ class NudgeAction extends Action {
                parent::handle($args);
 
                if (!common_logged_in()) {
-                       common_user_error(_('Not logged in.'));
+                       $this->client_error(_('Not logged in.'));
                        return;
                }
 
                $user = common_current_user();
-               $other_nickname = common_canonical_nickname($args['nickname']);
-               $other = User::staticGet('nickname', $other_nickname);
+//             $other_nickname = common_canonical_nickname($args['nickname']);
+//             $other_nickname = $this->arg('nickname');
+//             $other = User::staticGet('nickname', $other_nickname);
+               $other = User::staticGet('nickname', $this->arg('nickname'));
+
+               if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+                       common_redirect(common_local_url('showstream', array('nickname' => $other->nickname)));
+                       return;
+               }
+
+               # CSRF protection
+
+               $token = $this->trimmed('token');
+               
+               if (!$token || $token != common_session_token()) {
+                       $this->client_error(_('There was a problem with your session token. Try again, please.'));
+                       return;
+               }
+
+        if (!$other->email || !$other->emailnotifynudge) {
+            $this->client_error(_('This user doesn\'t allow nudges or hasn\'t confirmed or set his email yet.'));
+            return;
+        }
+
                $this->notify($user, $other);
 
                if ($this->boolean('ajax')) {
index 43e565fbf335c7066f9e5f30f7695a80f3b9035e..7dfbc1578ecd0af7f242e5c311b48cfa2e85dd41 100644 (file)
@@ -1866,11 +1866,7 @@ function common_favor_form($notice) {
 function common_nudge_form($profile) {
        common_element_start('form', array('id' => 'nudge', 'method' => 'post',
                                                                           'action' => common_local_url('nudge', array('nickname' => $profile->nickname))));
-       common_hidden('token', common_session_token()); //Is this necessary?
-//     common_element('input', array('id' => 'nudge_nickname',
-//                                                               'name' => 'nudge_nickname',
-//                                                               'type' => 'hidden',
-//                                                               'value' => $profile->nickname));
+       common_hidden('token', common_session_token());
        common_element('input', array('type' => 'submit',
                                                                  'class' => 'submit',
                                                                  'value' => _('Send a nudge')));
@@ -1881,7 +1877,6 @@ function common_nudge_response() {
        common_element('p', array('id' => 'nudge_response'), _('Nudge sent!'));
 }
 
-
 function common_cache_key($extra) {
        return 'laconica:' . common_keyize(common_config('site', 'name')) . ':' . $extra;
 }