*/
use Friendica\App;
+use Friendica\BaseModule;
use Friendica\Content\ContactSelector;
use Friendica\Content\Feature;
use Friendica\Core\ACL;
$threadsid = -1;
$page_template = Renderer::getMarkupTemplate("conversation.tpl");
+ $formSecurityToken = BaseModule::getFormSecurityToken('contact_action');
if (!empty($items)) {
if (in_array($mode, ['community', 'contacts'])) {
'network_icon' => ContactSelector::networkToIcon($item['network'], $item['author-link']),
'linktitle' => DI::l10n()->t('View %s\'s profile @ %s', $profile_name, $item['author-link']),
'profile_url' => $profile_link,
- 'item_photo_menu_html' => item_photo_menu($item),
+ 'item_photo_menu_html' => item_photo_menu($item, $formSecurityToken),
'name' => $profile_name,
'sparkle' => $sparkle,
'lock' => false,
}
}
- $threads = $conv->getTemplateData($conv_responses);
+ $threads = $conv->getTemplateData($conv_responses, $formSecurityToken);
if (!$threads) {
Logger::log('[ERROR] conversation : Failed to get template data.', Logger::DEBUG);
$threads = [];
return $items;
}
-function item_photo_menu($item)
+function item_photo_menu($item, string $formSecurityToken)
{
DI::profiler()->startRecording('rendering');
$sub_link = '';
if (!empty($pcid)) {
$contact_url = 'contact/' . $pcid;
$posts_link = $contact_url . '/posts';
- $block_link = $item['self'] ? '' : $contact_url . '/block';
- $ignore_link = $item['self'] ? '' : $contact_url . '/ignore';
+ $block_link = $item['self'] ? '' : $contact_url . '/block?t=' . $formSecurityToken;
+ $ignore_link = $item['self'] ? '' : $contact_url . '/ignore?t=' . $formSecurityToken;
}
if ($cid && !$item['self']) {
* Get data in a form usable by a conversation template
*
* @param array $conv_responses conversation responses
+ * @param string $formSecurityToken A security Token to avoid CSF attacks
* @param integer $thread_level default = 1
*
* @return mixed The data requested on success
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException
*/
- public function getTemplateData(array $conv_responses, $thread_level = 1)
+ public function getTemplateData(array $conv_responses, string $formSecurityToken, $thread_level = 1)
{
$a = DI::app();
'vwall' => DI::l10n()->t('via Wall-To-Wall:'),
'profile_url' => $profile_link,
'name' => $profile_name,
- 'item_photo_menu_html' => item_photo_menu($item),
+ 'item_photo_menu_html' => item_photo_menu($item, $formSecurityToken),
'thumb' => DI::baseUrl()->remove(Contact::getAvatarUrlForUrl($item['author-link'], $item['uid'], Proxy::SIZE_THUMB)),
'osparkle' => $osparkle,
'sparkle' => $sparkle,
$nb_children = count($children);
if ($nb_children > 0) {
foreach ($children as $child) {
- $result['children'][] = $child->getTemplateData($conv_responses, $thread_level + 1);
+ $result['children'][] = $child->getTemplateData($conv_responses, $formSecurityToken, $thread_level + 1);
}
// Collapse
* We should find a way to avoid using those arguments (at least most of them)
*
* @param array $conv_responses data
+ * @param string $formSecurityToken A security Token to avoid CSF attacks
*
* @return mixed The data requested on success
* false on failure
* @throws \Exception
*/
- public function getTemplateData($conv_responses)
+ public function getTemplateData($conv_responses, string $formSecurityToken)
{
$result = [];
continue;
}
- $item_data = $item->getTemplateData($conv_responses);
+ $item_data = $item->getTemplateData($conv_responses, $formSecurityToken);
if (!$item_data) {
Logger::log('[ERROR] Conversation::getTemplateData : Failed to get item template data ('. $item->getId() .').', Logger::DEBUG);
projects / friendica.git / commitdiff