From: Evan Prodromou Date: Fri, 6 Jun 2008 05:54:39 +0000 (-0400) Subject: checks for user and sub in validate and better error check in remote save X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=1ef5cf964ef65b248dc150660124e95dcd933106;p=quix0rs-gnu-social.git checks for user and sub in validate and better error check in remote save darcs-hash:20080606055439-84dde-3abda48583737e89a9c75b3cff6722e9444d13a9.gz --- diff --git a/actions/userauthorization.php b/actions/userauthorization.php index b4fe1b0754..e91c41fb3e 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -258,18 +258,27 @@ class UserauthorizationAction extends Action { } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); + if (!$id) { + return FALSE; + } $remote->id = $id; } if ($exists) { - $remote->update($orig_remote); + if (!$remote->update($orig_remote)) { + return FALSE; + } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time - $remote->insert(); + if (!$remote->insert()) { + return FALSE; + } } if ($avatar_url) { - $this->add_avatar($profile, $avatar_url); + if (!$this->add_avatar($profile, $avatar_url)) { + return FALSE; + } } $user = common_current_user(); @@ -284,9 +293,10 @@ class UserauthorizationAction extends Action { $sub->created = DB_DataObject_Cast::dateTime(); # current time if (!$sub->insert()) { - common_user_error(_t('Couldn\'t insert new subscription.')); - return; + return FALSE; } + + return TRUE; } function add_avatar($profile, $url) { @@ -378,6 +388,10 @@ class UserauthorizationAction extends Action { if (!$user) { throw new OAuthException("Listener URI '$listener' not found here"); } + $cur = common_current_user(); + if ($cur->id != $user->id) { + throw new OAuthException("Can't add for another user!"); + } $listenee = $req->get_parameter('omb_listenee'); if (!Validate::uri($listenee) && !common_valid_tag($listenee)) { @@ -386,6 +400,15 @@ class UserauthorizationAction extends Action { if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '$listenee' too long"); } + $remote = Remote_profile::staticGet('uri', $listenee); + if ($remote) { + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $remote->id; + if ($sub->find(TRUE)) { + throw new OAuthException("Already subscribed to user!"); + } + } $nickname = $req->get_parameter('omb_listenee_nickname'); if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64,