From 04b48688b66f0b5e6c17606af1f02756ed70ac3c Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 25 Jan 2013 13:48:57 -0800 Subject: [PATCH] add form security to invite page and set maximum per user invites --- boot.php | 2 +- mod/invite.php | 19 +++++ util/messages.po | 172 ++++++++++++++++++++-------------------- view/invite.tpl | 3 + view/smarty3/invite.tpl | 3 + 5 files changed, 112 insertions(+), 87 deletions(-) diff --git a/boot.php b/boot.php index df5231026b..5107d91af6 100644 --- a/boot.php +++ b/boot.php @@ -12,7 +12,7 @@ require_once('library/Mobile_Detect/Mobile_Detect.php'); require_once('include/features.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); -define ( 'FRIENDICA_VERSION', '3.1.1597' ); +define ( 'FRIENDICA_VERSION', '3.1.1599' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DB_UPDATE_VERSION', 1158 ); diff --git a/mod/invite.php b/mod/invite.php index 384161c6d3..aea92a663a 100644 --- a/mod/invite.php +++ b/mod/invite.php @@ -16,6 +16,18 @@ function invite_post(&$a) { return; } + check_form_security_token_redirectOnErr('/', 'send_invite'); + + $max_invites = intval(get_config('system','max_invites')); + if(! $max_invites) + $max_invites = 50; + + $current_invites = intval(get_pconfig(local_user(),'system','sent_invites')); + if($current_invites > $max_invites) { + notice( t('Total invitation limit exceeded.') . EOL); + return; + }; + $recips = ((x($_POST,'recipients')) ? explode("\n",$_POST['recipients']) : array()); $message = ((x($_POST,'message')) ? notags(trim($_POST['message'])) : ''); @@ -66,6 +78,12 @@ function invite_post(&$a) { if($res) { $total ++; + $current_invites ++; + set_pconfig(local_user(),'system','sent_invites',$current_invites); + if($current_invites > $max_invites) { + notice( t('Invitation limit exceeded. Please contact your site administrator.') . EOL); + return; + } } else { notice( sprintf( t('%s : Message delivery failed.'), $recip) . EOL); @@ -110,6 +128,7 @@ function invite_content(&$a) { } $o = replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("send_invite"), '$invite' => t('Send invitations'), '$addr_text' => t('Enter email addresses, one per line:'), '$msg_text' => t('Your message:'), diff --git a/util/messages.po b/util/messages.po index 603ae32ee7..b0d454b49d 100644 --- a/util/messages.po +++ b/util/messages.po @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: 3.1.1597\n" +"Project-Id-Version: 3.1.1599\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-01-23 10:00-0800\n" +"POT-Creation-Date: 2013-01-25 10:00-0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -368,7 +368,7 @@ msgstr "" #: ../../mod/dfrn_request.php:848 ../../mod/settings.php:561 #: ../../mod/settings.php:587 ../../mod/fbrowser.php:81 #: ../../mod/fbrowser.php:116 ../../addon/js_upload/js_upload.php:45 -#: ../../include/conversation.php:1040 +#: ../../include/conversation.php:1042 #: ../../addon.old/js_upload/js_upload.php:45 msgid "Cancel" msgstr "" @@ -642,7 +642,7 @@ msgstr "" msgid "I don't like this (toggle)" msgstr "" -#: ../../mod/photos.php:1422 ../../include/conversation.php:1000 +#: ../../mod/photos.php:1422 ../../include/conversation.php:1002 msgid "Share" msgstr "" @@ -650,7 +650,7 @@ msgstr "" #: ../../mod/content.php:499 ../../mod/content.php:883 #: ../../mod/wallmessage.php:152 ../../mod/message.php:300 #: ../../mod/message.php:528 ../../include/conversation.php:645 -#: ../../include/conversation.php:1019 ../../object/Item.php:293 +#: ../../include/conversation.php:1021 ../../object/Item.php:293 msgid "Please wait" msgstr "" @@ -668,7 +668,7 @@ msgstr "" #: ../../mod/photos.php:1443 ../../mod/photos.php:1487 #: ../../mod/photos.php:1570 ../../mod/editpost.php:142 -#: ../../mod/content.php:719 ../../include/conversation.php:1037 +#: ../../mod/content.php:719 ../../include/conversation.php:1039 #: ../../object/Item.php:613 msgid "Preview" msgstr "" @@ -742,7 +742,7 @@ msgstr "" msgid "Edit post" msgstr "" -#: ../../mod/editpost.php:91 ../../include/conversation.php:986 +#: ../../mod/editpost.php:91 ../../include/conversation.php:988 msgid "Post to Email" msgstr "" @@ -753,85 +753,85 @@ msgstr "" #: ../../mod/editpost.php:107 ../../mod/wallmessage.php:150 #: ../../mod/message.php:298 ../../mod/message.php:525 -#: ../../include/conversation.php:1001 +#: ../../include/conversation.php:1003 msgid "Upload photo" msgstr "" -#: ../../mod/editpost.php:108 ../../include/conversation.php:1002 +#: ../../mod/editpost.php:108 ../../include/conversation.php:1004 msgid "upload photo" msgstr "" -#: ../../mod/editpost.php:109 ../../include/conversation.php:1003 +#: ../../mod/editpost.php:109 ../../include/conversation.php:1005 msgid "Attach file" msgstr "" -#: ../../mod/editpost.php:110 ../../include/conversation.php:1004 +#: ../../mod/editpost.php:110 ../../include/conversation.php:1006 msgid "attach file" msgstr "" #: ../../mod/editpost.php:111 ../../mod/wallmessage.php:151 #: ../../mod/message.php:299 ../../mod/message.php:526 -#: ../../include/conversation.php:1005 +#: ../../include/conversation.php:1007 msgid "Insert web link" msgstr "" -#: ../../mod/editpost.php:112 ../../include/conversation.php:1006 +#: ../../mod/editpost.php:112 ../../include/conversation.php:1008 msgid "web link" msgstr "" -#: ../../mod/editpost.php:113 ../../include/conversation.php:1007 +#: ../../mod/editpost.php:113 ../../include/conversation.php:1009 msgid "Insert video link" msgstr "" -#: ../../mod/editpost.php:114 ../../include/conversation.php:1008 +#: ../../mod/editpost.php:114 ../../include/conversation.php:1010 msgid "video link" msgstr "" -#: ../../mod/editpost.php:115 ../../include/conversation.php:1009 +#: ../../mod/editpost.php:115 ../../include/conversation.php:1011 msgid "Insert audio link" msgstr "" -#: ../../mod/editpost.php:116 ../../include/conversation.php:1010 +#: ../../mod/editpost.php:116 ../../include/conversation.php:1012 msgid "audio link" msgstr "" -#: ../../mod/editpost.php:117 ../../include/conversation.php:1011 +#: ../../mod/editpost.php:117 ../../include/conversation.php:1013 msgid "Set your location" msgstr "" -#: ../../mod/editpost.php:118 ../../include/conversation.php:1012 +#: ../../mod/editpost.php:118 ../../include/conversation.php:1014 msgid "set location" msgstr "" -#: ../../mod/editpost.php:119 ../../include/conversation.php:1013 +#: ../../mod/editpost.php:119 ../../include/conversation.php:1015 msgid "Clear browser location" msgstr "" -#: ../../mod/editpost.php:120 ../../include/conversation.php:1014 +#: ../../mod/editpost.php:120 ../../include/conversation.php:1016 msgid "clear location" msgstr "" -#: ../../mod/editpost.php:122 ../../include/conversation.php:1020 +#: ../../mod/editpost.php:122 ../../include/conversation.php:1022 msgid "Permission settings" msgstr "" -#: ../../mod/editpost.php:130 ../../include/conversation.php:1029 +#: ../../mod/editpost.php:130 ../../include/conversation.php:1031 msgid "CC: email addresses" msgstr "" -#: ../../mod/editpost.php:131 ../../include/conversation.php:1030 +#: ../../mod/editpost.php:131 ../../include/conversation.php:1032 msgid "Public post" msgstr "" -#: ../../mod/editpost.php:134 ../../include/conversation.php:1016 +#: ../../mod/editpost.php:134 ../../include/conversation.php:1018 msgid "Set title" msgstr "" -#: ../../mod/editpost.php:136 ../../include/conversation.php:1018 +#: ../../mod/editpost.php:136 ../../include/conversation.php:1020 msgid "Categories (comma-separated list)" msgstr "" -#: ../../mod/editpost.php:137 ../../include/conversation.php:1032 +#: ../../mod/editpost.php:137 ../../include/conversation.php:1034 msgid "Example: bob@example.com, mary@example.com" msgstr "" @@ -2877,7 +2877,7 @@ msgstr "" #: ../../mod/wallmessage.php:123 ../../mod/wallmessage.php:131 #: ../../mod/message.php:249 ../../mod/message.php:257 #: ../../mod/message.php:429 ../../mod/message.php:437 -#: ../../include/conversation.php:936 ../../include/conversation.php:954 +#: ../../include/conversation.php:938 ../../include/conversation.php:956 msgid "Please enter a link URL:" msgstr "" @@ -4686,8 +4686,8 @@ msgstr "" msgid "Edit visibility" msgstr "" -#: ../../mod/filer.php:30 ../../include/conversation.php:940 -#: ../../include/conversation.php:958 +#: ../../mod/filer.php:30 ../../include/conversation.php:942 +#: ../../include/conversation.php:960 msgid "Save to Folder:" msgstr "" @@ -9200,145 +9200,145 @@ msgstr "" msgid "Please visit %s to view and/or reply to your private messages." msgstr "" -#: ../../include/enotify.php:89 +#: ../../include/enotify.php:90 #, php-format msgid "%1$s commented on [url=%2$s]a %3$s[/url]" msgstr "" -#: ../../include/enotify.php:96 +#: ../../include/enotify.php:97 #, php-format msgid "%1$s commented on [url=%2$s]%3$s's %4$s[/url]" msgstr "" -#: ../../include/enotify.php:104 +#: ../../include/enotify.php:105 #, php-format msgid "%1$s commented on [url=%2$s]your %3$s[/url]" msgstr "" -#: ../../include/enotify.php:114 +#: ../../include/enotify.php:115 #, php-format msgid "[Friendica:Notify] Comment to conversation #%1$d by %2$s" msgstr "" -#: ../../include/enotify.php:115 +#: ../../include/enotify.php:116 #, php-format msgid "%s commented on an item/conversation you have been following." msgstr "" -#: ../../include/enotify.php:118 ../../include/enotify.php:133 -#: ../../include/enotify.php:146 ../../include/enotify.php:164 -#: ../../include/enotify.php:177 +#: ../../include/enotify.php:119 ../../include/enotify.php:134 +#: ../../include/enotify.php:147 ../../include/enotify.php:165 +#: ../../include/enotify.php:178 #, php-format msgid "Please visit %s to view and/or reply to the conversation." msgstr "" -#: ../../include/enotify.php:125 +#: ../../include/enotify.php:126 #, php-format msgid "[Friendica:Notify] %s posted to your profile wall" msgstr "" -#: ../../include/enotify.php:127 +#: ../../include/enotify.php:128 #, php-format msgid "%1$s posted to your profile wall at %2$s" msgstr "" -#: ../../include/enotify.php:129 +#: ../../include/enotify.php:130 #, php-format msgid "%1$s posted to [url=%2$s]your wall[/url]" msgstr "" -#: ../../include/enotify.php:140 +#: ../../include/enotify.php:141 #, php-format msgid "[Friendica:Notify] %s tagged you" msgstr "" -#: ../../include/enotify.php:141 +#: ../../include/enotify.php:142 #, php-format msgid "%1$s tagged you at %2$s" msgstr "" -#: ../../include/enotify.php:142 +#: ../../include/enotify.php:143 #, php-format msgid "%1$s [url=%2$s]tagged you[/url]." msgstr "" -#: ../../include/enotify.php:154 +#: ../../include/enotify.php:155 #, php-format msgid "[Friendica:Notify] %1$s poked you" msgstr "" -#: ../../include/enotify.php:155 +#: ../../include/enotify.php:156 #, php-format msgid "%1$s poked you at %2$s" msgstr "" -#: ../../include/enotify.php:156 +#: ../../include/enotify.php:157 #, php-format msgid "%1$s [url=%2$s]poked you[/url]." msgstr "" -#: ../../include/enotify.php:171 +#: ../../include/enotify.php:172 #, php-format msgid "[Friendica:Notify] %s tagged your post" msgstr "" -#: ../../include/enotify.php:172 +#: ../../include/enotify.php:173 #, php-format msgid "%1$s tagged your post at %2$s" msgstr "" -#: ../../include/enotify.php:173 +#: ../../include/enotify.php:174 #, php-format msgid "%1$s tagged [url=%2$s]your post[/url]" msgstr "" -#: ../../include/enotify.php:184 +#: ../../include/enotify.php:185 msgid "[Friendica:Notify] Introduction received" msgstr "" -#: ../../include/enotify.php:185 +#: ../../include/enotify.php:186 #, php-format msgid "You've received an introduction from '%1$s' at %2$s" msgstr "" -#: ../../include/enotify.php:186 +#: ../../include/enotify.php:187 #, php-format msgid "You've received [url=%1$s]an introduction[/url] from %2$s." msgstr "" -#: ../../include/enotify.php:189 ../../include/enotify.php:207 +#: ../../include/enotify.php:190 ../../include/enotify.php:208 #, php-format msgid "You may visit their profile at %s" msgstr "" -#: ../../include/enotify.php:191 +#: ../../include/enotify.php:192 #, php-format msgid "Please visit %s to approve or reject the introduction." msgstr "" -#: ../../include/enotify.php:198 +#: ../../include/enotify.php:199 msgid "[Friendica:Notify] Friend suggestion received" msgstr "" -#: ../../include/enotify.php:199 +#: ../../include/enotify.php:200 #, php-format msgid "You've received a friend suggestion from '%1$s' at %2$s" msgstr "" -#: ../../include/enotify.php:200 +#: ../../include/enotify.php:201 #, php-format msgid "You've received [url=%1$s]a friend suggestion[/url] for %2$s from %3$s." msgstr "" -#: ../../include/enotify.php:205 +#: ../../include/enotify.php:206 msgid "Name:" msgstr "" -#: ../../include/enotify.php:206 +#: ../../include/enotify.php:207 msgid "Photo:" msgstr "" -#: ../../include/enotify.php:209 +#: ../../include/enotify.php:210 #, php-format msgid "Please visit %s to approve or reject the suggestion." msgstr "" @@ -9500,34 +9500,34 @@ msgstr "" msgid "stopped following" msgstr "" -#: ../../include/Contact.php:225 ../../include/conversation.php:816 +#: ../../include/Contact.php:225 ../../include/conversation.php:818 msgid "Poke" msgstr "" -#: ../../include/Contact.php:226 ../../include/conversation.php:810 +#: ../../include/Contact.php:226 ../../include/conversation.php:812 msgid "View Status" msgstr "" -#: ../../include/Contact.php:227 ../../include/conversation.php:811 +#: ../../include/Contact.php:227 ../../include/conversation.php:813 msgid "View Profile" msgstr "" -#: ../../include/Contact.php:228 ../../include/conversation.php:812 +#: ../../include/Contact.php:228 ../../include/conversation.php:814 msgid "View Photos" msgstr "" #: ../../include/Contact.php:229 ../../include/Contact.php:242 -#: ../../include/conversation.php:813 +#: ../../include/conversation.php:815 msgid "Network Posts" msgstr "" #: ../../include/Contact.php:230 ../../include/Contact.php:242 -#: ../../include/conversation.php:814 +#: ../../include/conversation.php:816 msgid "Edit Contact" msgstr "" #: ../../include/Contact.php:231 ../../include/Contact.php:242 -#: ../../include/conversation.php:815 +#: ../../include/conversation.php:817 msgid "Send PM" msgstr "" @@ -9553,82 +9553,82 @@ msgstr "" msgid "Filed under:" msgstr "" -#: ../../include/conversation.php:706 +#: ../../include/conversation.php:708 msgid "remove" msgstr "" -#: ../../include/conversation.php:710 +#: ../../include/conversation.php:712 msgid "Delete Selected Items" msgstr "" -#: ../../include/conversation.php:809 +#: ../../include/conversation.php:811 msgid "Follow Thread" msgstr "" -#: ../../include/conversation.php:878 +#: ../../include/conversation.php:880 #, php-format msgid "%s likes this." msgstr "" -#: ../../include/conversation.php:878 +#: ../../include/conversation.php:880 #, php-format msgid "%s doesn't like this." msgstr "" -#: ../../include/conversation.php:883 +#: ../../include/conversation.php:885 #, php-format msgid "%2$d people like this" msgstr "" -#: ../../include/conversation.php:886 +#: ../../include/conversation.php:888 #, php-format msgid "%2$d people don't like this" msgstr "" -#: ../../include/conversation.php:900 +#: ../../include/conversation.php:902 msgid "and" msgstr "" -#: ../../include/conversation.php:906 +#: ../../include/conversation.php:908 #, php-format msgid ", and %d other people" msgstr "" -#: ../../include/conversation.php:908 +#: ../../include/conversation.php:910 #, php-format msgid "%s like this." msgstr "" -#: ../../include/conversation.php:908 +#: ../../include/conversation.php:910 #, php-format msgid "%s don't like this." msgstr "" -#: ../../include/conversation.php:935 ../../include/conversation.php:953 +#: ../../include/conversation.php:937 ../../include/conversation.php:955 msgid "Visible to everybody" msgstr "" -#: ../../include/conversation.php:937 ../../include/conversation.php:955 +#: ../../include/conversation.php:939 ../../include/conversation.php:957 msgid "Please enter a video link/URL:" msgstr "" -#: ../../include/conversation.php:938 ../../include/conversation.php:956 +#: ../../include/conversation.php:940 ../../include/conversation.php:958 msgid "Please enter an audio link/URL:" msgstr "" -#: ../../include/conversation.php:939 ../../include/conversation.php:957 +#: ../../include/conversation.php:941 ../../include/conversation.php:959 msgid "Tag term:" msgstr "" -#: ../../include/conversation.php:941 ../../include/conversation.php:959 +#: ../../include/conversation.php:943 ../../include/conversation.php:961 msgid "Where are you right now?" msgstr "" -#: ../../include/conversation.php:942 +#: ../../include/conversation.php:944 msgid "Delete item(s)?" msgstr "" -#: ../../include/conversation.php:1021 +#: ../../include/conversation.php:1023 msgid "permissions" msgstr "" diff --git a/view/invite.tpl b/view/invite.tpl index a47ef01629..e00d27d4ae 100644 --- a/view/invite.tpl +++ b/view/invite.tpl @@ -1,4 +1,7 @@
+ + +

$invite

diff --git a/view/smarty3/invite.tpl b/view/smarty3/invite.tpl index a47ee639b2..e699f1f0ea 100644 --- a/view/smarty3/invite.tpl +++ b/view/smarty3/invite.tpl @@ -4,6 +4,9 @@ * *}} + + +

{{$invite}}

-- 2.39.5