From aef4cc0a59276938f0f0aec4d67374f578f2117a Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 3 Dec 2009 17:06:58 -0800 Subject: [PATCH] Make it impossible to block (and thus unsubscribe from your self-subscription) via the API. Additionally, make it impossible to block yourself or unsubscribe from yourself, period. I also made User use the subs.php helper function for unsubscribing during a block. Hopefully, these changes will get rid of the problem of people accidentally deleting their self-subscriptions once and for all (knock on wood). --- actions/apiblockcreate.php | 11 +++++++++++ classes/User.php | 36 +++++++++++++++++++++++++++--------- lib/subs.php | 6 ++++++ 3 files changed, 44 insertions(+), 9 deletions(-) diff --git a/actions/apiblockcreate.php b/actions/apiblockcreate.php index 4f941f6c32..e79dec32d0 100644 --- a/actions/apiblockcreate.php +++ b/actions/apiblockcreate.php @@ -98,6 +98,17 @@ class ApiBlockCreateAction extends ApiAuthAction return; } + // Don't allow blocking yourself! + + if ($this->user->id == $this->other->id) { + $this->clientError( + _("You cannot block yourself!"), + 403, + $this->format + ); + return; + } + if ($this->user->hasBlocked($this->other) || $this->user->block($this->other) ) { diff --git a/classes/User.php b/classes/User.php index f905ea2b72..4838fe1c7d 100644 --- a/classes/User.php +++ b/classes/User.php @@ -502,6 +502,19 @@ class User extends Memcached_DataObject { // Add a new block record + // no blocking (and thus unsubbing from) yourself + + if ($this->id == $other->id) { + common_log(LOG_WARNING, + sprintf( + "Profile ID %d (%s) tried to block his or herself.", + $profile->id, + $profile->nickname + ) + ); + return false; + } + $block = new Profile_block(); // Begin a transaction @@ -520,15 +533,20 @@ class User extends Memcached_DataObject // Cancel their subscription, if it exists - $sub = Subscription::pkeyGet(array('subscriber' => $other->id, - 'subscribed' => $this->id)); - - if ($sub) { - $result = $sub->delete(); - if (!$result) { - common_log_db_error($sub, 'DELETE', __FILE__); - return false; - } + $result = subs_unsubscribe_to($this, $other); + + if ($result !== true) { + common_log(LOG_WARNING, + sprintf( + "Error trying to unsubscribe profile ID %d (%s) from user ID %d (%s): %s", + $other->id, + $other->nickname, + $this->id, + $this->nickname, + $result + ) + ); + return false; } $block->query('COMMIT'); diff --git a/lib/subs.php b/lib/subs.php index 2fc3160dec..4b6b03967a 100644 --- a/lib/subs.php +++ b/lib/subs.php @@ -127,6 +127,12 @@ function subs_unsubscribe_to($user, $other) if (!$user->isSubscribed($other)) return _('Not subscribed!'); + // Don't allow deleting self subs + + if ($user->id == $other->id) { + return _('Couldn\'t delete self-subscription.'); + } + $sub = DB_DataObject::factory('subscription'); $sub->subscriber = $user->id; -- 2.39.5