summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@controlyourself.ca>2008-12-07 22:15:32 -0500
committerEvan Prodromou <evan@controlyourself.ca>2008-12-07 22:15:32 -0500
commit5477532ea3e8323447dbe32a74749c3402ea303a (patch)
tree29dcf9a07b051918f109b31efd254737c1c6171b
parentba8cc0df5987df4e80a9a2d0cefab7efcba13966 (diff)
don't allow remote subscribes from blocked profiles
darcs-hash:20081208031532-5ed1f-6094c6425b73e45589de282fa482b912fb686fae.gz
-rw-r--r--actions/finishremotesubscribe.php16
1 files changed, 10 insertions, 6 deletions
diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php
index cacf545b5..e2276b5a4 100644
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@@ -41,7 +41,6 @@ class FinishremotesubscribeAction extends Action {
common_debug('stored request: '.print_r($omb,true), __FILE__);
-
common_remove_magic_from_request();
$req = OAuthRequest::from_request();
@@ -84,7 +83,7 @@ class FinishremotesubscribeAction extends Action {
common_user_error(_('You can use the local subscription!'));
return;
}
-
+
common_debug('listenee: "'.$omb['listenee'].'"', __FILE__);
$user = User::staticGet('nickname', $omb['listenee']);
@@ -95,12 +94,12 @@ class FinishremotesubscribeAction extends Action {
}
$other = User::staticGet('uri', $omb['listener']);
-
+
if ($other) {
common_user_error(_('You can use the local subscription!'));
return;
}
-
+
$fullname = $req->get_parameter('omb_listener_fullname');
$homepage = $req->get_parameter('omb_listener_homepage');
$bio = $req->get_parameter('omb_listener_bio');
@@ -183,6 +182,11 @@ class FinishremotesubscribeAction extends Action {
}
}
+ if ($user->hasBlocked($remote->id)) {
+ $this->client_error(_('That user has blocked you from subscribing.'));
+ return;
+ }
+
$sub = new Subscription();
$sub->subscriber = $remote->id;
$sub->subscribed = $user->id;
@@ -196,9 +200,9 @@ class FinishremotesubscribeAction extends Action {
}
# Notify user, if necessary
-
+
mail_subscribe_notify_profile($user, $profile);
-
+
# Clear the data
unset($_SESSION['oauth_authorization_request']);