Added block link to subscription notification emails; block action can now take a profile ID on the URL; added profile details to block page so there's an indication of who you're blocking before you pull the trigger.

Fixed typo in RedirectingAction when no return-to data provided in form submission.
RedirectingAction::returnToArgs() has been renamed to returnToPrevious() to avoid conflict with Action::returnToArgs() which returns arguments to be passed to other actions as return-to arguments. All callers should now be updated.
More profile settings actions will now redirect through a login form if visited as a GET request, as would be expected from a bookmark, link sent in e-mail etc.

9 files changed, 79 insertions, 16 deletions

diff --git a/actions/block.php b/actions/block.php
index 7f609c253..239a50868 100644
--- a/actions/block.php
+++ b/actions/block.php
@@ -87,13 +87,15 @@ class BlockAction extends ProfileFormAction
     {
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             if ($this->arg('no')) {
-                $this->returnToArgs();
+                $this->returnToPrevious();
             } elseif ($this->arg('yes')) {
                 $this->handlePost();
-                $this->returnToArgs();
+                $this->returnToPrevious();
             } else {
                 $this->showPage();
             }
+        } else {
+            $this->showPage();
         }
     }
 
@@ -118,6 +120,12 @@ class BlockAction extends ProfileFormAction
      */
     function areYouSureForm()
     {
+        // @fixme if we ajaxify the confirmation form, skip the preview on ajax hits
+        $profile = new ArrayWrapper(array($this->profile));
+        $preview = new ProfileList($profile, $this);
+        $preview->show();
+
+
         $id = $this->profile->id;
         $this->elementStart('form', array('id' => 'block-' . $id,
                                            'method' => 'post',
@@ -175,4 +183,38 @@ class BlockAction extends ProfileFormAction
         $this->autofocus('form_action-yes');
     }
 
+    /**
+     * Override for form session token checks; on our first hit we're just
+     * requesting confirmation, which doesn't need a token. We need to be
+     * able to take regular GET requests from email!
+     * 
+     * @throws ClientException if token is bad on POST request or if we have
+     *         confirmation parameters which could trigger something.
+     */
+    function checkSessionToken()
+    {
+        if ($_SERVER['REQUEST_METHOD'] == 'POST' ||
+            $this->arg('yes') ||
+            $this->arg('no')) {
+
+            return parent::checkSessionToken();
+        }
+    }
+
+    /**
+     * If we reached this form without returnto arguments, return to the
+     * current user's subscription list.
+     * 
+     * @return string URL
+     */
+    function defaultReturnTo()
+    {
+        $user = common_current_user();
+        if ($user) {
+            return common_local_url('subscribers',
+                                    array('nickname' => $user->nickname));
+        } else {
+            return common_local_url('public');
+        }
+    }
 }
diff --git a/actions/deleteuser.php b/actions/deleteuser.php
index 42ef4b9f5..c0a8b20e2 100644
--- a/actions/deleteuser.php
+++ b/actions/deleteuser.php
@@ -92,10 +92,10 @@ class DeleteuserAction extends ProfileFormAction
     {
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             if ($this->arg('no')) {
-                $this->returnToArgs();
+                $this->returnToPrevious();
             } elseif ($this->arg('yes')) {
                 $this->handlePost();
-                $this->returnToArgs();
+                $this->returnToPrevious();
             } else {
                 $this->showPage();
             }
diff --git a/actions/groupblock.php b/actions/groupblock.php
index fc95c0e66..2e06dc324 100644
--- a/actions/groupblock.php
+++ b/actions/groupblock.php
@@ -117,7 +117,7 @@ class GroupblockAction extends RedirectingAction
         parent::handle($args);
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             if ($this->arg('no')) {
-                $this->returnToArgs();
+                $this->returnToPrevious();
             } elseif ($this->arg('yes')) {
                 $this->blockProfile();
             } elseif ($this->arg('blockto')) {
@@ -195,7 +195,7 @@ class GroupblockAction extends RedirectingAction
             return false;
         }
         
-        $this->returnToArgs();
+        $this->returnToPrevious();
     }
 
     /**
diff --git a/lib/mail.php b/lib/mail.php
index a4065e8d5..ab5742e33 100644
--- a/lib/mail.php
+++ b/lib/mail.php
@@ -245,6 +245,11 @@ function mail_subscribe_notify_profile($listenee, $other)
                                       $other->getBestName(),
                                       common_config('site', 'name'));
 
+        $blocklink = sprintf(_("If you believe this account is being used abusively, " .
+                               "you can block them from your subscribers list and " .
+                               "report as spam to site administrators at %s"),
+                             common_local_url('block', array('profileid' => $other->id)));
+
         // TRANS: Main body of new-subscriber notification e-mail
         $body = sprintf(_('%1$s is now listening to your notices on %2$s.'."\n\n".
                           "\t".'%3$s'."\n\n".
@@ -264,9 +269,10 @@ function mail_subscribe_notify_profile($listenee, $other)
                         ($other->homepage) ?
                         // TRANS: Profile info line in new-subscriber notification e-mail
                         sprintf(_("Homepage: %s"), $other->homepage) . "\n" : '',
-                        ($other->bio) ?
+                        (($other->bio) ?
                         // TRANS: Profile info line in new-subscriber notification e-mail
-                        sprintf(_("Bio: %s"), $other->bio) . "\n\n" : '',
+                            sprintf(_("Bio: %s"), $other->bio) . "\n" : '') .
+                            "\n\n" . $blocklink . "\n",
                         common_config('site', 'name'),
                         common_local_url('emailsettings'));
 
diff --git a/lib/profileformaction.php b/lib/profileformaction.php
index 0ffafe5fb..51c89a922 100644
--- a/lib/profileformaction.php
+++ b/lib/profileformaction.php
@@ -60,7 +60,16 @@ class ProfileFormAction extends RedirectingAction
         $this->checkSessionToken();
 
         if (!common_logged_in()) {
-            $this->clientError(_('Not logged in.'));
+            if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+                $this->clientError(_('Not logged in.'));
+            } else {
+                // Redirect to login.
+                common_set_returnto($this->selfUrl());
+                $user = common_current_user();
+                if (Event::handle('RedirectToLogin', array($this, $user))) {
+                    common_redirect(common_local_url('login'), 303);
+                }
+            }
             return false;
         }
 
@@ -97,7 +106,7 @@ class ProfileFormAction extends RedirectingAction
 
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->handlePost();
-            $this->returnToArgs();
+            $this->returnToPrevious();
         }
     }
 
diff --git a/lib/redirectingaction.php b/lib/redirectingaction.php
index f11585274..3a358f891 100644
--- a/lib/redirectingaction.php
+++ b/lib/redirectingaction.php
@@ -53,12 +53,13 @@ class RedirectingAction extends Action
      * 
      * To be called only after successful processing.
      * 
-     * @fixme rename this -- it obscures Action::returnToArgs() which
-     * returns a list of arguments, and is a bit confusing.
+     * Note: this was named returnToArgs() up through 0.9.2, which
+     * caused problems because there's an Action::returnToArgs()
+     * already which does something different.
      * 
      * @return void
      */
-    function returnToArgs()
+    function returnToPrevious()
     {
         // Now, gotta figure where we go back to
         $action = false;
@@ -77,7 +78,7 @@ class RedirectingAction extends Action
         if ($action) {
             common_redirect(common_local_url($action, $args, $params), 303);
         } else {
-            $url = $this->defaultReturnToUrl();
+            $url = $this->defaultReturnTo();
         }
         common_redirect($url, 303);
     }
diff --git a/lib/router.php b/lib/router.php
index a9d07276f..afe44f92a 100644
--- a/lib/router.php
+++ b/lib/router.php
@@ -136,6 +136,11 @@ class Router
                 $m->connect('main/'.$a, array('action' => $a));
             }
 
+            // Also need a block variant accepting ID on URL for mail links
+            $m->connect('main/block/:profileid',
+                        array('action' => 'block'),
+                        array('profileid' => '[0-9]+'));
+
             $m->connect('main/sup/:seconds', array('action' => 'sup'),
                         array('seconds' => '[0-9]+'));
 
diff --git a/plugins/UserFlag/clearflag.php b/plugins/UserFlag/clearflag.php
index bd6732e2d..f032527ed 100644
--- a/plugins/UserFlag/clearflag.php
+++ b/plugins/UserFlag/clearflag.php
@@ -81,7 +81,7 @@ class ClearflagAction extends ProfileFormAction
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->handlePost();
             if (!$this->boolean('ajax')) {
-                $this->returnToArgs();
+                $this->returnToPrevious();
             }
         }
     }
diff --git a/plugins/UserFlag/flagprofile.php b/plugins/UserFlag/flagprofile.php
index 2d0f0abb9..018c1e8ac 100644
--- a/plugins/UserFlag/flagprofile.php
+++ b/plugins/UserFlag/flagprofile.php
@@ -87,7 +87,7 @@ class FlagprofileAction extends ProfileFormAction
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->handlePost();
             if (!$this->boolean('ajax')) {
-                $this->returnToArgs();
+                $this->returnToPrevious();
             }
         }
     }