diff options
| author | Evan Prodromou <evan@controlyourself.ca> | 2009-08-21 15:42:11 -0400 |
|---|---|---|
| committer | Evan Prodromou <evan@controlyourself.ca> | 2009-08-21 15:42:11 -0400 |
| commit | b2664e1ae2e2cf66585cdd8696d88efdd053eb3b (patch) | |
| tree | 3e406bc5502c0937f2cf81e0b4a6a1b714a1b403 /actions/updateprofile.php | |
| parent | c78772b2748f70acc8158b665218fe53b277a031 (diff) | |
| parent | 9f07921b45190b462e1a798622068e24ef31e124 (diff) | |
Merge branch '0.8.x' into 0.9.x
Conflicts:
actions/updateprofile.php
actions/userauthorization.php
classes/User_group.php
index.php
install.php
lib/accountsettingsaction.php
lib/logingroupnav.php
Diffstat (limited to 'actions/updateprofile.php')
| -rw-r--r-- | actions/updateprofile.php | 50 |
1 files changed, 41 insertions, 9 deletions
diff --git a/actions/updateprofile.php b/actions/updateprofile.php index b10554e8b..b020413b3 100644 --- a/actions/updateprofile.php +++ b/actions/updateprofile.php @@ -57,13 +57,46 @@ class UpdateprofileAction extends Action */ function prepare($argarray) { - parent::prepare($argarray); - $license = $_POST['omb_listenee_license']; - $site_license = common_config('license', 'url'); - if (!common_compatible_license($license, $site_license)) { - $this->clientError(sprintf(_('Listenee stream license ā%sā is not '. - 'compatible with site license ā%sā.'), - $license, $site_license); + $version = $req->get_parameter('omb_version'); + if ($version != OMB_VERSION_01) { + $this->clientError(_('Unsupported OMB version'), 400); + return false; + } + # First, check to see if listenee exists + $listenee = $req->get_parameter('omb_listenee'); + $remote = Remote_profile::staticGet('uri', $listenee); + if (!$remote) { + $this->clientError(_('Profile unknown'), 404); + return false; + } + # Second, check to see if they should be able to post updates! + # We see if there are any subscriptions to that remote user with + # the given token. + + $sub = new Subscription(); + $sub->subscribed = $remote->id; + $sub->token = $token->key; + if (!$sub->find(true)) { + $this->clientError(_('You did not send us that profile'), 403); + return false; + } + + $profile = Profile::staticGet('id', $remote->id); + if (!$profile) { + # This one is our fault + $this->serverError(_('Remote profile with no matching profile'), 500); + return false; + } + $nickname = $req->get_parameter('omb_listenee_nickname'); + if ($nickname && !Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => NICKNAME_FMT))) { + $this->clientError(_('Nickname must have only lowercase letters and numbers and no spaces.')); + return false; + } + $license = $req->get_parameter('omb_listenee_license'); + if ($license && !common_valid_http_url($license)) { + $this->clientError(sprintf(_("Invalid license URL '%s'"), $license)); return false; } return true; @@ -82,5 +115,4 @@ class UpdateprofileAction extends Action return; } } -} -?> +}
\ No newline at end of file |