diff options
| author | millette <millette@controlyourself.ca> | 2008-11-18 10:56:43 -0500 |
|---|---|---|
| committer | millette <millette@controlyourself.ca> | 2008-11-18 10:56:43 -0500 |
| commit | 9f1b4b3ed6724bf07e11581a03d898467947b954 (patch) | |
| tree | 4d9560f6830d85f40ff6fddb850d5f89788bfa05 /actions | |
| parent | d1ecedfffebbb0c9687cca7e37fa3558c15ad92a (diff) | |
small nudge enhancements
darcs-hash:20081118155643-099f7-df2d332253d9acc007966b28f5afc2edcd7cc9ac.gz
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/nudge.php | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/actions/nudge.php b/actions/nudge.php index 019c88b50..822606d30 100644 --- a/actions/nudge.php +++ b/actions/nudge.php @@ -27,13 +27,35 @@ class NudgeAction extends Action { parent::handle($args); if (!common_logged_in()) { - common_user_error(_('Not logged in.')); + $this->client_error(_('Not logged in.')); return; } $user = common_current_user(); - $other_nickname = common_canonical_nickname($args['nickname']); - $other = User::staticGet('nickname', $other_nickname); +// $other_nickname = common_canonical_nickname($args['nickname']); +// $other_nickname = $this->arg('nickname'); +// $other = User::staticGet('nickname', $other_nickname); + $other = User::staticGet('nickname', $this->arg('nickname')); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('showstream', array('nickname' => $other->nickname))); + return; + } + + # CSRF protection + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + if (!$other->email || !$other->emailnotifynudge) { + $this->client_error(_('This user doesn\'t allow nudges or hasn\'t confirmed or set his email yet.')); + return; + } + $this->notify($user, $other); if ($this->boolean('ajax')) { |