diff options
| -rw-r--r-- | actions/apiblockcreate.php | 11 | ||||
| -rw-r--r-- | classes/User.php | 36 | ||||
| -rw-r--r-- | lib/subs.php | 6 |
3 files changed, 44 insertions, 9 deletions
diff --git a/actions/apiblockcreate.php b/actions/apiblockcreate.php index 4f941f6c3..e79dec32d 100644 --- a/actions/apiblockcreate.php +++ b/actions/apiblockcreate.php @@ -98,6 +98,17 @@ class ApiBlockCreateAction extends ApiAuthAction return; } + // Don't allow blocking yourself! + + if ($this->user->id == $this->other->id) { + $this->clientError( + _("You cannot block yourself!"), + 403, + $this->format + ); + return; + } + if ($this->user->hasBlocked($this->other) || $this->user->block($this->other) ) { diff --git a/classes/User.php b/classes/User.php index f905ea2b7..4838fe1c7 100644 --- a/classes/User.php +++ b/classes/User.php @@ -502,6 +502,19 @@ class User extends Memcached_DataObject { // Add a new block record + // no blocking (and thus unsubbing from) yourself + + if ($this->id == $other->id) { + common_log(LOG_WARNING, + sprintf( + "Profile ID %d (%s) tried to block his or herself.", + $profile->id, + $profile->nickname + ) + ); + return false; + } + $block = new Profile_block(); // Begin a transaction @@ -520,15 +533,20 @@ class User extends Memcached_DataObject // Cancel their subscription, if it exists - $sub = Subscription::pkeyGet(array('subscriber' => $other->id, - 'subscribed' => $this->id)); - - if ($sub) { - $result = $sub->delete(); - if (!$result) { - common_log_db_error($sub, 'DELETE', __FILE__); - return false; - } + $result = subs_unsubscribe_to($this, $other); + + if ($result !== true) { + common_log(LOG_WARNING, + sprintf( + "Error trying to unsubscribe profile ID %d (%s) from user ID %d (%s): %s", + $other->id, + $other->nickname, + $this->id, + $this->nickname, + $result + ) + ); + return false; } $block->query('COMMIT'); diff --git a/lib/subs.php b/lib/subs.php index 2fc3160de..4b6b03967 100644 --- a/lib/subs.php +++ b/lib/subs.php @@ -127,6 +127,12 @@ function subs_unsubscribe_to($user, $other) if (!$user->isSubscribed($other)) return _('Not subscribed!'); + // Don't allow deleting self subs + + if ($user->id == $other->id) { + return _('Couldn\'t delete self-subscription.'); + } + $sub = DB_DataObject::factory('subscription'); $sub->subscriber = $user->id; |