summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/nudge.php28
-rw-r--r--lib/util.php7
2 files changed, 26 insertions, 9 deletions
diff --git a/actions/nudge.php b/actions/nudge.php
index 019c88b50..822606d30 100644
--- a/actions/nudge.php
+++ b/actions/nudge.php
@@ -27,13 +27,35 @@ class NudgeAction extends Action {
parent::handle($args);
if (!common_logged_in()) {
- common_user_error(_('Not logged in.'));
+ $this->client_error(_('Not logged in.'));
return;
}
$user = common_current_user();
- $other_nickname = common_canonical_nickname($args['nickname']);
- $other = User::staticGet('nickname', $other_nickname);
+// $other_nickname = common_canonical_nickname($args['nickname']);
+// $other_nickname = $this->arg('nickname');
+// $other = User::staticGet('nickname', $other_nickname);
+ $other = User::staticGet('nickname', $this->arg('nickname'));
+
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ common_redirect(common_local_url('showstream', array('nickname' => $other->nickname)));
+ return;
+ }
+
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
+ if (!$other->email || !$other->emailnotifynudge) {
+ $this->client_error(_('This user doesn\'t allow nudges or hasn\'t confirmed or set his email yet.'));
+ return;
+ }
+
$this->notify($user, $other);
if ($this->boolean('ajax')) {
diff --git a/lib/util.php b/lib/util.php
index 43e565fbf..7dfbc1578 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -1866,11 +1866,7 @@ function common_favor_form($notice) {
function common_nudge_form($profile) {
common_element_start('form', array('id' => 'nudge', 'method' => 'post',
'action' => common_local_url('nudge', array('nickname' => $profile->nickname))));
- common_hidden('token', common_session_token()); //Is this necessary?
-// common_element('input', array('id' => 'nudge_nickname',
-// 'name' => 'nudge_nickname',
-// 'type' => 'hidden',
-// 'value' => $profile->nickname));
+ common_hidden('token', common_session_token());
common_element('input', array('type' => 'submit',
'class' => 'submit',
'value' => _('Send a nudge')));
@@ -1881,7 +1877,6 @@ function common_nudge_response() {
common_element('p', array('id' => 'nudge_response'), _('Nudge sent!'));
}
-
function common_cache_key($extra) {
return 'laconica:' . common_keyize(common_config('site', 'name')) . ':' . $extra;
}