summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/avatar.php12
-rw-r--r--actions/newnotice.php9
-rw-r--r--actions/password.php6
-rw-r--r--actions/profilesettings.php14
-rw-r--r--actions/register.php15
-rw-r--r--actions/subscribe.php8
6 files changed, 62 insertions, 2 deletions
diff --git a/actions/avatar.php b/actions/avatar.php
index 17f56634b..43f02a88d 100644
--- a/actions/avatar.php
+++ b/actions/avatar.php
@@ -128,6 +128,17 @@ class AvatarAction extends SettingsAction {
$avatar->url = common_avatar_url($filename);
$avatar->created = DB_DataObject_Cast::dateTime(); # current time
+ $val = $avatar->validate();
+
+ if ($val !== TRUE) {
+ $err = '';
+ foreach ($val as $k=>$v) {
+ $err .= _t('Something wrong with ') . $k;
+ $this->show_form($err);
+ return;
+ }
+ }
+
foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) {
$scaled[] = $this->scale_avatar($user, $avatar, $size);
}
@@ -139,7 +150,6 @@ class AvatarAction extends SettingsAction {
common_server_error(_t('Error deleting old avatars.'));
return;
}
-
if (!$avatar->insert()) {
@unlink($filepath);
common_server_error(_t('Error inserting avatar.'));
diff --git a/actions/newnotice.php b/actions/newnotice.php
index fed3278a4..5bbc91531 100644
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@@ -49,7 +49,14 @@ class NewnoticeAction extends Action {
$notice->profile_id = $user->id; # user id *is* profile id
$notice->created = DB_DataObject_Cast::dateTime();
$notice->content = trim($this->arg('content'));
- return $notice->insert();
+
+ $val = $notice->validate();
+ if ($val === TRUE) {
+ return $notice->insert();
+ } else {
+ // XXX: display some info
+ return NULL;
+ }
}
function show_form() {
diff --git a/actions/password.php b/actions/password.php
index 6eba136ce..3a89c99d3 100644
--- a/actions/password.php
+++ b/actions/password.php
@@ -64,6 +64,12 @@ class PasswordAction extends SettingsAction {
$user->password = common_munge_password($newpassword, $user->id);
+ $val = $user->validate();
+ if ($val !== TRUE) {
+ $this->show_form(_t('Error saving user; invalid.'));
+ return;
+ }
+
if (!$user->update($original)) {
common_server_error(_t('Can\'t save new password.'));
return;
diff --git a/actions/profilesettings.php b/actions/profilesettings.php
index ab8175901..a0c9527a2 100644
--- a/actions/profilesettings.php
+++ b/actions/profilesettings.php
@@ -70,6 +70,13 @@ class ProfilesettingsAction extends SettingsAction {
$user->nickname = $this->arg('nickname');
$user->email = $this->arg('email');
+ $val = $user->validate();
+ if ($val !== TRUE) {
+ # XXX: better validation
+ $this->show_form(_t('Error saving user; invalid.'));
+ return;
+ }
+
if (!$user->update($original)) {
common_server_error(_t('Couldnt update user.'));
return;
@@ -86,6 +93,13 @@ class ProfilesettingsAction extends SettingsAction {
$profile->location = $this->arg('location');
$profile->profileurl = common_profile_url($nickname);
+ $val = $profile->validate();
+ if ($val !== TRUE) {
+ # XXX: some feedback here, please!
+ $this->show_form(_t('Error saving profile; invalid.'));
+ return;
+ }
+
if (!$profile->update($orig_profile)) {
common_server_error(_t('Couldnt save profile.'));
return;
diff --git a/actions/register.php b/actions/register.php
index f9402b98f..2fa663389 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -83,6 +83,12 @@ class RegisterAction extends Action {
$profile->nickname = $nickname;
$profile->profileurl = common_profile_url($nickname);
$profile->created = DB_DataObject_Cast::dateTime(); # current time
+
+ $val = $profile->validate();
+ if ($val !== TRUE) {
+ # XXX: some feedback here, please!
+ return FALSE;
+ }
$id = $profile->insert();
if (!$id) {
return FALSE;
@@ -93,6 +99,15 @@ class RegisterAction extends Action {
$user->password = common_munge_password($password, $id);
$user->email = $email;
$user->created = DB_DataObject_Cast::dateTime(); # current time
+
+ $val = $user->validate();
+ if ($val !== TRUE) {
+ # XXX: some feedback here, please!
+ # Try to clean up...
+ $profile->delete();
+ return FALSE;
+ }
+
$result = $user->insert();
if (!$result) {
# Try to clean up...
diff --git a/actions/subscribe.php b/actions/subscribe.php
index 4edf3e714..ea3038236 100644
--- a/actions/subscribe.php
+++ b/actions/subscribe.php
@@ -49,6 +49,14 @@ class SubscribeAction extends Action {
$sub->subscribed = $other->id;
$sub->created = DB_DataObject_Cast::dateTime(); # current time
+
+ $val = $sub->validate();
+
+ if ($val !== TRUE) {
+ # XXX: give some error notice
+ common_server_error(_t('Subscription did not validate.'));
+ return;
+ }
if (!$sub->insert()) {
common_server_error(_t('Couldn\'t create subscription.'));