diff options
| -rw-r--r-- | actions/nudge.php | 28 | ||||
| -rw-r--r-- | lib/util.php | 7 |
2 files changed, 26 insertions, 9 deletions
diff --git a/actions/nudge.php b/actions/nudge.php index 019c88b50..822606d30 100644 --- a/actions/nudge.php +++ b/actions/nudge.php @@ -27,13 +27,35 @@ class NudgeAction extends Action { parent::handle($args); if (!common_logged_in()) { - common_user_error(_('Not logged in.')); + $this->client_error(_('Not logged in.')); return; } $user = common_current_user(); - $other_nickname = common_canonical_nickname($args['nickname']); - $other = User::staticGet('nickname', $other_nickname); +// $other_nickname = common_canonical_nickname($args['nickname']); +// $other_nickname = $this->arg('nickname'); +// $other = User::staticGet('nickname', $other_nickname); + $other = User::staticGet('nickname', $this->arg('nickname')); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + common_redirect(common_local_url('showstream', array('nickname' => $other->nickname))); + return; + } + + # CSRF protection + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + + if (!$other->email || !$other->emailnotifynudge) { + $this->client_error(_('This user doesn\'t allow nudges or hasn\'t confirmed or set his email yet.')); + return; + } + $this->notify($user, $other); if ($this->boolean('ajax')) { diff --git a/lib/util.php b/lib/util.php index 43e565fbf..7dfbc1578 100644 --- a/lib/util.php +++ b/lib/util.php @@ -1866,11 +1866,7 @@ function common_favor_form($notice) { function common_nudge_form($profile) { common_element_start('form', array('id' => 'nudge', 'method' => 'post', 'action' => common_local_url('nudge', array('nickname' => $profile->nickname)))); - common_hidden('token', common_session_token()); //Is this necessary? -// common_element('input', array('id' => 'nudge_nickname', -// 'name' => 'nudge_nickname', -// 'type' => 'hidden', -// 'value' => $profile->nickname)); + common_hidden('token', common_session_token()); common_element('input', array('type' => 'submit', 'class' => 'submit', 'value' => _('Send a nudge'))); @@ -1881,7 +1877,6 @@ function common_nudge_response() { common_element('p', array('id' => 'nudge_response'), _('Nudge sent!')); } - function common_cache_key($extra) { return 'laconica:' . common_keyize(common_config('site', 'name')) . ':' . $extra; } |