summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
Diffstat (limited to 'actions')
-rw-r--r--actions/finishremotesubscribe.php25
-rw-r--r--actions/postnotice.php30
-rw-r--r--actions/remotesubscribe.php9
-rw-r--r--actions/updateprofile.php22
-rw-r--r--actions/userauthorization.php42
5 files changed, 94 insertions, 34 deletions
diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php
index 13f367823..da563cb29 100644
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@@ -76,11 +76,10 @@ class FinishremotesubscribeAction extends Action
/* Create user objects for both users. Do it early for request
validation. */
- $listenee = $service->getListeneeURI();
- $user = User::staticGet('uri', $listenee);
+ $user = User::staticGet('uri', $service->getListeneeURI());
if (!$user) {
- $this->clientError(_('User being listened to doesn\'t exist.'));
+ $this->clientError(_('User being listened to does not exist.'));
return;
}
@@ -91,21 +90,31 @@ class FinishremotesubscribeAction extends Action
return;
}
+ $remote = Remote_profile::staticGet('uri', $service->getListenerURI());
+
+ $profile = Profile::staticGet($remote->id);
+
+ if ($user->hasBlocked($profile)) {
+ $this->clientError(_('That user has blocked you from subscribing.'));
+ return;
+ }
+
/* Perform the handling itself via libomb. */
try {
- $service->finishAuthorization($listenee);
+ $service->finishAuthorization();
} catch (OAuthException $e) {
if ($e->getMessage() == 'The authorized token does not equal the ' .
'submitted token.') {
- $this->clientError(_('Not authorized.'));
+ $this->clientError(_('You are not authorized.'));
return;
} else {
- $this->clientError(_('Couldn\'t convert request token to ' .
+ $this->clientError(_('Could not convert request token to ' .
'access token.'));
return;
}
} catch (OMB_RemoteServiceException $e) {
- $this->clientError(_('Unknown version of OMB protocol.'));
+ $this->clientError(_('Remote service uses unknown version of ' .
+ 'OMB protocol.'));
return;
} catch (Exception $e) {
common_debug('Got exception ' . print_r($e, true), __FILE__);
@@ -115,8 +124,6 @@ class FinishremotesubscribeAction extends Action
/* The service URLs are not accessible from datastore, so setting them
after insertion of the profile. */
- $remote = Remote_profile::staticGet('uri', $service->getListenerURI());
-
$orig_remote = clone($remote);
$remote->postnoticeurl =
diff --git a/actions/postnotice.php b/actions/postnotice.php
index 3d2c4d5b4..14152a83d 100644
--- a/actions/postnotice.php
+++ b/actions/postnotice.php
@@ -47,12 +47,28 @@ require_once INSTALLDIR.'/extlib/libomb/service_provider.php';
*/
class PostnoticeAction extends Action
{
+ /**
+ * For initializing members of the class.
+ *
+ * @param array $argarray misc. arguments
+ *
+ * @return boolean true
+ */
+ function prepare($argarray)
+ {
+ parent::prepare($argarray);
+ try {
+ $this->checkNotice();
+ } catch (Exception $e) {
+ $this->clientError($e->getMessage());
+ return false;
+ }
+ return true;
+ }
+
function handle($args)
{
parent::handle($args);
- if (!$this->checkNotice()) {
- return;
- }
try {
$srv = new OMB_Service_Provider(null, omb_oauth_datastore(),
omb_oauth_server());
@@ -70,7 +86,13 @@ class PostnoticeAction extends Action
$this->clientError(_('Invalid notice content'), 400);
return false;
}
- return true;
+ $license = $_POST['omb_notice_license'];
+ $site_license = common_config('license', 'url');
+ if ($license && !common_compatible_license($license, $site_license)) {
+ throw new Exception(sprintf(_('Notice license ‘%s’ is not ' .
+ 'compatible with site license ‘%s’.'),
+ $license, $site_license));
+ }
}
}
?>
diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php
index 5122c1172..353717beb 100644
--- a/actions/remotesubscribe.php
+++ b/actions/remotesubscribe.php
@@ -153,12 +153,11 @@ class RemotesubscribeAction extends Action
$this->profile_url = $this->trimmed('profile_url');
if (!$this->profile_url) {
- $this->showForm(_('No such user.'));
+ $this->showForm(_('No such user'));
return;
}
- if (!Validate::uri($this->profile_url,
- array('allowed_schemes' => array('http', 'https')))) {
+ if (!common_valid_http_url($this->profile_url)) {
$this->showForm(_('Invalid profile URL (bad format)'));
return;
}
@@ -176,14 +175,14 @@ class RemotesubscribeAction extends Action
if ($service->getServiceURI(OAUTH_ENDPOINT_REQUEST) ==
common_local_url('requesttoken') ||
User::staticGet('uri', $service->getRemoteUserURI())) {
- $this->showForm(_('That\'s a local profile! Login to subscribe.'));
+ $this->showForm(_('That’s a local profile! Login to subscribe.'));
return;
}
try {
$service->requestToken();
} catch (OMB_RemoteServiceException $e) {
- $this->showForm(_('Couldn\'t get a request token.'));
+ $this->showForm(_('Couldn’t get a request token.'));
return;
}
diff --git a/actions/updateprofile.php b/actions/updateprofile.php
index 345c28b8d..b10554e8b 100644
--- a/actions/updateprofile.php
+++ b/actions/updateprofile.php
@@ -48,9 +48,31 @@ require_once INSTALLDIR.'/extlib/libomb/service_provider.php';
class UpdateprofileAction extends Action
{
+ /**
+ * For initializing members of the class.
+ *
+ * @param array $argarray misc. arguments
+ *
+ * @return boolean true
+ */
+ function prepare($argarray)
+ {
+ parent::prepare($argarray);
+ $license = $_POST['omb_listenee_license'];
+ $site_license = common_config('license', 'url');
+ if (!common_compatible_license($license, $site_license)) {
+ $this->clientError(sprintf(_('Listenee stream license ‘%s’ is not '.
+ 'compatible with site license ‘%s’.'),
+ $license, $site_license);
+ return false;
+ }
+ return true;
+ }
+
function handle($args)
{
parent::handle($args);
+
try {
$srv = new OMB_Service_Provider(null, omb_oauth_datastore(),
omb_oauth_server());
diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index d5b6a6998..54e0ee920 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -80,7 +80,7 @@ class UserauthorizationAction extends Action
try {
$this->validateOmb();
$srv = new OMB_Service_Provider(
- profile_to_omb_profile($_GET['omb_listener'], $profile),
+ profile_to_omb_profile($user->uri, $profile),
omb_oauth_datastore());
$remote_user = $srv->handleUserAuth();
@@ -111,8 +111,8 @@ class UserauthorizationAction extends Action
{
$this->element('p', null, _('Please check these details to make sure '.
'that you want to subscribe to this ' .
- 'user\'s notices. If you didn\'t just ask ' .
- 'to subscribe to someone\'s notices, '.
+ 'user’s notices. If you didn’t just ask ' .
+ 'to subscribe to someone’s notices, '.
'click “Reject”.'));
}
@@ -249,7 +249,7 @@ class UserauthorizationAction extends Action
common_show_header(_('Subscription authorized'));
$this->element('p', null,
_('The subscription has been authorized, but no '.
- 'callback URL was passed. Check with the site\'s ' .
+ 'callback URL was passed. Check with the site’s ' .
'instructions for details on how to authorize the ' .
'subscription. Your subscription token is:'));
$this->element('blockquote', 'token', $tok);
@@ -261,7 +261,7 @@ class UserauthorizationAction extends Action
common_show_header(_('Subscription rejected'));
$this->element('p', null,
_('The subscription has been rejected, but no '.
- 'callback URL was passed. Check with the site\'s ' .
+ 'callback URL was passed. Check with the site’s ' .
'instructions for details on how to fully reject ' .
'the subscription.'));
common_show_footer();
@@ -295,16 +295,19 @@ class UserauthorizationAction extends Action
$user = User::staticGet('uri', $listener);
if (!$user) {
- throw new Exception("Listener URI '$listener' not found here");
+ throw new Exception(sprintf(_('Listener URI ‘%s’ not found here'),
+ $listener));
}
- $cur = common_current_user();
- if ($cur->id != $user->id) {
- throw new Exception('Can\'t subscribe for another user!');
+
+ if (strlen($listenee) > 255) {
+ throw new Exception(sprintf(_('Listenee URI ‘%s’ is too long.'),
+ $listenee));
}
$other = User::staticGet('uri', $listenee);
if ($other) {
- throw new Exception("Listenee URI '$listenee' is local user");
+ throw new Exception(sprintf(_('Listenee URI ‘%s’ is a local user.'),
+ $listenee));
}
$remote = Remote_profile::staticGet('uri', $listenee);
@@ -318,27 +321,34 @@ class UserauthorizationAction extends Action
}
if ($profile == common_profile_url($nickname)) {
- throw new Exception("Profile URL '$profile' is for a local user.");
+ throw new Exception(sprintf(_('Profile URL ‘%s’ is for a local user.'),
+ $profile));
+
}
$license = $_GET['omb_listenee_license'];
$site_license = common_config('license', 'url');
if (!common_compatible_license($license, $site_license)) {
- throw new Exception("Listenee stream license '$license' is not " .
- "compatible with site license '$site_license'.");
+ throw new Exception(sprintf(_('Listenee stream license ‘%s’ is not ' .
+ 'compatible with site license ‘%s’.'),
+ $license, $site_license));
}
+
$avatar = $_GET['omb_listenee_avatar'];
if ($avatar) {
if (!common_valid_http_url($avatar) || strlen($avatar) > 255) {
- throw new Exception("Invalid avatar URL '$avatar'");
+ throw new Exception(sprintf(_('Avatar URL ‘%s’ is not valid.'),
+ $avatar));
}
$size = @getimagesize($avatar);
if (!$size) {
- throw new Exception("Can't read avatar URL '$avatar'.");
+ throw new Exception(sprintf(_('Can’t read avatar URL ‘%s’.'),
+ $avatar));
}
if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,
IMAGETYPE_PNG))) {
- throw new Exception("Wrong image type for '$avatar'");
+ throw new Exception(sprintf(_('Wrong image type for avatar URL '.
+ '‘%s’.'), $avatar));
}
}
}