From 5477532ea3e8323447dbe32a74749c3402ea303a Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 7 Dec 2008 22:15:32 -0500 Subject: don't allow remote subscribes from blocked profiles darcs-hash:20081208031532-5ed1f-6094c6425b73e45589de282fa482b912fb686fae.gz --- actions/finishremotesubscribe.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'actions') diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php index cacf545b5..e2276b5a4 100644 --- a/actions/finishremotesubscribe.php +++ b/actions/finishremotesubscribe.php @@ -41,7 +41,6 @@ class FinishremotesubscribeAction extends Action { common_debug('stored request: '.print_r($omb,true), __FILE__); - common_remove_magic_from_request(); $req = OAuthRequest::from_request(); @@ -84,7 +83,7 @@ class FinishremotesubscribeAction extends Action { common_user_error(_('You can use the local subscription!')); return; } - + common_debug('listenee: "'.$omb['listenee'].'"', __FILE__); $user = User::staticGet('nickname', $omb['listenee']); @@ -95,12 +94,12 @@ class FinishremotesubscribeAction extends Action { } $other = User::staticGet('uri', $omb['listener']); - + if ($other) { common_user_error(_('You can use the local subscription!')); return; } - + $fullname = $req->get_parameter('omb_listener_fullname'); $homepage = $req->get_parameter('omb_listener_homepage'); $bio = $req->get_parameter('omb_listener_bio'); @@ -183,6 +182,11 @@ class FinishremotesubscribeAction extends Action { } } + if ($user->hasBlocked($remote->id)) { + $this->client_error(_('That user has blocked you from subscribing.')); + return; + } + $sub = new Subscription(); $sub->subscriber = $remote->id; $sub->subscribed = $user->id; @@ -196,9 +200,9 @@ class FinishremotesubscribeAction extends Action { } # Notify user, if necessary - + mail_subscribe_notify_profile($user, $profile); - + # Clear the data unset($_SESSION['oauth_authorization_request']); -- cgit v1.2.3-54-g00ecf