Added block link to subscription notification emails; block action can now take a profile ID on the URL; added profile details to block page so there's an indication of who you're blocking before you pull the trigger.

Fixed typo in RedirectingAction when no return-to data provided in form submission.
RedirectingAction::returnToArgs() has been renamed to returnToPrevious() to avoid conflict with Action::returnToArgs() which returns arguments to be passed to other actions as return-to arguments. All callers should now be updated.
More profile settings actions will now redirect through a login form if visited as a GET request, as would be expected from a bookmark, link sent in e-mail etc.

1 files changed, 44 insertions, 2 deletions

diff --git a/actions/block.php b/actions/block.php
index 7f609c253..239a50868 100644
--- a/actions/block.php
+++ b/actions/block.php
@@ -87,13 +87,15 @@ class BlockAction extends ProfileFormAction
     {
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             if ($this->arg('no')) {
-                $this->returnToArgs();
+                $this->returnToPrevious();
             } elseif ($this->arg('yes')) {
                 $this->handlePost();
-                $this->returnToArgs();
+                $this->returnToPrevious();
             } else {
                 $this->showPage();
             }
+        } else {
+            $this->showPage();
         }
     }
 
@@ -118,6 +120,12 @@ class BlockAction extends ProfileFormAction
      */
     function areYouSureForm()
     {
+        // @fixme if we ajaxify the confirmation form, skip the preview on ajax hits
+        $profile = new ArrayWrapper(array($this->profile));
+        $preview = new ProfileList($profile, $this);
+        $preview->show();
+
+
         $id = $this->profile->id;
         $this->elementStart('form', array('id' => 'block-' . $id,
                                            'method' => 'post',
@@ -175,4 +183,38 @@ class BlockAction extends ProfileFormAction
         $this->autofocus('form_action-yes');
     }
 
+    /**
+     * Override for form session token checks; on our first hit we're just
+     * requesting confirmation, which doesn't need a token. We need to be
+     * able to take regular GET requests from email!
+     * 
+     * @throws ClientException if token is bad on POST request or if we have
+     *         confirmation parameters which could trigger something.
+     */
+    function checkSessionToken()
+    {
+        if ($_SERVER['REQUEST_METHOD'] == 'POST' ||
+            $this->arg('yes') ||
+            $this->arg('no')) {
+
+            return parent::checkSessionToken();
+        }
+    }
+
+    /**
+     * If we reached this form without returnto arguments, return to the
+     * current user's subscription list.
+     * 
+     * @return string URL
+     */
+    function defaultReturnTo()
+    {
+        $user = common_current_user();
+        if ($user) {
+            return common_local_url('subscribers',
+                                    array('nickname' => $user->nickname));
+        } else {
+            return common_local_url('public');
+        }
+    }
 }