summaryrefslogtreecommitdiff
path: root/actions/nudge.php
diff options
context:
space:
mode:
authormillette <millette@controlyourself.ca>2008-11-18 10:56:43 -0500
committermillette <millette@controlyourself.ca>2008-11-18 10:56:43 -0500
commit9f1b4b3ed6724bf07e11581a03d898467947b954 (patch)
tree4d9560f6830d85f40ff6fddb850d5f89788bfa05 /actions/nudge.php
parentd1ecedfffebbb0c9687cca7e37fa3558c15ad92a (diff)
small nudge enhancements
darcs-hash:20081118155643-099f7-df2d332253d9acc007966b28f5afc2edcd7cc9ac.gz
Diffstat (limited to 'actions/nudge.php')
-rw-r--r--actions/nudge.php28
1 files changed, 25 insertions, 3 deletions
diff --git a/actions/nudge.php b/actions/nudge.php
index 019c88b50..822606d30 100644
--- a/actions/nudge.php
+++ b/actions/nudge.php
@@ -27,13 +27,35 @@ class NudgeAction extends Action {
parent::handle($args);
if (!common_logged_in()) {
- common_user_error(_('Not logged in.'));
+ $this->client_error(_('Not logged in.'));
return;
}
$user = common_current_user();
- $other_nickname = common_canonical_nickname($args['nickname']);
- $other = User::staticGet('nickname', $other_nickname);
+// $other_nickname = common_canonical_nickname($args['nickname']);
+// $other_nickname = $this->arg('nickname');
+// $other = User::staticGet('nickname', $other_nickname);
+ $other = User::staticGet('nickname', $this->arg('nickname'));
+
+ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+ common_redirect(common_local_url('showstream', array('nickname' => $other->nickname)));
+ return;
+ }
+
+ # CSRF protection
+
+ $token = $this->trimmed('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
+ if (!$other->email || !$other->emailnotifynudge) {
+ $this->client_error(_('This user doesn\'t allow nudges or hasn\'t confirmed or set his email yet.'));
+ return;
+ }
+
$this->notify($user, $other);
if ($this->boolean('ajax')) {