diff options
Diffstat (limited to 'actions/newnotice.php')
-rw-r--r-- | actions/newnotice.php | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/actions/newnotice.php b/actions/newnotice.php index 572adbb23..cbd04c58b 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -90,7 +90,7 @@ class NewnoticeAction extends Action $this->clientError(_('Not logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - // CSRF protection - token set in common_notice_form() + // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->clientError(_('There was a problem with your session token. '. @@ -98,7 +98,12 @@ class NewnoticeAction extends Action return; } - $this->saveNewNotice(); + try { + $this->saveNewNotice(); + } catch (Exception $e) { + $this->showForm($e->getMessage()); + return; + } } else { $this->showForm(); } @@ -123,15 +128,13 @@ class NewnoticeAction extends Action $content = $this->trimmed('status_textarea'); if (!$content) { - $this->showForm(_('No content!')); - return; + $this->clientError(_('No content!')); } else { $content_shortened = common_shorten_links($content); if (mb_strlen($content_shortened) > 140) { - $this->showForm(_('That\'s too long. '. - 'Max notice size is 140 chars.')); - return; + $this->clientError(_('That\'s too long. '. + 'Max notice size is 140 chars.')); } } @@ -141,27 +144,32 @@ class NewnoticeAction extends Action if ($cmd) { if ($this->boolean('ajax')) { - $cmd->execute(new AjaxWebChannel()); + $cmd->execute(new AjaxWebChannel($this)); } else { - $cmd->execute(new WebChannel()); + $cmd->execute(new WebChannel($this)); } return; } $replyto = $this->trimmed('inreplyto'); + #If an ID of 0 is wrongly passed here, it will cause a database error, + #so override it... + if ($replyto == 0) { + $replyto = 'false'; + } $notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? null : $replyto); if (is_string($notice)) { - $this->showForm($notice); + $this->clientError($notice); return; } common_broadcast_notice($notice); if ($this->boolean('ajax')) { - $this->startHTML('text/xml;charset=utf-8', true); + $this->startHTML('text/xml;charset=utf-8'); $this->elementStart('head'); $this->element('title', null, _('Notice posted')); $this->elementEnd('head'); @@ -195,7 +203,7 @@ class NewnoticeAction extends Action function ajaxErrorMsg($msg) { - common_start_html('text/xml;charset=utf-8', true); + $this->startHTML('text/xml;charset=utf-8', true); $this->elementStart('head'); $this->element('title', null, _('Ajax Error')); $this->elementEnd('head'); @@ -250,7 +258,7 @@ class NewnoticeAction extends Action } } - $notice_form = new NoticeForm($this, $content); + $notice_form = new NoticeForm($this, '', $content); $notice_form->show(); } |