7 files changed, 22 insertions, 11 deletions

diff --git a/actions/all.php b/actions/all.php
index 61cedce74..5a9d97dd7 100644
--- a/actions/all.php
+++ b/actions/all.php
@@ -160,7 +160,7 @@ class AllAction extends ProfileAction
 
     function showPageTitle()
     {
-        $user =& common_current_user();
+        $user = common_current_user();
         if ($user && ($user->id == $this->user->id)) {
             $this->element('h1', null, _("You and friends"));
         } else {
diff --git a/actions/apiblockcreate.php b/actions/apiblockcreate.php
index 4f941f6c3..e79dec32d 100644
--- a/actions/apiblockcreate.php
+++ b/actions/apiblockcreate.php
@@ -98,6 +98,17 @@ class ApiBlockCreateAction extends ApiAuthAction
             return;
         }
 
+        // Don't allow blocking yourself!
+
+        if ($this->user->id == $this->other->id) {
+            $this->clientError(
+                _("You cannot block yourself!"),
+                403,
+                $this->format
+            );
+            return;
+        }
+
         if ($this->user->hasBlocked($this->other)
             || $this->user->block($this->other)
         ) {
diff --git a/actions/login.php b/actions/login.php
index cd1326813..a6f86c0ca 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -75,10 +75,15 @@ class LoginAction extends Action
     function handle($args)
     {
         parent::handle($args);
+
+        $disabled = common_config('logincommand','disabled');
+
         if (common_is_real_login()) {
             $this->clientError(_('Already logged in.'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->checkLogin();
+        } else if (!isset($disabled) && isset($args['user_id']) && isset($args['token'])){
+            $this->checkLogin($args['user_id'],$args['token']);
         } else {
             common_ensure_session();
             $this->showForm();
@@ -95,7 +100,7 @@ class LoginAction extends Action
      * @return void
      */
 
-    function checkLogin()
+    function checkLogin($user_id=null, $token=null)
     {
         if(isset($token) && isset($user_id)){
             //Token based login (from the LoginCommand)
@@ -137,11 +142,6 @@ class LoginAction extends Action
             $user = common_check_user($nickname, $password);
         }
 
-        $nickname = common_canonical_nickname($this->trimmed('nickname'));
-        $password = $this->arg('password');
-
-        $user = common_check_user($nickname, $password);
-
         if (!$user) {
             $this->showForm(_('Incorrect username or password.'));
             return;
diff --git a/actions/subscribers.php b/actions/subscribers.php
index df9ec9961..cc9452820 100644
--- a/actions/subscribers.php
+++ b/actions/subscribers.php
@@ -57,7 +57,7 @@ class SubscribersAction extends GalleryAction
 
     function showPageNotice()
     {
-        $user =& common_current_user();
+        $user = common_current_user();
         if ($user && ($user->id == $this->profile->id)) {
             $this->element('p', null,
                            _('These are the people who listen to '.
diff --git a/actions/subscriptions.php b/actions/subscriptions.php
index cc7b38ee4..0dc5ee762 100644
--- a/actions/subscriptions.php
+++ b/actions/subscriptions.php
@@ -59,7 +59,7 @@ class SubscriptionsAction extends GalleryAction
 
     function showPageNotice()
     {
-        $user =& common_current_user();
+        $user = common_current_user();
         if ($user && ($user->id == $this->profile->id)) {
             $this->element('p', null,
                            _('These are the people whose notices '.
diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php
index 526ca2ae8..1cb8d7efe 100644
--- a/actions/twitapisearchatom.php
+++ b/actions/twitapisearchatom.php
@@ -71,7 +71,7 @@ class TwitapisearchatomAction extends ApiAction
      * @see Action::__construct
      */
 
-    function __construct($output='php://output', $indent=true)
+    function __construct($output='php://output', $indent=null)
     {
         parent::__construct($output, $indent);
     }
diff --git a/actions/userbyid.php b/actions/userbyid.php
index 86a61f20b..ebff7e4a7 100644
--- a/actions/userbyid.php
+++ b/actions/userbyid.php
@@ -69,7 +69,7 @@ class UserbyidAction extends Action
         if (!$id) {
             $this->clientError(_('No id.'));
         }
-        $user =& User::staticGet($id);
+        $user = User::staticGet($id);
         if (!$user) {
             $this->clientError(_('No such user.'));
         }