diff options
Diffstat (limited to 'actions')
-rw-r--r-- | actions/block.php | 46 | ||||
-rw-r--r-- | actions/deleteuser.php | 4 | ||||
-rw-r--r-- | actions/groupblock.php | 4 |
3 files changed, 48 insertions, 6 deletions
diff --git a/actions/block.php b/actions/block.php index 7f609c253..239a50868 100644 --- a/actions/block.php +++ b/actions/block.php @@ -87,13 +87,15 @@ class BlockAction extends ProfileFormAction { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->handlePost(); - $this->returnToArgs(); + $this->returnToPrevious(); } else { $this->showPage(); } + } else { + $this->showPage(); } } @@ -118,6 +120,12 @@ class BlockAction extends ProfileFormAction */ function areYouSureForm() { + // @fixme if we ajaxify the confirmation form, skip the preview on ajax hits + $profile = new ArrayWrapper(array($this->profile)); + $preview = new ProfileList($profile, $this); + $preview->show(); + + $id = $this->profile->id; $this->elementStart('form', array('id' => 'block-' . $id, 'method' => 'post', @@ -175,4 +183,38 @@ class BlockAction extends ProfileFormAction $this->autofocus('form_action-yes'); } + /** + * Override for form session token checks; on our first hit we're just + * requesting confirmation, which doesn't need a token. We need to be + * able to take regular GET requests from email! + * + * @throws ClientException if token is bad on POST request or if we have + * confirmation parameters which could trigger something. + */ + function checkSessionToken() + { + if ($_SERVER['REQUEST_METHOD'] == 'POST' || + $this->arg('yes') || + $this->arg('no')) { + + return parent::checkSessionToken(); + } + } + + /** + * If we reached this form without returnto arguments, return to the + * current user's subscription list. + * + * @return string URL + */ + function defaultReturnTo() + { + $user = common_current_user(); + if ($user) { + return common_local_url('subscribers', + array('nickname' => $user->nickname)); + } else { + return common_local_url('public'); + } + } } diff --git a/actions/deleteuser.php b/actions/deleteuser.php index 42ef4b9f5..c0a8b20e2 100644 --- a/actions/deleteuser.php +++ b/actions/deleteuser.php @@ -92,10 +92,10 @@ class DeleteuserAction extends ProfileFormAction { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->handlePost(); - $this->returnToArgs(); + $this->returnToPrevious(); } else { $this->showPage(); } diff --git a/actions/groupblock.php b/actions/groupblock.php index fc95c0e66..2e06dc324 100644 --- a/actions/groupblock.php +++ b/actions/groupblock.php @@ -117,7 +117,7 @@ class GroupblockAction extends RedirectingAction parent::handle($args); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->blockProfile(); } elseif ($this->arg('blockto')) { @@ -195,7 +195,7 @@ class GroupblockAction extends RedirectingAction return false; } - $this->returnToArgs(); + $this->returnToPrevious(); } /** |