From b50f300566143837aba3739d62caf679ec19727e Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Wed, 5 May 2010 14:46:36 -0700 Subject: Implement since_id and max_id param handling for /api/favorites --- actions/apitimelinefavorites.php | 10 ++++++++-- actions/favoritesrss.php | 2 +- actions/showfavorites.php | 8 ++++---- 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'actions') diff --git a/actions/apitimelinefavorites.php b/actions/apitimelinefavorites.php index 8cb2e808d..79632447e 100644 --- a/actions/apitimelinefavorites.php +++ b/actions/apitimelinefavorites.php @@ -185,17 +185,23 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction { $notices = array(); + common_debug("since id = " . $this->since_id . " max id = " . $this->max_id); + if (!empty($this->auth_user) && $this->auth_user->id == $this->user->id) { $notice = $this->user->favoriteNotices( + true, ($this->page-1) * $this->count, $this->count, - true + $this->since_id, + $this->max_id ); } else { $notice = $this->user->favoriteNotices( + false, ($this->page-1) * $this->count, $this->count, - false + $this->since_id, + $this->max_id ); } diff --git a/actions/favoritesrss.php b/actions/favoritesrss.php index 62f06e841..51c92af93 100644 --- a/actions/favoritesrss.php +++ b/actions/favoritesrss.php @@ -89,7 +89,7 @@ class FavoritesrssAction extends Rss10Action function getNotices($limit=0) { $user = $this->user; - $notice = $user->favoriteNotices(0, $limit); + $notice = $user->favoriteNotices(false, 0, $limit); $notices = array(); while ($notice->fetch()) { $notices[] = clone($notice); diff --git a/actions/showfavorites.php b/actions/showfavorites.php index 4d776ef04..7f3c77ee2 100644 --- a/actions/showfavorites.php +++ b/actions/showfavorites.php @@ -121,11 +121,11 @@ class ShowfavoritesAction extends OwnerDesignAction // Show imported/gateway notices as well as local if // the user is looking at his own favorites - $this->notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE, - NOTICES_PER_PAGE + 1, true); + $this->notice = $this->user->favoriteNotices(true, ($this->page-1)*NOTICES_PER_PAGE, + NOTICES_PER_PAGE + 1); } else { - $this->notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE, - NOTICES_PER_PAGE + 1, false); + $this->notice = $this->user->favoriteNotices(false, ($this->page-1)*NOTICES_PER_PAGE, + NOTICES_PER_PAGE + 1); } if (empty($this->notice)) { -- cgit v1.2.3-54-g00ecf From fba140f4e0246a244664f0c0fb2361b027508d35 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 7 May 2010 16:32:24 -0700 Subject: Fix for repeats from the API having null source attribution --- actions/apidirectmessagenew.php | 8 -------- actions/apistatusesretweet.php | 2 +- actions/apistatusesupdate.php | 12 ------------ lib/apiaction.php | 9 +++++++++ lib/apiauth.php | 3 +-- 5 files changed, 11 insertions(+), 23 deletions(-) (limited to 'actions') diff --git a/actions/apidirectmessagenew.php b/actions/apidirectmessagenew.php index b9ac92d77..65d065648 100644 --- a/actions/apidirectmessagenew.php +++ b/actions/apidirectmessagenew.php @@ -52,7 +52,6 @@ require_once INSTALLDIR . '/lib/apiauth.php'; class ApiDirectMessageNewAction extends ApiAuthAction { - var $source = null; var $other = null; var $content = null; @@ -76,13 +75,6 @@ class ApiDirectMessageNewAction extends ApiAuthAction return; } - $this->source = $this->trimmed('source'); // Not supported by Twitter. - - $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); - if (empty($this->source) || in_array($this->source, $reserved_sources)) { - $source = 'api'; - } - $this->content = $this->trimmed('text'); $this->user = $this->auth_user; diff --git a/actions/apistatusesretweet.php b/actions/apistatusesretweet.php index 128c881e2..9aa337485 100644 --- a/actions/apistatusesretweet.php +++ b/actions/apistatusesretweet.php @@ -79,7 +79,7 @@ class ApiStatusesRetweetAction extends ApiAuthAction $this->user = $this->auth_user; - if ($this->user->id == $notice->profile_id) { + if ($this->user->id == $this->original->profile_id) { $this->clientError(_('Cannot repeat your own notice.'), 400, $this->format); return false; diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php index d4ef6b550..e3e579b0d 100644 --- a/actions/apistatusesupdate.php +++ b/actions/apistatusesupdate.php @@ -64,8 +64,6 @@ class ApiStatusesUpdateAction extends ApiAuthAction var $lat = null; var $lon = null; - static $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); - /** * Take arguments for running * @@ -80,19 +78,9 @@ class ApiStatusesUpdateAction extends ApiAuthAction parent::prepare($args); $this->status = $this->trimmed('status'); - $this->source = $this->trimmed('source'); $this->lat = $this->trimmed('lat'); $this->lon = $this->trimmed('long'); - // try to set the source attr from OAuth app - if (empty($this->source)) { - $this->source = $this->oauth_source; - } - - if (empty($this->source) || in_array($this->source, self::$reserved_sources)) { - $this->source = 'api'; - } - $this->in_reply_to_status_id = intval($this->trimmed('in_reply_to_status_id')); diff --git a/lib/apiaction.php b/lib/apiaction.php index 59dc47c23..f87b04611 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -63,9 +63,12 @@ class ApiAction extends Action var $count = null; var $max_id = null; var $since_id = null; + var $source = null; var $access = self::READ_ONLY; // read (default) or read-write + static $reserved_sources = array('web', 'omb', 'ostatus', 'mail', 'xmpp', 'api'); + /** * Initialization. * @@ -89,6 +92,12 @@ class ApiAction extends Action header('X-StatusNet-Warning: since parameter is disabled; use since_id'); } + $this->source = $this->trimmed('source'); + + if (empty($this->source) || in_array($this->source, self::$reserved_sources)) { + $this->source = 'api'; + } + return true; } diff --git a/lib/apiauth.php b/lib/apiauth.php index e78de618e..95acbbd7b 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -54,7 +54,6 @@ class ApiAuthAction extends ApiAction { var $auth_user_nickname = null; var $auth_user_password = null; - var $oauth_source = null; /** * Take arguments for running, looks for an OAuth request, @@ -162,7 +161,7 @@ class ApiAuthAction extends ApiAction // set the source attr - $this->oauth_source = $app->name; + $this->source = $app->name; $appUser = Oauth_application_user::staticGet('token', $access_token); -- cgit v1.2.3-54-g00ecf From 2e808fdc82adc862be12118332d27a36a19123ca Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Thu, 13 May 2010 16:47:58 -0700 Subject: More direct text for registration licensing/tos checkbox for private and all-rights-reserved sites. --- actions/register.php | 48 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 7 deletions(-) (limited to 'actions') diff --git a/actions/register.php b/actions/register.php index da8d0a0bb..7fdbb4ded 100644 --- a/actions/register.php +++ b/actions/register.php @@ -491,6 +491,45 @@ class RegisterAction extends Action $this->elementStart('li'); $this->element('input', $attrs); $this->elementStart('label', array('class' => 'checkbox', 'for' => 'license')); + $this->raw($this->licenseCheckbox()); + $this->elementEnd('label'); + $this->elementEnd('li'); + } + $this->elementEnd('ul'); + $this->submit('submit', _('Register')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + function licenseCheckbox() + { + $out = ''; + switch (common_config('license', 'type')) { + case 'private': + // TRANS: Copyright checkbox label in registration dialog, for private sites. + $out .= htmlspecialchars(sprintf( + _('I understand that content and data of %1$s are private and confidential.'), + common_config('site', 'name'))); + // fall through + case 'allrightsreserved': + if ($out != '') { + $out .= ' '; + } + if (common_config('license', 'owner')) { + // TRANS: Copyright checkbox label in registration dialog, for all rights reserved with a specified copyright owner. + $out .= htmlspecialchars(sprintf( + _('My text and files are copyright by %1$s.'), + common_config('license', 'owner'))); + } else { + // TRANS: Copyright checkbox label in registration dialog, for all rights reserved with ownership left to contributors. + $out .= htmlspecialchars(_('My text and files remain under my own copyright.')); + } + // TRANS: Copyright checkbox label in registration dialog, for all rights reserved. + $out .= ' ' . _('All rights reserved.'); + break; + case 'cc': // fall through + default: + // TRANS: Copyright checkbox label in registration dialog, for Creative Commons-style licenses. $message = _('My text and files are available under %s ' . 'except this private data: password, ' . 'email address, IM address, and phone number.'); @@ -499,14 +538,9 @@ class RegisterAction extends Action '">' . htmlspecialchars(common_config('license', 'title')) . ''; - $this->raw(sprintf(htmlspecialchars($message), $link)); - $this->elementEnd('label'); - $this->elementEnd('li'); + $out .= sprintf(htmlspecialchars($message), $link); } - $this->elementEnd('ul'); - $this->submit('submit', _('Register')); - $this->elementEnd('fieldset'); - $this->elementEnd('form'); + return $out; } /** -- cgit v1.2.3-54-g00ecf From 14a76926a225dec3d29aeffa13ab7ece74f708e5 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 18 May 2010 21:52:17 +0000 Subject: Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in. The forms would already submit to SSL, but people are happier if they start on a secure page! Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo! --- actions/login.php | 22 ++++++++++++++++++++++ actions/register.php | 7 +++++++ 2 files changed, 29 insertions(+) (limited to 'actions') diff --git a/actions/login.php b/actions/login.php index dc6352368..d3e4312f7 100644 --- a/actions/login.php +++ b/actions/login.php @@ -62,6 +62,28 @@ class LoginAction extends Action return false; } + /** + * Prepare page to run + * + * + * @param $args + * @return string title + */ + + function prepare($args) + { + parent::prepare($args); + + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('login')); + // exit + } + + return true; + } + /** * Handle input, produce output * diff --git a/actions/register.php b/actions/register.php index 7fdbb4ded..2fc7ef921 100644 --- a/actions/register.php +++ b/actions/register.php @@ -74,6 +74,13 @@ class RegisterAction extends Action parent::prepare($args); $this->code = $this->trimmed('code'); + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('register')); + // exit + } + if (empty($this->code)) { common_ensure_session(); if (array_key_exists('invitecode', $_SESSION)) { -- cgit v1.2.3-54-g00ecf From c78f67aa7367acab5f9156ecf8963e2d5243e400 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 6 May 2010 00:20:10 -0700 Subject: Refactor and centralize notice source link calculation --- actions/twitapisearchatom.php | 15 ++++++++++-- classes/Notice.php | 39 +++++++++++++++++++++++++++++- lib/apiaction.php | 51 ++++++++++----------------------------- lib/noticelist.php | 56 ++++++++++++++++++++----------------------- 4 files changed, 90 insertions(+), 71 deletions(-) (limited to 'actions') diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 24aa619bd..3eb54ccc3 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -342,10 +342,21 @@ class TwitapisearchatomAction extends ApiAction 'rel' => 'related', 'href' => $profile->avatarUrl())); - // TODO: Here is where we'd put in a link to an atom feed for threads + // @todo: Here is where we'd put in a link to an atom feed for threads + + $source = null; + + $ns = $notice->getSource(); + if ($ns) { + if (!empty($ns->name) && !empty($ns->url)) { + $source = '' . $ns->name . ''; + } else { + $source = $ns->code; + } + } $this->element("twitter:source", null, - htmlentities($this->sourceLink($notice->source))); + htmlentities($source)); $this->elementStart('author'); diff --git a/classes/Notice.php b/classes/Notice.php index 9a9172cba..2c2c87d56 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -703,7 +703,7 @@ class Notice extends Memcached_DataObject /** * Is this notice part of an active conversation? - * + * * @return boolean true if other messages exist in the same * conversation, false if this is the only one */ @@ -1809,4 +1809,41 @@ class Notice extends Memcached_DataObject return $result; } + + /** + * Get the source of the notice + * + * @return Notice_source $ns A notice source object. 'code' is the only attribute + * guaranteed to be populated. + */ + function getSource() + { + $ns = new Notice_source(); + if (!empty($this->source)) { + switch ($this->source) { + case 'web': + case 'xmpp': + case 'mail': + case 'omb': + case 'system': + case 'api': + $ns->code = $this->source; + break; + default: + $ns = Notice_source::staticGet($this->source); + if (!$ns) { + $ns = new Notice_source(); + $ns->code = $this->source; + $app = Oauth_application::staticGet('name', $this->source); + if ($app) { + $ns->name = $app->name; + $ns->url = $app->source_url; + } + } + break; + } + } + return $ns; + } + } diff --git a/lib/apiaction.php b/lib/apiaction.php index f87b04611..7a6a5549b 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -260,7 +260,19 @@ class ApiAction extends Action $twitter_status['created_at'] = $this->dateTwitter($notice->created); $twitter_status['in_reply_to_status_id'] = ($notice->reply_to) ? intval($notice->reply_to) : null; - $twitter_status['source'] = $this->sourceLink($notice->source); + + $source = null; + + $ns = $notice->getSource(); + if ($ns) { + if (!empty($ns->name) && !empty($ns->url)) { + $source = '' . $ns->name . ''; + } else { + $source = $ns->code; + } + } + + $twitter_status['source'] = $source; $twitter_status['id'] = intval($notice->id); $replier_profile = null; @@ -1298,43 +1310,6 @@ class ApiAction extends Action } } - function sourceLink($source) - { - $source_name = _($source); - switch ($source) { - case 'web': - case 'xmpp': - case 'mail': - case 'omb': - case 'api': - break; - default: - - $name = null; - $url = null; - - $ns = Notice_source::staticGet($source); - - if ($ns) { - $name = $ns->name; - $url = $ns->url; - } else { - $app = Oauth_application::staticGet('name', $source); - if ($app) { - $name = $app->name; - $url = $app->source_url; - } - } - - if (!empty($name) && !empty($url)) { - $source_name = '' . $name . ''; - } - - break; - } - return $source_name; - } - /** * Returns query argument or default value if not found. Certain * parameters used throughout the API are lightly scrubbed and diff --git a/lib/noticelist.php b/lib/noticelist.php index 4f997a328..e0d8bf560 100644 --- a/lib/noticelist.php +++ b/lib/noticelist.php @@ -480,48 +480,44 @@ class NoticeListItem extends Widget function showNoticeSource() { - if ($this->notice->source) { + $ns = $this->notice->getSource(); + + if ($ns) { + $source_name = _($ns->code); $this->out->text(' '); $this->out->elementStart('span', 'source'); $this->out->text(_('from')); - $source_name = _($this->notice->source); $this->out->text(' '); - switch ($this->notice->source) { - case 'web': - case 'xmpp': - case 'mail': - case 'omb': - case 'system': - case 'api': - $this->out->element('span', 'device', $source_name); - break; - default: - $name = $source_name; - $url = null; + // if $ns->name and $ns->url are populated we have + // configured a source attr somewhere + if (empty($ns->name) && empty($ns->url)) { + // otherwise it's from normal channel such as web or api + $this->out->element('span', 'device', $source_name); + } else { + $name = null; + $url = null; + $title = null; if (Event::handle('StartNoticeSourceLink', array($this->notice, &$name, &$url, &$title))) { - $ns = Notice_source::staticGet($this->notice->source); - - if ($ns) { - $name = $ns->name; - $url = $ns->url; - } else { - $app = Oauth_application::staticGet('name', $this->notice->source); - if ($app) { - $name = $app->name; - $url = $app->source_url; - } - } + $name = $source_name; + $url = $ns->url; } Event::handle('EndNoticeSourceLink', array($this->notice, &$name, &$url, &$title)); if (!empty($name) && !empty($url)) { $this->out->elementStart('span', 'device'); - $this->out->element('a', array('href' => $url, - 'rel' => 'external', - 'title' => $title), - $name); + + $attrs = array( + 'href' => $url, + 'rel' => 'external' + ); + + if (isset($title)) { + $attrs['title'] = $title; + } + + $this->out->element('a', $attrs, $name); $this->out->elementEnd('span'); } else { $this->out->element('span', 'device', $name); -- cgit v1.2.3-54-g00ecf From 0dfef88cacde19cf0afaefbd422a7f5230091064 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 6 May 2010 00:55:17 -0700 Subject: HTML entity encode source link URLs in plain XML output and add rel="nofollow" to them --- actions/twitapisearchatom.php | 2 +- lib/apiaction.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'actions') diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 3eb54ccc3..6c740c490 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -349,7 +349,7 @@ class TwitapisearchatomAction extends ApiAction $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '' . $ns->name . ''; + $source = '' . $ns->name . ''; } else { $source = $ns->code; } diff --git a/lib/apiaction.php b/lib/apiaction.php index 7a6a5549b..f3efff402 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -266,13 +266,13 @@ class ApiAction extends Action $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '' . $ns->name . ''; + $source = '' . $ns->name . ''; } else { $source = $ns->code; } } - $twitter_status['source'] = $source; + $twitter_status['source'] = htmlentities($source); $twitter_status['id'] = intval($notice->id); $replier_profile = null; -- cgit v1.2.3-54-g00ecf From 5ea019c41ac4d6c161f3c8f287d405971d4aadea Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 6 May 2010 21:36:13 +0000 Subject: Remove errant double HTML entity encoding in API source attribution --- actions/twitapisearchatom.php | 9 ++++++--- classes/Notice.php | 2 +- lib/apiaction.php | 8 ++++++-- 3 files changed, 13 insertions(+), 6 deletions(-) (limited to 'actions') diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 6c740c490..51e8a8881 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -349,14 +349,17 @@ class TwitapisearchatomAction extends ApiAction $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '' . $ns->name . ''; + $source = '' + . htmlspecialchars($ns->name) + . ''; } else { $source = $ns->code; } } - $this->element("twitter:source", null, - htmlentities($source)); + $this->element("twitter:source", null, $source); $this->elementStart('author'); diff --git a/classes/Notice.php b/classes/Notice.php index 196501279..0dc7e10e7 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -1220,7 +1220,7 @@ class Notice extends Memcached_DataObject $ns = $this->getSource(); if ($ns) { if (!empty($ns->url)) { - $noticeInfoAttr['source_link'] = htmlentities($ns->url); + $noticeInfoAttr['source_link'] = $ns->url; } } diff --git a/lib/apiaction.php b/lib/apiaction.php index f3efff402..68198effc 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -266,13 +266,17 @@ class ApiAction extends Action $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '' . $ns->name . ''; + $source = '' + . htmlspecialchars($ns->name) + . ''; } else { $source = $ns->code; } } - $twitter_status['source'] = htmlentities($source); + $twitter_status['source'] = $source; $twitter_status['id'] = intval($notice->id); $replier_profile = null; -- cgit v1.2.3-54-g00ecf From 68305d4b6848cec6afe887ee2a5735515060770e Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Thu, 20 May 2010 12:46:36 -0700 Subject: Added block link to subscription notification emails; block action can now take a profile ID on the URL; added profile details to block page so there's an indication of who you're blocking before you pull the trigger. Fixed typo in RedirectingAction when no return-to data provided in form submission. RedirectingAction::returnToArgs() has been renamed to returnToPrevious() to avoid conflict with Action::returnToArgs() which returns arguments to be passed to other actions as return-to arguments. All callers should now be updated. More profile settings actions will now redirect through a login form if visited as a GET request, as would be expected from a bookmark, link sent in e-mail etc. --- actions/block.php | 46 ++++++++++++++++++++++++++++++++++++++-- actions/deleteuser.php | 4 ++-- actions/groupblock.php | 4 ++-- lib/mail.php | 10 +++++++-- lib/profileformaction.php | 13 ++++++++++-- lib/redirectingaction.php | 9 ++++---- lib/router.php | 5 +++++ plugins/UserFlag/clearflag.php | 2 +- plugins/UserFlag/flagprofile.php | 2 +- 9 files changed, 79 insertions(+), 16 deletions(-) (limited to 'actions') diff --git a/actions/block.php b/actions/block.php index 7f609c253..239a50868 100644 --- a/actions/block.php +++ b/actions/block.php @@ -87,13 +87,15 @@ class BlockAction extends ProfileFormAction { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->handlePost(); - $this->returnToArgs(); + $this->returnToPrevious(); } else { $this->showPage(); } + } else { + $this->showPage(); } } @@ -118,6 +120,12 @@ class BlockAction extends ProfileFormAction */ function areYouSureForm() { + // @fixme if we ajaxify the confirmation form, skip the preview on ajax hits + $profile = new ArrayWrapper(array($this->profile)); + $preview = new ProfileList($profile, $this); + $preview->show(); + + $id = $this->profile->id; $this->elementStart('form', array('id' => 'block-' . $id, 'method' => 'post', @@ -175,4 +183,38 @@ class BlockAction extends ProfileFormAction $this->autofocus('form_action-yes'); } + /** + * Override for form session token checks; on our first hit we're just + * requesting confirmation, which doesn't need a token. We need to be + * able to take regular GET requests from email! + * + * @throws ClientException if token is bad on POST request or if we have + * confirmation parameters which could trigger something. + */ + function checkSessionToken() + { + if ($_SERVER['REQUEST_METHOD'] == 'POST' || + $this->arg('yes') || + $this->arg('no')) { + + return parent::checkSessionToken(); + } + } + + /** + * If we reached this form without returnto arguments, return to the + * current user's subscription list. + * + * @return string URL + */ + function defaultReturnTo() + { + $user = common_current_user(); + if ($user) { + return common_local_url('subscribers', + array('nickname' => $user->nickname)); + } else { + return common_local_url('public'); + } + } } diff --git a/actions/deleteuser.php b/actions/deleteuser.php index 42ef4b9f5..c0a8b20e2 100644 --- a/actions/deleteuser.php +++ b/actions/deleteuser.php @@ -92,10 +92,10 @@ class DeleteuserAction extends ProfileFormAction { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->handlePost(); - $this->returnToArgs(); + $this->returnToPrevious(); } else { $this->showPage(); } diff --git a/actions/groupblock.php b/actions/groupblock.php index fc95c0e66..2e06dc324 100644 --- a/actions/groupblock.php +++ b/actions/groupblock.php @@ -117,7 +117,7 @@ class GroupblockAction extends RedirectingAction parent::handle($args); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->blockProfile(); } elseif ($this->arg('blockto')) { @@ -195,7 +195,7 @@ class GroupblockAction extends RedirectingAction return false; } - $this->returnToArgs(); + $this->returnToPrevious(); } /** diff --git a/lib/mail.php b/lib/mail.php index a4065e8d5..ab5742e33 100644 --- a/lib/mail.php +++ b/lib/mail.php @@ -245,6 +245,11 @@ function mail_subscribe_notify_profile($listenee, $other) $other->getBestName(), common_config('site', 'name')); + $blocklink = sprintf(_("If you believe this account is being used abusively, " . + "you can block them from your subscribers list and " . + "report as spam to site administrators at %s"), + common_local_url('block', array('profileid' => $other->id))); + // TRANS: Main body of new-subscriber notification e-mail $body = sprintf(_('%1$s is now listening to your notices on %2$s.'."\n\n". "\t".'%3$s'."\n\n". @@ -264,9 +269,10 @@ function mail_subscribe_notify_profile($listenee, $other) ($other->homepage) ? // TRANS: Profile info line in new-subscriber notification e-mail sprintf(_("Homepage: %s"), $other->homepage) . "\n" : '', - ($other->bio) ? + (($other->bio) ? // TRANS: Profile info line in new-subscriber notification e-mail - sprintf(_("Bio: %s"), $other->bio) . "\n\n" : '', + sprintf(_("Bio: %s"), $other->bio) . "\n" : '') . + "\n\n" . $blocklink . "\n", common_config('site', 'name'), common_local_url('emailsettings')); diff --git a/lib/profileformaction.php b/lib/profileformaction.php index 0ffafe5fb..51c89a922 100644 --- a/lib/profileformaction.php +++ b/lib/profileformaction.php @@ -60,7 +60,16 @@ class ProfileFormAction extends RedirectingAction $this->checkSessionToken(); if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $this->clientError(_('Not logged in.')); + } else { + // Redirect to login. + common_set_returnto($this->selfUrl()); + $user = common_current_user(); + if (Event::handle('RedirectToLogin', array($this, $user))) { + common_redirect(common_local_url('login'), 303); + } + } return false; } @@ -97,7 +106,7 @@ class ProfileFormAction extends RedirectingAction if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); - $this->returnToArgs(); + $this->returnToPrevious(); } } diff --git a/lib/redirectingaction.php b/lib/redirectingaction.php index f11585274..3a358f891 100644 --- a/lib/redirectingaction.php +++ b/lib/redirectingaction.php @@ -53,12 +53,13 @@ class RedirectingAction extends Action * * To be called only after successful processing. * - * @fixme rename this -- it obscures Action::returnToArgs() which - * returns a list of arguments, and is a bit confusing. + * Note: this was named returnToArgs() up through 0.9.2, which + * caused problems because there's an Action::returnToArgs() + * already which does something different. * * @return void */ - function returnToArgs() + function returnToPrevious() { // Now, gotta figure where we go back to $action = false; @@ -77,7 +78,7 @@ class RedirectingAction extends Action if ($action) { common_redirect(common_local_url($action, $args, $params), 303); } else { - $url = $this->defaultReturnToUrl(); + $url = $this->defaultReturnTo(); } common_redirect($url, 303); } diff --git a/lib/router.php b/lib/router.php index a9d07276f..afe44f92a 100644 --- a/lib/router.php +++ b/lib/router.php @@ -136,6 +136,11 @@ class Router $m->connect('main/'.$a, array('action' => $a)); } + // Also need a block variant accepting ID on URL for mail links + $m->connect('main/block/:profileid', + array('action' => 'block'), + array('profileid' => '[0-9]+')); + $m->connect('main/sup/:seconds', array('action' => 'sup'), array('seconds' => '[0-9]+')); diff --git a/plugins/UserFlag/clearflag.php b/plugins/UserFlag/clearflag.php index bd6732e2d..f032527ed 100644 --- a/plugins/UserFlag/clearflag.php +++ b/plugins/UserFlag/clearflag.php @@ -81,7 +81,7 @@ class ClearflagAction extends ProfileFormAction if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); if (!$this->boolean('ajax')) { - $this->returnToArgs(); + $this->returnToPrevious(); } } } diff --git a/plugins/UserFlag/flagprofile.php b/plugins/UserFlag/flagprofile.php index 2d0f0abb9..018c1e8ac 100644 --- a/plugins/UserFlag/flagprofile.php +++ b/plugins/UserFlag/flagprofile.php @@ -87,7 +87,7 @@ class FlagprofileAction extends ProfileFormAction if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); if (!$this->boolean('ajax')) { - $this->returnToArgs(); + $this->returnToPrevious(); } } } -- cgit v1.2.3-54-g00ecf