From 0b58465fb96f96ee41d8e03b5727a763fccc96bc Mon Sep 17 00:00:00 2001
From: brunoccast <brvnocasteleiro@gmail.com>
Date: Tue, 30 Jul 2019 02:18:52 +0100
Subject: [PATCH] [CORE] Fix notice delete-form

DeletenoticeAction:
- Added tombstone check before deletion

NoticeListItem:
- Added tombstone check before showing delete-form

ActivityVerb:
- The plugin was overwriting the deletenotice route. Added stronger
regexp to the connected routes.
---
 actions/deletenotice.php                    |  7 +++---
 lib/noticelistitem.php                      |  1 +
 plugins/ActivityVerb/ActivityVerbPlugin.php | 24 +++++++++++++++------
 3 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/actions/deletenotice.php b/actions/deletenotice.php
index 2dd0848aa5..783a0bf4bf 100644
--- a/actions/deletenotice.php
+++ b/actions/deletenotice.php
@@ -39,9 +39,10 @@ class DeletenoticeAction extends FormAction
     {
         $this->notice = Notice::getByID($this->trimmed('notice'));
 
-        if (!$this->scoped->sameAs($this->notice->getProfile()) &&
-                   !$this->scoped->hasRight(Right::DELETEOTHERSNOTICE)) {
-            // TRANS: Error message displayed trying to delete a notice that was not made by the current user.
+        if ($this->notice->isVerb([ActivityVerb::DELETE]) ||
+            (!$this->scoped->sameAs($this->notice->getProfile()) &&
+              !$this->scoped->hasRight(Right::DELETEOTHERSNOTICE))) {
+            // TRANS: Error message displayed when trying to delete a notice that was not made by the current user.
             $this->clientError(_('Cannot delete this notice.'));
         }
 
diff --git a/lib/noticelistitem.php b/lib/noticelistitem.php
index 5468310ea3..aa4f6b7bc6 100644
--- a/lib/noticelistitem.php
+++ b/lib/noticelistitem.php
@@ -618,6 +618,7 @@ class NoticeListItem extends Widget
         $todel = (empty($this->repeat)) ? $this->notice : $this->repeat;
 
         if (!empty($user) &&
+            !$this->notice->isVerb([ActivityVerb::DELETE]) &&
             ($todel->profile_id == $user->id || $user->hasRight(Right::DELETEOTHERSNOTICE))) {
             $this->out->text(' ');
             $deleteurl = common_local_url('deletenotice',
diff --git a/plugins/ActivityVerb/ActivityVerbPlugin.php b/plugins/ActivityVerb/ActivityVerbPlugin.php
index 4d92e36665..22b12a680f 100644
--- a/plugins/ActivityVerb/ActivityVerbPlugin.php
+++ b/plugins/ActivityVerb/ActivityVerbPlugin.php
@@ -35,14 +35,26 @@ class ActivityVerbPlugin extends Plugin
 
     public function onRouterInitialized(URLMapper $m)
     {
+        $unsupported = ['delete', 'share'];
+
+        foreach ($unsupported as $idx => $verb) {
+            $unsupported[$idx] = "(?!".$verb.")";
+        }
+
+        // not all verbs are currently handled by ActivityVerb Plugins,
+        // so we need a strong regexp to prevent route replacement in
+        // the URLMapper
+        $verb_regexp = implode("", $unsupported) . '[a-z]+';
+
         $m->connect('notice/:id/:verb',
-                    array('action' => 'activityverb'),
-                    array('id'     => '[0-9]+',
-                          'verb'   => '[a-z]+'));
+                    ['action' => 'activityverb'],
+                    ['id'     => '[0-9]+',
+                     'verb'   => $verb_regexp]);
+
         $m->connect('activity/:id/:verb',
-                    array('action' => 'activityverb'),
-                    array('id'     => '[0-9]+',
-                          'verb'   => '[a-z]+'));
+                    ['action' => 'activityverb'],
+                    ['id'     => '[0-9]+',
+                     'verb'   => $verb_regexp]);
     }
 
     public function onPluginVersion(array &$versions)