From 1ef5cf964ef65b248dc150660124e95dcd933106 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Fri, 6 Jun 2008 01:54:39 -0400
Subject: [PATCH] checks for user and sub in validate and better error check in
 remote save

darcs-hash:20080606055439-84dde-3abda48583737e89a9c75b3cff6722e9444d13a9.gz
---
 actions/userauthorization.php | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index b4fe1b0754..e91c41fb3e 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -258,18 +258,27 @@ class UserauthorizationAction extends Action {
 		} else {
 			$profile->created = DB_DataObject_Cast::dateTime(); # current time
 			$id = $profile->insert();
+			if (!$id) {
+				return FALSE;
+			}
 			$remote->id = $id;
 		}
 
 		if ($exists) {
-			$remote->update($orig_remote);
+			if (!$remote->update($orig_remote)) {
+				return FALSE;
+			}
 		} else {
 			$remote->created = DB_DataObject_Cast::dateTime(); # current time
-			$remote->insert();
+			if (!$remote->insert()) {
+				return FALSE;
+			}
 		}
 
 		if ($avatar_url) {
-			$this->add_avatar($profile, $avatar_url);
+			if (!$this->add_avatar($profile, $avatar_url)) {
+				return FALSE;
+			}
 		}
 
 		$user = common_current_user();
@@ -284,9 +293,10 @@ class UserauthorizationAction extends Action {
 		$sub->created = DB_DataObject_Cast::dateTime(); # current time
 		
 		if (!$sub->insert()) {
-			common_user_error(_t('Couldn\'t insert new subscription.'));
-			return;
+			return FALSE;
 		}
+		
+		return TRUE;
 	}
 
 	function add_avatar($profile, $url) {
@@ -378,6 +388,10 @@ class UserauthorizationAction extends Action {
 		if (!$user) {
 			throw new OAuthException("Listener URI '$listener' not found here");
 		}
+		$cur = common_current_user();
+		if ($cur->id != $user->id) {
+			throw new OAuthException("Can't add for another user!");
+		}
 		$listenee = $req->get_parameter('omb_listenee');
 		if (!Validate::uri($listenee) &&
 			!common_valid_tag($listenee)) {
@@ -386,6 +400,15 @@ class UserauthorizationAction extends Action {
 		if (strlen($listenee) > 255) {
 			throw new OAuthException("Listenee URI '$listenee' too long");
 		}
+		$remote = Remote_profile::staticGet('uri', $listenee);
+		if ($remote) {
+			$sub = new Subscription();
+			$sub->subscriber = $user->id;
+			$sub->subscribed = $remote->id;
+			if ($sub->find(TRUE)) {
+				throw new OAuthException("Already subscribed to user!");
+			}
+		}
 		$nickname = $req->get_parameter('omb_listenee_nickname');
 		if (!Validate::string($nickname, array('min_length' => 1,
 											   'max_length' => 64,