GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

checks for user and sub in validate and better error check in remote save

Browse Source 
darcs-hash:20080606055439-84dde-3abda48583737e89a9c75b3cff6722e9444d13a9.gz
This commit is contained in:
Evan Prodromou 2008-06-06 01:54:39 -04:00
parent c22fb6e569
commit 1ef5cf964e
1 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
actions/userauthorization.php
View File

@ -258,18 +258,27 @@ class UserauthorizationAction extends Action {
} else { } else {
$profile->created = DB_DataObject_Cast::dateTime(); # current time $profile->created = DB_DataObject_Cast::dateTime(); # current time
$id = $profile->insert(); $id = $profile->insert();
if (!$id) {
return FALSE;
}
$remote->id = $id; $remote->id = $id;
} }
if ($exists) { if ($exists) {
$remote->update($orig_remote); if (!$remote->update($orig_remote)) {
return FALSE;
}
} else { } else {
$remote->created = DB_DataObject_Cast::dateTime(); # current time $remote->created = DB_DataObject_Cast::dateTime(); # current time
$remote->insert(); if (!$remote->insert()) {
return FALSE;
}
} }
if ($avatar_url) { if ($avatar_url) {
$this->add_avatar($profile, $avatar_url); if (!$this->add_avatar($profile, $avatar_url)) {
return FALSE;
}
} }
$user = common_current_user(); $user = common_current_user();
@ -284,9 +293,10 @@ class UserauthorizationAction extends Action {
$sub->created = DB_DataObject_Cast::dateTime(); # current time $sub->created = DB_DataObject_Cast::dateTime(); # current time
if (!$sub->insert()) { if (!$sub->insert()) {
common_user_error(_t('Couldn\'t insert new subscription.')); return FALSE;
return;
} }
return TRUE;
} }
function add_avatar($profile, $url) { function add_avatar($profile, $url) {
@ -378,6 +388,10 @@ class UserauthorizationAction extends Action {
if (!$user) { if (!$user) {
throw new OAuthException("Listener URI '$listener' not found here"); throw new OAuthException("Listener URI '$listener' not found here");
} }
$cur = common_current_user();
if ($cur->id != $user->id) {
throw new OAuthException("Can't add for another user!");
}
$listenee = $req->get_parameter('omb_listenee'); $listenee = $req->get_parameter('omb_listenee');
if (!Validate::uri($listenee) && if (!Validate::uri($listenee) &&
!common_valid_tag($listenee)) { !common_valid_tag($listenee)) {
@ -386,6 +400,15 @@ class UserauthorizationAction extends Action {
if (strlen($listenee) > 255) { if (strlen($listenee) > 255) {
throw new OAuthException("Listenee URI '$listenee' too long"); throw new OAuthException("Listenee URI '$listenee' too long");
} }
$remote = Remote_profile::staticGet('uri', $listenee);
if ($remote) {
$sub = new Subscription();
$sub->subscriber = $user->id;
$sub->subscribed = $remote->id;
if ($sub->find(TRUE)) {
throw new OAuthException("Already subscribed to user!");
}
}
$nickname = $req->get_parameter('omb_listenee_nickname'); $nickname = $req->get_parameter('omb_listenee_nickname');
if (!Validate::string($nickname, array('min_length' => 1, if (!Validate::string($nickname, array('min_length' => 1,
'max_length' => 64, 'max_length' => 64,