diff options
| author | Simon L'nu <simon.lnu@gmail.com> | 2012-03-13 22:41:45 -0400 |
|---|---|---|
| committer | Simon L'nu <simon.lnu@gmail.com> | 2012-03-13 22:41:45 -0400 |
| commit | a2073bcfc05abadc3e967f40c66d1fa674bba0d3 (patch) | |
| tree | 6f0412fba9934257465217c9cae283b626d7fb70 /mod/profile_photo.php | |
| parent | 1763a6c9c2a80642291e13f80be8a092465924ae (diff) | |
| parent | de017d1ed76500c01fd11c8e1d36cf4ebd70172d (diff) | |
| download | volse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.tar.gz volse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.tar.bz2 volse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.zip | |
Merge branch 'master', remote-tracking branch 'remotes/upstream/master'
* remotes/upstream/master:
sort inbox by recently replied conversations first
file as widget and basic filing implementation for duepuntozero,slackr much more work needed - this is just for test/evaluation currently
don't count self in number of contatcs
invite potential connectees to the free social web
In HTML2BBCode: fetch the URL of [EMBED] using JavaScript instead of an ajax-call to a php-script. Once there actually is embedded Code in the HTML, this function is called after every single keypress. Not only is making an ajax-call every keypress bandith intensive - it also made typing hard / slow. Making a lot of JavaScript-RegExp-Computation every keypress isn't exactly great either, but still performs better.
Some security against XSRF-attacks
A 'PHP Fatal error: Call to a member function getElementsByTagName() on a non-object in mod/parse_url.php on line 191' occurred when the linked HTML-File doesn't have a HEAD. The HTML-file couln't be link to in the editor therefore.
Mostly some checks in order to avoid Notices; 1 real bugfix in /mod/network.php
Avoid notices
contact.network is used later to check if a direct link or a redirect by /redir/contactid should be used
wasn't actually changed before
Avoid a notice
Avoid a Notice
Avoid a Notice
Avoid a Notice
* master:
Diffstat (limited to 'mod/profile_photo.php')
| -rwxr-xr-x | mod/profile_photo.php | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/mod/profile_photo.php b/mod/profile_photo.php index e3dbdaf39..d1fd08eba 100755 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -15,11 +15,13 @@ function profile_photo_init(&$a) { function profile_photo_post(&$a) { - if(! local_user()) { - notice ( t('Permission denied.') . EOL ); - return; - } - + if(! local_user()) { + notice ( t('Permission denied.') . EOL ); + return; + } + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { // phase 2 - we have finished cropping @@ -148,7 +150,9 @@ function profile_photo_content(&$a) { notice( t('Permission denied.') . EOL ); return; }; - + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + $resource_id = $a->argv[2]; //die(":".local_user()); $r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC", @@ -203,6 +207,7 @@ function profile_photo_content(&$a) { '$lbl_upfile' => t('Upload File:'), '$title' => t('Upload Profile Photo'), '$submit' => t('Upload'), + '$form_security_token' => get_form_security_token("profile_photo"), '$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->user['nickname'] . '">' . t('select a photo from your photo albums') . '</a>') )); @@ -218,6 +223,7 @@ function profile_photo_content(&$a) { '$image_url' => $a->get_baseurl() . '/photo/' . $filename, '$title' => t('Crop Image'), '$desc' => t('Please adjust the image cropping for optimum viewing.'), + '$form_security_token' => get_form_security_token("profile_photo"), '$done' => t('Done Editing') )); return $o; |