aboutsummaryrefslogtreecommitdiffstats
path: root/mod/profiles.php
diff options
context:
space:
mode:
authorSimon L'nu <simon.lnu@gmail.com>2012-03-13 22:41:45 -0400
committerSimon L'nu <simon.lnu@gmail.com>2012-03-13 22:41:45 -0400
commita2073bcfc05abadc3e967f40c66d1fa674bba0d3 (patch)
tree6f0412fba9934257465217c9cae283b626d7fb70 /mod/profiles.php
parent1763a6c9c2a80642291e13f80be8a092465924ae (diff)
parentde017d1ed76500c01fd11c8e1d36cf4ebd70172d (diff)
downloadvolse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.tar.gz
volse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.tar.bz2
volse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.zip
Merge branch 'master', remote-tracking branch 'remotes/upstream/master'
* remotes/upstream/master: sort inbox by recently replied conversations first file as widget and basic filing implementation for duepuntozero,slackr much more work needed - this is just for test/evaluation currently don't count self in number of contatcs invite potential connectees to the free social web In HTML2BBCode: fetch the URL of [EMBED] using JavaScript instead of an ajax-call to a php-script. Once there actually is embedded Code in the HTML, this function is called after every single keypress. Not only is making an ajax-call every keypress bandith intensive - it also made typing hard / slow. Making a lot of JavaScript-RegExp-Computation every keypress isn't exactly great either, but still performs better. Some security against XSRF-attacks A 'PHP Fatal error: Call to a member function getElementsByTagName() on a non-object in mod/parse_url.php on line 191' occurred when the linked HTML-File doesn't have a HEAD. The HTML-file couln't be link to in the editor therefore. Mostly some checks in order to avoid Notices; 1 real bugfix in /mod/network.php Avoid notices contact.network is used later to check if a direct link or a redirect by /redir/contactid should be used wasn't actually changed before Avoid a notice Avoid a Notice Avoid a Notice Avoid a Notice * master:
Diffstat (limited to 'mod/profiles.php')
-rwxr-xr-xmod/profiles.php26
1 files changed, 21 insertions, 5 deletions
diff --git a/mod/profiles.php b/mod/profiles.php
index ccd7d5474..b307a2d43 100755
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -21,6 +21,9 @@ function profiles_post(&$a) {
notice( t('Profile not found.') . EOL);
return;
}
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
+
$is_default = (($orig[0]['is-default']) ? 1 : 0);
$profile_name = notags(trim($_POST['profile_name']));
@@ -240,6 +243,8 @@ function profiles_content(&$a) {
goaway($a->get_baseurl() . '/profiles');
return; // NOTREACHED
}
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't');
// move every contact using this profile as their default to the user default
@@ -264,6 +269,8 @@ function profiles_content(&$a) {
if(($a->argc > 1) && ($a->argv[1] === 'new')) {
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval(local_user()));
@@ -291,10 +298,13 @@ function profiles_content(&$a) {
info( t('New profile created.') . EOL);
if(count($r3) == 1)
goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
+
goaway($a->get_baseurl() . '/profiles');
- }
+ }
if(($a->argc > 2) && ($a->argv[1] === 'clone')) {
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval(local_user()));
@@ -330,9 +340,11 @@ function profiles_content(&$a) {
info( t('New profile created.') . EOL);
if(count($r3) == 1)
goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
- goaway($a->get_baseurl() . '/profiles');
- return; // NOTREACHED
- }
+
+ goaway($a->get_baseurl() . '/profiles');
+
+ return; // NOTREACHED
+ }
if(($a->argc > 1) && (intval($a->argv[1]))) {
@@ -371,6 +383,9 @@ function profiles_content(&$a) {
$is_default = (($r[0]['is-default']) ? 1 : 0);
$tpl = get_markup_template("profile_edit.tpl");
$o .= replace_macros($tpl,array(
+ '$form_security_token' => get_form_security_token("profile_edit"),
+ '$profile_clone_link' => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"),
+ '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"),
'$banner' => t('Edit Profile Details'),
'$submit' => t('Submit'),
'$viewprof' => t('View this profile'),
@@ -460,7 +475,8 @@ function profiles_content(&$a) {
$o .= replace_macros($tpl_header,array(
'$header' => t('Edit/Manage Profiles'),
'$chg_photo' => t('Change profile photo'),
- '$cr_new' => t('Create New Profile')
+ '$cr_new' => t('Create New Profile'),
+ '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new")
));