diff options
author | Simon L'nu <simon.lnu@gmail.com> | 2012-03-13 22:41:45 -0400 |
---|---|---|
committer | Simon L'nu <simon.lnu@gmail.com> | 2012-03-13 22:41:45 -0400 |
commit | a2073bcfc05abadc3e967f40c66d1fa674bba0d3 (patch) | |
tree | 6f0412fba9934257465217c9cae283b626d7fb70 /mod/profiles.php | |
parent | 1763a6c9c2a80642291e13f80be8a092465924ae (diff) | |
parent | de017d1ed76500c01fd11c8e1d36cf4ebd70172d (diff) | |
download | volse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.tar.gz volse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.tar.bz2 volse-hubzilla-a2073bcfc05abadc3e967f40c66d1fa674bba0d3.zip |
Merge branch 'master', remote-tracking branch 'remotes/upstream/master'
* remotes/upstream/master:
sort inbox by recently replied conversations first
file as widget and basic filing implementation for duepuntozero,slackr much more work needed - this is just for test/evaluation currently
don't count self in number of contatcs
invite potential connectees to the free social web
In HTML2BBCode: fetch the URL of [EMBED] using JavaScript instead of an ajax-call to a php-script. Once there actually is embedded Code in the HTML, this function is called after every single keypress. Not only is making an ajax-call every keypress bandith intensive - it also made typing hard / slow. Making a lot of JavaScript-RegExp-Computation every keypress isn't exactly great either, but still performs better.
Some security against XSRF-attacks
A 'PHP Fatal error: Call to a member function getElementsByTagName() on a non-object in mod/parse_url.php on line 191' occurred when the linked HTML-File doesn't have a HEAD. The HTML-file couln't be link to in the editor therefore.
Mostly some checks in order to avoid Notices; 1 real bugfix in /mod/network.php
Avoid notices
contact.network is used later to check if a direct link or a redirect by /redir/contactid should be used
wasn't actually changed before
Avoid a notice
Avoid a Notice
Avoid a Notice
Avoid a Notice
* master:
Diffstat (limited to 'mod/profiles.php')
-rwxr-xr-x | mod/profiles.php | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/mod/profiles.php b/mod/profiles.php index ccd7d5474..b307a2d43 100755 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -21,6 +21,9 @@ function profiles_post(&$a) { notice( t('Profile not found.') . EOL); return; } + + check_form_security_token_redirectOnErr('/profiles', 'profile_edit'); + $is_default = (($orig[0]['is-default']) ? 1 : 0); $profile_name = notags(trim($_POST['profile_name'])); @@ -240,6 +243,8 @@ function profiles_content(&$a) { goaway($a->get_baseurl() . '/profiles'); return; // NOTREACHED } + + check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't'); // move every contact using this profile as their default to the user default @@ -264,6 +269,8 @@ function profiles_content(&$a) { if(($a->argc > 1) && ($a->argv[1] === 'new')) { + + check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't'); $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d", intval(local_user())); @@ -291,10 +298,13 @@ function profiles_content(&$a) { info( t('New profile created.') . EOL); if(count($r3) == 1) goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']); + goaway($a->get_baseurl() . '/profiles'); - } + } if(($a->argc > 2) && ($a->argv[1] === 'clone')) { + + check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't'); $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d", intval(local_user())); @@ -330,9 +340,11 @@ function profiles_content(&$a) { info( t('New profile created.') . EOL); if(count($r3) == 1) goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']); - goaway($a->get_baseurl() . '/profiles'); - return; // NOTREACHED - } + + goaway($a->get_baseurl() . '/profiles'); + + return; // NOTREACHED + } if(($a->argc > 1) && (intval($a->argv[1]))) { @@ -371,6 +383,9 @@ function profiles_content(&$a) { $is_default = (($r[0]['is-default']) ? 1 : 0); $tpl = get_markup_template("profile_edit.tpl"); $o .= replace_macros($tpl,array( + '$form_security_token' => get_form_security_token("profile_edit"), + '$profile_clone_link' => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"), + '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"), '$banner' => t('Edit Profile Details'), '$submit' => t('Submit'), '$viewprof' => t('View this profile'), @@ -460,7 +475,8 @@ function profiles_content(&$a) { $o .= replace_macros($tpl_header,array( '$header' => t('Edit/Manage Profiles'), '$chg_photo' => t('Change profile photo'), - '$cr_new' => t('Create New Profile') + '$cr_new' => t('Create New Profile'), + '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new") )); |