Permalink
Browse files

fix(friends): check friendship relationship before change

fixes #11975
  • Loading branch information...
jeabakker committed May 24, 2018
1 parent 99964cc commit ccd6fbbbb3efd628b871f2548263d0d9ff3ef7ae
Showing with 22 additions and 17 deletions.
  1. +10 −8 actions/friends/add.php
  2. +10 −9 actions/friends/remove.php
  3. +2 −0 languages/en.php
View
@@ -7,18 +7,20 @@
*/
// Get the GUID of the user to friend
$friend_guid = get_input('friend');
$friend = get_user($friend_guid);
$friend_guid = (int) get_input('friend');
$friend = get_user($friend_guid);
if (!$friend) {
register_error(elgg_echo('error:missing_data'));
forward(REFERER);
return elgg_error_response(elgg_echo('error:missing_data'));
}
$user = elgg_get_logged_in_user_entity();
if ($user->isFriendsWith($friend->guid)) {
return elgg_ok_response('', elgg_echo('friends:add:duplicate', [$friend->getDisplayName()]));
}
if (!elgg_get_logged_in_user_entity()->addFriend($friend->guid, true)) {
register_error(elgg_echo("friends:add:failure", array($friend->name)));
forward(REFERER);
return elgg_error_response(elgg_echo('friends:add:failure', [$friend->getDisplayName()]));
}
system_message(elgg_echo("friends:add:successful", array($friend->name)));
forward(REFERER);
return elgg_ok_response('', elgg_echo('friends:add:successful', [$friend->getDisplayName()]));
View
@@ -7,19 +7,20 @@
*/
// Get the GUID of the user to friend
$friend_guid = get_input('friend');
$friend = get_user($friend_guid);
$friend_guid = (int) get_input('friend');
$friend = get_user($friend_guid);
if (!$friend) {
register_error(elgg_echo('error:missing_data'));
forward(REFERER);
return elgg_error_response(elgg_echo('error:missing_data'));
}
if (!elgg_get_logged_in_user_entity()->removeFriend($friend->guid)) {
register_error(elgg_echo("friends:remove:failure", array($friend->name)));
forward(REFERER);
$user = elgg_get_logged_in_user_entity();
if (!$user->isFriendsWith($friend->guid)) {
return elgg_ok_response('', elgg_echo('friends:remove:no_friend', [$friend->getDisplayName()]));
}
system_message(elgg_echo("friends:remove:successful", array($friend->name)));
forward(REFERER);
if (!elgg_get_logged_in_user_entity()->removeFriend($friend->guid)) {
return elgg_error_response(elgg_echo('friends:remove:failure', [$friend->getDisplayName()]));
}
return elgg_ok_response('', elgg_echo('friends:remove:successful', [$friend->getDisplayName()]));
View
@@ -247,9 +247,11 @@
'friend:remove' => "Remove friend",
'friends:add:successful' => "You have successfully added %s as a friend.",
'friends:add:duplicate' => "You're already friends with %s",
'friends:add:failure' => "We couldn't add %s as a friend.",
'friends:remove:successful' => "You have successfully removed %s from your friends.",
'friends:remove:no_friend' => "You and %s are not friends",
'friends:remove:failure' => "We couldn't remove %s from your friends.",
'friends:none' => "No friends yet.",

0 comments on commit ccd6fbb

Please sign in to comment.