Skip to content

Commit

Permalink
fix(friends): check friendship relationship before change
Browse files Browse the repository at this point in the history 
fixes #11975
  • Loading branch information
@jeabakker
jeabakker committed May 24, 2018
1 parent 99964cc commit ccd6fbb
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 17 deletions.
18 changes: 10 additions & 8 deletions actions/friends/add.php
View file
Expand Up @@ -7,18 +7,20 @@
*/ */


// Get the GUID of the user to friend // Get the GUID of the user to friend
$friend_guid = get_input('friend'); $friend_guid = (int) get_input('friend');
$friend = get_user($friend_guid);


$friend = get_user($friend_guid);
if (!$friend) { if (!$friend) {
register_error(elgg_echo('error:missing_data')); return elgg_error_response(elgg_echo('error:missing_data'));
forward(REFERER); }

$user = elgg_get_logged_in_user_entity();
if ($user->isFriendsWith($friend->guid)) {
return elgg_ok_response('', elgg_echo('friends:add:duplicate', [$friend->getDisplayName()]));
} }


if (!elgg_get_logged_in_user_entity()->addFriend($friend->guid, true)) { if (!elgg_get_logged_in_user_entity()->addFriend($friend->guid, true)) {
register_error(elgg_echo("friends:add:failure", array($friend->name))); return elgg_error_response(elgg_echo('friends:add:failure', [$friend->getDisplayName()]));
forward(REFERER);
} }


system_message(elgg_echo("friends:add:successful", array($friend->name))); return elgg_ok_response('', elgg_echo('friends:add:successful', [$friend->getDisplayName()]));
forward(REFERER);
19 changes: 10 additions & 9 deletions actions/friends/remove.php
View file
Expand Up @@ -7,19 +7,20 @@
*/ */


// Get the GUID of the user to friend // Get the GUID of the user to friend
$friend_guid = get_input('friend'); $friend_guid = (int) get_input('friend');
$friend = get_user($friend_guid);


$friend = get_user($friend_guid);
if (!$friend) { if (!$friend) {
register_error(elgg_echo('error:missing_data')); return elgg_error_response(elgg_echo('error:missing_data'));
forward(REFERER);
} }


if (!elgg_get_logged_in_user_entity()->removeFriend($friend->guid)) { $user = elgg_get_logged_in_user_entity();
register_error(elgg_echo("friends:remove:failure", array($friend->name))); if (!$user->isFriendsWith($friend->guid)) {
forward(REFERER); return elgg_ok_response('', elgg_echo('friends:remove:no_friend', [$friend->getDisplayName()]));
} }


system_message(elgg_echo("friends:remove:successful", array($friend->name))); if (!elgg_get_logged_in_user_entity()->removeFriend($friend->guid)) {
forward(REFERER); return elgg_error_response(elgg_echo('friends:remove:failure', [$friend->getDisplayName()]));
}


return elgg_ok_response('', elgg_echo('friends:remove:successful', [$friend->getDisplayName()]));
2 changes: 2 additions & 0 deletions languages/en.php
View file
Expand Up @@ -247,9 +247,11 @@
'friend:remove' => "Remove friend", 'friend:remove' => "Remove friend",


'friends:add:successful' => "You have successfully added %s as a friend.", 'friends:add:successful' => "You have successfully added %s as a friend.",
'friends:add:duplicate' => "You're already friends with %s",
'friends:add:failure' => "We couldn't add %s as a friend.", 'friends:add:failure' => "We couldn't add %s as a friend.",


'friends:remove:successful' => "You have successfully removed %s from your friends.", 'friends:remove:successful' => "You have successfully removed %s from your friends.",
'friends:remove:no_friend' => "You and %s are not friends",
'friends:remove:failure' => "We couldn't remove %s from your friends.", 'friends:remove:failure' => "We couldn't remove %s from your friends.",


'friends:none' => "No friends yet.", 'friends:none' => "No friends yet.",
Expand Down

0 comments on commit ccd6fbb

Please sign in to comment.