Fixing #10699 (prohibits blocking and ignoreing from the photo menu)

This commit is contained in:
Philipp 2021-09-12 21:20:12 +02:00
parent 5246b9c4b0
commit a65fbcebe7
No known key found for this signature in database
GPG key ID: 24A7501396EB5432
3 changed files with 14 additions and 10 deletions

View file

@ -20,6 +20,7 @@
*/ */
use Friendica\App; use Friendica\App;
use Friendica\BaseModule;
use Friendica\Content\ContactSelector; use Friendica\Content\ContactSelector;
use Friendica\Content\Feature; use Friendica\Content\Feature;
use Friendica\Core\ACL; use Friendica\Core\ACL;
@ -396,6 +397,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
$threadsid = -1; $threadsid = -1;
$page_template = Renderer::getMarkupTemplate("conversation.tpl"); $page_template = Renderer::getMarkupTemplate("conversation.tpl");
$formSecurityToken = BaseModule::getFormSecurityToken('contact_action');
if (!empty($items)) { if (!empty($items)) {
if (in_array($mode, ['community', 'contacts'])) { if (in_array($mode, ['community', 'contacts'])) {
@ -502,7 +504,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
'network_icon' => ContactSelector::networkToIcon($item['network'], $item['author-link']), 'network_icon' => ContactSelector::networkToIcon($item['network'], $item['author-link']),
'linktitle' => DI::l10n()->t('View %s\'s profile @ %s', $profile_name, $item['author-link']), 'linktitle' => DI::l10n()->t('View %s\'s profile @ %s', $profile_name, $item['author-link']),
'profile_url' => $profile_link, 'profile_url' => $profile_link,
'item_photo_menu_html' => item_photo_menu($item), 'item_photo_menu_html' => item_photo_menu($item, $formSecurityToken),
'name' => $profile_name, 'name' => $profile_name,
'sparkle' => $sparkle, 'sparkle' => $sparkle,
'lock' => false, 'lock' => false,
@ -590,7 +592,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
} }
} }
$threads = $conv->getTemplateData($conv_responses); $threads = $conv->getTemplateData($conv_responses, $formSecurityToken);
if (!$threads) { if (!$threads) {
Logger::log('[ERROR] conversation : Failed to get template data.', Logger::DEBUG); Logger::log('[ERROR] conversation : Failed to get template data.', Logger::DEBUG);
$threads = []; $threads = [];
@ -782,7 +784,7 @@ function conversation_add_children(array $parents, $block_authors, $order, $uid)
return $items; return $items;
} }
function item_photo_menu($item) function item_photo_menu($item, string $formSecurityToken)
{ {
DI::profiler()->startRecording('rendering'); DI::profiler()->startRecording('rendering');
$sub_link = ''; $sub_link = '';
@ -825,8 +827,8 @@ function item_photo_menu($item)
if (!empty($pcid)) { if (!empty($pcid)) {
$contact_url = 'contact/' . $pcid; $contact_url = 'contact/' . $pcid;
$posts_link = $contact_url . '/posts'; $posts_link = $contact_url . '/posts';
$block_link = $item['self'] ? '' : $contact_url . '/block'; $block_link = $item['self'] ? '' : $contact_url . '/block?t=' . $formSecurityToken;
$ignore_link = $item['self'] ? '' : $contact_url . '/ignore'; $ignore_link = $item['self'] ? '' : $contact_url . '/ignore?t=' . $formSecurityToken;
} }
if ($cid && !$item['self']) { if ($cid && !$item['self']) {

View file

@ -125,6 +125,7 @@ class Post
* Get data in a form usable by a conversation template * Get data in a form usable by a conversation template
* *
* @param array $conv_responses conversation responses * @param array $conv_responses conversation responses
* @param string $formSecurityToken A security Token to avoid CSF attacks
* @param integer $thread_level default = 1 * @param integer $thread_level default = 1
* *
* @return mixed The data requested on success * @return mixed The data requested on success
@ -132,7 +133,7 @@ class Post
* @throws \Friendica\Network\HTTPException\InternalServerErrorException * @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException * @throws \ImagickException
*/ */
public function getTemplateData(array $conv_responses, $thread_level = 1) public function getTemplateData(array $conv_responses, string $formSecurityToken, $thread_level = 1)
{ {
$a = DI::app(); $a = DI::app();
@ -458,7 +459,7 @@ class Post
'vwall' => DI::l10n()->t('via Wall-To-Wall:'), 'vwall' => DI::l10n()->t('via Wall-To-Wall:'),
'profile_url' => $profile_link, 'profile_url' => $profile_link,
'name' => $profile_name, 'name' => $profile_name,
'item_photo_menu_html' => item_photo_menu($item), 'item_photo_menu_html' => item_photo_menu($item, $formSecurityToken),
'thumb' => DI::baseUrl()->remove(Contact::getAvatarUrlForUrl($item['author-link'], $item['uid'], Proxy::SIZE_THUMB)), 'thumb' => DI::baseUrl()->remove(Contact::getAvatarUrlForUrl($item['author-link'], $item['uid'], Proxy::SIZE_THUMB)),
'osparkle' => $osparkle, 'osparkle' => $osparkle,
'sparkle' => $sparkle, 'sparkle' => $sparkle,
@ -532,7 +533,7 @@ class Post
$nb_children = count($children); $nb_children = count($children);
if ($nb_children > 0) { if ($nb_children > 0) {
foreach ($children as $child) { foreach ($children as $child) {
$result['children'][] = $child->getTemplateData($conv_responses, $thread_level + 1); $result['children'][] = $child->getTemplateData($conv_responses, $formSecurityToken, $thread_level + 1);
} }
// Collapse // Collapse

View file

@ -190,12 +190,13 @@ class Thread
* We should find a way to avoid using those arguments (at least most of them) * We should find a way to avoid using those arguments (at least most of them)
* *
* @param array $conv_responses data * @param array $conv_responses data
* @param string $formSecurityToken A security Token to avoid CSF attacks
* *
* @return mixed The data requested on success * @return mixed The data requested on success
* false on failure * false on failure
* @throws \Exception * @throws \Exception
*/ */
public function getTemplateData($conv_responses) public function getTemplateData($conv_responses, string $formSecurityToken)
{ {
$result = []; $result = [];
@ -204,7 +205,7 @@ class Thread
continue; continue;
} }
$item_data = $item->getTemplateData($conv_responses); $item_data = $item->getTemplateData($conv_responses, $formSecurityToken);
if (!$item_data) { if (!$item_data) {
Logger::log('[ERROR] Conversation::getTemplateData : Failed to get item template data ('. $item->getId() .').', Logger::DEBUG); Logger::log('[ERROR] Conversation::getTemplateData : Failed to get item template data ('. $item->getId() .').', Logger::DEBUG);