Fixing #10699 (prohibits blocking and ignoreing from the photo menu)

This commit is contained in:
Philipp 2021-09-12 21:20:12 +02:00
parent 5246b9c4b0
commit a65fbcebe7
No known key found for this signature in database
GPG key ID: 24A7501396EB5432
3 changed files with 14 additions and 10 deletions

View file

@ -20,6 +20,7 @@
*/
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Content\ContactSelector;
use Friendica\Content\Feature;
use Friendica\Core\ACL;
@ -396,6 +397,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
$threadsid = -1;
$page_template = Renderer::getMarkupTemplate("conversation.tpl");
$formSecurityToken = BaseModule::getFormSecurityToken('contact_action');
if (!empty($items)) {
if (in_array($mode, ['community', 'contacts'])) {
@ -502,7 +504,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
'network_icon' => ContactSelector::networkToIcon($item['network'], $item['author-link']),
'linktitle' => DI::l10n()->t('View %s\'s profile @ %s', $profile_name, $item['author-link']),
'profile_url' => $profile_link,
'item_photo_menu_html' => item_photo_menu($item),
'item_photo_menu_html' => item_photo_menu($item, $formSecurityToken),
'name' => $profile_name,
'sparkle' => $sparkle,
'lock' => false,
@ -590,7 +592,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
}
}
$threads = $conv->getTemplateData($conv_responses);
$threads = $conv->getTemplateData($conv_responses, $formSecurityToken);
if (!$threads) {
Logger::log('[ERROR] conversation : Failed to get template data.', Logger::DEBUG);
$threads = [];
@ -782,7 +784,7 @@ function conversation_add_children(array $parents, $block_authors, $order, $uid)
return $items;
}
function item_photo_menu($item)
function item_photo_menu($item, string $formSecurityToken)
{
DI::profiler()->startRecording('rendering');
$sub_link = '';
@ -825,8 +827,8 @@ function item_photo_menu($item)
if (!empty($pcid)) {
$contact_url = 'contact/' . $pcid;
$posts_link = $contact_url . '/posts';
$block_link = $item['self'] ? '' : $contact_url . '/block';
$ignore_link = $item['self'] ? '' : $contact_url . '/ignore';
$block_link = $item['self'] ? '' : $contact_url . '/block?t=' . $formSecurityToken;
$ignore_link = $item['self'] ? '' : $contact_url . '/ignore?t=' . $formSecurityToken;
}
if ($cid && !$item['self']) {

View file

@ -125,6 +125,7 @@ class Post
* Get data in a form usable by a conversation template
*
* @param array $conv_responses conversation responses
* @param string $formSecurityToken A security Token to avoid CSF attacks
* @param integer $thread_level default = 1
*
* @return mixed The data requested on success
@ -132,7 +133,7 @@ class Post
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException
*/
public function getTemplateData(array $conv_responses, $thread_level = 1)
public function getTemplateData(array $conv_responses, string $formSecurityToken, $thread_level = 1)
{
$a = DI::app();
@ -458,7 +459,7 @@ class Post
'vwall' => DI::l10n()->t('via Wall-To-Wall:'),
'profile_url' => $profile_link,
'name' => $profile_name,
'item_photo_menu_html' => item_photo_menu($item),
'item_photo_menu_html' => item_photo_menu($item, $formSecurityToken),
'thumb' => DI::baseUrl()->remove(Contact::getAvatarUrlForUrl($item['author-link'], $item['uid'], Proxy::SIZE_THUMB)),
'osparkle' => $osparkle,
'sparkle' => $sparkle,
@ -532,7 +533,7 @@ class Post
$nb_children = count($children);
if ($nb_children > 0) {
foreach ($children as $child) {
$result['children'][] = $child->getTemplateData($conv_responses, $thread_level + 1);
$result['children'][] = $child->getTemplateData($conv_responses, $formSecurityToken, $thread_level + 1);
}
// Collapse

View file

@ -190,12 +190,13 @@ class Thread
* We should find a way to avoid using those arguments (at least most of them)
*
* @param array $conv_responses data
* @param string $formSecurityToken A security Token to avoid CSF attacks
*
* @return mixed The data requested on success
* false on failure
* @throws \Exception
*/
public function getTemplateData($conv_responses)
public function getTemplateData($conv_responses, string $formSecurityToken)
{
$result = [];
@ -204,7 +205,7 @@ class Thread
continue;
}
$item_data = $item->getTemplateData($conv_responses);
$item_data = $item->getTemplateData($conv_responses, $formSecurityToken);
if (!$item_data) {
Logger::log('[ERROR] Conversation::getTemplateData : Failed to get item template data ('. $item->getId() .').', Logger::DEBUG);