Commit 5d06267d authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Check friendship requests (bug 741)

parent f8af4ebc
......@@ -64,12 +64,13 @@ if ($control) {
exit;
}
// FIXME: there's no validation here, and possibly none on the user view
// page, for people submitting friend requests to users who do not want them.
// See bug #741. Language string not translated so people will not forget
// this
if ($values['type'] == 'request' && $values['id'] == $USER->get('id')) {
json_reply(true, 'You cannot request a friendship with yourself');
if ($values['type'] == 'request') {
if ($values['id'] == $USER->get('id')) {
json_reply(true, get_string('cannotrequestfriendshipwithself'));
}
if (get_account_preference($values['id'], 'friendscontrol') == 'nobody') {
json_reply(true, get_string('userdoesntwantfriends'));
}
}
friend_submit(null, $values);
......
......@@ -533,6 +533,7 @@ $string['nosearchresultsfound'] = 'No search results found :(';
$string['friendlistfailure'] = 'Failed to modify your friends list';
$string['userdoesntwantfriends'] = 'This user doesn\'t want any new friends';
$string['cannotrequestfriendshipwithself'] = 'You cannot request a friendship with yourself';
//messaging between users
$string['messagebody'] = 'Send message';
......
......@@ -408,6 +408,16 @@ function messageform_submit(Pieform $form, $values) {
}
}
function friend_validate(Pieform $form, $values) {
global $USER;
if ($USER->get('id') == $values['id']) {
$form->set_error('submit', get_string('cannotrequestfriendshipwithself'));
}
if (get_account_preference($values['id'], 'friendscontrol') == 'nobody') {
$form->set_error('submit', get_string('userdoesntwantfriends'));
}
}
// friend submit function lives in lib/user.php
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment