Check friendship requests (bug 741)

htdocs/contacts/index.json.php

@@ -64,12 +64,13 @@ if ($control) {
         exit;
     }
 
-    // FIXME: there's no validation here, and possibly none on the user view
-    // page, for people submitting friend requests to users who do not want them. 
-    // See bug #741. Language string not translated so people will not forget 
-    // this
-    if ($values['type'] == 'request' && $values['id'] == $USER->get('id')) {
-        json_reply(true, 'You cannot request a friendship with yourself');
+    if ($values['type'] == 'request') {
+        if ($values['id'] == $USER->get('id')) {
+            json_reply(true, get_string('cannotrequestfriendshipwithself'));
+        }
+        if (get_account_preference($values['id'], 'friendscontrol') == 'nobody') {
+            json_reply(true, get_string('userdoesntwantfriends'));
+        }
     }
 
     friend_submit(null, $values);

htdocs/lang/en.utf8/mahara.php

@@ -533,6 +533,7 @@ $string['nosearchresultsfound'] = 'No search results found :(';
 
 $string['friendlistfailure'] = 'Failed to modify your friends list';
 $string['userdoesntwantfriends'] = 'This user doesn\'t want any new friends';
+$string['cannotrequestfriendshipwithself'] = 'You cannot request a friendship with yourself';
 
 //messaging between users
 $string['messagebody'] = 'Send message';

htdocs/user/view.php

@@ -408,6 +408,16 @@ function messageform_submit(Pieform $form, $values) {
     }
 }    
     
+function friend_validate(Pieform $form, $values) {
+    global $USER;
+    if ($USER->get('id') == $values['id']) {
+        $form->set_error('submit', get_string('cannotrequestfriendshipwithself'));
+    }
+    if (get_account_preference($values['id'], 'friendscontrol') == 'nobody') {
+        $form->set_error('submit', get_string('userdoesntwantfriends'));
+    }
+}
+
 
 // friend submit function lives in lib/user.php
 ?>