wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[CORE] Fix notice delete-form

Browse Source 
DeletenoticeAction:
- Added tombstone check before deletion

NoticeListItem:
- Added tombstone check before showing delete-form

ActivityVerb:
- The plugin was overwriting the deletenotice route. Added stronger
regexp to the connected routes.
This commit is contained in:
brunoccast 2019-07-30 02:18:52 +01:00 committed by Diogo Cordeiro
parent f67a93eddc
commit 0b58465fb9
3 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
actions/deletenotice.php
View File

@ -39,9 +39,10 @@ class DeletenoticeAction extends FormAction
{ {
$this->notice = Notice::getByID($this->trimmed('notice')); $this->notice = Notice::getByID($this->trimmed('notice'));
if (!$this->scoped->sameAs($this->notice->getProfile()) && if ($this->notice->isVerb([ActivityVerb::DELETE]) ||
!$this->scoped->hasRight(Right::DELETEOTHERSNOTICE)) { (!$this->scoped->sameAs($this->notice->getProfile()) &&
// TRANS: Error message displayed trying to delete a notice that was not made by the current user. !$this->scoped->hasRight(Right::DELETEOTHERSNOTICE))) {
// TRANS: Error message displayed when trying to delete a notice that was not made by the current user.
$this->clientError(_('Cannot delete this notice.')); $this->clientError(_('Cannot delete this notice.'));
} }

1
lib/noticelistitem.php
View File

@ -618,6 +618,7 @@ class NoticeListItem extends Widget
$todel = (empty($this->repeat)) ? $this->notice : $this->repeat; $todel = (empty($this->repeat)) ? $this->notice : $this->repeat;
if (!empty($user) && if (!empty($user) &&
!$this->notice->isVerb([ActivityVerb::DELETE]) &&
($todel->profile_id == $user->id || $user->hasRight(Right::DELETEOTHERSNOTICE))) { ($todel->profile_id == $user->id || $user->hasRight(Right::DELETEOTHERSNOTICE))) {
$this->out->text(' '); $this->out->text(' ');
$deleteurl = common_local_url('deletenotice', $deleteurl = common_local_url('deletenotice',

24
plugins/ActivityVerb/ActivityVerbPlugin.php
View File

@ -35,14 +35,26 @@ class ActivityVerbPlugin extends Plugin
public function onRouterInitialized(URLMapper $m) public function onRouterInitialized(URLMapper $m)
{ {
$unsupported = ['delete', 'share'];
foreach ($unsupported as $idx => $verb) {
$unsupported[$idx] = "(?!".$verb.")";
}
// not all verbs are currently handled by ActivityVerb Plugins,
// so we need a strong regexp to prevent route replacement in
// the URLMapper
$verb_regexp = implode("", $unsupported) . '[a-z]+';
$m->connect('notice/:id/:verb', $m->connect('notice/:id/:verb',
array('action' => 'activityverb'), ['action' => 'activityverb'],
array('id' => '[0-9]+', ['id' => '[0-9]+',
'verb' => '[a-z]+')); 'verb' => $verb_regexp]);
$m->connect('activity/:id/:verb', $m->connect('activity/:id/:verb',
array('action' => 'activityverb'), ['action' => 'activityverb'],
array('id' => '[0-9]+', ['id' => '[0-9]+',
'verb' => '[a-z]+')); 'verb' => $verb_regexp]);
} }
public function onPluginVersion(array &$versions) public function onPluginVersion(array &$versions)