Move GET item/ignore/{id} to POST item/{id}/ignore
parent
586d39420e
commit
6d31c11e57
|
@ -41,18 +41,17 @@ class Ignore extends BaseModule
|
||||||
throw new HttpException\ForbiddenException($l10n->t('Access denied.'));
|
throw new HttpException\ForbiddenException($l10n->t('Access denied.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$args = DI::args();
|
if (empty($parameters['id'])) {
|
||||||
$dba = DI::dba();
|
|
||||||
|
|
||||||
$message_id = intval($args->get(2));
|
|
||||||
|
|
||||||
if (empty($message_id) || !is_int($message_id)) {
|
|
||||||
throw new HTTPException\BadRequestException();
|
throw new HTTPException\BadRequestException();
|
||||||
}
|
}
|
||||||
|
|
||||||
$thread = Post::selectFirstThreadForUser(local_user(), ['uid', 'ignored'], ['iid' => $message_id]);
|
$itemId = intval($parameters['id']);
|
||||||
|
|
||||||
|
$dba = DI::dba();
|
||||||
|
|
||||||
|
$thread = Post::selectFirstThreadForUser(local_user(), ['uid', 'ignored'], ['iid' => $itemId]);
|
||||||
if (!$dba->isResult($thread)) {
|
if (!$dba->isResult($thread)) {
|
||||||
throw new HTTPException\BadRequestException();
|
throw new HTTPException\NotFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Numeric values are needed for the json output further below
|
// Numeric values are needed for the json output further below
|
||||||
|
@ -61,11 +60,11 @@ class Ignore extends BaseModule
|
||||||
switch ($thread['uid'] ?? 0) {
|
switch ($thread['uid'] ?? 0) {
|
||||||
// if the thread is from the current user
|
// if the thread is from the current user
|
||||||
case local_user():
|
case local_user():
|
||||||
$dba->update('thread', ['ignored' => $ignored], ['iid' => $message_id]);
|
$dba->update('thread', ['ignored' => $ignored], ['iid' => $itemId]);
|
||||||
break;
|
break;
|
||||||
// 0 (null will get transformed to 0) => it's a public post
|
// 0 (null will get transformed to 0) => it's a public post
|
||||||
case 0:
|
case 0:
|
||||||
$dba->update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true);
|
$dba->update('user-item', ['ignored' => $ignored], ['iid' => $itemId, 'uid' => local_user()], true);
|
||||||
break;
|
break;
|
||||||
// Throws a BadRequestException and not a ForbiddenException on purpose
|
// Throws a BadRequestException and not a ForbiddenException on purpose
|
||||||
// Avoids harvesting existing, but forbidden IIDs (security issue)
|
// Avoids harvesting existing, but forbidden IIDs (security issue)
|
||||||
|
@ -86,7 +85,13 @@ class Ignore extends BaseModule
|
||||||
DI::baseUrl()->redirect($return_path . $rand);
|
DI::baseUrl()->redirect($return_path . $rand);
|
||||||
}
|
}
|
||||||
|
|
||||||
// the json doesn't really matter, it will either be 0 or 1
|
$return = [
|
||||||
System::jsonExit($ignored);
|
'status' => 'ok',
|
||||||
|
'item_id' => $itemId,
|
||||||
|
'verb' => 'ignore',
|
||||||
|
'state' => $ignored,
|
||||||
|
];
|
||||||
|
|
||||||
|
System::jsonExit($return);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -291,8 +291,8 @@ return [
|
||||||
],
|
],
|
||||||
|
|
||||||
'/item' => [
|
'/item' => [
|
||||||
'/ignore/{id}' => [Module\Item\Ignore::class, [R::GET]],
|
|
||||||
'/{id:\d+}/activity/{verb}' => [Module\Item\Activity::class, [ R::POST]],
|
'/{id:\d+}/activity/{verb}' => [Module\Item\Activity::class, [ R::POST]],
|
||||||
|
'/{id:\d+}/ignore' => [Module\Item\Ignore::class, [ R::POST]],
|
||||||
'/{id:\d+}/pin' => [Module\Item\Pin::class, [ R::POST]],
|
'/{id:\d+}/pin' => [Module\Item\Pin::class, [ R::POST]],
|
||||||
],
|
],
|
||||||
|
|
||||||
|
|
|
@ -728,8 +728,8 @@ function doPin(ident) {
|
||||||
function doIgnoreThread(ident) {
|
function doIgnoreThread(ident) {
|
||||||
ident = ident.toString();
|
ident = ident.toString();
|
||||||
$('#like-rotator-' + ident).show();
|
$('#like-rotator-' + ident).show();
|
||||||
$.get('item/ignore/' + ident, function(data) {
|
$.post('item/' + ident + '/ignore', function(data) {
|
||||||
if (data === 1) {
|
if (data.state === 1) {
|
||||||
$('#ignored-' + ident)
|
$('#ignored-' + ident)
|
||||||
.addClass('ignored')
|
.addClass('ignored')
|
||||||
.removeClass('unignored');
|
.removeClass('unignored');
|
||||||
|
|
Loading…
Reference in New Issue