aboutsummaryrefslogtreecommitdiff
path: root/actions/friends
diff options
context:
space:
mode:
Diffstat (limited to 'actions/friends')
-rw-r--r--actions/friends/add.php4
-rw-r--r--actions/friends/collections/add.php5
2 files changed, 6 insertions, 3 deletions
diff --git a/actions/friends/add.php b/actions/friends/add.php
index 7d38674c1..d1800ee14 100644
--- a/actions/friends/add.php
+++ b/actions/friends/add.php
@@ -9,6 +9,10 @@
// Get the GUID of the user to friend
$friend_guid = get_input('friend');
$friend = get_entity($friend_guid);
+if (!$friend) {
+ register_error(elgg_echo('error:missing_data'));
+ forward(REFERER);
+}
$errors = false;
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
index 1e2bc1d5c..e63a149f7 100644
--- a/actions/friends/collections/add.php
+++ b/actions/friends/collections/add.php
@@ -6,7 +6,7 @@
* @subpackage Friends.Collections
*/
-$collection_name = get_input('collection_name');
+$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8');
$friends = get_input('friends_collection');
if (!$collection_name) {
@@ -20,8 +20,7 @@ if ($id) {
$result = update_access_collection($id, $friends);
if ($result) {
system_message(elgg_echo("friends:collectionadded"));
- // go to the collections page
- forward("pg/collections/" . get_loggedin_user()->username);
+ forward("collections/" . elgg_get_logged_in_user_entity()->username);
} else {
register_error(elgg_echo("friends:nocollectionname"));
forward(REFERER);
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-15 23:44:01 +0000