aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-06-03 01:24:14 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-06-03 01:24:14 +0000
commit33f7cec924ff46d5f890130393fe023d2ddd6100 (patch)
tree6831afc64cd0d072153736ebb952619205017633
parent1838b57e20dfc70c04767d1729a66a4e2ab72c4c (diff)
downloadelgg-33f7cec924ff46d5f890130393fe023d2ddd6100.tar.gz
elgg-33f7cec924ff46d5f890130393fe023d2ddd6100.tar.bz2
Fixes #3497 users can unlike other users content
git-svn-id: http://code.elgg.org/elgg/trunk@9132 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat
-rw-r--r--mod/likes/actions/likes/add.php2
-rw-r--r--mod/likes/actions/likes/delete.php26
-rw-r--r--mod/likes/views/default/likes/display.php3
3 files changed, 11 insertions, 20 deletions
diff --git a/mod/likes/actions/likes/add.php b/mod/likes/actions/likes/add.php
index f56493864..7ccb19d92 100644
--- a/mod/likes/actions/likes/add.php
+++ b/mod/likes/actions/likes/add.php
@@ -18,7 +18,7 @@ if (!$entity) {
forward(REFERER);
}
-// cannot like your own stuff
+// limit likes through a plugin hook (to prevent liking your own content for example)
if (!$entity->canAnnotate(0, 'likes')) {
// plugins should register the error message to explain why liking isn't allowed
forward(REFERER);
diff --git a/mod/likes/actions/likes/delete.php b/mod/likes/actions/likes/delete.php
index 867d5dfef..db3036bb4 100644
--- a/mod/likes/actions/likes/delete.php
+++ b/mod/likes/actions/likes/delete.php
@@ -4,26 +4,18 @@
*
*/
-// Ensure we're logged in
-if (!elgg_is_logged_in()) {
- forward();
-}
-
-// Make sure we can get the comment in question
-$annotation_id = (int) get_input('annotation_id');
-if ($likes = elgg_get_annotation_from_id($annotation_id)) {
-
- $entity = get_entity($likes->entity_guid);
-
- if ($likes->canEdit()) {
- $likes->delete();
+$likes = elgg_get_annotations(array(
+ 'guid' => (int) get_input('guid'),
+ 'annotation_owner_guid' => elgg_get_logged_in_user_guid(),
+ 'annotation_name' => 'likes',
+));
+if ($likes) {
+ if ($likes[0]->canEdit()) {
+ $likes[0]->delete();
system_message(elgg_echo("likes:deleted"));
forward(REFERER);
}
-
-} else {
- $url = "";
}
register_error(elgg_echo("likes:notdeleted"));
-forward(REFERER); \ No newline at end of file
+forward(REFERER);
diff --git a/mod/likes/views/default/likes/display.php b/mod/likes/views/default/likes/display.php
index cbfe46078..2dc50ddd0 100644
--- a/mod/likes/views/default/likes/display.php
+++ b/mod/likes/views/default/likes/display.php
@@ -28,8 +28,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) {
'annotation_name' => 'likes',
'owner_guid' => elgg_get_logged_in_user_guid()
);
- $likes = elgg_get_annotations($options);
- $url = elgg_get_site_url() . "action/likes/delete?annotation_id={$likes[0]->id}";
+ $url = elgg_get_site_url() . "action/likes/delete?guid={$guid}";
$params = array(
'href' => $url,
'text' => elgg_view_icon('thumbs-up-alt'),
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 01:24:05 +0000