diff options
author | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-06-03 01:24:14 +0000 |
---|---|---|
committer | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-06-03 01:24:14 +0000 |
commit | 33f7cec924ff46d5f890130393fe023d2ddd6100 (patch) | |
tree | 6831afc64cd0d072153736ebb952619205017633 /mod/likes | |
parent | 1838b57e20dfc70c04767d1729a66a4e2ab72c4c (diff) | |
download | elgg-33f7cec924ff46d5f890130393fe023d2ddd6100.tar.gz elgg-33f7cec924ff46d5f890130393fe023d2ddd6100.tar.bz2 |
Fixes #3497 users can unlike other users content
git-svn-id: http://code.elgg.org/elgg/trunk@9132 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/likes')
-rw-r--r-- | mod/likes/actions/likes/add.php | 2 | ||||
-rw-r--r-- | mod/likes/actions/likes/delete.php | 26 | ||||
-rw-r--r-- | mod/likes/views/default/likes/display.php | 3 |
3 files changed, 11 insertions, 20 deletions
diff --git a/mod/likes/actions/likes/add.php b/mod/likes/actions/likes/add.php index f56493864..7ccb19d92 100644 --- a/mod/likes/actions/likes/add.php +++ b/mod/likes/actions/likes/add.php @@ -18,7 +18,7 @@ if (!$entity) { forward(REFERER); } -// cannot like your own stuff +// limit likes through a plugin hook (to prevent liking your own content for example) if (!$entity->canAnnotate(0, 'likes')) { // plugins should register the error message to explain why liking isn't allowed forward(REFERER); diff --git a/mod/likes/actions/likes/delete.php b/mod/likes/actions/likes/delete.php index 867d5dfef..db3036bb4 100644 --- a/mod/likes/actions/likes/delete.php +++ b/mod/likes/actions/likes/delete.php @@ -4,26 +4,18 @@ * */ -// Ensure we're logged in -if (!elgg_is_logged_in()) { - forward(); -} - -// Make sure we can get the comment in question -$annotation_id = (int) get_input('annotation_id'); -if ($likes = elgg_get_annotation_from_id($annotation_id)) { - - $entity = get_entity($likes->entity_guid); - - if ($likes->canEdit()) { - $likes->delete(); +$likes = elgg_get_annotations(array( + 'guid' => (int) get_input('guid'), + 'annotation_owner_guid' => elgg_get_logged_in_user_guid(), + 'annotation_name' => 'likes', +)); +if ($likes) { + if ($likes[0]->canEdit()) { + $likes[0]->delete(); system_message(elgg_echo("likes:deleted")); forward(REFERER); } - -} else { - $url = ""; } register_error(elgg_echo("likes:notdeleted")); -forward(REFERER);
\ No newline at end of file +forward(REFERER); diff --git a/mod/likes/views/default/likes/display.php b/mod/likes/views/default/likes/display.php index cbfe46078..2dc50ddd0 100644 --- a/mod/likes/views/default/likes/display.php +++ b/mod/likes/views/default/likes/display.php @@ -28,8 +28,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) { 'annotation_name' => 'likes', 'owner_guid' => elgg_get_logged_in_user_guid() ); - $likes = elgg_get_annotations($options); - $url = elgg_get_site_url() . "action/likes/delete?annotation_id={$likes[0]->id}"; + $url = elgg_get_site_url() . "action/likes/delete?guid={$guid}"; $params = array( 'href' => $url, 'text' => elgg_view_icon('thumbs-up-alt'), |