diff options
-rw-r--r-- | actions/friends/add.php | 3 | ||||
-rw-r--r-- | actions/friends/remove.php | 3 | ||||
-rw-r--r-- | mod/profile/views/default/profile/menu/actions.php | 10 |
3 files changed, 11 insertions, 5 deletions
diff --git a/actions/friends/add.php b/actions/friends/add.php index 9dd8397bc..74238b3a0 100644 --- a/actions/friends/add.php +++ b/actions/friends/add.php @@ -12,7 +12,8 @@ */
// Ensure we are logged in
- gatekeeper();
+ gatekeeper(); + action_gatekeeper();
// Get the GUID of the user to friend
$friend_guid = get_input('friend');
diff --git a/actions/friends/remove.php b/actions/friends/remove.php index debb0f7c2..ef0cdb46e 100644 --- a/actions/friends/remove.php +++ b/actions/friends/remove.php @@ -12,7 +12,8 @@ */
// Ensure we are logged in
- gatekeeper();
+ gatekeeper(); + action_gatekeeper();
// Get the GUID of the user to friend
$friend_guid = get_input('friend');
diff --git a/mod/profile/views/default/profile/menu/actions.php b/mod/profile/views/default/profile/menu/actions.php index d348831c1..2c26e2814 100644 --- a/mod/profile/views/default/profile/menu/actions.php +++ b/mod/profile/views/default/profile/menu/actions.php @@ -13,11 +13,15 @@ */
if (isloggedin()) {
- if ($_SESSION['user']->getGUID() != $vars['entity']->getGUID()) {
+ if ($_SESSION['user']->getGUID() != $vars['entity']->getGUID()) { + + $ts = time(); + $token = generate_action_token($ts); +
if ($vars['entity']->isFriend()) {
- echo "<p class=\"user_menu_removefriend\"><a href=\"{$vars['url']}action/friends/remove?friend={$vars['entity']->getGUID()}\">" . elgg_echo("friend:remove") . "</a></p>";
+ echo "<p class=\"user_menu_removefriend\"><a href=\"{$vars['url']}action/friends/remove?friend={$vars['entity']->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\">" . elgg_echo("friend:remove") . "</a></p>";
} else {
- echo "<p class=\"user_menu_addfriend\"><a href=\"{$vars['url']}action/friends/add?friend={$vars['entity']->getGUID()}\">" . elgg_echo("friend:add") . "</a></p>";
+ echo "<p class=\"user_menu_addfriend\"><a href=\"{$vars['url']}action/friends/add?friend={$vars['entity']->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\">" . elgg_echo("friend:add") . "</a></p>";
}
}
}
|