aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/friends/add.php3
-rw-r--r--actions/friends/remove.php3
-rw-r--r--mod/profile/views/default/profile/menu/actions.php10
3 files changed, 11 insertions, 5 deletions
diff --git a/actions/friends/add.php b/actions/friends/add.php
index 9dd8397bc..74238b3a0 100644
--- a/actions/friends/add.php
+++ b/actions/friends/add.php
@@ -12,7 +12,8 @@
*/
// Ensure we are logged in
- gatekeeper();
+ gatekeeper();
+ action_gatekeeper();
// Get the GUID of the user to friend
$friend_guid = get_input('friend');
diff --git a/actions/friends/remove.php b/actions/friends/remove.php
index debb0f7c2..ef0cdb46e 100644
--- a/actions/friends/remove.php
+++ b/actions/friends/remove.php
@@ -12,7 +12,8 @@
*/
// Ensure we are logged in
- gatekeeper();
+ gatekeeper();
+ action_gatekeeper();
// Get the GUID of the user to friend
$friend_guid = get_input('friend');
diff --git a/mod/profile/views/default/profile/menu/actions.php b/mod/profile/views/default/profile/menu/actions.php
index d348831c1..2c26e2814 100644
--- a/mod/profile/views/default/profile/menu/actions.php
+++ b/mod/profile/views/default/profile/menu/actions.php
@@ -13,11 +13,15 @@
*/
if (isloggedin()) {
- if ($_SESSION['user']->getGUID() != $vars['entity']->getGUID()) {
+ if ($_SESSION['user']->getGUID() != $vars['entity']->getGUID()) {
+
+ $ts = time();
+ $token = generate_action_token($ts);
+
if ($vars['entity']->isFriend()) {
- echo "<p class=\"user_menu_removefriend\"><a href=\"{$vars['url']}action/friends/remove?friend={$vars['entity']->getGUID()}\">" . elgg_echo("friend:remove") . "</a></p>";
+ echo "<p class=\"user_menu_removefriend\"><a href=\"{$vars['url']}action/friends/remove?friend={$vars['entity']->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\">" . elgg_echo("friend:remove") . "</a></p>";
} else {
- echo "<p class=\"user_menu_addfriend\"><a href=\"{$vars['url']}action/friends/add?friend={$vars['entity']->getGUID()}\">" . elgg_echo("friend:add") . "</a></p>";
+ echo "<p class=\"user_menu_addfriend\"><a href=\"{$vars['url']}action/friends/add?friend={$vars['entity']->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\">" . elgg_echo("friend:add") . "</a></p>";
}
}
}