From 33f7cec924ff46d5f890130393fe023d2ddd6100 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 3 Jun 2011 01:24:14 +0000
Subject: Fixes #3497 users can unlike other users content

git-svn-id: http://code.elgg.org/elgg/trunk@9132 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/likes/actions/likes/add.php           |  2 +-
 mod/likes/actions/likes/delete.php        | 26 +++++++++-----------------
 mod/likes/views/default/likes/display.php |  3 +--
 3 files changed, 11 insertions(+), 20 deletions(-)

(limited to 'mod/likes')

diff --git a/mod/likes/actions/likes/add.php b/mod/likes/actions/likes/add.php
index f56493864..7ccb19d92 100644
--- a/mod/likes/actions/likes/add.php
+++ b/mod/likes/actions/likes/add.php
@@ -18,7 +18,7 @@ if (!$entity) {
 	forward(REFERER);
 }
 
-// cannot like your own stuff
+// limit likes through a plugin hook (to prevent liking your own content for example)
 if (!$entity->canAnnotate(0, 'likes')) {
 	// plugins should register the error message to explain why liking isn't allowed
 	forward(REFERER);
diff --git a/mod/likes/actions/likes/delete.php b/mod/likes/actions/likes/delete.php
index 867d5dfef..db3036bb4 100644
--- a/mod/likes/actions/likes/delete.php
+++ b/mod/likes/actions/likes/delete.php
@@ -4,26 +4,18 @@
  *
  */
 
-// Ensure we're logged in
-if (!elgg_is_logged_in()) {
-	forward();
-}
-
-// Make sure we can get the comment in question
-$annotation_id = (int) get_input('annotation_id');
-if ($likes = elgg_get_annotation_from_id($annotation_id)) {
-
-	$entity = get_entity($likes->entity_guid);
-
-	if ($likes->canEdit()) {
-		$likes->delete();
+$likes = elgg_get_annotations(array(
+	'guid' => (int) get_input('guid'),
+	'annotation_owner_guid' => elgg_get_logged_in_user_guid(),
+	'annotation_name' => 'likes',
+));
+if ($likes) {
+	if ($likes[0]->canEdit()) {
+		$likes[0]->delete();
 		system_message(elgg_echo("likes:deleted"));
 		forward(REFERER);
 	}
-
-} else {
-	$url = "";
 }
 
 register_error(elgg_echo("likes:notdeleted"));
-forward(REFERER);
\ No newline at end of file
+forward(REFERER);
diff --git a/mod/likes/views/default/likes/display.php b/mod/likes/views/default/likes/display.php
index cbfe46078..2dc50ddd0 100644
--- a/mod/likes/views/default/likes/display.php
+++ b/mod/likes/views/default/likes/display.php
@@ -28,8 +28,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) {
 			'annotation_name' => 'likes',
 			'owner_guid' => elgg_get_logged_in_user_guid()
 		);
-		$likes = elgg_get_annotations($options);
-		$url = elgg_get_site_url() . "action/likes/delete?annotation_id={$likes[0]->id}";
+		$url = elgg_get_site_url() . "action/likes/delete?guid={$guid}";
 		$params = array(
 			'href' => $url,
 			'text' => elgg_view_icon('thumbs-up-alt'),
-- 
cgit v1.2.3